last executing test programs:

21.237874852s ago: executing program 0 (id=606):
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
setuid(0xee01)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x5, 0xc95a, 0xfffffff3, 0x6, 0x9, 0x2, 0x1, 0x7f, 0x6, 0x7, 0xfffffff2, 0x5f, 0xa, 0x7, 0xffff2d33, 0x8, 0x6, 0xa, 0x0, 0x80000001, 0xca, 0x7, 0x5, 0x3c5b, 0x6, 0x22, 0x2, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x3, 0x3, 0x107fff, 0x4c74, 0x9, 0x0, 0xb, 0xa, 0x0, 0x71, 0x7, 0x2000007, 0x103, 0x0, 0x3, 0x39, 0x2, 0x6, 0x6, 0x3, 0x5, 0x0, 0x8, 0x10000000, 0x7f, 0x0, 0x5, 0x5, 0xa, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0x8, 0x129432e6, 0xca, 0xf9, 0xd, 0x9a2, 0x1, 0x9, 0xfffffffe, 0x8, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x8, 0x78, 0xea4, 0x80000000, 0x4, 0x0, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x801, 0x7, 0x4, 0x2009, 0x106, 0x2, 0x1ff, 0x3, 0x9, 0x8, 0x800, 0xfffffffe, 0x5, 0x0, 0x2, 0x8000, 0xffff, 0x2, 0x83, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xd, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x652, 0xfffffdfe, 0x0, 0x8ce, 0x9, 0x387d, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x7, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x1, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x1b1, 0x3, 0x200, 0x80000000, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d5, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x5, 0x6, 0xfffffffb, 0x4, 0x3, 0x8, 0x9, 0x8, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0xfffffffc, 0x5, 0xce5, 0x1fd, 0x6, 0x5, 0x5, 0x40000003, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x8, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffb, 0x5, 0x8, 0xc8, 0x3, 0x4, 0x3af, 0x200003, 0x5, 0x7ffffffd, 0x9602, 0xa, 0x8, 0x4, 0xffffffff, 0x1, 0x10002, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x3, 0x4, 0x5, 0xb1c, 0x1, 0x99f5, 0xffff3441, 0xfff]}, 0x45c)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x69, 0xf7, 0x4a, 0x20, 0x10b8, 0x1bb4, 0x3465, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x5d, 0x0, 0x0, 0x1c, 0x53, 0xc2}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000080)=ANY=[@ANYBLOB="2017cc"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000002480)={&(0x7f0000002440)=[{0x4, 0x2800, 0xef, &(0x7f00000059c0)="40bda32247968c6139126ec0900855252430ae872defa11473d63346447419885614679af1b21c19f78f62a564a68869c5a8b86f15c9c8165cf8f5cd6c0f5e96258cca71b0defac3b59a3d541d2b4e7a5a8dd8d41264c7d031820d68c2d913a53f12e4ff4c3dd42f29dc12237e3323c0574a81733302ea0708d315785b02dd492ccc5234efbc206c58ed6d57f63304584af4515b49ee44dfb7336259377e65bbe957133e4e6f3289c86bf33b14df8385477c66e9676052bcf06536fb29d93248223bc9e60d9503b1a553159e32f2e677346f77c2f64115b4d97581eff5eb223ed74fbd9e0e52862287180aabd1c81f"}], 0x1})

18.867422737s ago: executing program 1 (id=617):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r0, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r1 = gettid()
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0xa300}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACSEC_PROTECT={0x5}, @IFLA_MACSEC_WINDOW={0x8, 0x5, 0x7}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2400c000}, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r5, 0x0, 0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r5, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1})
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000bbdffc))
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r6, 0x0)
mount(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040)='ramfs\x00', 0x21800a, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000019080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0008004700003000000000000690780a010102ac1414aa07070441b613a30000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c0000009078000025514b8b104e9d0328db140a3e3220320040576d8f270bdcb2"], 0x0)

17.790111307s ago: executing program 2 (id=619):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x28, 0x4a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x6e80}, [@typed={0x14, 0x125, 0x0, 0x0, @ipv6=@mcast2}]}, 0x28}}, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r4=>r1}, './file0\x00'})
write$sndseq(r4, &(0x7f0000000080)=[{0x6f, 0x3, 0x1, 0x3, @tick=0x8, {0x6, 0x5}, {0x2, 0x3}, @raw8={"ae742c8cc3084993432e2c57"}}], 0x1c)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
r7 = syz_usb_connect$hid(0x5, 0x3f, 0x0, 0x0)
syz_usb_control_io$uac1(r7, 0x0, 0x0)
r8 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r9=>0x0})
connect$can_bcm(r8, &(0x7f00000000c0)={0x1d, r9}, 0x10)
sendmsg$can_bcm(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1, 0x840, 0x0, {}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "ef1d62ee7e923b0ad9cda5b28dd4753620a2f0271768a8284c18a4e2b5e44dc77098b18fd964df81213608ec503db52d42f1a78c97322f4ae4c8dc89cf2b1440"}}, 0x80}}, 0x0)
sendmsg$can_bcm(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="000000000100000900000000000000072f68b137a2cb108b"], 0x48}}, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, @void, @value}, 0x28)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000140)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r11 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r11, &(0x7f0000000000), 0x10)
sendmsg$can_bcm(r8, &(0x7f0000000480)={&(0x7f0000000340), 0x10, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="01000000d7fe68ca0000000000000000", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=r10, @ANYRES64=0x0, @ANYBLOB="00000000040000000000000000000000b8ee0816756b62187804752330b2b55830d7228ef1593c0639bd084bba0bfd8db72f70e5b2e7f90e11cbc6ec61a03fc316d5d47970907af5fc4a27f6cf7189092a7b6df985acd7e01984958f8ffca1197c6a203e6eb93c37bbd3017a0c4ea076b3efadb9a71bb8ea9579d968c11a8f966c7bf0c299d21e469bc23e063023cd7f58f55a29f591b1366686774deda9fb6e8ff60ca3b68da119f758423714ce997acd37cd2ffe40b1cc21f03a788fe3657c35439768ba9f6d71c65bdf0afb23bc9e48f9f233b3a2bc77cfcb98490bf1022a8ed872893a0e85e40e26e10a7d128e015310f2c3066021db49842fac", @ANYRES32=r1], 0x80}, 0x1, 0x0, 0x0, 0x48000}, 0x0)

17.496655091s ago: executing program 1 (id=620):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x11)
ioctl$KDMKTONE(r6, 0x8924, 0x10)
socket$netlink(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10)
sendmmsg(r7, &(0x7f0000000180), 0x4000190, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000540)={&(0x7f0000000200)=@name={0x1e, 0x2, 0x0, {{}, 0xfffffffd}}, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffff91}, 0x1)
setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x29}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

16.970095462s ago: executing program 2 (id=621):
r0 = syz_open_procfs(0x0, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x8002)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0xa08}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x14)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xf, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a3200000000140000001100"], 0x54}, 0x1, 0x0, 0x0, 0x20048004}, 0x0)

15.633388018s ago: executing program 2 (id=622):
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x258a, 0x36, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000080)={0x40, 0x23, 0x4, {0x4, 0x10, "fdb7"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = socket(0xa, 0x801, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000007e50434d02f8c2f736000071123600000000193b737480329c63334832caf3043d82aa899cdf206319bd9c5b80cacba24ffa63b8c45971594bfe0b7e938e80b9b3f11c3e37c03201a2d2bb105e9e371f107b453ce4dc60465635412ac648d554e65e52fb2e20c43276c098d355358a096eeba5ac0b694fc2e2031311cd8ef399adfb1bb28bcf71c4ee1c773d791b5dade984aea66ee5943fec12515de3845adb5c9eb590eb91c43f36b45d67d6fd5e6d6b1f775ee60dc6024a95326c39fd3777709fcce7e9baf32928a5419593d839020b47f0f2cfbba3ff250edaf0c72a4681c4278feecfc550efcfccf40790e71359"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x57, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getsockopt(r1, 0x29, 0x40, &(0x7f0000b3ffac)=""/84, &(0x7f0000001ffc)=0x54)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100021b61d47acaa6233137430102030109021b0001000000000904200005007f8800090503020000000000"], 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$evdev(0x0, 0x0, 0x60000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@private2, @in=@multicast2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x400000000, 0x8, 0x0, 0x7fffffffffffffff, 0x0, 0xffffffff}, {0x0, 0x0, 0x1}}, {{@in6=@mcast1}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x3507, 0x0, 0x0, 0x0, 0xfffffffe, 0x4000000}}, 0xe8)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f00000004c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x60}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x20}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x7, 0x0}, {0x18, 0x2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="30000000000905030000000000000000000001000900010073797a3100000000080005400000000708000640000000013d73f39611ed2f79e48f48ffaf0e91f84ec5464b0a6b004b9579471fb758000000002a749ed01d14ac2a3f183e6bc1af5b63f46e8766fe92"], 0x30}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r6, 0x6, 0x16, &(0x7f0000000240)=[@mss={0x2, 0x8}, @sack_perm, @timestamp, @sack_perm, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x5b)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000140)='cdg\x00', 0x4)

14.895620146s ago: executing program 1 (id=624):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0xffffffff000)
connect$phonet_pipe(r0, 0x0, 0x0)
bind$llc(r1, &(0x7f0000000080)={0x1a, 0xe, 0x8, 0x0, 0x6, 0xff, @multicast}, 0x10)

13.231609037s ago: executing program 4 (id=627):
r0 = syz_open_procfs(0x0, &(0x7f00000021c0)='maps\x00')
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000040))
socket$inet_icmp_raw(0x2, 0x3, 0x1)
getrandom(0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280), 0x800c42, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x80000000, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x43, 0x1f7)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000000c0), 0x40081)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80882)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x1e, &(0x7f0000001780)=[{&(0x7f0000000300)="d73beec7dec0a8f013bf4596f22132de44e7f867eb6d01551eb872b22b2ccbaf924560d3979eb36db01b26a9252bab95c92ac8751bae753898cda0a33e07551c7a201cae822e05f2399fd416c4a6da4eaab4bb6ac14c8bc111dad626eb3a1b14c26c963ffbdaa3ea6e176d4e330d2393adff0c83d3d6b5b840e71b5c7a922fefdf39d36cd4bb24e9f66124a637c10c859a83c69ec1ab6fe76cf73cf4e5f85c4bbf8ec578044b34f05df0ce210d9f85d412bbc611164ad0c92694e4dc4e66b5b094e1847444ef160b83c82e5153d34ef669dace2d0d0ef088b04de9a1b0d2", 0xde}, {0x0}, {&(0x7f0000000240)="4f7e13ecef274e290d0a0d63985140bee1d675de7702052083e9d296fe0d03e6", 0x20}, {&(0x7f0000000140)="2478d95770a444852d05a717aafa297fd3ead28df9b139a374c81466f08b2b8b2995e339c64d0114b848342184662f06296e27fde7daff4b47bdc8ede4f8a311961f691b48edab6813f4f4798fb7f66a32b5009c53d6", 0x56}, {&(0x7f00000019c0)="edab01aa6aea254bbefc3831b69c641137c854dd6c3e7f15a4f3f2cfe615cd30249c7d6c54cd79bbf48ca39bd47c13f96afb5f23dcff54a0be49ab4759924546b77ef42af83fcf0d58674e462fb52fcdbd91a432cbc2e2c0a57d78a1e2ae5fe838001086f6dc0a2d854edb2c0e3ba425962c9e24a652e560b793b5f430f7138cc37674eb4472e888a51ab7584319bbed1ac53e6d79b3d9957bd4d6e4030c74d77f27d3f7da0f450664e28d344c33e4b9a9", 0xb1}, {&(0x7f0000000640)="11ec7cbe5fddf50233de80ef8a4262d7ad7dc64d661bab0303a01631f7b481ebee977750ffab201a1ce0ed097245897217943f04cad01e3bf5ad16e1d9176f3d54048b6ba1b979cf9380a12958338007712be65d65ea72e6636abfd61b68", 0x5e}, {&(0x7f00000006c0)="57969d064bed07c097ee5cabb84842ab42afd6eb06ab86bfe0d03102b24f8c57cc05393f43af00c72f9f242a9d50e508fc81dcac9b55c747c667f4f40c87abbd4c7e96efe274af7e8f0fc338431ba5452b2aa653a13665285bb5fbdd2de12aacf81bd11e983acd7f804a934657d311cdc0c94bd897ef7cbd90294f9d254e833c226549adc2d7118215ac5e149c9101a8d248a7e34f54d69624296ff438aeca077090770fd4998a6882ab1b661f95c373cdb712d599d641121aea4ee1aae3e572b27ed4fd06afc28a53f5a08a450b0c5b263fa8fbe11a5348d5a375a59af6d44af8fb47e5da206488947f2943b35f2d68c08f196a3912892174fcf3037f92142d0ebfb6e9c8b481f45b8f7d770458f06ebcfc27469b0c1460826b5613212bacafff816b6271a3c9e490cc893012700990ebf85b9b63bb895738d3e3a957a2f8fdb2f7aa5b808628554178a19769d59c12aed8a922197857e845dd10d7f18c4fc7ca925aad7c105d620f35b54624eaa91891f1bfe2b5b7a4e9c86ef5fc5a4cc78b5c78bfb50b4def1810668b7b55a43a021297461f834eb0bde5025760bf077c26f39145e01406f13abbf33154d1a4ec491d158369debaae5899a64799d273623c2fc143b6706e5254c1c2a28cbb377da6019d783ef966d39e89a8955ed3f15366ee6b856079d5444b88a4b0ce0be93c04ff28c905767f532f4b764053b2127019e47feff75f3b4567a164863666563f91f35b26d194cbb7220b8d8631f9ef4688e50dfbd267b529f44d8bdd9b9d934241ef044b3b80ad9877fa72a5a09f4fc50d1b56991515334e09f9622c172a5f1423e4105c95cd67e992141794099c474ff3a84bdef40f2038efd7a189c92033389177a07d615803cf3d3241386796b142761eca300291b57fd489ec99934d3f54c40d39255b0bd294b680055b980301618781a986299433cc40cca93b9b7b654da8519ae4e6167a2e4cefb6d05e36fc51e565ee341ba4ac3a2fa22dec9f6ce44123067a9adaa5ed2ce27d1060c8db3e739f0c4b4a3b160be9e84be7bd32efd49925af964fd5b4506b6975f799e97cd5f1ad9477379e9f01e8d5db66dc5fe975863ed1f75488cda04e6052f04531194bc9f20fc8592d8156550b17ab17cb3d064b6cc88e08dcecbafefe97c331789272de3b3d37e9265ce5362df624b65900ccb8869d35c0d3279e54c306ed65aba93e8c22e39af9244a4f5c4521918f98618db50cf0cf9179012380ba5a2db5aaf4cce23712e203ef0422e8600abc714ad89f412d6e7a6694be1a0db8a76c96f035453d07bcb894a6e13328d52e219dc46e9f130f5f2acb9fa1eb1b121ddc812c27ca2d173aab4761f673dc3d82a5fdf449df15e2d724d0ead34996039e982946eb34709e9cc630a52894063c49098cb56c15418636526bce89c6c8ceeba2487d3a6cfb8db6f47663dba68a265ca74c6b8d691f0ec317e116594e59817c2300afd34cb2b50014adc5f71ff41022f57c006897f2ca908806539354f4dfb3ad09eabc906c3ad84eee82b2310686a348913c61cf77dd63063c60a6af1481a33677686b70e69c068c2d200f6c05f6278c23cb02e9cf807e0a6b8ef0027167d2a8c38988a8169b1aeca1f82f2b18ce4638c9533d360ed23b5e1e839c9d9ae2d2af5c109a9ead5d84088f7bc80d24071ad384c04f49692118194e620dcbc63cedc22b390cbe93bb5b3d1fdbbfdadaf3b4a6a5a1605f5ca4b8b70da064c6b10f7fba0d93a58b5534ad0727629f521d1fef372b778640f97dd7c1213c78bc4a8641a4a290b7ce9dc230bc7bff0156069578273ec3e287144c279adb8cde0af27add2c058268df4f85fcf73386c3937efcaf68c26c94146fb8309aef52b32302722083bd573fdc36fe16dbc31d5e7c3d3fc771e0f9bf56b61bd02723a2d21d9a7c7d3c310e12527c0b559ba5dc618e84f0e8809661def1aeb7945a15fac05dcd58e66dbe3d17cbdcdf48d737ece4460d8912ea74018fd414de2923c98eb32d29b09277b05bc61b724b0925857a69d2ca900688095ddc52244a9345dcb6191cd12af4807f2dffdc6c4dbc123e98b16910e8ce7d5b8cc6c2cb848becb720ff3f9435206950996e43966f87bba611c24c26bbccf005e533e6b9c4ae139ce57cad0bc58c852861bdc447b5366c67036fa09279a8de69102fcadefcedfb5b1deb1d682471f953658d0f9f4ef86ffcd200bb48751fda214f617dc226a9cde106cf59961c94d8afaea004b20c7e603f17e7b9604b7cad39296d80636c5081aa4de4274b29e20fee1a66bae36d0f468bff495d44f723caa8bf783160402336b2fe2abb100013e82f69ad90a7afcb41200d19b56eef4d626e27d409966d684f2bcb41d926c1371cd53191fb0eed2c17a67bbfb9b4cdf823b4112a3df9d65246852b297e546ec77ef075cdc2ee2ad7c065eb231f13f8b7174c8117ce5cea5727a02e9b23d0e3909206e434dc5de6702ce5e74b170edb6de9bd8ed07c15d2cda53f43af5c2ff86b29019f84e0443ecd3e8e64f3a0b42598104677ab26e660ce84ce75cf35dd7f3cd31876cfc386393a0cd71bf7c6101cca179ab4c4eab45806050f6098b2cbc7302c6ec7dbb7b16f2ed12f8159ed788654c05036ee99828acda09cb7d43140a1f01e3df0f80a439329cc81aba3ebbdc45020d3d0a27a060a08ebd36a093cd72124294c109ec8b65d3756bd7592a8b8bf69d655c37d1d49d749bb94d3301b288e720bbaad030a08ac482c6c8a477e19ed32171695874817de154fba79995a35320a2a32c663a7484e72f722e7b9ae6e3cee5edfcf677c798385ecba2649f077f9667554634cf4aea4c28e148575a8ace3ce049395b849ba860939bb981575c7a0531d4583a943c71ef7521fa81579ed36807586ddf1a82bd784a9f4a881c4cba9a5173e45541773a2720c1d80dee01dacfc9860de389a471126f22dd65b8cfb31861bb108f75b593b13ad16d2adbe6d97b83512a1ae957c6082cbb7ac2f64b2040c7c210dfa364fb8f635a40c5866abe980592f6dbad606308f85e96cc90c0f2ebda48660e042c9ff7904bdd32552b1f6fc4578ae8d60ee602a195c8dce29c54d981984f5c83029c73888d27b8d9067a43cab34272e6777582ef27950b193a7fbfd20327c4f6ab52725a14f03d6dd5159fcb2e9abf8c4e76c8524f54da2caaf81251ec78d5f0e2b45c4a6f9d4dcb7e0c55cd49c296de26116f3ed5a565e9b6ae4ffa4362591c736e79eb0b47b52c943c0c4082f70c0a31a1a647c7d49266ae7b5b571eb53a0e0d30297ea9418c794bd82c0f1995514b001cbca133bb8a3afc3ae3e037c94bb9580b83e0bd978ee6967691a43a982850c2d26e153f0c52fddb6d9c0b9d49682f2d3499e1130aa4de3894b1453f4cc34e1961d3dc4ab734235e5e7bd98d0fe30400f413c66a0e032d929d94658584b4b959acf0489655585f019e2236a0d54663fcf1d31599bb57a47af190de84f738f4bbbf768d540a7adce3257c3799b2c3272faa125b09e1d3c6e57f81cd0f1d5f65675bd12f80b593faeff758249c28873ae211fc2439a87f65b8918587ae245aaa9e6740059792af0044653d01782a033768fa9436077a1d577899cfb1539bd6da8a54c37592a4dd587fb4eeaf7ce931809f28c11876337f895a6d613954152d01a6359ef5210de093f8e23f71555e549c355c45adf98b061509292b3d29835dd761c8af1f9a4eeeeb50abb8660c753c54d2b247900fc063f1c13374f4697c63fadc958f393bab16e188d2f63539948e3a883092a5a45895360e1e27f1d770898785236336a3dfc6c2e0ab0f4f7614fa6a4d0ae7d1a5b1213f387d118360cbbe9e29f52e8e906ca1a2d4bbc952ef64aaade03b12c0ce1980d59b7b3b1f3e6560339a289260e1c672a4b9d159ca231d217c055efc1cfcc30abf1a4fbbbfbf750e8620e4c391fd069b0bba82232dd70aa76d3711efdd3d507bb58a982fe053eb108abcebd9cbcb029357d7386bd2e91882723d0caed865c002b26e0f701d4a2c757ff7578b107d50601a717ccf4db22a061fb5f28ffe927ed95ea05ebf8943ec3c7aada48b1b435f64ccb349136e9f82afc145dba3aa674f6b83275cfc3b5d088f6df6790a1f74a237026d2c9a93a9a37a613af614288ab81462c9a4d21fca8adf8e5734d1c6513e838170e20e5fcb1329d193090420ce32b65d49725f49e7ae65cd4cbb1016de08af0cacd488bedcd8eadbd2c3d64189353aea479600f89fb2a2b40fc4176d78023cef340744b81f11797127adff0c7ef4f415325e46df4ed7c67b28f597826245120c5d4c866c84f5d8fb87f40a5d4d54bb060d5b50b8250fff531cad9f33e7a82d5edaf6dfb9a327123024cf46d3bdaec988d759057af0388df9de0e2c3f8e09caf2a9c6341c45c1675791f38bb4b8fcb618bc06f46d620cc4a48706081791317f2dc3dd6027a35723957541da829560a6dd56730a76fa665d3a261941364f44a7eb38060c69249e891e86c7917042e43b817fce55eea8c6b520a6c9fb35366b5c1d54f926376e2f2714ea9cd2db4167439caa9c2f27e318fa9baa3228ae6fbd1e1708f1e86bbf13f3387f944b2fe741fa704021c8f22b30c3b77161fd01eca026b3bd3dcb3a9d2ded2af4a269cbb61d483afd5c092c2898a90e948ad492dc35b7e4c041adcce43942038600c74d4393845a897ecfe728339402f0b6829ac9eef78fc1d6be401cdfaddf9e3f7e6d5d788db8da16060e2f135aac68c73028aa3043836a2113388811b48358ca2b18f298c8e5426575e3814447884c558578bb4408709aef34cb68096a0bb666e345680ce6f9b5e3bdb412c3d1e0814f1d959538b87e15c255e39f8ce88a36c4e1b70651f705fab81346859a0e807601d81ec0a30ebcfe3f1c1808bee66b1336b88da40fc9fc6c04826a23aa99d4b965b8262ab633f6d5cdfabeaa92da40675ddc8feddb304573f52d45743e71f9b179a3cfd21e54679cdab562a5a5a20ebd858a77ca0102e0689f4d95c56cbc446fd668cafa49aeb92d0bbbc43f527a3c07a8aba2c5928301672f8b856b49f68ecea627a555f290212f122d9cb0131f76c6c6f81bdff4c93f15d2df5df2cf93bda3b59cf66f8a67b1c02ece252f9884824a57d3af2dae5575d1a0f052105e9cdd88f05c8d5e14a52621c8c20ae96a4fdf8c56b2d2dd665a15cbfb9759db676c86b945aadafd956bc1f095ad60db2503f6bfc822db346ec18fc71b3d462c1d86b69853047fc0d144a0dc2ec45907fce1a08401b6910b86cbcab3f2ac7e14dd536d712b4e49bf232d8dc9dc2c35b157300f2683f85d86d1838a69d044f52507ccf069b8942bc495b6684b705e41d40d5d08b142f9f6b40d9fc435f2b96e395ac658c8a8bab0d3161e67e98ed6bbb4fc8196e132a1ba324dd659554c23aedd39ee247e30471b5fe3a99bf34f9b4a996e82761309c60ee74062e042f80458cd83da80d8b3d8d4bc06b8867ce11d6c7befea88500d715303b7c5651dc94af6cdd8a7291d2efabfd4e59315b78f6dd48b526212de503da020d26f3e94e1bffa4e8d6d30860ef17cb1c4f61bec7a3bb42979370ab627a2f8537b5e45d806a3dc7435c16ccdeff0dd0b87f22bb0ea43c567d0a0df80b36bf71889c68706521255ad5f753df6197a71d503f766a9e8be04878ee909d46470b656a62ce37187804ef99347c15e44299d964f5fa95ccfc3d4721d91f3c54b6faa8dcb9ba1206eb6e3dbe29dc31a9961ba99b2ba9e03420ac22d1fc5e98f813", 0x1000}, {&(0x7f0000000080)="d128a6c6be8fa565ed13", 0xa}], 0x8, &(0x7f0000001800)=ANY=[@ANYBLOB="0d000000000000000100000007000000b8000000000000004e07000000891b6c0a010102e00000027f000001ffffffffac1414bbac1414bb01442cb951e000000200000003ac1414aa00000003e000000100000001e0000002000000010a010101000000064434e353e034c88e6cc8aa085cbc00000100000001e000000200000005d800000200000007ac1414aa0000e2f13263962aa10009e0000001000000066401010200000005940ae067684caacf864944249261ffffffff00000766e000000100000fff7f00000100007fffac1414aa00010000000054000000000000000700000044446e21ac1414bb00000400e0000001000000c8ac1414bb00000006ac1e010100000000ac1414bb00000001ac1414aa0000000d0a010101000000ffac1414aa00000e59010000000d00000000000000010000005e000000140000"], 0x140}}], 0x1, 0x4008801)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000002c0)=@assoc_value={r2}, 0x8)
openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f)
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000280), 0x0, 0xa2c65)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001e00050400000000000000f903"], 0x114}], 0x1}, 0x10)
sendmmsg$unix(r0, &(0x7f00000005c0), 0x3, 0x20000805)

13.203075526s ago: executing program 0 (id=628):
r0 = syz_open_dev$sndctrl(0x0, 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000280)={{0x1, 0x0, 0x3, 0x0, 'syz1\x00'}, 0x0, [0x0, 0x83fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x100000000, 0x0, 0xfffffffffffffff8, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0xd451, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffff, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x80000000001, 0x7, 0x4, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffff0001, 0x0, 0x4000000]})

13.16763104s ago: executing program 1 (id=629):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYRES32=0x0], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfff7fffffffffff5}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000400)={0x0, 0x9}, &(0x7f0000000440)=0x8)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000080)=0x7f)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000580)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{0x0}], 0x1}}], 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x32, 0xffffffffffffffff, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r6, &(0x7f0000000480)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f00000003c0)=@gcm_256={{0x304}, "3d8b00", "d4cc4a4423daabeb8e7ba12fe6e1c742a683fa6e58757db76aae864d57fbaf37", "d5ea4a24", "5e963dfa951f9b3d"}, 0x38)
sendto$inet6(r6, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
socket$netlink(0x10, 0x3, 0xc)

11.151795964s ago: executing program 0 (id=632):
r0 = syz_open_procfs(0x0, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x8002)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0xa08}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x14)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xf, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a3200000000140000001100"], 0x54}, 0x1, 0x0, 0x0, 0x20048004}, 0x0)

8.93554913s ago: executing program 2 (id=633):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x4, 0x4, 0x1, 0x2, {0xa, 0x4e23, 0x1000, @loopback, 0x80}}}, 0x32)
ioctl$VIDIOC_ENUM_FREQ_BANDS(0xffffffffffffffff, 0xc0405665, &(0x7f0000004000)={0x1, 0x2})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000980)={0xdc, 0x22, 0x1, 0x0, 0x0, "", [@nested={0xca, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @typed={0x14, 0xb, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9"]}]}, 0xdc}], 0x1}, 0x80)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x5, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xaf}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @exit], {0x95, 0x0, 0x5a5}}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

8.276123943s ago: executing program 3 (id=634):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
mmap(&(0x7f00004df000/0x3000)=nil, 0x3000, 0x300000b, 0x1010, r0, 0xcd762000)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000001700)={0x24, r2, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x12c, r2, 0x2, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x8, 0x62}}}}, [@NL80211_ATTR_IE_PROBE_RESP={0x104, 0x7f, [@random_vendor={0xdd, 0xfe, "2db1a43df7dd3852a99cc8d1d1dc5df593db53bae7d8539120524f812e30d73aa0e517824949d90a8da366c6030bdb1416f9c4d556ef5b8ed10eb90b3320894776d9ea21c37340f42c6238cf03d917b59384db3a21ffaa4d32e872319df3a1bca3ae5c4156df35cab4337fa1eb77ade93f785dd2f9990545b4fb5499308bc8dbbbe25833222965307cf6da20fdf94dc98bef1a0a6954472868034046971c4d75e64202fe209eef4e0b4f0ab2f299b1dd862ef00418dbb02f05d093e8a96a0c41a9eb1d525805c57f81af01efac1ebc3b10a21c58336b88e9731c1390280ea1277b3589c59e557a8dbbd7f5b86d07b2a11819357d45a08728aa2c0a159b1f"}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x40081}, 0x4000080)
syz_init_net_socket$ax25(0x3, 0x2, 0xce)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff})
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r8, &(0x7f0000000340)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24)
bind$rxrpc(r8, &(0x7f0000001280)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x91}}}, 0x24)

8.071982003s ago: executing program 4 (id=635):
getpid()
bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000280)=@udp=r0}, 0x20)
r1 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r1, &(0x7f0000002dc0)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x7fff, @local, 0x8}, 0x80, &(0x7f0000000340)=[{&(0x7f00000003c0)='`', 0x1}], 0x1}, 0x41)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x9, &(0x7f0000000000)=ANY=[@ANYBLOB="180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff62ffb702000008000000b70300000000000085000000c800000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x3, 0x0, 0x0, 0xc, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$kcm(0xa, 0x6, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000d40)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a764ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d08428353b1c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000013887ad6d2d440fedce51a3aa57b00ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b44925129677b7b3d2f8e7792c7827862eae80134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498d357836f03e8a7c392e535694a3ea"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r2, &(0x7f0000001640)={&(0x7f00000002c0)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac141411e0000001000000002800000000000000000000000700000094040007441405"], 0x48}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x84, 0x1e, &(0x7f0000000000), 0x4)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000780)={0xffffffffffffffff, &(0x7f0000000380), 0x0}, 0x20)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000001300)='7', 0x1)
syz_open_dev$char_usb(0xc, 0xb4, 0x1000)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
syz_usb_disconnect(r3)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x400c010}, 0x20004000)
recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001680)=""/4084, 0xff4}], 0x1}, 0x12041)

7.421544338s ago: executing program 0 (id=636):
r0 = syz_open_dev$sndpcmc(0x0, 0x1, 0x4001)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
write(0xffffffffffffffff, &(0x7f00000002c0)="6f4af2bf2eb8d03c8f49d8bf43e94bb581ef6cbc81cbafe292adc4b1d742c15dd27f", 0x22)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xfffffffffffffffe}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r4 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006640)=[{{&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000380)="1300cfd441b2f3d32df65ca844dd84cbf2111d24e1c736ce25d4604f8a046c5cb4d7a1b4b2f485efa4c631ea76f73e184efcd5a51dfd1b25a62a0d06bc9239aed36f689b319c4bdda146156e48df6bc08131540076e9e6143831df32525e020e69e8", 0x62}, {&(0x7f0000000400)="06a79a00eecb8ac2c1fe59a35396963006b613d299b62617e207e6b3911bd691dedc7aa79a071732cf9b91680c574ad5ececb31914a785307effe3ab6486db2f77b289286ce988b148191b85a243dcc9f772", 0x52}], 0x2, &(0x7f0000002a40)=[@rights={{0x30, 0x1, 0x1, [r0, r6, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r5, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {r4, 0xffffffffffffffff}}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r0, r6, r5, r0, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, r2, 0xffffffffffffffff, r2, 0xffffffffffffffff, r2]}}], 0x100, 0x800}}, {{&(0x7f0000004680)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000004840)=[{&(0x7f0000004700)="829b0b86c2eb6390286aa999924f10b27407f2c124e3c3233a22128d04911f463e153ffb741dc6c59f1d4bcf10425b7959ac0a8dc165786f768f0cd4a57d0588a53f4eca4e9d6aa281be8230f38d5a01f70221248d637871a8f0b5b51fd4183674be776a8f623e451825f754ba058d4e71c152ef36185e03e20f5ed3e5892b3626e379f05d", 0x85}, {&(0x7f00000047c0)="d811ed9048678af57b4b0e3fba9669878caaf62bb7d6235369e4fc4d78a55a836be38407863ccf6e58f9f81e47d81c347b5ae23ac4ade98e577018ab565995a0bdedb693bacefe45b5db3cbb", 0x4c}], 0x2, &(0x7f0000000a00)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r4, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r1, @ANYBLOB="2400000000db3dba7aecfbc045801f887dda19ce67f50e185df82561213ea1f2b2b743706be0e5f57e07e555a78241fa4f20a5b77ead851b4adde6a4772dee1d8e4d69e23a4e119330e9b25a27107405c70f7491fc23c9736cc211b8822a49a1dda72b0df0738dcb61714c4a9732b2a69649f14b88ce8d295007a6018fb0e93b0c735d9ec662f7b6c87f5604355e1b7e70ef1570fefa4fbcb28ddfce608c3c46636f81dc39698b00000000000000000000eb8f134b6a56f52178314ce7b97512e86d3682eeaae6e7a5bdbec27c1f5dcc9b31558cee3734315c6cb51e69d0834eeb61fc4765f9f258d965e7e9bbc04bf266e7c059bbde1e7997590e142f6487ecf4c36733b056a21fdba199aa0b194562f027aa431ca458a2f133abac4c848eaed628febb59a5b5a358b1c64091de34d08348babe1205a6e1ba6a4017677b341dc041f961b239b273951ec548f9f57d7f457be49ad04dc1333138ce11e451854dacd563306561539176c69afe3f7616c51acd3485ab99d2fc6e842071965a1dd9858096de000000", @ANYRES32=r3, @ANYRES32, @ANYRES32, @ANYRES32=r2, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x68, 0x4040884}}, {{&(0x7f00000049c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000004c40)=[{&(0x7f0000004a40)="3371158577377ab25e6735fc10622747be29a40a6a34a2af54f1bf3e61463fabd3fed0ed0145d85e59804272d1cda786c2b3f1a2e783a54c1025465490ec437a069687ee13f36f83eccb9cf6f521e3eb31d5ff22c7d93836a493549d833ac94b87022be4669f0acbb328d6bff4a0ac069c03ffbd5639f738d9e28cdb9d87774edaf096c460306f9bdf810d45bd1c206da9370765ea3b4dcffbe9a2f44ef48165d1", 0xa1}, {&(0x7f0000004b00)="49e7cb66ed1867fbe6a04c824ef83ec2aa20640bd122eb6e5671d05184b8f7797eefc74159d586a87b52121da859adc6018dd2a34ce5c971fc6f5bc7cd53b922e2a56222134501c93c94f880cd710269d3fdbd366129084c521fe7", 0x5b}, {&(0x7f0000004b80)="52e09c028af0dddbfdba8676db8a4673c0dfd315a11d341dea65ef9dbc293fc14ac897cdad145744a7745d355f761f91763b7c64831e767e78962cd65af5f88405e1d800e2a92e20841a3a19177aa1e910784cdddcbb5bfeb82c3e5cacd8677ce33fdc5d42c0c24e8a7f545a5d1db46bff795c0bfa8e3797addd4531701a5e95fb1d042e562bb433c4c79f4b7005a64b09411bbac60f59cc37a0008c1b66228573c28e11157b0e11ce7369a41a7047f5f8ffd1d70cb1f5573e8506da7e53", 0xbe}], 0x3, &(0x7f0000004c80)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r5, 0xffffffffffffffff]}}], 0x20, 0x4005}}, {{&(0x7f0000004cc0)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f00000060c0)=[{&(0x7f0000004d40)="ddc0e6e522e4dc7cd0798690ca590aaf9cd225e560acb1bd288599fe1a4a02913be71f9b992c85b3624ee6391c3d0c870aaf04f608f0a07e0c6896a6d003947daa4e97c4bb3a8df05632ed258edcf3c05522c0b36c3d4a5fa2f358672d9a14027df13bba4becb66e87afc6903b2391fac98e66a46b010b864d737f0d97b1828debc69405301c855901be356a530e790a7eabedb832ce5038e2a1aa7a6651fa8755b3e2c6769c2e391c358a3db3daf5c32cc2e4774c3b22a73a9bc747b90e63ae52ae33efa17373d95e9fdca2c0dacc", 0xcf}, {&(0x7f0000004e40)="b2e01a57195d091f4a33dd6843c01b8cbca7f936812e7cd0ddd160e24b031a4b881b2d7cd5", 0x25}, {&(0x7f0000004e80)="c41c6ad92706983dc6a84c97b0418bf75f9daf4365deb67e0d68331b229f27f1de9162ed4478050ea2766a18a42b3b184cda57efd1ab0d8ef93c44f3da4bb5f02089860207", 0x45}, {&(0x7f0000004f00)="0bcbc35baac360b2cbb9ba15045eba3e4618922c3cf6c454ef2487b7e440137409cde92b8f2bfba57e49450898ce89f3cdc501bfac95429d50e3c5580ef6ea674b90e42c4cd41d1b209365dc59f7ea21250a25c292c0d5654153e0d18610375405e2b0b6d43110e28354a987d615c16fcb5d6760aca685fa11", 0x79}, {&(0x7f0000004f80)="932102896ebcdfc81f618498de870a0899e302ac0b51a30d72ed356a996bd95887a95d6495cd3fb0523762387576e7112d0a6066fdc14d443fc24a3697ec2b2d19ec03a666ef3eb2ef97a7e75a3f2b7ca89b703c5736f0428fb013620311930682ebe591fc6183d3ce08f221f56347486b4abd5e2ce861d4334499729aae19154cff13bb123e0bf8dee4c3025f100e984b51c3c7f50058a99eba579873f7b79ee5e21ea02468fc6fa90d6f4ae5ba7d91", 0xb0}, {&(0x7f0000005040)="6a7a9ae8b8b095a39893479ad3b6a88f67f186720fe429d66d21d1df18a6ee5d538084ab593db4c1f196f959034582e6e045b2b3e9f2c28bd02fd492db32f8077220fa157625694ab1efbd895306fd2917491dce34554c8b4d69", 0x5a}, {&(0x7f00000050c0)}], 0x7, &(0x7f0000006140)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [r6, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x90, 0x20000081}}, {{&(0x7f0000006480)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000006600)=[{&(0x7f0000006540)}], 0x1, 0x0, 0x0, 0x20000800}}], 0x5, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)=<r8=>0x0)
timer_settime(r8, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syslog(0x2, &(0x7f0000000740)=""/188, 0x24)
syz_usb_connect(0x1, 0x0, 0x0, 0x0)

6.612335863s ago: executing program 1 (id=637):
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000000)={0x2})
socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd28, 0x10, {0x2, 0x10, 0x0, 0x4, 0x3, 0x0, 0x0, 0x8, 0x2}, [@FRA_DST={0x8, 0x1, @remote}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480c4}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340), 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
open$dir(&(0x7f0000000b40)='./file1\x00', 0x1, 0x52)
linkat(r2, &(0x7f0000000100)='./file1\x00', r2, 0x0, 0x0)
unlink(&(0x7f0000000280)='./file1\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

5.178653937s ago: executing program 1 (id=638):
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
setuid(0xee01)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x5, 0xc95a, 0xfffffff3, 0x6, 0x9, 0x2, 0x1, 0x7f, 0x6, 0x7, 0xfffffff2, 0x5f, 0xa, 0x7, 0xffff2d33, 0x8, 0x6, 0xa, 0x0, 0x80000001, 0xca, 0x7, 0x5, 0x3c5b, 0x6, 0x22, 0x2, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x3, 0x3, 0x107fff, 0x4c74, 0x9, 0x0, 0xb, 0xa, 0x0, 0x71, 0x7, 0x2000007, 0x103, 0x0, 0x3, 0x39, 0x2, 0x6, 0x6, 0x3, 0x5, 0x0, 0x8, 0x10000000, 0x7f, 0x0, 0x5, 0x5, 0xa, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0x8, 0x129432e6, 0xca, 0xf9, 0xd, 0x9a2, 0x1, 0x9, 0xfffffffe, 0x8, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x8, 0x78, 0xea4, 0x80000000, 0x4, 0x0, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x801, 0x7, 0x4, 0x2009, 0x106, 0x2, 0x1ff, 0x3, 0x9, 0x8, 0x800, 0xfffffffe, 0x5, 0x0, 0x2, 0x8000, 0xffff, 0x2, 0x83, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xd, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x652, 0xfffffdfe, 0x0, 0x8ce, 0x9, 0x387d, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x7, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x1, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x1b1, 0x3, 0x200, 0x80000000, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d5, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x5, 0x6, 0xfffffffb, 0x4, 0x3, 0x8, 0x9, 0x8, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0xfffffffc, 0x5, 0xce5, 0x1fd, 0x6, 0x5, 0x5, 0x40000003, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x8, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffb, 0x5, 0x8, 0xc8, 0x3, 0x4, 0x3af, 0x200003, 0x5, 0x7ffffffd, 0x9602, 0xa, 0x8, 0x4, 0xffffffff, 0x1, 0x10002, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x3, 0x4, 0x5, 0xb1c, 0x1, 0x99f5, 0xffff3441, 0xfff]}, 0x45c)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x69, 0xf7, 0x4a, 0x20, 0x10b8, 0x1bb4, 0x3465, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x5d, 0x0, 0x0, 0x1c, 0x53, 0xc2}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000080)=ANY=[@ANYBLOB="2017cc"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000002480)={&(0x7f0000002440)=[{0x4, 0x2800, 0xef, &(0x7f00000059c0)="40bda32247968c6139126ec0900855252430ae872defa11473d63346447419885614679af1b21c19f78f62a564a68869c5a8b86f15c9c8165cf8f5cd6c0f5e96258cca71b0defac3b59a3d541d2b4e7a5a8dd8d41264c7d031820d68c2d913a53f12e4ff4c3dd42f29dc12237e3323c0574a81733302ea0708d315785b02dd492ccc5234efbc206c58ed6d57f63304584af4515b49ee44dfb7336259377e65bbe957133e4e6f3289c86bf33b14df8385477c66e9676052bcf06536fb29d93248223bc9e60d9503b1a553159e32f2e677346f77c2f64115b4d97581eff5eb223ed74fbd9e0e52862287180aabd1c81f"}], 0x1})

5.034994644s ago: executing program 3 (id=639):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x42, 0x1ec)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
sendmsg$tipc(r4, &(0x7f00000000c0)={&(0x7f0000000200)=@name, 0xfffffffffffffea1, 0x0, 0x0, 0x0, 0x0, 0x4000800}, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r4, 0x10f, 0x88)
write$binfmt_script(r3, &(0x7f00000001c0)={'#! ', './file0'}, 0xb)
close(r3)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f00000002c0)=0xfffffffe)
ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000100)=0xffff0080)
setsockopt$RDS_RECVERR(0xffffffffffffffff, 0x114, 0x5, 0x0, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)

3.877521472s ago: executing program 3 (id=640):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r0, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x41000000, 0x0, 0x0)

3.874517362s ago: executing program 4 (id=641):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
waitid(0x0, r6, 0x0, 0x8, 0xfffffffffffffffd)
waitid(0x1, r6, 0x0, 0x4, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000180)=[{&(0x7f0000000200)="2e0400001c00810ce00f80ecdb4cb9f207c804a00d000000010006fb0a0002000a0ada1b40d805481100c50083b8", 0x4f13}, {&(0x7f0000000140)="351d3c9c253645d143d2b687882ae53ef1372aff1ada70f0987dd6906990b13ae862"}, {&(0x7f0000000240)="7b27b15bb70ad10bb42b2d78924a6b74c3a8f9229110fbfc519dd43e07a533ab778a4e0a257e7951b5126dd9f2b6a3d3ee0e122e18ea78b26bd962c2d1a7fdbabf5739ddb66b5d5335f9f3fd4fbd1964caf9d6b7cff4defd06208e52d84d88b061cc2d741351a61411514fd354595906e6d3abee31abf8611c6cd04d7dd3db4d8942402dfc"}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

3.856100487s ago: executing program 2 (id=642):
r0 = syz_open_dev$sndctrl(0x0, 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000280)={{0x1, 0x0, 0x3, 0x0, 'syz1\x00'}, 0x0, [0x0, 0x83fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x100000000, 0x0, 0xfffffffffffffff8, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0xd451, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffff, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x80000000001, 0x7, 0x4, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffff0001, 0x0, 0x4000000]})

3.572259404s ago: executing program 2 (id=643):
r0 = socket$kcm(0xa, 0x1, 0x106)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
write$cgroup_pid(r2, &(0x7f0000000000), 0x2a979d)
ioctl$SIOCSIFHWADDR(r2, 0x401c5820, &(0x7f0000000080)={'macvlan1\x00', @broadcast})
setsockopt$sock_attach_bpf(r0, 0x29, 0x4a, 0x0, 0x4)
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x11, 0x30}, [], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r10, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x20, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4040)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e0301000000000064050000000000006916300000000000bf07000000000000260507000fff07206706000020000000470600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r11 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r11, 0xc1205531, &(0x7f00000000c0)=""/112)
ioctl$I2C_RDWR(r3, 0x707, &(0x7f0000000040)={&(0x7f0000001800)=[{0x63, 0x2800, 0x0, 0x0}, {0x8, 0x1011, 0x0, 0x0}], 0x2})

3.571883603s ago: executing program 3 (id=644):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r0, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0x8}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, 0x0)
read$msr(r1, &(0x7f000000d000)=""/102369, 0x8974)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x14, 0x15, 0x301, 0x0, 0x0, {0xc}}, 0x14}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)

2.510681278s ago: executing program 4 (id=645):
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x40, 0x4, &(0x7f0000006680))
timer_delete(0x0)

1.846770676s ago: executing program 0 (id=646):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x3)
r1 = syz_io_uring_setup(0x4aa, &(0x7f0000000380)={0x0, 0xfffffffc, 0x10100, 0x10000000, 0x334}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8126}})
io_uring_enter(r1, 0x38c5, 0x2000000, 0x0, 0x0, 0x0) (fail_nth: 2)

1.793717133s ago: executing program 3 (id=647):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007500000004000000070000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_setup(0x71b9, &(0x7f00000003c0)={0x0, 0xc63b, 0x80, 0x0, 0xca})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000140)=0x15)
pipe(&(0x7f00000001c0)={<r5=>0xffffffffffffffff})
readv(r5, &(0x7f0000002a40)=[{&(0x7f00000007c0)=""/4096, 0x1000}], 0x1)
ioctl$NBD_DISCONNECT(r5, 0xab08)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x7e)

1.689192389s ago: executing program 4 (id=648):
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000000)={0x2})
socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd28, 0x10, {0x2, 0x10, 0x0, 0x4, 0x3, 0x0, 0x0, 0x8, 0x2}, [@FRA_DST={0x8, 0x1, @remote}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480c4}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340), 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
open$dir(&(0x7f0000000b40)='./file1\x00', 0x1, 0x52)
linkat(r2, &(0x7f0000000100)='./file1\x00', r2, 0x0, 0x0)
unlink(&(0x7f0000000280)='./file1\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

1.206535802s ago: executing program 0 (id=649):
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
acct(0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='gadgetfs\x00', 0x0, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x3}, 0x10, 0x0)
r1 = io_uring_setup(0x4909, &(0x7f0000000180)={0x0, 0xd82b, 0x2, 0x1, 0x28c})
io_uring_enter(r1, 0x2a71, 0xa634, 0x6, &(0x7f0000000080)={[0x80000000]}, 0x8)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0/../file0/../file0\x00', 0x0, 0x820, 0x0)
r2 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x458, 0x500f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1, 0xfd, 0x1, {0x22, 0x4}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x1}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000300)={0x2c, &(0x7f0000000040)={0x0, 0xb, 0x4, {0x4, 0x30, "b9d0"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
mkdir(&(0x7f0000002200)='./file0\x00', 0x0) (async)
acct(0x0) (async)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='gadgetfs\x00', 0x0, 0x0) (async)
landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x3}, 0x10, 0x0) (async)
io_uring_setup(0x4909, &(0x7f0000000180)={0x0, 0xd82b, 0x2, 0x1, 0x28c}) (async)
io_uring_enter(r1, 0x2a71, 0xa634, 0x6, &(0x7f0000000080)={[0x80000000]}, 0x8) (async)
landlock_restrict_self(r0, 0x0) (async)
landlock_restrict_self(r0, 0x0) (async)
landlock_restrict_self(r0, 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0/../file0/../file0\x00', 0x0, 0x820, 0x0) (async)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x458, 0x500f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1, 0xfd, 0x1, {0x22, 0x4}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x1}}}}}]}}]}}, 0x0) (async)
syz_usb_control_io$hid(r2, 0x0, 0x0) (async)
syz_usb_control_io(r2, &(0x7f0000000300)={0x2c, &(0x7f0000000040)={0x0, 0xb, 0x4, {0x4, 0x30, "b9d0"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) (async)

156.931004ms ago: executing program 3 (id=650):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYRES32=0x0], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfff7fffffffffff5}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000400)={0x0, 0x9}, &(0x7f0000000440)=0x8)
migrate_pages(0x0, 0x8, &(0x7f0000000100)=0x7cd, &(0x7f0000000180)=0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000080)=0x7f)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000580)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{0x0}], 0x1}}], 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x32, 0xffffffffffffffff, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000480)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f00000003c0)=@gcm_256={{0x304}, "3d8b00", "d4cc4a4423daabeb8e7ba12fe6e1c742a683fa6e58757db76aae864d57fbaf37", "d5ea4a24", "5e963dfa951f9b3d"}, 0x38)
sendto$inet6(r5, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
socket$netlink(0x10, 0x3, 0xc)

0s ago: executing program 4 (id=651):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x42, 0x1ec)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
sendmsg$tipc(r4, &(0x7f00000000c0)={&(0x7f0000000200)=@name, 0xfffffffffffffea1, 0x0, 0x0, 0x0, 0x0, 0x4000800}, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r4, 0x10f, 0x88)
write$binfmt_script(r3, &(0x7f00000001c0)={'#! ', './file0'}, 0xb)
close(r3)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f00000002c0)=0xfffffffe)
ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000100)=0xffff0080)
setsockopt$RDS_RECVERR(0xffffffffffffffff, 0x114, 0x5, 0x0, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)

kernel console output (not intermixed with test programs):

   93.070089][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.153290][ T5828] 8021q: adding VLAN 0 to HW filter on device team0
[   93.169938][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   93.186456][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.193655][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.227883][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.235154][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.271787][ T1040] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.278996][ T1040] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.299393][ T1040] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.307026][ T1040] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.390437][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.517123][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   93.581452][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.588716][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.635522][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.642746][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.021771][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.113666][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.240669][ T5819] veth0_vlan: entered promiscuous mode
[   94.254794][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.275770][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.307458][ T5819] veth1_vlan: entered promiscuous mode
[   94.362121][ T5828] veth0_vlan: entered promiscuous mode
[   94.394403][ T5828] veth1_vlan: entered promiscuous mode
[   94.533218][ T5824] veth0_vlan: entered promiscuous mode
[   94.542478][ T5819] veth0_macvtap: entered promiscuous mode
[   94.557308][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.583380][ T5826] Bluetooth: hci0: command tx timeout
[   94.596173][ T5819] veth1_macvtap: entered promiscuous mode
[   94.614732][ T5828] veth0_macvtap: entered promiscuous mode
[   94.626756][ T5824] veth1_vlan: entered promiscuous mode
[   94.643976][ T5828] veth1_macvtap: entered promiscuous mode
[   94.658606][ T5826] Bluetooth: hci4: command tx timeout
[   94.664076][ T5826] Bluetooth: hci1: command tx timeout
[   94.669863][ T5837] Bluetooth: hci3: command tx timeout
[   94.669892][ T5825] Bluetooth: hci2: command tx timeout
[   94.731250][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.764687][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.806845][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.815546][ T5819] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.829399][ T5819] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.838435][ T5819] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.847171][ T5819] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.877599][ T5832] veth0_vlan: entered promiscuous mode
[   94.897939][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.912145][ T5824] veth0_macvtap: entered promiscuous mode
[   94.936563][ T5828] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.945705][ T5828] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.956115][ T5828] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.966147][ T5828] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.983367][ T5824] veth1_macvtap: entered promiscuous mode
[   95.019918][ T5832] veth1_vlan: entered promiscuous mode
[   95.036307][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.102464][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.116958][ T5824] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.127631][ T5824] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.137183][ T5824] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.146232][ T5824] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.204381][ T5832] veth0_macvtap: entered promiscuous mode
[   95.239726][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.256705][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.282373][ T5832] veth1_macvtap: entered promiscuous mode
[   95.302357][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.317132][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.384146][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.392938][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.399677][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.408088][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.413554][ T5831] veth0_vlan: entered promiscuous mode
[   95.447740][ T5831] veth1_vlan: entered promiscuous mode
[   95.474805][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.526339][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.560042][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   95.596710][ T3539] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.607775][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.629574][ T3539] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.637629][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.649119][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.657864][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.741495][ T5831] veth0_macvtap: entered promiscuous mode
[   95.811738][ T5831] veth1_macvtap: entered promiscuous mode
[   95.824018][ T3539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.845032][ T5947] syz_tun: refused to change device tx_queue_len
[   95.848810][ T3539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.022805][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.084293][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.124112][ T5831] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.664955][ T5825] Bluetooth: hci0: command tx timeout
[   96.805038][ T5831] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.813931][ T5831] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.823948][ T5831] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.885218][ T5825] Bluetooth: hci1: command tx timeout
[   96.890825][ T5825] Bluetooth: hci3: command tx timeout
[   96.896737][ T5826] Bluetooth: hci4: command tx timeout
[   96.902616][   T51] Bluetooth: hci2: command tx timeout
[   97.049717][ T5957] netlink: 68 bytes leftover after parsing attributes in process `syz.3.7'.
[   97.284169][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   97.306726][   T43] cfg80211: failed to load regulatory.db
[   97.367678][ T5960] overlayfs: failed to resolve './file0': -2
[   97.659071][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.666918][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.678085][ T3539] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.704050][ T3539] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.883613][ T1040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.908822][ T1040] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.002680][ T1040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.023289][ T1040] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.802055][ T5988] syz.0.11: attempt to access beyond end of device
[   98.802055][ T5988] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[   98.895851][ T5992] netlink: 'syz.4.5': attribute type 9 has an invalid length.
[   98.907778][ T5992] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5'.
[   98.936652][ T5992] hsr0: entered promiscuous mode
[   98.944227][ T5992] macvlan2: entered promiscuous mode
[   98.950729][ T5992] macvlan2: entered allmulticast mode
[   98.956531][ T5992] hsr0: entered allmulticast mode
[   98.965820][ T5992] hsr_slave_0: entered allmulticast mode
[   98.972294][ T5992] hsr_slave_1: entered allmulticast mode
[   99.223985][ T5887] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   99.658580][ T6003] Zero length message leads to an empty skb
[   99.697975][ T2153] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   99.971000][ T2153] usb 1-1: Using ep0 maxpacket: 32
[  100.087300][ T2153] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  100.158776][ T5887] usb 2-1: Using ep0 maxpacket: 32
[  100.218229][ T2153] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  100.237215][ T2153] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  100.259382][ T2153] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  100.335710][ T5887] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  100.359976][ T5887] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  100.638276][ T2153] usb 1-1: config 0 interface 0 has no altsetting 0
[  100.691802][ T2153] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  100.735666][ T2153] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  100.772211][ T2153] usb 1-1: Product: syz
[  100.783640][ T2153] usb 1-1: Manufacturer: syz
[  100.796269][ T2153] usb 1-1: SerialNumber: syz
[  100.800282][ T5887] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  101.782783][ T5887] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  101.800396][ T5887] usb 2-1: config 0 interface 0 has no altsetting 0
[  102.039601][ T5887] usb 2-1: string descriptor 0 read error: -71
[  102.064546][ T5887] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  102.065827][ T2153] usb 1-1: config 0 descriptor??
[  102.110425][ T5887] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  102.151212][ T5887] usb 2-1: config 0 descriptor??
[  102.174844][ T5887] usb 2-1: can't set config #0, error -71
[  102.219196][ T5887] usb 2-1: USB disconnect, device number 2
[  102.438337][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  102.449564][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.608411][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.658482][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  102.668356][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  102.748270][ T2153] usb 1-1: can't set config #0, error -71
[  102.812616][ T2153] usb 1-1: USB disconnect, device number 2
[  103.218774][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  103.378434][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  103.388458][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.397103][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.738371][ T5887] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  104.041394][ T6029] FAULT_INJECTION: forcing a failure.
[  104.041394][ T6029] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  104.097569][ T6029] CPU: 0 UID: 0 PID: 6029 Comm: syz.0.21 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  104.097598][ T6029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  104.097615][ T6029] Call Trace:
[  104.097627][ T6029]  <TASK>
[  104.097637][ T6029]  dump_stack_lvl+0x189/0x250
[  104.097680][ T6029]  ? __pfx____ratelimit+0x10/0x10
[  104.097706][ T6029]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.097736][ T6029]  ? __pfx__printk+0x10/0x10
[  104.097758][ T6029]  ? fs_reclaim_acquire+0x7d/0x100
[  104.097797][ T6029]  should_fail_ex+0x414/0x560
[  104.097830][ T6029]  prepare_alloc_pages+0x213/0x610
[  104.097867][ T6029]  __alloc_frozen_pages_noprof+0x123/0x370
[  104.097903][ T6029]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  104.097960][ T6029]  alloc_pages_bulk_noprof+0x560/0x710
[  104.097991][ T6029]  ? rcu_is_watching+0x15/0xb0
[  104.098022][ T6029]  ? trace_kmalloc+0x1f/0xd0
[  104.098044][ T6029]  ? __kmalloc_noprof+0x29b/0x4f0
[  104.098067][ T6029]  ? copy_splice_read+0x143/0x9b0
[  104.098101][ T6029]  copy_splice_read+0x173/0x9b0
[  104.098138][ T6029]  ? __pfx_copy_splice_read+0x10/0x10
[  104.098177][ T6029]  ? register_lock_class+0x51/0x320
[  104.098211][ T6029]  ? file_end_write+0xd8/0x250
[  104.098237][ T6029]  ? direct_splice_actor+0x10c/0x160
[  104.098263][ T6029]  ? __pfx_shmem_file_splice_read+0x10/0x10
[  104.098289][ T6029]  splice_direct_to_actor+0x4d0/0xcc0
[  104.098335][ T6029]  ? __pfx_direct_splice_actor+0x10/0x10
[  104.098360][ T6029]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  104.098397][ T6029]  do_splice_direct+0x181/0x270
[  104.098425][ T6029]  ? __pfx_do_splice_direct+0x10/0x10
[  104.098451][ T6029]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  104.098481][ T6029]  ? bpf_lsm_file_permission+0x9/0x20
[  104.098507][ T6029]  ? security_file_permission+0x75/0x290
[  104.098534][ T6029]  ? rw_verify_area+0x258/0x650
[  104.098561][ T6029]  do_sendfile+0x4da/0x7e0
[  104.098607][ T6029]  ? __pfx_vfs_write+0x10/0x10
[  104.098637][ T6029]  ? __pfx_do_sendfile+0x10/0x10
[  104.098665][ T6029]  ? __fget_files+0x3a0/0x420
[  104.098704][ T6029]  __se_sys_sendfile64+0x13e/0x190
[  104.098736][ T6029]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  104.098762][ T6029]  ? rcu_is_watching+0x15/0xb0
[  104.098797][ T6029]  ? do_syscall_64+0xbe/0x3b0
[  104.098828][ T6029]  do_syscall_64+0xfa/0x3b0
[  104.098853][ T6029]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.098878][ T6029]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.098898][ T6029]  ? clear_bhb_loop+0x60/0xb0
[  104.098932][ T6029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.098952][ T6029] RIP: 0033:0x7ffb4098e929
[  104.098976][ T6029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.098993][ T6029] RSP: 002b:00007ffb4180f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  104.099015][ T6029] RAX: ffffffffffffffda RBX: 00007ffb40bb5fa0 RCX: 00007ffb4098e929
[  104.099030][ T6029] RDX: 0000000000000000 RSI: 000000000000000e RDI: 000000000000000f
[  104.099041][ T6029] RBP: 00007ffb4180f090 R08: 0000000000000000 R09: 0000000000000000
[  104.099052][ T6029] R10: 0000000100000005 R11: 0000000000000246 R12: 0000000000000002
[  104.099064][ T6029] R13: 0000000000000000 R14: 00007ffb40bb5fa0 R15: 00007ffc3d9d9168
[  104.099095][ T6029]  </TASK>
[  104.841433][ T5887] usb 4-1: config 0 has an invalid interface number: 120 but max is 0
[  104.852916][ T5887] usb 4-1: config 0 has no interface number 0
[  104.870445][ T5887] usb 4-1: config 0 interface 120 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  104.928478][ T5896] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  105.113271][ T5887] usb 4-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  105.279151][ T5896] usb 2-1: Using ep0 maxpacket: 16
[  105.350598][ T5896] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  105.427316][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  105.558729][ T5896] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  105.608038][ T5887] usb 4-1: config 0 descriptor??
[  105.711992][ T5896] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  105.860075][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.872656][ T5887] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.120/input/input5
[  105.892024][ T5896] usb 2-1: Product: syz
[  105.913052][ T6023] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.928196][ T5896] usb 2-1: Manufacturer: syz
[  105.954915][ T5896] usb 2-1: SerialNumber: syz
[  105.960645][ T6023] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  106.082788][ T5980] usb 4-1: USB disconnect, device number 2
[  106.128292][   T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  106.477069][   T24] usb 1-1: Using ep0 maxpacket: 8
[  106.750838][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  106.890057][   T24] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00
[  106.997568][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.428549][   T24] usb 1-1: config 0 descriptor??
[  107.434656][ T5896] usb 2-1: 0:2 : does not exist
[  107.547181][ T5896] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  107.760562][ T5896] usb 2-1: USB disconnect, device number 3
[  107.768555][ T6050] syz.3.27 uses obsolete (PF_INET,SOCK_PACKET)
[  108.774792][   T24] usbhid 1-1:0.0: can't add hid device: -71
[  108.905332][   T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  108.914909][ T6044] udevd[6044]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  108.945609][   T24] usb 1-1: USB disconnect, device number 3
[  109.184653][ T6061] syz_tun: refused to change device tx_queue_len
[  110.560871][ T6064] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  110.588472][ T6064] Illegal XDP return value 4294967282 on prog  (id 8) dev N/A, expect packet loss!
[  110.624435][ T6078] mmap: syz.1.34 (6078) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  110.738222][ T5980] usb 3-1: new low-speed USB device number 2 using dummy_hcd
[  111.051365][ T5980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  111.267818][ T5980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  111.323269][ T5980] usb 3-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  111.348192][ T5980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.409310][ T5980] usb 3-1: config 0 descriptor??
[  112.904876][ T5980] glorious 0003:258A:0036.0001: unknown main item tag 0x1
[  112.943403][ T5980] glorious 0003:258A:0036.0001: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.2-1/input0
[  112.970560][ T6098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  113.016572][ T6098] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.315538][ T6105] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  117.798277][   T10] usb 3-1: USB disconnect, device number 2
[  119.467081][ T6127] 9pnet_fd: Insufficient options for proto=fd
[  119.756968][ T6126] bridge0: port 3(batadv1) entered blocking state
[  119.837136][ T6126] bridge0: port 3(batadv1) entered disabled state
[  119.866337][ T6126] batadv1: entered allmulticast mode
[  119.907659][ T6126] batadv1: entered promiscuous mode
[  120.132278][   T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  120.359408][   T24] usb 4-1: Using ep0 maxpacket: 32
[  120.407674][ T5917] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  120.417289][ T5917] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  120.537206][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  120.716471][   T24] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  120.872433][   T24] usb 4-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00
[  120.882000][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.890216][ T6141] netlink: 12 bytes leftover after parsing attributes in process `syz.0.50'.
[  120.893921][   T24] usb 4-1: config 0 descriptor??
[  121.268668][   T10] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  121.785268][ T6154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  121.820835][   T10] usb 2-1: config 0 has an invalid interface number: 93 but max is 0
[  121.852892][ T6154] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  121.861754][   T10] usb 2-1: config 0 has no interface number 0
[  121.871549][ T6154] Bluetooth: MGMT ver 1.23
[  121.930294][ T6154] netlink: 8 bytes leftover after parsing attributes in process `syz.3.47'.
[  122.021358][   T10] usb 2-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  122.038177][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.052116][   T10] usb 2-1: Product: syz
[  122.056396][   T10] usb 2-1: Manufacturer: syz
[  122.070749][ T5821] usb 4-1: USB disconnect, device number 3
[  122.091997][   T10] usb 2-1: SerialNumber: syz
[  122.263951][   T10] usb 2-1: config 0 descriptor??
[  122.809417][   T10] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in cold state, will try to load a firmware
[  122.993149][   T10] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  123.006588][   T10] dib0700: firmware download failed at 7 with -22
[  123.033313][   T10] usb 2-1: USB disconnect, device number 4
[  123.088746][ T5821] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  123.242145][ T6169] IPv6: Can't replace route, no match found
[  123.305978][ T5821] usb 4-1: unable to get BOS descriptor or descriptor too short
[  123.336057][ T5821] usb 4-1: not running at top speed; connect to a high speed hub
[  123.368669][ T5821] usb 4-1: config 4 has an invalid interface number: 32 but max is 0
[  123.385389][ T5821] usb 4-1: config 4 has no interface number 0
[  123.411603][ T5821] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=f1.50
[  123.433899][ T5821] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.457144][ T5821] usb 4-1: Product: syz
[  123.470585][ T5821] usb 4-1: Manufacturer: syz
[  123.486346][ T5821] usb 4-1: SerialNumber: syz
[  123.780396][ T2153] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  123.793369][ T6167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  123.814021][ T6167] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  123.864050][ T5821] usb 4-1: Found UVC 0.02 device syz (17dc:0202)
[  123.887706][ T5821] usb 4-1: No valid video chain found.
[  123.922224][ T5821] usb 4-1: USB disconnect, device number 4
[  123.965691][ T2153] usb 5-1: Using ep0 maxpacket: 32
[  123.996168][ T2153] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  124.091498][ T2153] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  124.136834][ T2153] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  124.155930][ T2153] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  124.174277][ T2153] usb 5-1: config 0 interface 0 has no altsetting 0
[  124.187182][ T2153] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  124.203457][ T2153] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  124.234132][ T2153] usb 5-1: Product: syz
[  124.242877][ T2153] usb 5-1: Manufacturer: syz
[  124.258207][ T2153] usb 5-1: SerialNumber: syz
[  124.276080][ T2153] usb 5-1: config 0 descriptor??
[  124.296424][ T2153] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  124.333177][ T2153] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  124.756164][    C0] ldusb 5-1:0.0: usb_submit_urb failed (-19)
[  124.762545][ T2153] usb 5-1: USB disconnect, device number 2
[  125.056974][ T2153] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  127.161639][ T6205] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  127.276852][ T6205] netlink: 4 bytes leftover after parsing attributes in process `syz.3.67'.
[  127.454560][ T6205] bridge_slave_1: left allmulticast mode
[  127.460443][ T6205] bridge_slave_1: left promiscuous mode
[  127.467189][ T6205] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.229061][ T6205] bridge_slave_0: left allmulticast mode
[  128.234779][ T6205] bridge_slave_0: left promiscuous mode
[  129.041773][ T6205] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.068865][ T6213] IPv6: Can't replace route, no match found
[  129.216620][ T6223] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.70'.
[  129.226006][ T6223] bridge: RTM_NEWNEIGH with invalid state 0x1
[  129.348639][ T6228] netlink: 4 bytes leftover after parsing attributes in process `syz.0.72'.
[  129.818478][ T2153] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  130.099663][ T2153] usb 3-1: device descriptor read/64, error -71
[  130.534752][ T2153] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  130.568333][ T5821] usb 1-1: new low-speed USB device number 4 using dummy_hcd
[  130.711783][ T6253] IPv6: Can't replace route, no match found
[  130.746997][ T2153] usb 3-1: device descriptor read/64, error -71
[  130.751938][ T5821] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  130.794831][ T5821] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  130.827470][ T5821] usb 1-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  130.848523][ T5821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.872044][ T5821] usb 1-1: config 0 descriptor??
[  130.894580][ T2153] usb usb3-port1: attempt power cycle
[  131.258314][ T2153] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  131.299172][ T2153] usb 3-1: device descriptor read/8, error -71
[  131.321095][ T5821] glorious 0003:258A:0036.0002: unknown main item tag 0x1
[  131.350702][ T5821] glorious 0003:258A:0036.0002: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.0-1/input0
[  131.600180][ T2153] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  131.623867][ T6266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.639578][ T2153] usb 3-1: device descriptor read/8, error -71
[  131.663206][ T6266] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.778917][ T2153] usb usb3-port1: unable to enumerate USB device
[  132.936187][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  133.094522][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  133.554041][ T6275] netlink: 17 bytes leftover after parsing attributes in process `syz.3.86'.
[  133.862665][ T6275] netlink: zone id is out of range
[  134.097952][ T6275] netlink: zone id is out of range
[  134.218359][ T6275] netlink: zone id is out of range
[  134.223533][ T6275] netlink: zone id is out of range
[  134.228732][ T6275] netlink: zone id is out of range
[  134.233864][ T6275] netlink: zone id is out of range
[  134.239538][ T6275] netlink: zone id is out of range
[  134.244692][ T6275] netlink: zone id is out of range
[  134.250577][ T6275] netlink: zone id is out of range
[  134.255722][ T6275] netlink: zone id is out of range
[  135.914502][ T6296] FAULT_INJECTION: forcing a failure.
[  135.914502][ T6296] name failslab, interval 1, probability 0, space 0, times 0
[  135.927431][ T6296] CPU: 1 UID: 0 PID: 6296 Comm: syz.4.87 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  135.927456][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  135.927468][ T6296] Call Trace:
[  135.927476][ T6296]  <TASK>
[  135.927484][ T6296]  dump_stack_lvl+0x189/0x250
[  135.927518][ T6296]  ? __pfx____ratelimit+0x10/0x10
[  135.927543][ T6296]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.927571][ T6296]  ? __pfx__printk+0x10/0x10
[  135.927594][ T6296]  ? __pfx___might_resched+0x10/0x10
[  135.927623][ T6296]  ? fs_reclaim_acquire+0x7d/0x100
[  135.927657][ T6296]  should_fail_ex+0x414/0x560
[  135.927688][ T6296]  should_failslab+0xa8/0x100
[  135.927716][ T6296]  __kmalloc_noprof+0xcb/0x4f0
[  135.927739][ T6296]  ? tomoyo_mount_permission+0x27a/0x970
[  135.927766][ T6296]  ? tomoyo_encode+0x28b/0x550
[  135.927800][ T6296]  tomoyo_encode+0x28b/0x550
[  135.927829][ T6296]  ? tomoyo_mount_permission+0x27a/0x970
[  135.927858][ T6296]  tomoyo_mount_permission+0x331/0x970
[  135.927885][ T6296]  ? trace_irq_disable+0x37/0x110
[  135.927912][ T6296]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  135.927937][ T6296]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  135.928028][ T6296]  security_sb_mount+0xec/0x350
[  135.928054][ T6296]  path_mount+0xbc/0xfe0
[  135.928088][ T6296]  ? user_path_at+0x44/0x60
[  135.928106][ T6296]  ? kmem_cache_free+0x18f/0x400
[  135.928139][ T6296]  __se_sys_mount+0x317/0x410
[  135.928174][ T6296]  ? __pfx___se_sys_mount+0x10/0x10
[  135.928208][ T6296]  ? do_syscall_64+0xbe/0x3b0
[  135.928232][ T6296]  ? __x64_sys_mount+0x20/0xc0
[  135.928262][ T6296]  do_syscall_64+0xfa/0x3b0
[  135.928289][ T6296]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.928308][ T6296]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  135.928327][ T6296]  ? clear_bhb_loop+0x60/0xb0
[  135.928351][ T6296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.928370][ T6296] RIP: 0033:0x7fa3e998e929
[  135.928388][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.928403][ T6296] RSP: 002b:00007fa3ea785038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  135.928424][ T6296] RAX: ffffffffffffffda RBX: 00007fa3e9bb6160 RCX: 00007fa3e998e929
[  135.928438][ T6296] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 0000000000000000
[  135.928451][ T6296] RBP: 00007fa3ea785090 R08: 0000200000000040 R09: 0000000000000000
[  135.928464][ T6296] R10: 0000000001008008 R11: 0000000000000246 R12: 0000000000000001
[  135.928476][ T6296] R13: 0000000000000000 R14: 00007fa3e9bb6160 R15: 00007ffcb49f4238
[  135.928507][ T6296]  </TASK>
[  136.227146][ T5821] usb 1-1: USB disconnect, device number 4
[  136.454868][ T6299] IPv6: Can't replace route, no match found
[  136.676662][ T6304] binder: 6301:6304 ioctl 4018620d 0 returned -22
[  136.786253][ T6303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.93'.
[  137.217008][ T6303] ipvlan2: entered promiscuous mode
[  137.322737][ T6303] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  137.361321][ T6303] team0: Device ipvlan2 is already an upper device of the team interface
[  140.454645][ T2153] usb 5-1: new low-speed USB device number 3 using dummy_hcd
[  140.770359][ T2153] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  140.911839][ T2153] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.004157][ T2153] usb 5-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  141.053895][ T2153] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.056635][ T2153] usb 5-1: config 0 descriptor??
[  141.303337][ T6343] IPv6: Can't replace route, no match found
[  141.338783][  T977] usb 4-1: new low-speed USB device number 5 using dummy_hcd
[  141.511081][  T977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  141.580757][ T2153] glorious 0003:258A:0036.0003: unknown main item tag 0x1
[  141.607528][  T977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.609282][ T2153] glorious 0003:258A:0036.0003: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.4-1/input0
[  141.638203][  T977] usb 4-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  141.647619][  T977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.506560][  T977] usb 4-1: config 0 descriptor??
[  142.563110][ T6353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  142.625835][ T6353] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.096775][  T977] glorious 0003:258A:0036.0004: unknown main item tag 0x1
[  143.769744][ T6365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.789147][  T977] glorious 0003:258A:0036.0004: hidraw1: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.3-1/input0
[  143.790092][ T6365] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.343578][    T9] usb 5-1: USB disconnect, device number 3
[  146.418501][  T977] usb 4-1: USB disconnect, device number 5
[  146.792941][ T6387] netlink: 12 bytes leftover after parsing attributes in process `syz.4.116'.
[  146.824353][ T6374] fido_id[6374]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  147.033191][ T6391] IPv6: Can't replace route, no match found
[  151.188938][ T2153] usb 5-1: new low-speed USB device number 4 using dummy_hcd
[  152.178245][ T2153] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  152.200172][ T2153] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  152.247462][ T2153] usb 5-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  152.393512][ T2153] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.776128][ T2153] usb 5-1: config 0 descriptor??
[  152.790145][ T6426] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  153.236405][ T2153] glorious 0003:258A:0036.0005: unknown main item tag 0x1
[  153.489124][ T2153] glorious 0003:258A:0036.0005: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.4-1/input0
[  153.525172][ T6458] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.558791][ T6458] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.122063][ T6456] IPv6: Can't replace route, no match found
[  157.332207][  T977] usb 5-1: USB disconnect, device number 4
[  157.438666][ T6471] netlink: 28 bytes leftover after parsing attributes in process `syz.2.139'.
[  157.795046][ T6471] netlink: 28 bytes leftover after parsing attributes in process `syz.2.139'.
[  158.292021][ T6472] net_ratelimit: 76 callbacks suppressed
[  158.292045][ T6472] sctp: failed to load transform for md5: -4
[  158.401239][ T6484] binder: 6476:6484 ioctl c0306201 0 returned -14
[  159.851629][ T6497] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.142'.
[  159.861097][ T6497] bridge: RTM_NEWNEIGH with invalid state 0x1
[  161.401766][ T5980] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  162.241848][ T5980] usb 2-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64
[  162.918229][ T5980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.940220][ T5980] usb 2-1: Product: syz
[  162.944455][ T5980] usb 2-1: Manufacturer: syz
[  162.950078][ T5980] usb 2-1: SerialNumber: syz
[  163.059542][ T5980] usb 2-1: config 0 descriptor??
[  163.074057][ T5980] hub 2-1:0.0: bad descriptor, ignoring hub
[  163.098178][ T5980] hub 2-1:0.0: probe with driver hub failed with error -5
[  163.111424][ T5980] f81232 2-1:0.0: f81534a converter detected
[  163.200940][ T6525] overlayfs: overlapping lowerdir path
[  163.242170][ T6528] netlink: 20 bytes leftover after parsing attributes in process `syz.0.151'.
[  163.243571][ T6525] syzkaller1: entered promiscuous mode
[  163.257346][ T6525] syzkaller1: entered allmulticast mode
[  163.271435][ T5980] f81534a ttyUSB0: f81232_set_register failed status: -71
[  163.281835][ T5980] f81534a ttyUSB0: probe with driver f81534a failed with error -5
[  163.349820][ T5980] usb 2-1: USB disconnect, device number 5
[  163.372705][ T5980] f81232 2-1:0.0: device disconnected
[  163.403831][   T30] audit: type=1326 audit(1749261382.506:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6531 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93d3d8e929 code=0x7ffc0000
[  163.481671][   T30] audit: type=1326 audit(1749261382.516:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6531 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f93d3d8e929 code=0x7ffc0000
[  163.527683][   T30] audit: type=1326 audit(1749261382.516:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6531 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93d3d8e929 code=0x7ffc0000
[  163.569983][   T30] audit: type=1326 audit(1749261382.516:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6531 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93d3d8e929 code=0x7ffc0000
[  163.594488][   T30] audit: type=1326 audit(1749261382.566:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6531 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f93d3d8e929 code=0x7ffc0000
[  163.617094][   T30] audit: type=1326 audit(1749261382.566:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6531 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93d3d8e929 code=0x7ffc0000
[  163.669687][   T30] audit: type=1326 audit(1749261382.566:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6531 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93d3d8e929 code=0x7ffc0000
[  163.714732][   T30] audit: type=1326 audit(1749261382.566:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6531 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f93d3d8e929 code=0x7ffc0000
[  163.738336][ T6532] netlink: 16 bytes leftover after parsing attributes in process `syz.3.154'.
[  163.754174][ T6532] netlink: 16 bytes leftover after parsing attributes in process `syz.3.154'.
[  163.824065][   T30] audit: type=1326 audit(1749261382.566:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6531 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93d3d8e929 code=0x7ffc0000
[  163.866528][   T30] audit: type=1326 audit(1749261382.566:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6531 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93d3d8e929 code=0x7ffc0000
[  163.943173][ T6546] netlink: 1010 bytes leftover after parsing attributes in process `syz.0.155'.
[  163.955249][ T6546] bridge: RTM_NEWNEIGH with invalid state 0x1
[  165.550458][ T5896] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  166.476620][ T5896] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  166.487287][ T5896] usb 4-1: config 0 has no interface number 0
[  166.522699][ T5896] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  166.558931][ T5896] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.617477][ T5896] usb 4-1: config 0 descriptor??
[  166.657891][ T5896] usb 4-1: selecting invalid altsetting 1
[  166.698967][ T5896] dvb_ttusb_budget: ttusb_init_controller: error
[  166.729711][ T5896] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  166.926358][ T6569] netlink: 4 bytes leftover after parsing attributes in process `syz.4.166'.
[  166.989101][ T5896] DVB: Unable to find symbol cx22700_attach()
[  167.109308][ T6569] team0: Port device team_slave_1 removed
[  167.118154][   T24] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  167.190673][ T5896] DVB: Unable to find symbol tda10046_attach()
[  167.205816][ T5896] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  167.298673][ T5896] usb 4-1: USB disconnect, device number 6
[  167.339884][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  167.368346][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  167.442861][   T24] usb 3-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00
[  167.495772][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.527912][   T24] usb 3-1: config 0 descriptor??
[  167.537752][ T6572] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  168.303980][ T6591] netlink: 1010 bytes leftover after parsing attributes in process `syz.3.172'.
[  168.600623][ T5980] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  168.722333][   T24] apple 0003:05AC:0264.0006: unknown main item tag 0x6
[  168.778300][   T24] apple 0003:05AC:0264.0006: unbalanced delimiter at end of report description
[  168.788835][   T24] apple 0003:05AC:0264.0006: parse failed
[  168.794722][   T24] apple 0003:05AC:0264.0006: probe with driver apple failed with error -22
[  168.953196][ T5980] usb 1-1: Using ep0 maxpacket: 8
[  168.970311][ T6572] capability: warning: `syz.2.167' uses deprecated v2 capabilities in a way that may be insecure
[  168.988318][ T5980] usb 1-1: no configurations
[  168.998148][ T5980] usb 1-1: can't read configurations, error -22
[  169.019741][   T10] usb 3-1: USB disconnect, device number 7
[  170.060710][ T5980] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  170.514594][ T6611] FAULT_INJECTION: forcing a failure.
[  170.514594][ T6611] name failslab, interval 1, probability 0, space 0, times 0
[  170.607774][ T6611] CPU: 1 UID: 0 PID: 6611 Comm: syz.3.177 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  170.607805][ T6611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.607817][ T6611] Call Trace:
[  170.607826][ T6611]  <TASK>
[  170.607836][ T6611]  dump_stack_lvl+0x189/0x250
[  170.607871][ T6611]  ? __pfx____ratelimit+0x10/0x10
[  170.607897][ T6611]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.607926][ T6611]  ? __pfx__printk+0x10/0x10
[  170.607950][ T6611]  ? __pfx___might_resched+0x10/0x10
[  170.607979][ T6611]  ? fs_reclaim_acquire+0x7d/0x100
[  170.608015][ T6611]  should_fail_ex+0x414/0x560
[  170.608046][ T6611]  should_failslab+0xa8/0x100
[  170.608080][ T6611]  __kmalloc_noprof+0xcb/0x4f0
[  170.608104][ T6611]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  170.608132][ T6611]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  170.608161][ T6611]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  170.608197][ T6611]  genl_family_rcv_msg_doit+0xb8/0x300
[  170.608231][ T6611]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  170.608270][ T6611]  ? rcu_is_watching+0x15/0xb0
[  170.608299][ T6611]  ? cap_capable+0x11f/0x460
[  170.608324][ T6611]  ? safesetid_security_capable+0xa9/0x1a0
[  170.608352][ T6611]  ? bpf_lsm_capable+0x9/0x20
[  170.608369][ T6611]  ? security_capable+0x7e/0x2e0
[  170.608404][ T6611]  genl_rcv_msg+0x60e/0x790
[  170.608436][ T6611]  ? __pfx_genl_rcv_msg+0x10/0x10
[  170.608457][ T6611]  ? ref_tracker_free+0x63a/0x7d0
[  170.608482][ T6611]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  170.608503][ T6611]  ? __pfx_nl80211_register_unexpected_frame+0x10/0x10
[  170.608522][ T6611]  ? __pfx_nl80211_post_doit+0x10/0x10
[  170.608545][ T6611]  ? __pfx_ref_tracker_free+0x10/0x10
[  170.608584][ T6611]  netlink_rcv_skb+0x205/0x470
[  170.608616][ T6611]  ? __pfx_genl_rcv_msg+0x10/0x10
[  170.608651][ T6611]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  170.608701][ T6611]  ? down_read+0x1ad/0x2e0
[  170.608730][ T6611]  genl_rcv+0x28/0x40
[  170.608751][ T6611]  netlink_unicast+0x758/0x8d0
[  170.608790][ T6611]  netlink_sendmsg+0x805/0xb30
[  170.608820][ T6611]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.608848][ T6611]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  170.608872][ T6611]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.608892][ T6611]  __sock_sendmsg+0x219/0x270
[  170.608922][ T6611]  ____sys_sendmsg+0x505/0x830
[  170.608950][ T6611]  ? __pfx_____sys_sendmsg+0x10/0x10
[  170.608980][ T6611]  ? import_iovec+0x74/0xa0
[  170.609004][ T6611]  ___sys_sendmsg+0x21f/0x2a0
[  170.609028][ T6611]  ? __pfx____sys_sendmsg+0x10/0x10
[  170.609089][ T6611]  ? __fget_files+0x2a/0x420
[  170.609116][ T6611]  ? __fget_files+0x3a0/0x420
[  170.609154][ T6611]  __x64_sys_sendmsg+0x19b/0x260
[  170.609178][ T6611]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  170.609209][ T6611]  ? __pfx_ksys_write+0x10/0x10
[  170.609230][ T6611]  ? rcu_is_watching+0x15/0xb0
[  170.609265][ T6611]  ? do_syscall_64+0xbe/0x3b0
[  170.609296][ T6611]  do_syscall_64+0xfa/0x3b0
[  170.609320][ T6611]  ? lockdep_hardirqs_on+0x9c/0x150
[  170.609344][ T6611]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.609363][ T6611]  ? clear_bhb_loop+0x60/0xb0
[  170.609388][ T6611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.609405][ T6611] RIP: 0033:0x7f93d3d8e929
[  170.609424][ T6611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.609440][ T6611] RSP: 002b:00007f93d4b8a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  170.609461][ T6611] RAX: ffffffffffffffda RBX: 00007f93d3fb5fa0 RCX: 00007f93d3d8e929
[  170.609475][ T6611] RDX: 0000000000040000 RSI: 0000200000000840 RDI: 0000000000000003
[  170.609487][ T6611] RBP: 00007f93d4b8a090 R08: 0000000000000000 R09: 0000000000000000
[  170.609516][ T6611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.609527][ T6611] R13: 0000000000000000 R14: 00007f93d3fb5fa0 R15: 00007ffc3d625dc8
[  170.609560][ T6611]  </TASK>
[  171.930771][ T6634] netlink: 1010 bytes leftover after parsing attributes in process `syz.0.183'.
[  171.943160][ T6634] bridge: RTM_NEWNEIGH with invalid state 0x1
[  172.098357][   T43] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  172.231668][   T43] usb 4-1: device descriptor read/64, error -71
[  172.480964][   T43] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  172.532271][ T6646] netlink: 17 bytes leftover after parsing attributes in process `syz.1.186'.
[  172.541634][ T6646] netlink: zone id is out of range
[  172.546791][ T6646] netlink: zone id is out of range
[  172.553395][ T6646] netlink: zone id is out of range
[  172.591105][ T6646] netlink: zone id is out of range
[  172.690276][ T2153] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  172.780698][ T6646] netlink: zone id is out of range
[  172.917888][ T6648] openvswitch: netlink: Tunnel attr 4104 out of range max 16
[  173.001622][ T2153] usb 5-1: config index 0 descriptor too short (expected 8562, got 36)
[  173.040893][   T43] usb 4-1: device descriptor read/64, error -71
[  173.051614][ T6646] netlink: zone id is out of range
[  173.103257][ T2153] usb 5-1: config 32 has too many interfaces: 157, using maximum allowed: 32
[  173.116753][ T6646] netlink: zone id is out of range
[  173.221356][ T2153] usb 5-1: config 32 has an invalid descriptor of length 167, skipping remainder of the config
[  173.240120][ T6646] netlink: zone id is out of range
[  173.322714][ T6646] netlink: zone id is out of range
[  173.398622][ T2153] usb 5-1: config 32 has 0 interfaces, different from the descriptor's value: 157
[  173.427695][ T6647] orangefs_mount: mount request failed with -4
[  173.436040][   T43] usb usb4-port1: attempt power cycle
[  173.484527][ T2153] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  173.567740][ T2153] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.639258][   T43] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  174.706205][   T43] usb 4-1: device descriptor read/8, error -71
[  174.924849][ T2153] usb 5-1: USB disconnect, device number 5
[  175.162200][ T6669] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[  176.816794][ T6660] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  176.839648][ T6660] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  176.932678][   T24] IPVS: starting estimator thread 0...
[  176.974540][ T6660] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  176.988522][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout
[  177.090032][ T6678] IPVS: using max 29 ests per chain, 69600 per kthread
[  177.576074][ T6686] fuse: Bad value for 'fd'
[  178.218837][ T6660] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  178.686390][ T6660] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  178.799258][ T6660] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  179.021475][ T6660] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  179.036195][ T6660] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  179.080145][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout
[  179.811352][ T6660] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  179.859165][ T6660] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  179.885068][ T6660] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  180.249122][ T6702] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.197'.
[  180.258451][ T6702] bridge: RTM_NEWNEIGH with invalid state 0x1
[  180.268478][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout
[  181.058250][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout
[  181.138210][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout
[  181.938277][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout
[  181.983700][ T6660] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  182.017962][ T6699] binder: 6698:6699 ioctl c0306201 0 returned -14
[  182.026667][ T6660] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  182.053951][ T6660] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  182.065487][ T6660] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  182.348218][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout
[  182.441781][   T43] usb 3-1: new low-speed USB device number 8 using dummy_hcd
[  182.449892][   T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  183.216070][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout
[  183.227776][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  183.307455][ T6716] overlayfs: missing 'lowerdir'
[  183.612552][   T24] usb 5-1: Using ep0 maxpacket: 8
[  183.646711][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  183.773851][   T24] usb 5-1: device descriptor read/all, error -71
[  183.798162][   T43] usb 3-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  183.807257][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.839243][   T43] usb 3-1: config 0 descriptor??
[  184.028374][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout
[  184.113057][ T6723] netlink: 428 bytes leftover after parsing attributes in process `syz.0.205'.
[  184.123222][ T6723] netlink: 32 bytes leftover after parsing attributes in process `syz.0.205'.
[  184.130680][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout
[  184.418270][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout
[  185.298416][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout
[  185.363966][   T43] usbhid 3-1:0.0: can't add hid device: -71
[  185.370059][   T43] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  185.381945][   T43] usb 3-1: USB disconnect, device number 8
[  185.418421][   T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  186.672960][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout
[  186.673450][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout
[  187.048213][   T24] usb 5-1: device descriptor read/all, error -71
[  187.108332][   T24] usb usb5-port1: attempt power cycle
[  187.182730][ T6728] Cannot find add_set index 0 as target
[  187.701891][ T6747] netlink: 8 bytes leftover after parsing attributes in process `syz.1.211'.
[  187.701994][ T6747] netlink: 16 bytes leftover after parsing attributes in process `syz.1.211'.
[  188.985464][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout
[  190.299952][ T6767] netlink: 5 bytes leftover after parsing attributes in process `syz.4.216'.
[  190.968253][ T6773] IPv6: Can't replace route, no match found
[  194.408738][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  194.421219][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  195.654996][ T6806] can0: slcan on ptm0.
[  196.150372][ T6789] can0 (unregistered): slcan off ptm0.
[  197.352389][ T6814] netlink: 1010 bytes leftover after parsing attributes in process `syz.0.227'.
[  197.363045][ T6814] bridge: RTM_NEWNEIGH with invalid state 0x1
[  197.397686][ T6817] netlink: 24 bytes leftover after parsing attributes in process `syz.2.228'.
[  197.418903][ T6817] netlink: 4 bytes leftover after parsing attributes in process `syz.2.228'.
[  197.462626][ T6817] bridge0: entered promiscuous mode
[  197.536641][ T6817] macvlan2: entered promiscuous mode
[  197.999020][ T6826] FAULT_INJECTION: forcing a failure.
[  197.999020][ T6826] name failslab, interval 1, probability 0, space 0, times 0
[  198.072844][ T6826] CPU: 0 UID: 0 PID: 6826 Comm: syz.4.232 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  198.072872][ T6826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  198.072883][ T6826] Call Trace:
[  198.072893][ T6826]  <TASK>
[  198.072901][ T6826]  dump_stack_lvl+0x189/0x250
[  198.072945][ T6826]  ? __pfx____ratelimit+0x10/0x10
[  198.072971][ T6826]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.072999][ T6826]  ? __pfx__printk+0x10/0x10
[  198.073024][ T6826]  ? __pfx___might_resched+0x10/0x10
[  198.073058][ T6826]  should_fail_ex+0x414/0x560
[  198.073087][ T6826]  should_failslab+0xa8/0x100
[  198.073116][ T6826]  kmem_cache_alloc_noprof+0x73/0x3c0
[  198.073140][ T6826]  ? ptlock_alloc+0x20/0x70
[  198.073168][ T6826]  ptlock_alloc+0x20/0x70
[  198.073192][ T6826]  pte_alloc_one+0x7d/0x170
[  198.073227][ T6826]  __pte_alloc+0x25/0x1a0
[  198.073260][ T6826]  __handle_mm_fault+0x4b8a/0x5620
[  198.073310][ T6826]  ? __pfx___handle_mm_fault+0x10/0x10
[  198.073375][ T6826]  ? find_vma+0xe7/0x160
[  198.073398][ T6826]  ? __pfx_find_vma+0x10/0x10
[  198.073425][ T6826]  handle_mm_fault+0x2d5/0x7f0
[  198.073462][ T6826]  do_user_addr_fault+0x764/0x1390
[  198.073507][ T6826]  exc_page_fault+0x76/0xf0
[  198.073536][ T6826]  asm_exc_page_fault+0x26/0x30
[  198.073555][ T6826] RIP: 0010:rep_movs_alternative+0xf/0x90
[  198.073576][ T6826] Code: c4 10 c3 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd f6 03 00 66 2e
[  198.073592][ T6826] RSP: 0018:ffffc9001bc17bf8 EFLAGS: 00050202
[  198.073616][ T6826] RAX: 00007ffffffff001 RBX: 0000000000000004 RCX: 0000000000000004
[  198.073630][ T6826] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffc9001bc17c80
[  198.073643][ T6826] RBP: ffffc9001bc17cf0 R08: 0000000000000003 R09: 0000000000000004
[  198.073656][ T6826] R10: dffffc0000000000 R11: fffff52003782f90 R12: 0000000000004b46
[  198.073669][ T6826] R13: ffffc9001bc17c80 R14: ffffc9001bc17c80 R15: 0000200000000000
[  198.073704][ T6826]  _copy_from_user+0x7a/0xb0
[  198.073727][ T6826]  vt_do_kdsk_ioctl+0xbb/0xbe0
[  198.073754][ T6826]  ? rcu_is_watching+0x15/0xb0
[  198.073786][ T6826]  ? cap_capable+0x11f/0x460
[  198.073814][ T6826]  ? __pfx_vt_do_kdsk_ioctl+0x10/0x10
[  198.073836][ T6826]  ? bpf_lsm_capable+0x9/0x20
[  198.073853][ T6826]  ? security_capable+0x7e/0x2e0
[  198.073891][ T6826]  vt_ioctl+0x8b1/0x1d70
[  198.073927][ T6826]  ? __pfx_vt_ioctl+0x10/0x10
[  198.073952][ T6826]  ? smack_file_ioctl+0x24a/0x340
[  198.073979][ T6826]  ? __pfx_smack_file_ioctl+0x10/0x10
[  198.074017][ T6826]  ? __fget_files+0x3a0/0x420
[  198.074044][ T6826]  ? __fget_files+0x2a/0x420
[  198.074075][ T6826]  tty_ioctl+0x929/0xde0
[  198.074097][ T6826]  ? __pfx_tty_ioctl+0x10/0x10
[  198.074117][ T6826]  __se_sys_ioctl+0xfc/0x170
[  198.074142][ T6826]  do_syscall_64+0xfa/0x3b0
[  198.074168][ T6826]  ? lockdep_hardirqs_on+0x9c/0x150
[  198.074193][ T6826]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.074213][ T6826]  ? clear_bhb_loop+0x60/0xb0
[  198.074238][ T6826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.074257][ T6826] RIP: 0033:0x7fa3e998e929
[  198.074281][ T6826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.074297][ T6826] RSP: 002b:00007fa3ea7c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  198.074317][ T6826] RAX: ffffffffffffffda RBX: 00007fa3e9bb5fa0 RCX: 00007fa3e998e929
[  198.074331][ T6826] RDX: 0000200000000000 RSI: 0000000000004b46 RDI: 0000000000000003
[  198.074344][ T6826] RBP: 00007fa3ea7c7090 R08: 0000000000000000 R09: 0000000000000000
[  198.074356][ T6826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  198.074368][ T6826] R13: 0000000000000000 R14: 00007fa3e9bb5fa0 R15: 00007ffcb49f4238
[  198.074400][ T6826]  </TASK>
[  198.130039][   T24] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  199.220592][    T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  199.493820][    T9] usb 3-1: Using ep0 maxpacket: 32
[  199.551344][    T9] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  199.564780][    T9] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  199.801899][   T24] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.10
[  200.012191][    T9] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  200.020037][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.024243][    T9] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  200.048407][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  200.059195][    T9] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  200.068764][    T9] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  200.082674][    T9] usb 3-1: Product: syz
[  200.089058][    T9] usb 3-1: Manufacturer: syz
[  200.096636][   T24] usb 4-1: Product: syz
[  200.097030][    T9] usb 3-1: SerialNumber: syz
[  200.116197][    T9] usb 3-1: config 0 descriptor??
[  200.127897][   T24] usb 4-1: Manufacturer: syz
[  200.142633][    T9] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  200.143341][   T24] usb 4-1: SerialNumber: syz
[  200.191973][    T9] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  200.200015][   T24] usb 4-1: config 0 descriptor??
[  200.216372][   T24] go7007 4-1:0.0: probe with driver go7007 failed with error -12
[  200.544109][ T6853] netlink: 36 bytes leftover after parsing attributes in process `syz.3.230'.
[  200.853408][    C0] ldusb 3-1:0.0: usb_submit_urb failed (-19)
[  200.881682][    T9] usb 3-1: USB disconnect, device number 9
[  201.215689][    T9] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  202.302825][ T5980] usb 4-1: USB disconnect, device number 11
[  202.626554][ T6870] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.243'.
[  202.635800][ T6870] bridge: RTM_NEWNEIGH with invalid state 0x1
[  202.650650][ T6872] Invalid logical block size (510)
[  202.708222][    T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  202.871763][ T6877] netlink: 8 bytes leftover after parsing attributes in process `syz.2.245'.
[  203.286701][    T9] usb 1-1: Using ep0 maxpacket: 16
[  203.688978][    T9] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  203.698679][    T9] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  203.718186][    T9] usb 1-1: Product: syz
[  206.246872][    T9] usb 1-1: Manufacturer: syz
[  206.318493][    T9] usb 1-1: SerialNumber: syz
[  206.334037][    T9] usb 1-1: config 0 descriptor??
[  206.358822][    T9] usb 1-1: can't set config #0, error -71
[  206.435250][    T9] usb 1-1: USB disconnect, device number 7
[  208.152340][ T6905] Bluetooth: MGMT ver 1.23
[  208.221357][ T6910] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  208.221357][ T6910] The task syz.1.254 (6910) triggered the difference, watch for misbehavior.
[  208.896402][ T6912] mkiss: ax0: crc mode is auto.
[  209.065149][ T6919] netlink: 1010 bytes leftover after parsing attributes in process `syz.0.257'.
[  209.074469][ T6919] bridge: RTM_NEWNEIGH with invalid state 0x1
[  209.426755][ T6922] ip6t_srh: unknown srh invflags 7863
[  210.936142][ T6939] process 'syz.3.262' launched './file0' with NULL argv: empty string added
[  211.421209][ T6933] orangefs_mount: mount request failed with -4
[  215.598998][ T6979] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.271'.
[  215.608137][ T6979] bridge: RTM_NEWNEIGH with invalid state 0x1
[  216.207251][ T6984] FAULT_INJECTION: forcing a failure.
[  216.207251][ T6984] name failslab, interval 1, probability 0, space 0, times 0
[  216.225126][ T6984] CPU: 0 UID: 0 PID: 6984 Comm: syz.0.273 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  216.225155][ T6984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  216.225168][ T6984] Call Trace:
[  216.225177][ T6984]  <TASK>
[  216.225187][ T6984]  dump_stack_lvl+0x189/0x250
[  216.225224][ T6984]  ? __pfx____ratelimit+0x10/0x10
[  216.225252][ T6984]  ? __pfx_dump_stack_lvl+0x10/0x10
[  216.225282][ T6984]  ? __pfx__printk+0x10/0x10
[  216.225412][ T6984]  ? __pfx___might_resched+0x10/0x10
[  216.225441][ T6984]  ? fs_reclaim_acquire+0x7d/0x100
[  216.225477][ T6984]  should_fail_ex+0x414/0x560
[  216.225509][ T6984]  should_failslab+0xa8/0x100
[  216.225538][ T6984]  __kmalloc_cache_noprof+0x70/0x3d0
[  216.225586][ T6984]  ? rtnl_newlink+0xed/0x1c70
[  216.225614][ T6984]  ? kasan_save_free_info+0x46/0x50
[  216.225650][ T6984]  rtnl_newlink+0xed/0x1c70
[  216.225682][ T6984]  ? netlink_sendmsg+0x805/0xb30
[  216.225700][ T6984]  ? __sock_sendmsg+0x219/0x270
[  216.225724][ T6984]  ? ____sys_sendmsg+0x505/0x830
[  216.225742][ T6984]  ? ___sys_sendmsg+0x21f/0x2a0
[  216.225760][ T6984]  ? __x64_sys_sendmsg+0x19b/0x260
[  216.225778][ T6984]  ? do_syscall_64+0xfa/0x3b0
[  216.225803][ T6984]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.225832][ T6984]  ? __pfx_rtnl_newlink+0x10/0x10
[  216.225887][ T6984]  ? kasan_quarantine_put+0xdd/0x220
[  216.225909][ T6984]  ? lockdep_hardirqs_on+0x9c/0x150
[  216.225941][ T6984]  ? nlmon_xmit+0xb0/0x100
[  216.225969][ T6984]  ? kmem_cache_free+0x18f/0x400
[  216.226002][ T6984]  ? __local_bh_enable_ip+0x12d/0x1c0
[  216.226032][ T6984]  ? lockdep_hardirqs_on+0x9c/0x150
[  216.226058][ T6984]  ? __local_bh_enable_ip+0x12d/0x1c0
[  216.226086][ T6984]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  216.226120][ T6984]  ? __dev_queue_xmit+0x27e/0x3a70
[  216.226143][ T6984]  ? __dev_queue_xmit+0x27e/0x3a70
[  216.226164][ T6984]  ? __dev_queue_xmit+0x27e/0x3a70
[  216.226188][ T6984]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  216.226216][ T6984]  ? __lock_acquire+0xab9/0xd20
[  216.226272][ T6984]  ? __pfx_rtnl_newlink+0x10/0x10
[  216.226302][ T6984]  rtnetlink_rcv_msg+0x7cc/0xb70
[  216.226335][ T6984]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  216.226365][ T6984]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  216.226391][ T6984]  ? ref_tracker_free+0x63a/0x7d0
[  216.226417][ T6984]  ? __copy_skb_header+0xa7/0x550
[  216.226441][ T6984]  ? __pfx_ref_tracker_free+0x10/0x10
[  216.226469][ T6984]  ? __skb_clone+0x63/0x7a0
[  216.226500][ T6984]  netlink_rcv_skb+0x205/0x470
[  216.226534][ T6984]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  216.226575][ T6984]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  216.226622][ T6984]  ? netlink_deliver_tap+0x2e/0x1b0
[  216.226640][ T6984]  ? netlink_deliver_tap+0x2e/0x1b0
[  216.226666][ T6984]  netlink_unicast+0x758/0x8d0
[  216.226707][ T6984]  netlink_sendmsg+0x805/0xb30
[  216.226738][ T6984]  ? __pfx_netlink_sendmsg+0x10/0x10
[  216.226767][ T6984]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  216.226792][ T6984]  ? __pfx_netlink_sendmsg+0x10/0x10
[  216.226814][ T6984]  __sock_sendmsg+0x219/0x270
[  216.226844][ T6984]  ____sys_sendmsg+0x505/0x830
[  216.226871][ T6984]  ? __pfx_____sys_sendmsg+0x10/0x10
[  216.226902][ T6984]  ? import_iovec+0x74/0xa0
[  216.226928][ T6984]  ___sys_sendmsg+0x21f/0x2a0
[  216.226952][ T6984]  ? __pfx____sys_sendmsg+0x10/0x10
[  216.227011][ T6984]  ? __fget_files+0x2a/0x420
[  216.227037][ T6984]  ? __fget_files+0x3a0/0x420
[  216.227076][ T6984]  __x64_sys_sendmsg+0x19b/0x260
[  216.227099][ T6984]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  216.227130][ T6984]  ? __pfx_ksys_write+0x10/0x10
[  216.227152][ T6984]  ? rcu_is_watching+0x15/0xb0
[  216.227187][ T6984]  ? do_syscall_64+0xbe/0x3b0
[  216.227218][ T6984]  do_syscall_64+0xfa/0x3b0
[  216.227244][ T6984]  ? lockdep_hardirqs_on+0x9c/0x150
[  216.227269][ T6984]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.227289][ T6984]  ? clear_bhb_loop+0x60/0xb0
[  216.227314][ T6984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.227333][ T6984] RIP: 0033:0x7ffb4098e929
[  216.227352][ T6984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.227368][ T6984] RSP: 002b:00007ffb4180f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  216.227390][ T6984] RAX: ffffffffffffffda RBX: 00007ffb40bb5fa0 RCX: 00007ffb4098e929
[  216.227404][ T6984] RDX: 00000000200500bc RSI: 0000200000000080 RDI: 0000000000000003
[  216.227417][ T6984] RBP: 00007ffb4180f090 R08: 0000000000000000 R09: 0000000000000000
[  216.227428][ T6984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.227439][ T6984] R13: 0000000000000000 R14: 00007ffb40bb5fa0 R15: 00007ffc3d9d9168
[  216.227464][ T6984]  </TASK>
[  216.868429][ T5821] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  217.688783][ T5821] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  217.746131][ T6990] orangefs_mount: mount request failed with -4
[  217.950961][ T5821] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.963672][ T5821] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  217.974249][ T5821] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  218.401327][ T5821] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  218.414732][ T5821] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  218.423532][ T5821] usb 5-1: Manufacturer: syz
[  218.518639][ T5837] Bluetooth: hci2: unexpected event for opcode 0x2028
[  218.568708][ T5821] usb 5-1: config 0 descriptor??
[  218.801030][   T24] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  219.152653][   T24] usb 3-1: Using ep0 maxpacket: 32
[  219.172565][   T24] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  219.182939][   T43] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  219.214742][   T24] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  219.820239][   T43] usb 2-1: Using ep0 maxpacket: 32
[  219.827285][   T24] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  219.868684][   T43] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  219.888177][   T24] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  219.942224][   T43] usb 2-1: config 0 has no interface number 0
[  219.978293][ T5821] usbhid 5-1:0.0: can't add hid device: -71
[  220.001365][ T5821] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  220.018508][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  220.027354][   T43] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  220.047137][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.065600][   T24] usb 3-1: string descriptor 0 read error: -71
[  220.082006][ T5821] usb 5-1: USB disconnect, device number 9
[  220.096178][   T24] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  220.105449][   T43] usb 2-1: Product: syz
[  220.122630][   T43] usb 2-1: Manufacturer: syz
[  220.127307][   T43] usb 2-1: SerialNumber: syz
[  220.140328][   T24] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  220.196908][   T43] usb 2-1: config 0 descriptor??
[  220.204995][   T24] usb 3-1: config 0 descriptor??
[  220.221387][ T7011] netlink: 4 bytes leftover after parsing attributes in process `syz.0.281'.
[  220.231335][ T7011] netlink: 8 bytes leftover after parsing attributes in process `syz.0.281'.
[  220.246799][ T7011] netlink: 8 bytes leftover after parsing attributes in process `syz.0.281'.
[  220.250105][   T43] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  220.271942][   T24] usb 3-1: can't set config #0, error -71
[  220.287071][   T24] usb 3-1: USB disconnect, device number 10
[  220.469511][   T43] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  220.532852][   T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  220.541617][   T43] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  220.728210][   T10] usb 1-1: Using ep0 maxpacket: 8
[  220.744603][   T10] usb 1-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  220.764322][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.792852][   T10] usb 1-1: Product: syz
[  220.834231][   T10] usb 1-1: Manufacturer: syz
[  220.839512][   T10] usb 1-1: SerialNumber: syz
[  220.867715][ T7023] program syz.4.285 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  220.884183][ T7000] tmpfs: Unknown parameter 'nr_i„'
[  220.891068][   T10] usb 1-1: config 0 descriptor??
[  220.898821][ T7000] netlink: 20 bytes leftover after parsing attributes in process `syz.1.279'.
[  220.910234][   T10] gspca_main: sq905-2.14.0 probing 2770:9120
[  220.919110][ T7023] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  221.010473][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  221.019601][   T43] usb 2-1: USB disconnect, device number 6
[  221.046054][   T43] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  221.453194][   T10] gspca_sq905: sq905_command: usb_control_msg failed (-110)
[  221.468272][   T10] sq905 1-1:0.0: probe with driver sq905 failed with error -110
[  221.537194][ T7033] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.286'.
[  221.546426][ T7033] bridge: RTM_NEWNEIGH with invalid state 0x1
[  221.753862][   T43] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  221.775739][   T24] usb 1-1: USB disconnect, device number 8
[  221.805509][   T43] quatech2 2-1:0.51: device disconnected
[  222.888261][   T10] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  223.802280][ T7044] orangefs_mount: mount request failed with -4
[  224.798483][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  224.858153][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  224.910577][   T10] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  224.950435][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  225.122928][   T10] usb 3-1: SerialNumber: syz
[  225.708674][   T10] usb 3-1: 0:2 : does not exist
[  225.738272][   T10] usb 3-1: unit 5: unexpected type 0x0a
[  225.826252][   T10] usb 3-1: USB disconnect, device number 11
[  225.937930][   T24] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  225.994800][ T7063] netlink: 8 bytes leftover after parsing attributes in process `syz.2.294'.
[  226.008014][ T7063] netlink: 'syz.2.294': attribute type 1 has an invalid length.
[  226.113872][ T6044] udevd[6044]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  226.136411][   T24] usb 4-1: Using ep0 maxpacket: 32
[  226.137515][ T7065] netlink: 28 bytes leftover after parsing attributes in process `syz.1.295'.
[  226.145428][   T24] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  226.341608][   T24] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  226.345927][ T7065] binder: BINDER_SET_CONTEXT_MGR already set
[  226.359135][ T7065] binder: 7060:7065 ioctl 4018620d 200000000040 returned -16
[  226.359260][   T24] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  226.527395][   T24] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  226.642134][   T24] usb 4-1: config 0 interface 0 has no altsetting 0
[  226.850931][   T24] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  226.918599][   T24] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  226.961064][   T24] usb 4-1: Product: syz
[  226.965304][   T24] usb 4-1: Manufacturer: syz
[  227.005177][ T7069] netlink: 'syz.4.296': attribute type 10 has an invalid length.
[  227.006184][   T24] usb 4-1: SerialNumber: syz
[  227.045634][   T24] usb 4-1: config 0 descriptor??
[  227.052945][ T7069] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  227.084279][   T24] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  227.122522][   T24] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  227.125395][ T7069] net_ratelimit: 76 callbacks suppressed
[  227.125414][ T7069] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  227.343860][   T24] usb 4-1: USB disconnect, device number 12
[  227.389044][   T24] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  227.772064][ T7078] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.297'.
[  227.772090][ T7078] bridge: RTM_NEWNEIGH with invalid state 0x1
[  229.808154][    T9] usb 4-1: new low-speed USB device number 13 using dummy_hcd
[  229.990088][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  229.994574][   T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  230.014377][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  230.048618][    T9] usb 4-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  230.098492][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.131993][    T9] usb 4-1: config 0 descriptor??
[  230.262919][   T24] usb 1-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.10
[  230.307581][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.327931][   T24] usb 1-1: Product: syz
[  230.342620][   T24] usb 1-1: Manufacturer: syz
[  230.347503][   T24] usb 1-1: SerialNumber: syz
[  230.437786][ T7102] IPv6: Can't replace route, no match found
[  230.586920][   T24] usb 1-1: config 0 descriptor??
[  230.879430][   T24] go7007 1-1:0.0: probe with driver go7007 failed with error -12
[  230.921750][    T9] glorious 0003:258A:0036.0007: unknown main item tag 0x1
[  230.976990][ T7110] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  230.998703][ T7111] netlink: 8 bytes leftover after parsing attributes in process `syz.0.303'.
[  231.719914][ T7110] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  231.740577][    T9] glorious 0003:258A:0036.0007: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.3-1/input0
[  234.148587][   T10] usb 1-1: USB disconnect, device number 9
[  234.337078][ T5821] usb 4-1: USB disconnect, device number 13
[  234.618953][   T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  234.839418][ T5837] Bluetooth: hci4: unexpected event for opcode 0x1004
[  234.847016][   T24] usb 5-1: device descriptor read/64, error -71
[  235.683799][   T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  235.728871][   T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  236.378336][   T10] usb 3-1: Using ep0 maxpacket: 32
[  236.394652][   T10] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  236.418337][   T10] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  236.458978][   T10] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  236.497810][   T10] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  236.552393][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  236.562443][   T10] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  236.572965][   T10] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  236.582507][   T10] usb 3-1: Product: syz
[  236.587075][   T10] usb 3-1: Manufacturer: syz
[  236.594831][   T10] usb 3-1: SerialNumber: syz
[  236.607715][   T10] usb 3-1: config 0 descriptor??
[  236.619161][   T10] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  236.642513][   T10] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  236.773788][   T24] usb 5-1: device descriptor read/64, error -71
[  236.822541][    C1] ldusb 3-1:0.0: usb_submit_urb failed (-19)
[  236.832508][   T43] usb 3-1: USB disconnect, device number 12
[  236.944848][   T24] usb usb5-port1: attempt power cycle
[  237.266040][   T43] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  238.053150][ T7146] binder: 7144:7146 ioctl 4018620d 0 returned -22
[  238.910080][ T5837] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  238.919544][ T5837] Bluetooth: hci4: Injecting HCI hardware error event
[  238.940726][ T5825] Bluetooth: hci4: hardware error 0x00
[  239.888860][   T10] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  240.095801][   T10] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.10
[  240.108956][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.117279][   T10] usb 4-1: Product: syz
[  240.154699][   T10] usb 4-1: Manufacturer: syz
[  240.184015][   T10] usb 4-1: SerialNumber: syz
[  240.251286][ T7170] IPv6: Can't replace route, no match found
[  240.702174][   T10] usb 4-1: config 0 descriptor??
[  240.722710][   T10] go7007 4-1:0.0: probe with driver go7007 failed with error -12
[  241.129636][ T7176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.320'.
[  241.428582][ T5825] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  241.683978][    T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  241.896222][    T9] usb 3-1: Using ep0 maxpacket: 16
[  241.936998][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  242.051188][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  242.147409][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  242.194548][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.239142][    T9] usb 3-1: Product: syz
[  242.261540][    T9] usb 3-1: Manufacturer: syz
[  242.289364][    T9] usb 3-1: SerialNumber: syz
[  242.800968][ T2153] usb 4-1: USB disconnect, device number 14
[  243.778928][    T9] usb 3-1: 0:2 : does not exist
[  243.821279][    T9] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  243.881211][    T9] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  243.949054][    T9] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  244.069715][    T9] usb 3-1: USB disconnect, device number 13
[  244.166554][ T7189] netlink: 20 bytes leftover after parsing attributes in process `syz.0.329'.
[  244.813465][ T6044] udevd[6044]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  246.273392][ T5825] Bluetooth: hci2: unexpected event for opcode 0x2028
[  247.631764][ T7206] orangefs_mount: mount request failed with -4
[  248.509017][ T7224] qrtr: Invalid version 0
[  249.499804][ T7209] IPv6: Can't replace route, no match found
[  255.131820][ T7262] orangefs_mount: mount request failed with -4
[  255.811347][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  255.818019][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  258.143061][ T7290] overlayfs: missing 'lowerdir'
[  259.583905][ T5825] Bluetooth: hci1: unexpected event for opcode 0x2028
[  262.202262][ T7310] orangefs_mount: mount request failed with -4
[  262.790749][ T7320] netlink: 8 bytes leftover after parsing attributes in process `syz.0.360'.
[  262.876784][ T7320] openvswitch: netlink: Unknown nsh attribute 0
[  262.907777][ T7320] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  265.103574][   T43] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  265.784298][   T43] usb 1-1: Using ep0 maxpacket: 8
[  266.053956][   T43] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  266.263935][   T43] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  266.303803][   T43] usb 1-1: config 1 has no interface number 1
[  266.353894][   T43] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  266.385101][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.389715][ T7354] overlayfs: missing 'lowerdir'
[  266.622716][   T43] usb 1-1: Product: syz
[  266.627048][   T43] usb 1-1: Manufacturer: syz
[  266.642161][   T43] usb 1-1: SerialNumber: syz
[  267.061416][ T7359] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.371'.
[  267.495770][   T43] usb 1-1: can't set config #1, error -71
[  267.528315][ T7359] bridge: RTM_NEWNEIGH with invalid state 0x1
[  267.536849][   T43] usb 1-1: USB disconnect, device number 10
[  269.369438][ T7369] orangefs_mount: mount request failed with -4
[  275.300283][ T5896] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  275.903070][ T5896] usb 4-1: Using ep0 maxpacket: 32
[  275.920748][ T5896] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  275.938348][ T5896] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  275.958170][ T5896] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  275.981944][ T5896] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  276.000181][ T5896] usb 4-1: config 0 interface 0 has no altsetting 0
[  276.012506][ T5896] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  276.028143][ T5896] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  276.036889][ T5896] usb 4-1: Product: syz
[  276.057225][ T5896] usb 4-1: Manufacturer: syz
[  276.070216][ T5896] usb 4-1: SerialNumber: syz
[  276.112571][ T5896] usb 4-1: config 0 descriptor??
[  276.142724][ T5896] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  276.178609][ T5896] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  276.342663][   T10] usb 4-1: USB disconnect, device number 15
[  276.348781][    C0] ldusb 4-1:0.0: usb_submit_urb failed (-19)
[  276.388742][   T10] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  278.168763][ T7443] orangefs_mount: mount request failed with -4
[  279.684902][ T7459] IPv6: Can't replace route, no match found
[  279.986956][ T7458] vlan2: entered promiscuous mode
[  280.003478][ T7458] hsr0: entered promiscuous mode
[  280.028359][ T7458] vlan2: entered allmulticast mode
[  280.033657][ T7458] hsr0: entered allmulticast mode
[  280.046049][ T7458] hsr_slave_0: entered allmulticast mode
[  280.074103][ T7458] hsr_slave_1: entered allmulticast mode
[  281.284809][   T30] kauditd_printk_skb: 53 callbacks suppressed
[  281.284839][   T30] audit: type=1800 audit(1749261499.836:65): pid=7468 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.401" name=789995D6C0BDB87AA869C4E6FA9FA1BD9345CE1D269273DD143925C7DE0233B8FE809BED2120 dev="tmpfs" ino=437 res=0 errno=0
[  281.882716][   T30] audit: type=1804 audit(1749261499.846:66): pid=7468 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.401" name=2F6E6577726F6F742F38302F789995D6C0BDB87AA869C4E6FA9FA1BD9345CE1D269273DD143925C7DE0233B8FE809BED2120 dev="tmpfs" ino=437 res=1 errno=0
[  283.925115][   T30] audit: type=1326 audit(1749261503.036:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7489 comm="syz.3.407" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f93d3d8e929 code=0x0
[  285.029947][ T7497] orangefs_mount: mount request failed with -4
[  288.371005][ T7538] netlink: 4 bytes leftover after parsing attributes in process `syz.3.418'.
[  290.158410][ T7548] orangefs_mount: mount request failed with -4
[  290.427692][ T7550] IPv6: Can't replace route, no match found
[  291.904621][ T7572] ubi31: attaching mtd0
[  291.925251][ T7572] ubi31: scanning is finished
[  291.930475][ T7572] ubi31: empty MTD device detected
[  293.134259][ T7576] orangefs_mount: mount request failed with -4
[  293.970531][ T7572] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  295.687392][ T7598] openvswitch: netlink: Tunnel attr 4104 out of range max 16
[  295.777575][   T30] audit: type=1326 audit(1749261514.876:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7600 comm="syz.3.438" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f93d3d8e929 code=0x0
[  295.788179][ T2153] usb 3-1: new low-speed USB device number 14 using dummy_hcd
[  295.937214][ T7603] netlink: 'syz.3.438': attribute type 3 has an invalid length.
[  295.946151][ T7603] netlink: 236 bytes leftover after parsing attributes in process `syz.3.438'.
[  296.122027][ T2153] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  296.154606][ T2153] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  296.217211][ T2153] usb 3-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  296.240755][ T7607] IPv6: Can't replace route, no match found
[  296.522768][ T2153] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.627650][ T2153] usb 3-1: config 0 descriptor??
[  297.352106][ T2153] glorious 0003:258A:0036.0008: unknown main item tag 0x1
[  297.409983][ T7619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  297.432009][ T7619] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  297.452517][ T2153] glorious 0003:258A:0036.0008: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.2-1/input0
[  300.773955][ T2153] usb 3-1: USB disconnect, device number 14
[  301.683755][ T7645] openvswitch: netlink: Tunnel attr 4104 out of range max 16
[  301.745061][ T7651] IPv6: Can't replace route, no match found
[  303.178850][ T2153] usb 5-1: new low-speed USB device number 13 using dummy_hcd
[  303.268193][    T9] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  303.360194][ T2153] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  303.400397][ T7668] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.446'.
[  303.409637][ T7668] bridge: RTM_NEWNEIGH with invalid state 0x1
[  303.447791][    T9] usb 4-1: Using ep0 maxpacket: 16
[  303.472642][ T2153] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.490652][    T9] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[  303.580718][    T9] usb 4-1: config 0 has no interface number 0
[  303.813270][ T2153] usb 5-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  303.828160][    T9] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  303.842338][ T2153] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.850757][    T9] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  303.874357][ T2153] usb 5-1: config 0 descriptor??
[  303.906235][    T9] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  304.008726][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.581301][    T9] usb 4-1: Product: syz
[  304.593952][    T9] usb 4-1: Manufacturer: syz
[  304.640040][    T9] usb 4-1: SerialNumber: syz
[  304.654050][    T9] usb 4-1: config 0 descriptor??
[  304.770225][ T7662] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  304.824710][ T7662] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  305.004576][ T2153] glorious 0003:258A:0036.0009: unknown main item tag 0x1
[  305.058846][ T7680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  305.110346][ T7680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  305.119102][ T2153] glorious 0003:258A:0036.0009: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.4-1/input0
[  308.914925][    T9] asix 4-1:0.251: probe with driver asix failed with error -71
[  309.005006][    T9] usb 4-1: USB disconnect, device number 16
[  309.044110][ T7690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.462'.
[  309.107600][ T5896] usb 5-1: USB disconnect, device number 13
[  309.349715][ T7698] openvswitch: netlink: Tunnel attr 4104 out of range max 16
[  309.366829][ T7699] netlink: 4 bytes leftover after parsing attributes in process `syz.1.466'.
[  309.393919][ T7699] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  309.438271][ T7699] batman_adv: batadv0: Removing interface: batadv_slave_0
[  309.454150][ T7699] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  309.479268][ T7699] batman_adv: batadv0: Removing interface: batadv_slave_1
[  309.621021][ T7705] netlink: 20 bytes leftover after parsing attributes in process `syz.1.466'.
[  309.648211][ T5896] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  309.847981][ T7706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.467'.
[  310.885232][ T5896] usb 5-1: config 0 has an invalid interface number: 135 but max is 0
[  310.927264][ T5896] usb 5-1: config 0 has no interface number 0
[  310.965439][ T5896] usb 5-1: config 0 interface 135 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 32
[  310.997933][ T5896] usb 5-1: config 0 interface 135 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  311.018472][ T5896] usb 5-1: New USB device found, idVendor=05ac, idProduct=1402, bcdDevice=45.65
[  311.040900][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.176470][ T5896] usb 5-1: Product: syz
[  311.208557][ T5896] usb 5-1: Manufacturer: syz
[  311.233372][ T5896] usb 5-1: SerialNumber: syz
[  311.289777][ T5896] usb 5-1: config 0 descriptor??
[  311.373356][ T7696] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  311.378843][   T10] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  311.451706][ T7696] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  311.622879][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  311.647831][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  311.691067][   T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  311.719290][   T10] usb 2-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[  311.733190][   T10] usb 2-1: Manufacturer: syz
[  311.746352][   T10] usb 2-1: config 0 descriptor??
[  311.758795][ T7696] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  311.766235][   T10] hub 2-1:0.0: USB hub found
[  311.857257][ T7696] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  311.975211][   T10] hub 2-1:0.0: 1 port detected
[  312.182900][   T10] hub 2-1:0.0: hub_hub_status failed (err = -71)
[  312.208870][   T10] hub 2-1:0.0: config failed, can't get hub status (err -71)
[  312.291733][   T10] usbhid 2-1:0.0: can't add hid device: -71
[  312.322307][   T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  312.346404][ T7721] can0: slcan on ptm0.
[  312.402000][   T10] usb 2-1: USB disconnect, device number 7
[  312.558709][ T5896] asix 5-1:0.135 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  312.615208][ T5896] asix 5-1:0.135: probe with driver asix failed with error -71
[  312.726388][ T5896] usb 5-1: USB disconnect, device number 14
[  313.100093][ T7714] can0 (unregistered): slcan off ptm0.
[  314.598537][    T9] usb 5-1: new low-speed USB device number 15 using dummy_hcd
[  314.887064][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  315.048183][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  315.119104][    T9] usb 5-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  315.271296][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.333030][    T9] usb 5-1: config 0 descriptor??
[  315.648144][   T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  315.786117][    T9] glorious 0003:258A:0036.000A: unknown main item tag 0x1
[  315.848803][    T9] glorious 0003:258A:0036.000A: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.4-1/input0
[  315.850402][   T24] usb 2-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0
[  315.889324][ T7762] openvswitch: netlink: Tunnel attr 4104 out of range max 16
[  315.969848][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  315.976559][   T24] usb 2-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00
[  316.036603][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.049069][ T7766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.098984][ T7766] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.125658][   T24] usb 2-1: config 0 descriptor??
[  317.242142][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  317.249202][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  317.592849][   T24] apple 0003:05AC:027A.000B: hidraw1: USB HID v8.00 Device [HID 05ac:027a] on usb-dummy_hcd.1-1/input0
[  317.944489][   T24] usb 2-1: USB disconnect, device number 8
[  318.804610][ T7781] fido_id[7781]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  318.842557][    T9] usb 5-1: USB disconnect, device number 15
[  320.759223][ T7820] netlink: 8 bytes leftover after parsing attributes in process `syz.0.489'.
[  321.899626][ T7823] openvswitch: netlink: Tunnel attr 4104 out of range max 16
[  322.598483][   T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  323.285782][   T10] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  323.298229][   T10] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  323.317607][   T10] usb 1-1: config 220 has no interface number 2
[  323.648432][   T10] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  324.263336][   T10] usb 1-1: config 220 interface 0 has no altsetting 0
[  324.289518][   T10] usb 1-1: config 220 interface 76 has no altsetting 0
[  324.315658][   T10] usb 1-1: config 220 interface 1 has no altsetting 0
[  324.352397][   T10] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  324.369600][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.391619][   T10] usb 1-1: Product: syz
[  324.413553][   T10] usb 1-1: Manufacturer: syz
[  324.444958][   T10] usb 1-1: SerialNumber: syz
[  324.520282][   T43] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  325.590711][   T43] usb 3-1: config 0 has an invalid interface number: 93 but max is 0
[  325.604708][   T43] usb 3-1: config 0 has no interface number 0
[  325.621357][   T43] usb 3-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  325.648090][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.727262][   T43] usb 3-1: Product: syz
[  325.991081][   T43] usb 3-1: Manufacturer: syz
[  325.996134][   T43] usb 3-1: SerialNumber: syz
[  327.460660][   T43] usb 3-1: config 0 descriptor??
[  327.628595][   T43] usb 3-1: can't set config #0, error -71
[  327.673064][   T10] usb 1-1: selecting invalid altsetting 0
[  327.798522][   T43] usb 3-1: USB disconnect, device number 15
[  327.823272][   T10] usb 1-1: Found UVC 7.01 device syz (8086:0b07)
[  327.867239][   T10] usb 1-1: No valid video chain found.
[  328.041487][   T10] usb 1-1: selecting invalid altsetting 0
[  328.047302][   T10] usbtest 1-1:220.1: probe with driver usbtest failed with error -22
[  328.204014][ T7877] netlink: 8 bytes leftover after parsing attributes in process `syz.1.502'.
[  328.552777][   T10] usb 1-1: USB disconnect, device number 11
[  328.672085][ T7872] pimreg: entered allmulticast mode
[  329.939280][    T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  329.946987][   T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  330.100684][    T9] usb 1-1: Using ep0 maxpacket: 32
[  330.121996][   T10] usb 2-1: Using ep0 maxpacket: 16
[  330.124903][ T7868] pimreg: left allmulticast mode
[  330.152568][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  330.202773][   T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  330.239721][    T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  330.270420][   T10] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  330.365772][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  330.388156][   T10] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  330.397884][   T10] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  330.478440][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.490605][    T9] usb 1-1: config 0 descriptor??
[  330.498645][   T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  330.518445][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  330.526492][   T10] usb 2-1: Product: syz
[  330.532224][   T10] usb 2-1: Manufacturer: syz
[  330.536840][   T10] usb 2-1: SerialNumber: syz
[  330.865278][   T43] usb 1-1: USB disconnect, device number 12
[  330.916965][   T10] usb 2-1: USB disconnect, device number 9
[  331.022539][ T6044] udevd[6044]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  331.863383][ T7903] orangefs_mount: mount request failed with -4
[  332.228124][   T30] audit: type=1326 audit(1749261551.326:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7906 comm="syz.2.512" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7668d8e929 code=0x0
[  332.457920][ T7914] netlink: 44 bytes leftover after parsing attributes in process `syz.1.514'.
[  334.348230][   T24] usb 3-1: new low-speed USB device number 16 using dummy_hcd
[  334.388215][ T2153] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  334.849920][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  335.086814][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  335.226129][ T7933] ALSA: mixer_oss: invalid OSS volume ''
[  335.286736][ T2153] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  335.295594][ T2153] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  335.320555][ T2153] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  335.338131][ T2153] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  335.356459][   T24] usb 3-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  335.368524][ T2153] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  335.380159][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.429748][ T2153] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  335.465215][ T2153] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  335.488634][   T24] usb 3-1: config 0 descriptor??
[  335.517292][ T2153] usb 5-1: Product: syz
[  335.530782][ T2153] usb 5-1: Manufacturer: syz
[  335.647353][ T2153] cdc_wdm 5-1:1.0: skipping garbage
[  335.676276][ T2153] cdc_wdm 5-1:1.0: skipping garbage
[  335.695324][ T2153] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  336.012684][ T2153] cdc_wdm 5-1:1.0: Unknown control protocol
[  336.199766][   T24] glorious 0003:258A:0036.000C: unknown main item tag 0x1
[  336.363106][ T7952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  336.403996][ T2153] usb 5-1: USB disconnect, device number 16
[  336.675002][ T7952] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  336.824821][ T7953] orangefs_mount: mount request failed with -4
[  336.862847][   T24] glorious 0003:258A:0036.000C: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.2-1/input0
[  338.372643][   T43] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  338.668388][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  338.815769][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  338.994816][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  339.182267][   T43] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  339.284574][   T43] usb 4-1: New USB device found, idVendor=a9cd, idProduct=cdee, bcdDevice= 5.b9
[  339.324325][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.379257][   T43] usb 4-1: config 0 descriptor??
[  339.424859][   T43] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  339.638948][   T43] usb 4-1: MIDIStreaming interface descriptor not found
[  339.983684][ T5896] usb 3-1: USB disconnect, device number 16
[  341.445150][ T5896] usb 4-1: USB disconnect, device number 17
[  344.367416][ T8004] batadv_slave_1: entered promiscuous mode
[  345.092904][ T8002] batadv_slave_1: left promiscuous mode
[  345.378269][ T8017] netlink: 12 bytes leftover after parsing attributes in process `syz.1.540'.
[  346.047247][ T8027] loop7: detected capacity change from 0 to 6
[  346.089614][ T8027] Dev loop7: unable to read RDB block 6
[  346.126161][ T8027]  loop7: unable to read partition table
[  346.160751][ T8027] loop7: partition table beyond EOD, truncated
[  346.264313][ T8027] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5)
[  351.714104][ T8068] netlink: 8 bytes leftover after parsing attributes in process `syz.3.555'.
[  351.728256][ T8068] netlink: 4 bytes leftover after parsing attributes in process `syz.3.555'.
[  351.784461][ T8068] syzkaller1: entered allmulticast mode
[  352.872755][ T8079] netlink: 12 bytes leftover after parsing attributes in process `syz.1.558'.
[  353.023805][ T8083] netlink: 12 bytes leftover after parsing attributes in process `syz.3.559'.
[  355.778397][ T5896] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  355.921818][ T5896] usb 1-1: device descriptor read/64, error -71
[  356.208733][ T5896] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  356.298390][   T43] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  356.465951][ T5896] usb 1-1: device descriptor read/64, error -71
[  357.452890][ T5896] usb usb1-port1: attempt power cycle
[  357.494313][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.533999][   T43] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  357.545665][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.578645][   T43] usb 3-1: config 0 descriptor??
[  357.766219][ T8115] 9pnet_fd: Insufficient options for proto=fd
[  358.157143][   T43] keytouch 0003:0926:3333.000D: fixing up Keytouch IEC report descriptor
[  358.552211][ T8123] netlink: 12 bytes leftover after parsing attributes in process `syz.3.572'.
[  358.827624][ T8124] input: syz1 as /devices/virtual/input/input8
[  358.834813][   T43] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.000D/input/input7
[  359.257435][   T43] keytouch 0003:0926:3333.000D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  359.350728][   T43] usb 3-1: USB disconnect, device number 17
[  360.311694][ T8130] fido_id[8130]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  362.864791][ T8136] IPv6: Can't replace route, no match found
[  364.067158][ T8163] netlink: 24 bytes leftover after parsing attributes in process `syz.0.581'.
[  364.712354][ T8163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.581'.
[  364.818299][ T8163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.581'.
[  364.827211][ T8163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.581'.
[  364.878078][ T8163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.581'.
[  364.909729][ T8163] netlink: 'syz.0.581': attribute type 1 has an invalid length.
[  364.917438][ T8163] netlink: 380 bytes leftover after parsing attributes in process `syz.0.581'.
[  366.073452][ T8174] can0: slcan on ptm0.
[  366.450146][ T8167] can0 (unregistered): slcan off ptm0.
[  366.518123][ T2153] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  366.676494][ T8182] netlink: 12 bytes leftover after parsing attributes in process `syz.4.586'.
[  366.754689][ T8184] qrtr: Invalid version 0
[  367.501959][ T2153] usb 1-1: config 0 has an invalid interface number: 93 but max is 0
[  367.548672][ T2153] usb 1-1: config 0 has no interface number 0
[  367.579556][ T2153] usb 1-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  367.595301][ T2153] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.631411][ T2153] usb 1-1: Product: syz
[  367.638384][ T2153] usb 1-1: Manufacturer: syz
[  367.643040][ T2153] usb 1-1: SerialNumber: syz
[  367.710961][ T2153] usb 1-1: config 0 descriptor??
[  367.930543][ T2153] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  367.961141][ T2153] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  368.408751][   T10] usb 2-1: new low-speed USB device number 10 using dummy_hcd
[  368.425638][ T2153] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  368.692480][ T2153] usb 1-1: media controller created
[  368.725341][ T2153] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  368.760002][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  368.776524][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  369.042479][ T2153] DVB: Unable to find symbol dib7000p_attach()
[  369.049476][   T10] usb 2-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  369.068526][ T2153] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  369.798227][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.819205][ T2153] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  369.841096][   T10] usb 2-1: config 0 descriptor??
[  370.600514][   T10] glorious 0003:258A:0036.000E: unknown main item tag 0x1
[  370.612292][   T10] glorious 0003:258A:0036.000E: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.1-1/input0
[  370.780140][ T8213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.829348][ T8213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.770223][ T2153] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  374.104926][ T2153] usb 1-1: media controller created
[  374.115645][ T2153] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  374.844508][ T8220] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  374.882077][ T2153] dib0700: the master dib7090 has to be initialized first
[  374.893133][ T2153] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  375.311800][   T24] usb 2-1: USB disconnect, device number 10
[  376.230381][ T2153] rc_core: IR keymap rc-dib0700-rc5 not found
[  376.241366][ T2153] Registered IR keymap rc-empty
[  376.248300][ T2153] dvb-usb: could not initialize remote control.
[  376.254596][ T2153] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  376.278377][ T2153] usb 1-1: USB disconnect, device number 16
[  376.352606][ T2153] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  376.520653][ T8233] FAULT_INJECTION: forcing a failure.
[  376.520653][ T8233] name failslab, interval 1, probability 0, space 0, times 0
[  376.599150][ T8233] CPU: 0 UID: 0 PID: 8233 Comm: syz.4.598 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  376.599179][ T8233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  376.599199][ T8233] Call Trace:
[  376.599210][ T8233]  <TASK>
[  376.599220][ T8233]  dump_stack_lvl+0x189/0x250
[  376.599255][ T8233]  ? __pfx____ratelimit+0x10/0x10
[  376.599294][ T8233]  ? __pfx_dump_stack_lvl+0x10/0x10
[  376.599321][ T8233]  ? __pfx__printk+0x10/0x10
[  376.599347][ T8233]  ? __pfx___might_resched+0x10/0x10
[  376.599375][ T8233]  ? fs_reclaim_acquire+0x7d/0x100
[  376.599409][ T8233]  should_fail_ex+0x414/0x560
[  376.599440][ T8233]  should_failslab+0xa8/0x100
[  376.599467][ T8233]  __kmalloc_cache_noprof+0x70/0x3d0
[  376.599491][ T8233]  ? nfnetlink_rcv+0xeff/0x2520
[  376.599522][ T8233]  nfnetlink_rcv+0xeff/0x2520
[  376.599588][ T8233]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  376.599631][ T8233]  ? ref_tracker_free+0x63a/0x7d0
[  376.599690][ T8233]  ? __netlink_deliver_tap+0x807/0x850
[  376.599720][ T8233]  ? netlink_deliver_tap+0x2e/0x1b0
[  376.599738][ T8233]  ? netlink_deliver_tap+0x2e/0x1b0
[  376.599762][ T8233]  netlink_unicast+0x758/0x8d0
[  376.599802][ T8233]  netlink_sendmsg+0x805/0xb30
[  376.599831][ T8233]  ? __pfx_netlink_sendmsg+0x10/0x10
[  376.599859][ T8233]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  376.599883][ T8233]  ? __pfx_netlink_sendmsg+0x10/0x10
[  376.599903][ T8233]  __sock_sendmsg+0x219/0x270
[  376.599933][ T8233]  ____sys_sendmsg+0x505/0x830
[  376.599961][ T8233]  ? __pfx_____sys_sendmsg+0x10/0x10
[  376.600010][ T8233]  ? import_iovec+0x74/0xa0
[  376.600035][ T8233]  ___sys_sendmsg+0x21f/0x2a0
[  376.600059][ T8233]  ? __pfx____sys_sendmsg+0x10/0x10
[  376.600123][ T8233]  ? __fget_files+0x2a/0x420
[  376.600150][ T8233]  ? __fget_files+0x3a0/0x420
[  376.600194][ T8233]  __x64_sys_sendmsg+0x19b/0x260
[  376.600219][ T8233]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  376.600252][ T8233]  ? __pfx_ksys_write+0x10/0x10
[  376.600273][ T8233]  ? rcu_is_watching+0x15/0xb0
[  376.600309][ T8233]  ? do_syscall_64+0xbe/0x3b0
[  376.600340][ T8233]  do_syscall_64+0xfa/0x3b0
[  376.600366][ T8233]  ? lockdep_hardirqs_on+0x9c/0x150
[  376.600391][ T8233]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.600411][ T8233]  ? clear_bhb_loop+0x60/0xb0
[  376.600436][ T8233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.600456][ T8233] RIP: 0033:0x7fa3e998e929
[  376.600474][ T8233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.600491][ T8233] RSP: 002b:00007fa3ea7c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  376.600513][ T8233] RAX: ffffffffffffffda RBX: 00007fa3e9bb5fa0 RCX: 00007fa3e998e929
[  376.600528][ T8233] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  376.600541][ T8233] RBP: 00007fa3ea7c7090 R08: 0000000000000000 R09: 0000000000000000
[  376.600560][ T8233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.600572][ T8233] R13: 0000000000000000 R14: 00007fa3e9bb5fa0 R15: 00007ffcb49f4238
[  376.600605][ T8233]  </TASK>
[  377.232534][ T8241] netlink: 12 bytes leftover after parsing attributes in process `syz.0.602'.
[  377.700283][ T8249] can0: slcan on ptm0.
[  377.985782][ T8250] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.601'.
[  377.995375][ T8250] bridge: RTM_NEWNEIGH with invalid state 0x1
[  378.578428][ T8242] can0 (unregistered): slcan off ptm0.
[  378.672409][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  378.695110][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  379.269952][ T8258] netlink: 132 bytes leftover after parsing attributes in process `syz.1.597'.
[  380.528478][   T43] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  381.401239][   T43] usb 1-1: config 0 has an invalid interface number: 93 but max is 0
[  381.660966][ T8274] FAULT_INJECTION: forcing a failure.
[  381.660966][ T8274] name failslab, interval 1, probability 0, space 0, times 0
[  381.695946][ T8270] IPv6: Can't replace route, no match found
[  381.747485][   T43] usb 1-1: config 0 has no interface number 0
[  381.761665][   T43] usb 1-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  381.768825][ T8274] CPU: 0 UID: 0 PID: 8274 Comm: syz.3.610 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  381.768859][ T8274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  381.768874][ T8274] Call Trace:
[  381.768883][ T8274]  <TASK>
[  381.768892][ T8274]  dump_stack_lvl+0x189/0x250
[  381.768929][ T8274]  ? __pfx____ratelimit+0x10/0x10
[  381.768959][ T8274]  ? __pfx_dump_stack_lvl+0x10/0x10
[  381.768991][ T8274]  ? __pfx__printk+0x10/0x10
[  381.769021][ T8274]  ? __pfx___might_resched+0x10/0x10
[  381.769052][ T8274]  ? fs_reclaim_acquire+0x7d/0x100
[  381.769090][ T8274]  should_fail_ex+0x414/0x560
[  381.769125][ T8274]  should_failslab+0xa8/0x100
[  381.769165][ T8274]  kmem_cache_alloc_noprof+0x73/0x3c0
[  381.769192][ T8274]  ? getname_flags+0xb8/0x540
[  381.769249][ T8274]  getname_flags+0xb8/0x540
[  381.769287][ T8274]  do_readlinkat+0xbc/0x500
[  381.769314][ T8274]  ? __pfx_do_readlinkat+0x10/0x10
[  381.769350][ T8274]  __x64_sys_readlinkat+0x9a/0xb0
[  381.769389][ T8274]  do_syscall_64+0xfa/0x3b0
[  381.769419][ T8274]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.769442][ T8274]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  381.769463][ T8274]  ? clear_bhb_loop+0x60/0xb0
[  381.769492][ T8274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.769515][ T8274] RIP: 0033:0x7f93d3d8e929
[  381.769535][ T8274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  381.769556][ T8274] RSP: 002b:00007f93d4b8a038 EFLAGS: 00000246 ORIG_RAX: 000000000000010b
[  381.769580][ T8274] RAX: ffffffffffffffda RBX: 00007f93d3fb5fa0 RCX: 00007f93d3d8e929
[  381.769597][ T8274] RDX: 00002000000012c0 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  381.769614][ T8274] RBP: 00007f93d4b8a090 R08: 0000000000000000 R09: 0000000000000000
[  381.769628][ T8274] R10: 00000000000000a8 R11: 0000000000000246 R12: 0000000000000001
[  381.769642][ T8274] R13: 0000000000000000 R14: 00007f93d3fb5fa0 R15: 00007ffc3d625dc8
[  381.769678][ T8274]  </TASK>
[  381.983441][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.994392][   T43] usb 1-1: Product: syz
[  382.000247][   T43] usb 1-1: Manufacturer: syz
[  382.004917][   T43] usb 1-1: SerialNumber: syz
[  382.065833][   T43] usb 1-1: config 0 descriptor??
[  382.278141][   T43] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  382.325791][   T43] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  382.363042][   T43] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  382.413848][   T43] usb 1-1: media controller created
[  382.524034][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  382.974276][ T8295] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.614'.
[  382.984285][ T8295] bridge: RTM_NEWNEIGH with invalid state 0x1
[  383.476951][ T8292] macsec1: entered promiscuous mode
[  383.517261][ T8292] macsec1: entered allmulticast mode
[  383.548733][ T8300] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  383.568976][ T8299] netlink: 12 bytes leftover after parsing attributes in process `syz.2.619'.
[  383.621356][   T43] DVB: Unable to find symbol dib7000p_attach()
[  383.641387][   T43] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  383.701212][   T43] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  385.699580][ T8310] can0: slcan on ptm0.
[  386.042938][ T8302] can0 (unregistered): slcan off ptm0.
[  386.258205][   T24] usb 3-1: new low-speed USB device number 18 using dummy_hcd
[  386.442411][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  386.468609][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  386.482310][   T24] usb 3-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  386.492465][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.525593][   T24] usb 3-1: config 0 descriptor??
[  386.977869][   T24] glorious 0003:258A:0036.000F: unknown main item tag 0x1
[  387.032882][   T24] glorious 0003:258A:0036.000F: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.2-1/input0
[  387.765354][   T43] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  387.932671][   T43] usb 1-1: media controller created
[  387.944593][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  388.037853][ T8337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.115774][ T8337] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.159171][   T43] dib0700: the master dib7090 has to be initialized first
[  388.166364][   T43] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  389.528224][ T8350] netlink: 1010 bytes leftover after parsing attributes in process `syz.3.630'.
[  391.969138][ T2153] usb 3-1: USB disconnect, device number 18
[  392.389520][   T43] rc_core: IR keymap rc-dib0700-rc5 not found
[  392.395659][   T43] Registered IR keymap rc-empty
[  393.179555][   T43] dvb-usb: could not initialize remote control.
[  393.185983][   T43] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  393.775745][   T43] usb 1-1: USB disconnect, device number 17
[  393.809438][ T8366] overlayfs: missing 'lowerdir'
[  393.913133][   T43] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  394.208095][    T9] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  394.498141][    T9] usb 5-1: Using ep0 maxpacket: 32
[  394.509076][    T9] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  394.519483][    T9] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  394.558950][    T9] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  394.658772][    T9] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  394.700004][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  394.743384][    T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  394.765130][    T9] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  394.804732][    T9] usb 5-1: Product: syz
[  394.812245][    T9] usb 5-1: Manufacturer: syz
[  394.816914][    T9] usb 5-1: SerialNumber: syz
[  394.958653][    T9] usb 5-1: config 0 descriptor??
[  395.942304][    T9] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  396.000422][    T9] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  396.070663][    T9] usb 5-1: USB disconnect, device number 17
[  396.109287][    T9] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  396.588431][ T5980] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  397.040812][ T5980] usb 2-1: config 0 has an invalid interface number: 93 but max is 0
[  397.353588][ T5980] usb 2-1: config 0 has no interface number 0
[  397.363341][ T5980] usb 2-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  397.373147][ T5980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  397.384678][ T5980] usb 2-1: Product: syz
[  397.389215][ T5980] usb 2-1: Manufacturer: syz
[  397.393863][ T5980] usb 2-1: SerialNumber: syz
[  397.428077][ T5980] usb 2-1: config 0 descriptor??
[  397.512701][   T30] audit: type=1800 audit(1749261616.626:70): pid=8390 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.640" name="bus" dev="overlay" ino=723 res=0 errno=0
[  397.775367][ T5980] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  397.797033][ T5980] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  397.816480][ T5980] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  397.830138][ T5980] usb 2-1: media controller created
[  397.839699][ T5980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  398.084655][ T8400] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.641'.
[  398.093884][ T8400] bridge: RTM_NEWNEIGH with invalid state 0x1
[  399.448686][ T5980] DVB: Unable to find symbol dib7000p_attach()
[  399.454912][ T5980] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  399.464852][ T5980] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  399.524609][ T8413] FAULT_INJECTION: forcing a failure.
[  399.524609][ T8413] name failslab, interval 1, probability 0, space 0, times 0
[  399.537651][ T8413] CPU: 0 UID: 0 PID: 8413 Comm: syz.0.646 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  399.537677][ T8413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  399.537690][ T8413] Call Trace:
[  399.537698][ T8413]  <TASK>
[  399.537707][ T8413]  dump_stack_lvl+0x189/0x250
[  399.537740][ T8413]  ? __pfx____ratelimit+0x10/0x10
[  399.537767][ T8413]  ? __pfx_dump_stack_lvl+0x10/0x10
[  399.537796][ T8413]  ? __pfx__printk+0x10/0x10
[  399.537821][ T8413]  ? look_up_lock_class+0x74/0x170
[  399.537853][ T8413]  should_fail_ex+0x414/0x560
[  399.537884][ T8413]  should_failslab+0xa8/0x100
[  399.537913][ T8413]  __kmalloc_noprof+0xcb/0x4f0
[  399.537937][ T8413]  ? io_alloc_ocqe+0x6f/0x550
[  399.537977][ T8413]  io_alloc_ocqe+0x6f/0x550
[  399.538001][ T8413]  ? io_cqe_cache_refill+0x1a8/0x240
[  399.538031][ T8413]  io_cqe_overflow_locked+0x26/0x40
[  399.538079][ T8413]  __io_submit_flush_completions+0x248/0xe40
[  399.538106][ T8413]  ? io_issue_sqe+0x5bf/0xfd0
[  399.538138][ T8413]  io_submit_sqes+0x181b/0x1c50
[  399.538207][ T8413]  __se_sys_io_uring_enter+0x2df/0x2b20
[  399.538253][ T8413]  ? ksys_write+0x1cb/0x250
[  399.538279][ T8413]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  399.538302][ T8413]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  399.538329][ T8413]  ? __pfx_vfs_write+0x10/0x10
[  399.538354][ T8413]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  399.538384][ T8413]  ? __fget_files+0x3a0/0x420
[  399.538419][ T8413]  ? fput+0xa0/0xd0
[  399.538438][ T8413]  ? ksys_write+0x22a/0x250
[  399.538464][ T8413]  ? __pfx_ksys_write+0x10/0x10
[  399.538484][ T8413]  ? rcu_is_watching+0x15/0xb0
[  399.538519][ T8413]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  399.538548][ T8413]  do_syscall_64+0xfa/0x3b0
[  399.538573][ T8413]  ? lockdep_hardirqs_on+0x9c/0x150
[  399.538598][ T8413]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.538617][ T8413]  ? clear_bhb_loop+0x60/0xb0
[  399.538642][ T8413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.538662][ T8413] RIP: 0033:0x7ffb4098e929
[  399.538680][ T8413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.538696][ T8413] RSP: 002b:00007ffb4180f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  399.538718][ T8413] RAX: ffffffffffffffda RBX: 00007ffb40bb5fa0 RCX: 00007ffb4098e929
[  399.538733][ T8413] RDX: 0000000002000000 RSI: 00000000000038c5 RDI: 0000000000000004
[  399.538745][ T8413] RBP: 00007ffb4180f090 R08: 0000000000000000 R09: 0000000000000000
[  399.538757][ T8413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.538769][ T8413] R13: 0000000000000000 R14: 00007ffb40bb5fa0 R15: 00007ffc3d9d9168
[  399.538801][ T8413]  </TASK>
[  401.258265][   T43] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  402.371654][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  402.899304][ T8409] ------------[ cut here ]------------
[  402.905033][ T8409] usb 2-1: BOGUS control dir, pipe 80000b80 doesn't match bRequestType c0
[  402.914500][ T8409] WARNING: CPU: 0 PID: 8409 at drivers/usb/core/urb.c:413 usb_submit_urb+0x115d/0x1890
[  402.924264][ T8409] Modules linked in:
[  402.928484][ T8409] CPU: 0 UID: 0 PID: 8409 Comm: syz.2.643 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  402.940115][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  402.953688][ T8409] RIP: 0010:usb_submit_urb+0x115d/0x1890
[  402.959450][ T8409] Code: 0f b6 44 05 00 84 c0 0f 85 10 06 00 00 45 0f b6 04 24 48 c7 c7 80 18 33 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 c4 71 6a fa 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 e0 f3 ff ff 89 e9 80
[  402.979204][ T8409] RSP: 0018:ffffc9000b6ef850 EFLAGS: 00010246
[  402.985349][ T8409] RAX: e6cb1393b7f08500 RBX: ffff88807e4eb600 RCX: 0000000000080000
[  402.993422][ T8409] RDX: ffffc900113d2000 RSI: 00000000000039ad RDI: 00000000000039ae
[  403.001841][ T8409] RBP: 1ffff110044f25b4 R08: 0000000000000003 R09: 0000000000000004
[  403.010006][ T8409] R10: dffffc0000000000 R11: fffffbfff1bfaa44 R12: ffff888022792da0
[  403.018057][ T8409] R13: dffffc0000000000 R14: 0000000080000b80 R15: ffff888027e04d60
[  403.026074][ T8409] FS:  00007f7669bf76c0(0000) GS:ffff888125c89000(0000) knlGS:0000000000000000
[  403.035079][ T8409] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  403.041757][ T8409] CR2: 00007f93d4b68f98 CR3: 0000000035048000 CR4: 00000000003526f0
[  403.052652][ T8409] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  403.060726][ T8409] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  403.068782][ T8409] Call Trace:
[  403.072101][ T8409]  <TASK>
[  403.075074][ T8409]  usb_start_wait_urb+0x114/0x4c0
[  403.080197][ T8409]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  403.085821][ T8409]  usb_control_msg+0x232/0x3e0
[  403.090680][ T8409]  dib0700_i2c_xfer+0xba7/0xf70
[  403.095598][ T8409]  ? __lock_acquire+0xab9/0xd20
[  403.100555][ T8409]  __i2c_transfer+0x874/0x2170
[  403.105368][ T8409]  ? i2c_transfer+0x11d/0x3a0
[  403.110139][ T8409]  ? __pfx___i2c_transfer+0x10/0x10
[  403.115388][ T8409]  ? rt_mutex_lock_nested+0x172/0x1e0
[  403.120866][ T8409]  ? i2c_transfer+0x11d/0x3a0
[  403.125586][ T8409]  i2c_transfer+0x25b/0x3a0
[  403.130182][ T8409]  ? __pfx_i2c_transfer+0x10/0x10
[  403.135252][ T8409]  ? _copy_from_user+0x94/0xb0
[  403.140100][ T8409]  i2cdev_ioctl_rdwr+0x460/0x740
[  403.145114][ T8409]  i2cdev_ioctl+0x64b/0x7f0
[  403.149745][ T8409]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  403.157623][ T8409]  ? __fget_files+0x3a0/0x420
[  403.162424][ T8409]  ? __fget_files+0x2a/0x420
[  403.167077][ T8409]  ? bpf_lsm_file_ioctl+0x9/0x20
[  403.172109][ T8409]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  403.177198][ T8409]  __se_sys_ioctl+0xfc/0x170
[  403.181883][ T8409]  do_syscall_64+0xfa/0x3b0
[  403.186438][ T8409]  ? lockdep_hardirqs_on+0x9c/0x150
[  403.191727][ T8409]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.197833][ T8409]  ? clear_bhb_loop+0x60/0xb0
[  403.202623][ T8409]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.208627][ T8409] RIP: 0033:0x7f7668d8e929
[  403.213082][ T8409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.232790][ T8409] RSP: 002b:00007f7669bf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  403.241398][ T8409] RAX: ffffffffffffffda RBX: 00007f7668fb6320 RCX: 00007f7668d8e929
[  403.249476][ T8409] RDX: 0000200000000040 RSI: 0000000000000707 RDI: 0000000000000007
[  403.259127][ T8409] RBP: 00007f7668e10b39 R08: 0000000000000000 R09: 0000000000000000
[  403.267238][ T8409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  403.276582][ T8409] R13: 0000000000000000 R14: 00007f7668fb6320 R15: 00007ffc989f4298
[  403.284696][ T8409]  </TASK>
[  403.287766][ T8409] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  403.295065][ T8409] CPU: 0 UID: 0 PID: 8409 Comm: syz.2.643 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  403.306633][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  403.316697][ T8409] Call Trace:
[  403.319987][ T8409]  <TASK>
[  403.322927][ T8409]  dump_stack_lvl+0x99/0x250
[  403.327544][ T8409]  ? __asan_memcpy+0x40/0x70
[  403.332148][ T8409]  ? __pfx_dump_stack_lvl+0x10/0x10
[  403.337393][ T8409]  ? __pfx__printk+0x10/0x10
[  403.342034][ T8409]  panic+0x2db/0x790
[  403.345960][ T8409]  ? __pfx_panic+0x10/0x10
[  403.350409][ T8409]  __warn+0x31b/0x4b0
[  403.354410][ T8409]  ? usb_submit_urb+0x115d/0x1890
[  403.359457][ T8409]  ? usb_submit_urb+0x115d/0x1890
[  403.364507][ T8409]  report_bug+0x2be/0x4f0
[  403.368866][ T8409]  ? usb_submit_urb+0x115d/0x1890
[  403.373914][ T8409]  ? usb_submit_urb+0x115d/0x1890
[  403.378957][ T8409]  ? usb_submit_urb+0x115f/0x1890
[  403.383997][ T8409]  handle_bug+0x84/0x160
[  403.388262][ T8409]  exc_invalid_op+0x1a/0x50
[  403.392787][ T8409]  asm_exc_invalid_op+0x1a/0x20
[  403.397647][ T8409] RIP: 0010:usb_submit_urb+0x115d/0x1890
[  403.403292][ T8409] Code: 0f b6 44 05 00 84 c0 0f 85 10 06 00 00 45 0f b6 04 24 48 c7 c7 80 18 33 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 c4 71 6a fa 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 e0 f3 ff ff 89 e9 80
[  403.422908][ T8409] RSP: 0018:ffffc9000b6ef850 EFLAGS: 00010246
[  403.428997][ T8409] RAX: e6cb1393b7f08500 RBX: ffff88807e4eb600 RCX: 0000000000080000
[  403.436982][ T8409] RDX: ffffc900113d2000 RSI: 00000000000039ad RDI: 00000000000039ae
[  403.444963][ T8409] RBP: 1ffff110044f25b4 R08: 0000000000000003 R09: 0000000000000004
[  403.452947][ T8409] R10: dffffc0000000000 R11: fffffbfff1bfaa44 R12: ffff888022792da0
[  403.460933][ T8409] R13: dffffc0000000000 R14: 0000000080000b80 R15: ffff888027e04d60
[  403.468969][ T8409]  usb_start_wait_urb+0x114/0x4c0
[  403.474023][ T8409]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  403.479607][ T8409]  usb_control_msg+0x232/0x3e0
[  403.484396][ T8409]  dib0700_i2c_xfer+0xba7/0xf70
[  403.489283][ T8409]  ? __lock_acquire+0xab9/0xd20
[  403.494164][ T8409]  __i2c_transfer+0x874/0x2170
[  403.498947][ T8409]  ? i2c_transfer+0x11d/0x3a0
[  403.503646][ T8409]  ? __pfx___i2c_transfer+0x10/0x10
[  403.508861][ T8409]  ? rt_mutex_lock_nested+0x172/0x1e0
[  403.514254][ T8409]  ? i2c_transfer+0x11d/0x3a0
[  403.518954][ T8409]  i2c_transfer+0x25b/0x3a0
[  403.523516][ T8409]  ? __pfx_i2c_transfer+0x10/0x10
[  403.528561][ T8409]  ? _copy_from_user+0x94/0xb0
[  403.533347][ T8409]  i2cdev_ioctl_rdwr+0x460/0x740
[  403.538322][ T8409]  i2cdev_ioctl+0x64b/0x7f0
[  403.542850][ T8409]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  403.547898][ T8409]  ? __fget_files+0x3a0/0x420
[  403.552593][ T8409]  ? __fget_files+0x2a/0x420
[  403.557204][ T8409]  ? bpf_lsm_file_ioctl+0x9/0x20
[  403.562340][ T8409]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  403.567390][ T8409]  __se_sys_ioctl+0xfc/0x170
[  403.572000][ T8409]  do_syscall_64+0xfa/0x3b0
[  403.576531][ T8409]  ? lockdep_hardirqs_on+0x9c/0x150
[  403.581743][ T8409]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.587827][ T8409]  ? clear_bhb_loop+0x60/0xb0
[  403.592521][ T8409]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.598424][ T8409] RIP: 0033:0x7f7668d8e929
[  403.602854][ T8409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.622470][ T8409] RSP: 002b:00007f7669bf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  403.630899][ T8409] RAX: ffffffffffffffda RBX: 00007f7668fb6320 RCX: 00007f7668d8e929
[  403.638882][ T8409] RDX: 0000200000000040 RSI: 0000000000000707 RDI: 0000000000000007
[  403.646858][ T8409] RBP: 00007f7668e10b39 R08: 0000000000000000 R09: 0000000000000000
[  403.654846][ T8409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  403.662830][ T8409] R13: 0000000000000000 R14: 00007f7668fb6320 R15: 00007ffc989f4298
[  403.670853][ T8409]  </TASK>
[  403.674129][ T8409] Kernel Offset: disabled
[  403.678471][ T8409] Rebooting in 86400 seconds..