last executing test programs:

7m50.005777121s ago: executing program 4 (id=1266):
r0 = socket$kcm(0x2d, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000440)=@delneigh={0x34, 0x1d, 0x100, 0x70bd27, 0x25dfdbfc, {0x1c, 0x0, 0x0, 0x0, 0x1, 0x9a, 0x6}, [@NDA_VLAN={0x6, 0x5, 0x4}, @NDA_PROBES={0x8, 0x4, 0x455}, @NDA_SRC_VNI={0x8}]}, 0x34}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x480, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000001000000080001003f0000000c000200700f00000000ffff0c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, 0x0, 0xc000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8001c00180081064e81f782db44b9b545c7910006007c09", 0x18}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x12, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000010000000000000000000000711206000000000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x67, '\x00', 0x0, @cgroup_sock_addr=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r6=>0x0})
r7 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r7, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

7m48.23762257s ago: executing program 4 (id=1270):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
bpf$BPF_LINK_CREATE(0x8, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x35, 0x0, @val=@iter={0x0}}, 0x20)

7m47.892214003s ago: executing program 4 (id=1271):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
readv(r0, &(0x7f0000000000), 0x2a)

7m47.794632961s ago: executing program 4 (id=1274):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000008000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sched_process_fork\x00', r4}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

7m43.906667816s ago: executing program 4 (id=1286):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x16c}}, 0x24)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000157b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b70300000000000085"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r1, 0xffffffffffffffff, 0x500}, 0x57)

7m42.852706681s ago: executing program 4 (id=1291):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, 0x1403, 0x1, 0x70bd28, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bond_slave_1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x88c0)

7m27.392870589s ago: executing program 32 (id=1291):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, 0x1403, 0x1, 0x70bd28, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bond_slave_1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x88c0)

17.148639187s ago: executing program 0 (id=2790):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000340)=0x4000000, 0x5b8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$radio(0x0, 0x3, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xa30903, 0x8000, '\x00', @p_u8=&(0x7f0000000200)=0xc}})
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x8)
r3 = socket$inet_icmp(0x2, 0x2, 0x1)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x14d801, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=@newlink={0x40, 0x10, 0x401, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, 0xf0ff, 0x308}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x4}}}, @IFLA_NET_NS_FD={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x20081}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES32=r6, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00'], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x10, 0x2a, 0x1, 0x0, 0x25dfdbfd}, 0x10}], 0x1, 0x0, 0x0, 0x1}, 0x8010)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
close_range(r7, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

9.900164772s ago: executing program 1 (id=2824):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) (async)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f000000b240)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)="cbcda1e7d9", 0x5}, {&(0x7f00000001c0)="21477a9055b35dc00bc11e", 0xb}], 0x2}}], 0x1, 0x4000)
recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1}, 0x2}], 0x2, 0x12222, 0x0) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={<r2=>0xffffffffffffffff}) (async)
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x535501) (async)
r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0)
ioctl$EVIOCGMASK(r4, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
ioctl$EVIOCRMFF(r3, 0x40044581, 0x0) (async, rerun: 64)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000f00)={'bridge_slave_1\x00', &(0x7f0000000f40)=@ethtool_perm_addr={0x4b, 0x46, "4372073b0100000000000000ce642b01c84c2316e3751202192217308d167c38af94aa06fe63acd6fb1d3f7e4e077088278a749d3e7c3b04b7735ad39930e0d5fedaf228f58a"}}) (rerun: 64)

8.909776908s ago: executing program 2 (id=2827):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
syz_open_dev$usbfs(&(0x7f00000001c0), 0x77, 0x141301)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mq_open(&(0x7f0000000100)=' \x01\x9c\x147\xb3\xcf\xfc\xc3\xa2W)\xebs\x93\xa7\xc7-\xeb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00AWK\n\x8b!Q\x8f\xf6\xec\xa5fs\xf5l{T\x87r\xd2)r\xa7\xd6\bO\x9a\x98\xf52:\"\xf4\x12\xc0T+\xcd\x9fv|\x8d\xd5\xb2Dvc\x8e\x93\xd8\xd6\xa0\xc56\xd2x\xe3g:', 0x41, 0x80, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x60, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x61, 0x1, {0x1}})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(0xffffffffffffffff, 0x7330, 0x0, 0x0, 0x0, 0x0)

8.67761126s ago: executing program 2 (id=2829):
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='map_files\x00')
getdents(r0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000000)=[<r1=>0x0, 0x0, 0x0], 0x3})
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x40800)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[<r3=>0x0]})
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r3, r3, 0x9, 0xae3, 0x9, 0x4, {0x3, 0x1041, 0x1ff, 0xfd68, 0x9, 0x4, 0x8, 0x0, 0x91d3, 0xc, 0x6, 0x4, 0xae4, 0x4, "0b44be54cb5309cf07c92e134797d1bceeb4d866acef657fb7401bd5028a597b"}})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000140)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000300)={r1, r3, r4, 0x0, 0x0, 0xa, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000d00)="5efe", 0x2}], 0x1}, 0x8001)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), r7)
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000080000000000000100000000000000014100000018001700080021000000006574683a69703667ffffffff"], 0x34}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@func={0x4, 0x0, 0x0, 0xc, 0x1}]}, {0x0, [0x5f, 0x61, 0x2e, 0x2e, 0x3d]}}, &(0x7f0000001340)=""/4096, 0x2b, 0x1000, 0x1, 0x0, 0x0, @void, @value}, 0x28)
ioctl$SIOCSIFHWADDR(r5, 0x8905, &(0x7f0000000340)={'syzkaller1\x00', @remote})

8.576681153s ago: executing program 1 (id=2830):
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f0000000080)={0x0, &(0x7f00000003c0)})

8.537050961s ago: executing program 1 (id=2831):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x1ff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$netlink(0x10, 0x3, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r4, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10, &(0x7f0000001400)=[{&(0x7f0000000080)="5f74a87430720c12a32aa0a77f04e4b336e8c9042dfd11084d94e65fbef5531c43d85e4fb1fb3e7d88cdbe212d34e1b87e0ed60e395a74d776d0f28ade6d1f46db021e0e2f6d0143f0c9ba8532dd09f1b532ef5eb7c27e57ec38060b93b79493f5608f670bd8d6ddfe52ce34de299da6896be7d971ad922776c450754298dc731fc3a6459b2da7ba", 0xd6}], 0x1}, 0x4004)
setsockopt$sock_attach_bpf(r4, 0x84, 0x1e, &(0x7f0000000000), 0x10)

8.504075489s ago: executing program 2 (id=2832):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="0000023f3201", @ANYBLOB="d7bd94d0d907"], 0x138)
syz_emit_ethernet(0x72, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x3c, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @empty, @ipv4={'\x00', '\xff\xff', @multicast1}, [], "17c17f079171000700110000"}}}}}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
getpid()
r0 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}}, 0x0)

7.366191789s ago: executing program 1 (id=2834):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
shmat(0x0, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f00000001c0), 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
socket(0x10, 0x80003, 0x0)
sched_setaffinity(0x0, 0x3, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='..0:\x00', 0x0)
r3 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x3)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r4}, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}}, 0x80)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2)
write$binfmt_script(r3, &(0x7f0000000040), 0x4)
ioctl$VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045613, &(0x7f0000000300)=0x2)

7.3658829s ago: executing program 2 (id=2835):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x82)
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0xfdef)

6.028710652s ago: executing program 1 (id=2837):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYRESOCT, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x40001)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(0xffffffffffffffff, 0xfffffffd)
syz_emit_vhci(0x0, 0xf)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'veth1_macvtap\x00'})
socket$packet(0x11, 0x2, 0x300)
syz_emit_vhci(0x0, 0xf)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x2000, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000))
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)={0x28, r2, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x480c0)

5.527024241s ago: executing program 3 (id=2838):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
syz_open_dev$usbfs(&(0x7f00000001c0), 0x77, 0x141301)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mq_open(&(0x7f0000000100)=' \x01\x9c\x147\xb3\xcf\xfc\xc3\xa2W)\xebs\x93\xa7\xc7-\xeb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00AWK\n\x8b!Q\x8f\xf6\xec\xa5fs\xf5l{T\x87r\xd2)r\xa7\xd6\bO\x9a\x98\xf52:\"\xf4\x12\xc0T+\xcd\x9fv|\x8d\xd5\xb2Dvc\x8e\x93\xd8\xd6\xa0\xc56\xd2x\xe3g:', 0x41, 0x80, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x60, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x61, 0x1, {0x1}})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(0xffffffffffffffff, 0x7330, 0x0, 0x0, 0x0, 0x0)

5.507455404s ago: executing program 2 (id=2839):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40048820)
prlimit64(0x0, 0xe, &(0x7f00000002c0)={0xfffffffffffffffe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setrlimit(0x1e3d50de03aa3d1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
mount(&(0x7f00000000c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='btrfs\x00', 0x208000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xc, 0x21, &(0x7f0000000680)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x107a655, 0x0, 0x0, 0x0, 0x1}, {}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1800000056000100000000f70000000007020000", @ANYRES32=r5], 0x38}}, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x1c9, 0x12)
open(&(0x7f0000000280)='./cgroup\x00', 0x80400, 0x0)

5.336783787s ago: executing program 5 (id=2840):
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000001a40)=[{&(0x7f0000000000)=@in={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20040010}], 0x1, 0x4)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0xca02})
close(r0)
socket$netlink(0x10, 0x3, 0x0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0x3}], 0x3e8, 0x0, 0x0) (fail_nth: 1)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

5.173232305s ago: executing program 1 (id=2841):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00aa19ce670d25010000020000040000009fc404000000c788b277beee1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e468eea3fcfcf498278a315f5b87e1c26433a8acd715f5888b2007f00000000000000000100000000000000010015d60605000053350000000034a70c2ab40c7cf5691db43a5c00000000000000f030007ce2c6f800000000000000e75a89faff01218087560cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bef5d7d617da7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf050000008600a62e96b7cb8e52cbdc2ba9d580609e31c30879d6fce424c2208af6c3784a1975fa657de38a3a32e4fd67ce446adb431d07db79241aca1dd9ba02453bbb5ee8babe1745e645f091231b986e952afdac972f342c6f184777d05d988d6edc71df0100000013a38300cabf2b554380ad215c789bef4cc574109b8df8d9a9db669557b3809d8c396d2c0361629d1822f722ec23812770d72cd00100000078a75dea785be550dbb420287e0789b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b8a0ae6fb5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fc7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff25184d4e3c6f7f623559435b2c505fb711300000000040000000000000000000000000000e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7a49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd029406000000433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671a5767014b09ddbf69b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7b49991be06b950ccd48f4e49833f3c4a02bbd06c84680549f9eb16682ecb722e8ffaca907a3eaaebfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c52108d9c0d51dc30209872ec602af42eb29d54a37be0fdfdcd74c2d859a566ee5c30677173a2592a4617ae08bec07422d52d2ba7271550a5c20e3a8d1c8c8fd3025ff00607b2249ae9a18391e01b21b36169790b8e96f7955754b6b01a75165d3573d1dec5cf1b08b6115b43203a5654cce2277eb4c02ef4817b4cb989ac178895810eff7b697f2dc9b308aa2460e3cb85cdc4833571a62bf310700000000000000cc7f923284230ada8c756096a66119d4b6b2f159585c3cf8e7bfdd619e294b1d21cd491b8cfd4a253856e485fe29c6ad177a9fb078ca905782b9ed3c30675b89a784bb8031cac0de95178a5acff029a0f0fe972df22b20afe95fba722056f94ab15f1cf605c33df627311f1b614684d77549"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_usb_connect(0x3, 0x36, &(0x7f00000026c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
syz_usbip_server_init(0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0x0, 0x13, 0x0, &(0x7f0000000380)="cc9f4d42d0e005000000bb03d0b5afd0e8f574", 0xfffffffffffffffd, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000003c0)='hsr0\x00', 0x8)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r3 = fanotify_init(0x8, 0x80000)
fanotify_mark(r3, 0x105, 0x4800003a, r2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
read$FUSE(r3, 0x0, 0x6c)
r4 = io_uring_setup(0x1ec1, &(0x7f0000000140)={0x0, 0x441a, 0x8, 0x2, 0x2c0})
sched_setaffinity(0x0, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010003000000000000000000000a40000000160a03020000000000000000020000000400020073797a30000000000900010073797a30000000001400038008000240000000000800014000000000140000001100010000000000000000000000000a8d6ac2390584ace3f7c5ff48ebc0b2df9a258a013b26faf96fc1256efe4c46c66b8acaf4dfbc74024a93e966f57c4c20fba2128ea423a2811295094247479f8166dbc3a194676ed3fb948257abf53fa5ac58b36961b846936085e53218450f5e425f215e2eb0a5b8f90fba8ce7959beddd8d7b7efc6b8fa1fc88d1f1fdb3e431ec01384bb8f49bfa17b09554e617cad84500ba40a08d1ba8f100185da6aa92ccb0148da458754e6babfe698c"], 0x68}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x48, 0x16, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0xd, 0x1, 'batadv_slave_1\x00'}]}]}]}], {0xfffffffffffffc4a}}, 0x70}}, 0x24040880)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r8, 0x0, 0xd}, 0x18)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="04000226", @ANYRES16=0x0, @ANYBLOB="00031700"/18], 0x1c}}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8b28, &(0x7f0000000000)={'wlan0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r7}, 0x10)
io_uring_register$IORING_UNREGISTER_RING_FDS(r4, 0x15, &(0x7f0000003300)=[{0xf00, 0x0, 0x0, 0x0, 0x0}], 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

5.146772324s ago: executing program 3 (id=2842):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f0000000080)=0x4, 0x4)

4.84466865s ago: executing program 3 (id=2843):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'lo\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="500000001400b59527bd02000000df250a1700ff", @ANYRES32=r1, @ANYBLOB="140002000000000000000000000000000000000108000800880200000800090005000000140006007f00"], 0x50}, 0x1, 0x0, 0x0, 0x2004c040}, 0x0)

4.788731414s ago: executing program 5 (id=2844):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r0 = getpid()
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r1 = socket(0x10, 0x803, 0x0) (async)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406c256d007d000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x5, "17321748"}]}}, 0x0}, 0x0) (async)
syz_usb_control_io(r2, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44c}}, 0x0, 0x0, 0x0}, 0x0) (async)
syz_usb_control_io(r2, &(0x7f00000009c0)={0x2c, 0x0, &(0x7f0000000380)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) (async)
syz_usb_control_io$hid(r2, &(0x7f00000000c0)={0x24, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) (async)
syz_usb_control_io(r2, 0x0, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000140)={'syztnl0\x00', 0x0}) (async)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) (async)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) (async)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r6}, 0x10)
syz_emit_ethernet(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
connect$unix(r5, &(0x7f0000001080)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00'}) (async)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)='ramfs\x00', 0x2000000, 0x0)

4.538930117s ago: executing program 3 (id=2845):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000080)=ANY=[@ANYRES16=r0, @ANYRES32=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000008c0)='sys_enter\x00', r1}, 0x10)
pause()
r3 = fsopen(&(0x7f0000000280)='configfs\x00', 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x48)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000002c0)={{0x1, 0x1, 0x18, <r5=>r2, {0xfffffffffffffffe}}, '.\x02\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000f00000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = getpid()
r7 = syz_pidfd_open(r6, 0x0)
process_madvise(r7, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000480)="e3", 0x1}], 0x2, 0x15, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r3, 0x1, 0x89)
fchdir(r8)
syz_io_uring_setup(0x69b6, &(0x7f0000000240)={0x0, 0xf1eb, 0x8, 0x0, 0x322}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r12}, 0x10)
r13 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000680)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r14 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1808000000000000000000000300000018120000", @ANYRES32=r13, @ANYBLOB="0000000000000000b703000000000000850000002f000000b70900000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r11}, &(0x7f0000000280), &(0x7f0000000240)=r14}, 0x20)
r15 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r11, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r9, 0x1, 0x32, &(0x7f00000000c0)=r15, 0x4)
sendmsg$inet(r10, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x14)
r16 = openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0)
readlinkat(r8, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/48, 0x30)
renameat2(r16, &(0x7f00000001c0)='./file0\x00', r16, &(0x7f0000000200)='.\x02\x00', 0x4)

3.829894595s ago: executing program 0 (id=2793):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000140)={0x0, 0xf000, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf253900000008000300", @ANYRES32=r2, @ANYBLOB="18005a8014000180050001"], 0x34}}, 0x0)

3.683381204s ago: executing program 5 (id=2846):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x34)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close(0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCGETPRL(r2, 0x89f4, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000280)=0xc)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r4, 0x0, 0x10, &(0x7f0000000080)="170000000200020000ffbe8c5ee17688a2003c000303000afdff02a257fc5ad90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174a", 0xa1)
sendto$inet(r4, 0x0, 0x0, 0x20024094, &(0x7f0000000040)={0x2, 0xfffd, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10)
r5 = openat$cgroup_devices(r3, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x8)
write$cgroup_devices(r5, &(0x7f0000000140)=ANY=[@ANYBLOB='b *:4\tw'], 0xa)
mkdir(&(0x7f00000008c0)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r6 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000300), 0x20940, 0x0)
ioctl$RNDADDENTROPY(r6, 0x40085203, &(0x7f0000000340)={0x6, 0x95, "94da0b98a825789b03ee6b475d311eef0979c044606b83aa5e406510e2936a07112a8a1b7ccab606982e802f7a617703de8ed28ac512632e6a3608eaed21a67ebe3c5d61174fa994d62d904d991c278cf09e95aab9e5dbaed2851966efb611e2d6efa38e3ef261cac9de460e35917610173f1b15582ff630f8083448a5d0267e30a4a4c5c8afa407234360c208e2ffe089742b9b89"})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xd4ee000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

3.303055606s ago: executing program 0 (id=2847):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x34, 0x10, 0x439, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r2, 0x10681, 0x20280}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x20044002)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0)
r6 = socket(0x10, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r7}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x681}]}, 0x34}}, 0x0)

3.237483036s ago: executing program 3 (id=2848):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x82)
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbb"], 0xfdef)

2.860736033s ago: executing program 2 (id=2849):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000abf3f7f069250548000000000baca4e6666aa528dff283371f35f7e13b82888952407d669015d297158b36929986efa3fe93964a8ac6c46e4d582549a1dff3d7"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000240)='sys_enter\x00', r2, 0x0, 0x2}, 0x18)
move_pages(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$can_bcm(0x1d, 0x2, 0x2)
close(0x3)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
accept4(r0, 0x0, 0x0, 0x800)
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4)
setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000000)=0x28, 0x4)
sendmmsg$inet6(r4, &(0x7f0000001340)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, '\x00', 0xa}}, 0x1c, 0x0}}], 0x1, 0xc040)
socket$netlink(0x10, 0x3, 0x10)
socket$nl_crypto(0x10, 0x3, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGMASK(r5, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00'})

2.727875001s ago: executing program 0 (id=2850):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYRESOCT, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x40001)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(0xffffffffffffffff, 0xfffffffd)
syz_emit_vhci(0x0, 0xf)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'veth1_macvtap\x00'})
socket$packet(0x11, 0x2, 0x300)
syz_emit_vhci(0x0, 0xf)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
mount$bind(0x0, &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000))
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)={0x28, r2, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x480c0)

2.398434715s ago: executing program 5 (id=2851):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
syz_open_dev$usbfs(&(0x7f00000001c0), 0x77, 0x141301)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mq_open(&(0x7f0000000100)=' \x01\x9c\x147\xb3\xcf\xfc\xc3\xa2W)\xebs\x93\xa7\xc7-\xeb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00AWK\n\x8b!Q\x8f\xf6\xec\xa5fs\xf5l{T\x87r\xd2)r\xa7\xd6\bO\x9a\x98\xf52:\"\xf4\x12\xc0T+\xcd\x9fv|\x8d\xd5\xb2Dvc\x8e\x93\xd8\xd6\xa0\xc56\xd2x\xe3g:', 0x41, 0x80, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x60, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x61, 0x1, {0x1}})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(0xffffffffffffffff, 0x7330, 0x0, 0x0, 0x0, 0x0)

1.33207432s ago: executing program 3 (id=2852):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000140)='source\x00\xb5\x838\x8d\xbd\xdf\xfe\x9a\xf2RM\xb6\xe0\xf9\xac\xa2\x06\x1cD\xe7C\xa5<\xd1=\x93\xf7\xf7Sn\xcb\xd5\xa7\xc9@D\x81\xff\xaar\xc8\xa9\x13\b\x9a\x8bF\v\x8a\x93F\x00\x00\x00\x06\x00\x00\x00\x00\x00', &(0x7f00000001c0)='.\n#)|.\x02\xd8\b\xb2f\xcd\x04\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112s\x88\x06\x13o\xd6w\xbf\xfa\xd5?\xa3\'\xca%\xd0\x8fKAq\x89f\xbb\x9dC\xd6\xea\xa8\xc2z\xbfe\xadSb3L)Hy\xfao\b\xa4\xb6\xff\xff\xff\xff\xff\xff\xff\xf7\xc7\xa4\xdcY\x9aM\x90\xa4\x05\xa8\xec\xf3\xa4h\x11\x19\x87E$\n://\xf3\x96\xaf\x1c8\b\x84x\'+\xd5\xd4?[e\x19\xa3\\J\xe9\x8a\xb9\xe495/\x00d\xd2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xb7\x1e\xf7Ys#m\xd40\xceP\xdc\x15FI>\x01\xfa\x15\x93\x9a&\xb4):\xc7?\x8d\x8e\x02\xc6\xf61\xbd\xbcBq\xba\xc6\x8e\x89\x15UTaf\xfc\x89\xab\x19\xd7\x82\x16\x94m\x0e\xb7$\x8c\xd76K\xdc\xd1;\\QPh@$\x06F\x81\xc9\xf8\xf8H\xb2\x85\xa8Cl\xa6\xcd\xb5\xf0\xd0\x1f\'\xc30]\xad7\x1eZA7\x89\xf5\x81b\r\xc1\x7f[\x84y\xac\x12\xaa\xa2-t\x16>V\xfc\xbf\xdb\xe4\x9a\x9eE^\x90oe\xc0\xd9\xc68\x0f\xd4\xcdKC\xadp\xba\xaa\xab\'\x1cRO\x89\x17i\x88\"\x8dQI\xed\x1d\xe1v\xe6&\xd3\x14\xe92\xca\x9dBe\\\x8f\xff\x9b\xc7Sd!\xf8(Z\xd42\xa2\xcdjjBP\xae3\xbd\xec\x8a\x8f:\xeb1\x1cK\xf2\x04s\b\xcb\xa9\x17\x8529\xd7`\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf1\xa4C\x81\xc8iy\xc4\xf7\x7f\x90\xf80\x18jT\xd45\xde\b\x88\xc9Xw\xe9\xf4\xa4\x94Q\x03s/\xac\xd4\xb7o\x99\xf5\xdb\xf9\x99,+\b\x17\xe4\xf4r}\xda\xf5\x12\x16\xb6g\x00\'(\x02[\xef\x03\x90W% \xe6b\xa2\\\x86\xac\xdax\x997AOJ=\x1f\x00\xe1/\n\xael\x15\xcfR\v\x0e\xbc!\xe8\x1cV-`\xf0$\xa6a \x93PV\x8dm@\x9c', 0x0)

1.156623271s ago: executing program 0 (id=2853):
socket$nl_netfilter(0x10, 0x3, 0xc)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x3, 0x0, 0x41100, 0x21, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x46, 0x0, 0x0, 0x62, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f000043f000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x40010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x50)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=ANY=[@ANYBLOB="140000001000010300000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x81)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@private2, @in6=@remote, 0xfffd, 0x56, 0x2, 0x0, 0x2}, {0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x2000000, 0x2}, {0x7, 0x0, 0x4}, 0x1, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0xa, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x3507, 0x4, 0x0, 0x0, 0xffffffff, 0x0, 0x4}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)

828.797679ms ago: executing program 5 (id=2854):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'lo\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="500000001400b59527bd02000000df250a1700ff", @ANYRES32=r1, @ANYBLOB="140002000000000000000000000000000000000108000800880200000800090005000000140006007f00"], 0x50}, 0x1, 0x0, 0x0, 0x2004c040}, 0x0)

132.766095ms ago: executing program 0 (id=2855):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405668, &(0x7f0000000100)={0x0, 0x1, 0x2})
ioctl$IOMMU_IOAS_COPY$syz(0xffffffffffffffff, 0x3b83, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r2 = epoll_create(0x7)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x1000001c})
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)

0s ago: executing program 5 (id=2856):
write$smackfs_load(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="282020957761746c00bfa6e8fb0e1827b97110bf6d0bc74dc18ed05bd3957ca9e8174ccfdf3e0c943674a9ab116daeead1abf3ca9f5a5cafd51bff0f7f2c3573ad1d955e9831cb0bdccc25dcdd36805dee95cc30724adf4bdbb6f9fa715fad66c83002fcd0f8bca06e1005c61a604c7aef6af345fec05813027d7dee5523b7b06332eb761297de930a22da"], 0x9)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, &(0x7f0000000080))
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r4, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r7], 0x54}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r10, @ANYBLOB="01"], 0x20}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c000000110001002dbd7000fbdbdf2500000000", @ANYRES32=r7], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

kernel console output (not intermixed with test programs):

acketSize 0
[  605.543125][T12580] bridge1: left allmulticast mode
[  605.551626][ T5966] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  605.598623][ T5966] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  606.305386][ T5966] usb 6-1: Product: syz
[  606.310055][ T5966] usb 6-1: Manufacturer: syz
[  606.456468][ T5966] hub 6-1:4.0: USB hub found
[  606.530198][T12587] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2008'.
[  606.641370][ T5966] hub 6-1:4.0: 2 ports detected
[  607.779092][T12602] netlink: 'syz.0.2013': attribute type 1 has an invalid length.
[  607.884524][T12608] bond4: entered allmulticast mode
[  607.920444][T12611] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2013'.
[  607.920502][T12608] 8021q: adding VLAN 0 to HW filter on device bond4
[  607.941133][ T5966] hub 6-1:4.0: set hub depth failed
[  607.956604][ T5966] usb 6-1: USB disconnect, device number 3
[  608.692271][T12619] tmpfs: Bad value for 'mpol'
[  608.881770][ T5939] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  609.058098][T12611] bond4 (unregistering): Released all slaves
[  609.191545][ T5939] usb 2-1: Using ep0 maxpacket: 8
[  609.763969][ T5939] usb 2-1: too many configurations: 65, using maximum allowed: 8
[  609.919786][ T5939] usb 2-1: New USB device found, idVendor=1044, idProduct=800d, bcdDevice=57.5c
[  609.932690][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.940829][ T5939] usb 2-1: Product: syz
[  609.961544][ T5939] usb 2-1: Manufacturer: syz
[  609.966217][ T5939] usb 2-1: SerialNumber: syz
[  609.989315][ T5939] usb 2-1: config 0 descriptor??
[  610.545125][ T5939] usb 2-1: bad CDC descriptors
[  610.663149][ T5908] usb 2-1: USB disconnect, device number 13
[  614.973683][   T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  615.305706][   T10] usb 6-1: Using ep0 maxpacket: 16
[  615.315295][   T10] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  615.331468][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  616.274129][   T10] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  616.283560][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.293141][   T10] usb 6-1: Product: syz
[  616.312926][   T10] usb 6-1: Manufacturer: syz
[  616.317596][   T10] usb 6-1: SerialNumber: syz
[  616.548458][   T10] usb 6-1: config 0 descriptor??
[  616.557549][   T10] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  616.581616][   T10] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  616.813800][T12441] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  616.908871][ T5939] usb 2-1: new low-speed USB device number 14 using dummy_hcd
[  616.974153][T12441] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  616.984744][T12441] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  616.996468][T12441] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  617.006172][T12441] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  617.014556][T12441] usb 1-1: SerialNumber: syz
[  617.075600][ T5939] usb 2-1: unable to get BOS descriptor or descriptor too short
[  617.093528][ T5939] usb 2-1: unable to read config index 0 descriptor/start: -61
[  617.102742][ T5939] usb 2-1: can't read configurations, error -61
[  617.253693][   T10] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  617.314949][ T5939] usb 2-1: new low-speed USB device number 15 using dummy_hcd
[  617.318234][   T10] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  617.679000][   T10] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[  617.686173][   T10] em28xx 6-1:0.0: No AC97 audio processor
[  617.713377][T12441] usb 1-1: 0:2 : does not exist
[  617.771075][T12441] usb 1-1: USB disconnect, device number 8
[  617.841236][T12281] udevd[12281]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  617.867317][ T5939] usb 2-1: unable to get BOS descriptor or descriptor too short
[  617.878082][ T5939] usb 2-1: unable to read config index 0 descriptor/start: -61
[  617.894072][ T5939] usb 2-1: can't read configurations, error -61
[  617.909286][ T5939] usb usb2-port1: attempt power cycle
[  617.936315][T12735] netlink: 'syz.3.2053': attribute type 7 has an invalid length.
[  617.954321][T12735] : entered promiscuous mode
[  618.262188][ T5939] usb 2-1: new low-speed USB device number 16 using dummy_hcd
[  618.406229][ T5939] usb 2-1: unable to get BOS descriptor or descriptor too short
[  618.458572][ T5939] usb 2-1: unable to read config index 0 descriptor/start: -61
[  618.494886][ T5939] usb 2-1: can't read configurations, error -61
[  618.751513][ T5939] usb 2-1: new low-speed USB device number 17 using dummy_hcd
[  618.795866][ T5939] usb 2-1: unable to get BOS descriptor or descriptor too short
[  618.807641][   T10] usb 6-1: USB disconnect, device number 4
[  618.816323][T12744] erofs (device nullb0): cannot find valid erofs superblock
[  618.818186][   T10] em28xx 6-1:0.0: Disconnecting em28xx
[  618.846899][ T5939] usb 2-1: unable to read config index 0 descriptor/start: -61
[  618.859284][ T5939] usb 2-1: can't read configurations, error -61
[  618.866850][ T5939] usb usb2-port1: unable to enumerate USB device
[  618.867616][   T10] em28xx 6-1:0.0: Freeing device
[  620.295183][T12755] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  620.301889][T12755] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  620.310023][T12755] vhci_hcd vhci_hcd.0: Device attached
[  620.377087][T12759] vhci_hcd: connection closed
[  620.383834][ T6012] vhci_hcd: stop threads
[  620.416635][ T6012] vhci_hcd: release socket
[  620.433624][ T6012] vhci_hcd: disconnect device
[  620.498442][   T10] vhci_hcd: vhci_device speed not set
[  620.553048][T12769] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2066'.
[  620.598684][T12773] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2068'.
[  621.018311][T12783] FAULT_INJECTION: forcing a failure.
[  621.018311][T12783] name failslab, interval 1, probability 0, space 0, times 0
[  621.031343][T12783] CPU: 1 UID: 0 PID: 12783 Comm: syz.2.2070 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  621.031364][T12783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  621.031375][T12783] Call Trace:
[  621.031381][T12783]  <TASK>
[  621.031389][T12783]  dump_stack_lvl+0x189/0x250
[  621.031426][T12783]  ? __pfx____ratelimit+0x10/0x10
[  621.031458][T12783]  ? __pfx_dump_stack_lvl+0x10/0x10
[  621.031490][T12783]  ? __pfx__printk+0x10/0x10
[  621.031525][T12783]  should_fail_ex+0x414/0x560
[  621.031557][T12783]  should_failslab+0xa8/0x100
[  621.031586][T12783]  kmem_cache_alloc_noprof+0x73/0x3c0
[  621.031611][T12783]  ? radix_tree_node_alloc+0x7e/0x3a0
[  621.031646][T12783]  radix_tree_node_alloc+0x7e/0x3a0
[  621.031682][T12783]  idr_get_free+0x2b3/0xa70
[  621.031723][T12783]  idr_alloc_u32+0x159/0x2d0
[  621.031758][T12783]  ? __pfx_idr_alloc_u32+0x10/0x10
[  621.031793][T12783]  ? do_raw_spin_lock+0x121/0x290
[  621.031827][T12783]  idr_alloc_cyclic+0x9b/0x1b0
[  621.031856][T12783]  bpf_map_alloc_id+0x40/0xe0
[  621.031881][T12783]  map_create+0xd59/0x1150
[  621.031925][T12783]  ? security_bpf+0x7e/0x300
[  621.031958][T12783]  __sys_bpf+0x67e/0x860
[  621.031979][T12783]  ? __pfx___sys_bpf+0x10/0x10
[  621.031995][T12783]  ? preempt_schedule_irq+0xde/0x150
[  621.032047][T12783]  __x64_sys_bpf+0x7c/0x90
[  621.032064][T12783]  do_syscall_64+0xfa/0x3b0
[  621.032107][T12783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.032122][T12783]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  621.032137][T12783]  ? clear_bhb_loop+0x60/0xb0
[  621.032156][T12783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.032171][T12783] RIP: 0033:0x7f13f1b8e929
[  621.032186][T12783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  621.032200][T12783] RSP: 002b:00007f13f2a0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  621.032228][T12783] RAX: ffffffffffffffda RBX: 00007f13f1db6160 RCX: 00007f13f1b8e929
[  621.032239][T12783] RDX: 0000000000000048 RSI: 0000200000000200 RDI: 0000000000000000
[  621.032249][T12783] RBP: 00007f13f2a0f090 R08: 0000000000000000 R09: 0000000000000000
[  621.032258][T12783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  621.032268][T12783] R13: 0000000000000000 R14: 00007f13f1db6160 R15: 00007fff5fa109b8
[  621.032291][T12783]  </TASK>
[  623.182912][T12812] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2080'.
[  624.436339][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  624.552513][T12828] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  624.561918][T12828] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  624.570708][T12828] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  624.579694][T12828] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  624.592370][T12828] vxlan0: entered promiscuous mode
[  624.597627][T12828] vxlan0: entered allmulticast mode
[  625.468052][T12839] netlink: 'syz.2.2090': attribute type 1 has an invalid length.
[  625.529948][T12839] bond2: entered allmulticast mode
[  625.537028][T12839] 8021q: adding VLAN 0 to HW filter on device bond2
[  625.847332][T12844] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2090'.
[  626.207408][T12851] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  626.215200][T12851] IPv6: NLM_F_CREATE should be set when creating new route
[  627.273122][T12857] QAT: Stopping all acceleration devices.
[  627.479519][T12864] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2096'.
[  627.521274][T12844] bond2 (unregistering): Released all slaves
[  631.261181][T12898] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2108'.
[  631.807661][T12909] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2112'.
[  633.343137][T12926] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2116'.
[  633.438228][T12930] FAULT_INJECTION: forcing a failure.
[  633.438228][T12930] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  633.452261][T12930] CPU: 0 UID: 0 PID: 12930 Comm: syz.3.2117 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  633.452290][T12930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  633.452304][T12930] Call Trace:
[  633.452312][T12930]  <TASK>
[  633.452321][T12930]  dump_stack_lvl+0x189/0x250
[  633.452359][T12930]  ? __pfx____ratelimit+0x10/0x10
[  633.452393][T12930]  ? __pfx_dump_stack_lvl+0x10/0x10
[  633.452423][T12930]  ? __pfx__printk+0x10/0x10
[  633.452446][T12930]  ? __might_fault+0xb0/0x130
[  633.452486][T12930]  should_fail_ex+0x414/0x560
[  633.452520][T12930]  _copy_from_iter+0x1db/0x16f0
[  633.452595][T12930]  ? __pfx__copy_from_iter+0x10/0x10
[  633.452626][T12930]  ? __pfx_woken_wake_function+0x10/0x10
[  633.452657][T12930]  ? __pfx_n_tty_write+0x10/0x10
[  633.452694][T12930]  file_tty_write+0x486/0x990
[  633.452738][T12930]  vfs_write+0x54b/0xa90
[  633.452770][T12930]  ? __pfx_tty_write+0x10/0x10
[  633.452803][T12930]  ? __pfx_vfs_write+0x10/0x10
[  633.452841][T12930]  ? __fget_files+0x2a/0x420
[  633.452881][T12930]  ksys_write+0x145/0x250
[  633.452909][T12930]  ? __pfx_ksys_write+0x10/0x10
[  633.452940][T12930]  ? do_syscall_64+0xbe/0x3b0
[  633.452978][T12930]  do_syscall_64+0xfa/0x3b0
[  633.453013][T12930]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.453042][T12930]  ? asm_sysvec_call_function_single+0x1a/0x20
[  633.453064][T12930]  ? clear_bhb_loop+0x60/0xb0
[  633.453091][T12930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.453113][T12930] RIP: 0033:0x7f069b18e929
[  633.453133][T12930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  633.453152][T12930] RSP: 002b:00007f069c01f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  633.453173][T12930] RAX: ffffffffffffffda RBX: 00007f069b3b6080 RCX: 00007f069b18e929
[  633.453189][T12930] RDX: 00000000fffffdef RSI: 0000200000001040 RDI: 0000000000000007
[  633.453203][T12930] RBP: 00007f069c01f090 R08: 0000000000000000 R09: 0000000000000000
[  633.453217][T12930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  633.453230][T12930] R13: 0000000000000000 R14: 00007f069b3b6080 R15: 00007ffdf3b80df8
[  633.453264][T12930]  </TASK>
[  633.586577][T12932] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2120'.
[  633.591837][    C0] vkms_vblank_simulate: vblank timer overrun
[  633.692775][    C0] vkms_vblank_simulate: vblank timer overrun
[  633.698863][    C0] hrtimer: interrupt took 237448610 ns
[  633.798886][    C0] vkms_vblank_simulate: vblank timer overrun
[  637.481388][T12968] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2131'.
[  638.696824][T12995] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2138'.
[  638.706087][T12995] netlink: 'syz.1.2138': attribute type 7 has an invalid length.
[  638.728038][T12995] netlink: 'syz.1.2138': attribute type 8 has an invalid length.
[  638.766517][T12995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2138'.
[  639.011615][ T5939] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  639.235863][ T5939] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30
[  639.367730][ T5939] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 169, changing to 11
[  639.379813][ T5939] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  639.390069][ T5939] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254
[  639.408837][ T5939] usb 2-1: New USB device found, idVendor=5543, idProduct=0045, bcdDevice= 0.00
[  639.418518][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.940237][ T5939] usb 2-1: config 0 descriptor??
[  640.361532][ T5966] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  640.454947][T13020] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2145'.
[  640.551798][ T5966] usb 6-1: Using ep0 maxpacket: 8
[  640.577477][ T5966] usb 6-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  640.622817][ T5966] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  640.645941][ T5939] usb 2-1: string descriptor 0 read error: -71
[  640.662807][ T5966] usb 6-1: Product: syz
[  640.667134][ T5966] usb 6-1: Manufacturer: syz
[  640.672662][ T5966] usb 6-1: SerialNumber: syz
[  640.672908][ T5939] uclogic 0003:5543:0045.0005: failed retrieving string descriptor #200: -71
[  640.691053][ T5939] uclogic 0003:5543:0045.0005: failed retrieving pen parameters: -71
[  640.700318][ T5966] usb 6-1: config 0 descriptor??
[  640.708642][ T5939] uclogic 0003:5543:0045.0005: failed probing pen v2 parameters: -71
[  640.724675][ T5966] usbtest 6-1:0.0: FX2 device
[  640.729446][ T5966] usbtest 6-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  640.748364][ T5939] uclogic 0003:5543:0045.0005: failed probing parameters: -71
[  640.768430][ T5939] uclogic 0003:5543:0045.0005: probe with driver uclogic failed with error -71
[  640.832261][ T5939] usb 2-1: USB disconnect, device number 18
[  640.941155][ T5908] usb 6-1: USB disconnect, device number 5
[  641.151593][ T5966] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  641.501543][ T5966] usb 3-1: Using ep0 maxpacket: 32
[  641.508043][ T5966] usb 3-1: no configurations
[  641.516410][ T5966] usb 3-1: can't read configurations, error -22
[  642.154471][ T5966] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  642.458890][T13038] netlink: 'syz.5.2152': attribute type 1 has an invalid length.
[  642.616428][ T5966] usb 3-1: Using ep0 maxpacket: 32
[  642.622912][ T5966] usb 3-1: no configurations
[  642.627572][ T5966] usb 3-1: can't read configurations, error -22
[  642.649548][ T5966] usb usb3-port1: attempt power cycle
[  642.669341][T13045] erofs (device nullb0): cannot find valid erofs superblock
[  642.737751][ T6975] Bluetooth: hci4: Frame reassembly failed (-84)
[  642.991586][T11801] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  643.151524][ T5966] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  643.154894][T11801] usb 6-1: Using ep0 maxpacket: 32
[  643.164569][ T5908] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  643.184937][T11801] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  643.192854][ T5966] usb 3-1: Using ep0 maxpacket: 32
[  643.196963][T11801] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  643.209910][ T5966] usb 3-1: no configurations
[  643.217223][T11801] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  643.217955][ T5966] usb 3-1: can't read configurations, error -22
[  643.473166][T13060] fuse: Bad value for 'user_id'
[  643.478076][T13060] fuse: Bad value for 'user_id'
[  643.573009][ T5966] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  643.592004][T11801] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  643.616752][ T5966] usb 3-1: Using ep0 maxpacket: 32
[  643.623009][ T5966] usb 3-1: no configurations
[  643.623860][T11801] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  643.627858][ T5966] usb 3-1: can't read configurations, error -22
[  643.654174][T11801] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  643.664182][ T5966] usb usb3-port1: unable to enumerate USB device
[  643.681254][T11801] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.695363][T11801] usb 6-1: Product: syz
[  643.701749][ T5908] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  643.710177][ T5908] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  643.720214][T11801] usb 6-1: Manufacturer: syz
[  643.725266][T11801] usb 6-1: SerialNumber: syz
[  643.730746][ T5908] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  643.741875][ T5908] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  643.753649][ T5908] usb 2-1: Manufacturer: syz
[  643.772366][T11801] usb 6-1: config 0 descriptor??
[  643.786671][ T5908] usb 2-1: config 0 descriptor??
[  644.411051][T11801] iforce 6-1:0.0: usb_submit_urb failed: -32
[  644.417289][T11801] input input11: Device does not respond to id packet M
[  644.436390][T11801] iforce 6-1:0.0: usb_submit_urb failed: -32
[  644.447385][T11801] input input11: Device does not respond to id packet P
[  644.456922][T11801] input input11: Device does not respond to id packet B
[  644.471602][ T5908] rc_core: IR keymap rc-hauppauge not found
[  644.503920][ T5908] Registered IR keymap rc-empty
[  644.517689][ T5908] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  644.534853][ T5908] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input12
[  644.599204][T13075] sp0: Synchronizing with TNC
[  644.642516][    C0] igorplugusb 2-1:0.0: receive overflow invalid: 187
[  644.786042][T11801] input input11: Device does not respond to id packet N
[  644.793656][ T5835] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  646.894178][T11801] iforce 6-1:0.0: usb_submit_urb failed: -71
[  649.081703][T11801] iforce 6-1:0.0: usb_submit_urb failed: -71
[  649.788941][T11801] iforce 6-1:0.0: usb_submit_urb failed: -71
[  649.796486][T11801] iforce 6-1:0.0: usb_submit_urb failed: -71
[  649.860283][ T5966] usb 2-1: USB disconnect, device number 19
[  649.863199][T11801] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input11
[  650.187186][T13081] netlink: 'syz.1.2166': attribute type 1 has an invalid length.
[  651.278871][T11801] usb 6-1: USB disconnect, device number 6
[  651.709431][T13097] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2170'.
[  652.090723][T13119] netlink: 'syz.1.2175': attribute type 21 has an invalid length.
[  652.099099][T13119] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2175'.
[  652.112498][T13119] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2175'.
[  652.183077][ T5966] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  652.402320][ T5966] usb 1-1: Using ep0 maxpacket: 32
[  652.507566][ T5966] usb 1-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice= e.22
[  652.546753][ T5966] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  652.580744][ T5966] usb 1-1: Product: syz
[  652.610233][ T5966] usb 1-1: Manufacturer: syz
[  652.629366][ T5966] usb 1-1: SerialNumber: syz
[  652.695519][ T5966] usb 1-1: config 0 descriptor??
[  652.774019][ T5966] usb 1-1: selecting invalid altsetting 3
[  652.785025][ T5966] comedi comedi0: could not set alternate setting 3 in high speed
[  652.793613][ T5966] usbdux 1-1:0.0: driver 'usbdux' failed to auto-configure device.
[  652.832937][ T5966] usbdux 1-1:0.0: probe with driver usbdux failed with error -22
[  652.836198][T13115] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  653.150288][T13104] use of bytesused == 0 is deprecated and will be removed in the future,
[  653.177472][T13104] use the actual size instead.
[  653.625322][T13104] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  653.684896][ T5966] usb 1-1: USB disconnect, device number 9
[  654.481187][T13161] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2189'.
[  654.574155][T13165] binder: 13163:13165 ioctl c0306201 2000000003c0 returned -14
[  654.594739][T13164] binder: 13163:13164 ioctl c0306201 2000000003c0 returned -14
[  654.626562][T13165] binder: 13163:13165 ioctl c0306201 2000000003c0 returned -14
[  654.774077][T13167] fuse: Bad value for 'user_id'
[  654.779139][T13167] fuse: Bad value for 'user_id'
[  655.061592][ T5908] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  655.243060][ T5908] usb 2-1: Using ep0 maxpacket: 8
[  655.459368][ T5908] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  655.586836][ T5908] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  655.670843][ T5908] usb 2-1: config 0 has no interface number 0
[  655.701817][ T5908] usb 2-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  655.767752][ T5908] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  655.799659][ T5908] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  655.816935][ T5908] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  655.886292][ T5908] usb 2-1: config 0 interface 52 has no altsetting 0
[  655.923330][ T5908] usb 2-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  655.952090][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.996457][ T5908] usb 2-1: config 0 descriptor??
[  656.138276][T13203] openvswitch: netlink: Duplicate or invalid key (type 0).
[  656.604299][T13203] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  656.636959][T13200] netlink: 'syz.0.2202': attribute type 13 has an invalid length.
[  656.831607][ T5908] usb 2-1: Can not set alternate setting to 1, error: -71
[  656.861561][ T5908] synaptics_usb 2-1:0.52: probe with driver synaptics_usb failed with error -71
[  657.881195][T13218] tmpfs: Unknown parameter '�oxwap'
[  657.931304][ T5908] usb 2-1: USB disconnect, device number 20
[  658.481862][T13214] Illegal XDP return value 1310473749 on prog  (id 418) dev N/A, expect packet loss!
[  658.829362][T13234] FAULT_INJECTION: forcing a failure.
[  658.829362][T13234] name failslab, interval 1, probability 0, space 0, times 0
[  658.871847][T13234] CPU: 1 UID: 0 PID: 13234 Comm: syz.3.2211 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  658.871879][T13234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  658.871892][T13234] Call Trace:
[  658.871901][T13234]  <TASK>
[  658.871911][T13234]  dump_stack_lvl+0x189/0x250
[  658.871949][T13234]  ? __pfx____ratelimit+0x10/0x10
[  658.871981][T13234]  ? __pfx_dump_stack_lvl+0x10/0x10
[  658.872013][T13234]  ? __pfx__printk+0x10/0x10
[  658.872041][T13234]  ? __pfx___might_resched+0x10/0x10
[  658.872078][T13234]  should_fail_ex+0x414/0x560
[  658.872118][T13234]  ? bpf_test_run_xdp_live+0x1b5/0x1b10
[  658.872142][T13234]  should_failslab+0xa8/0x100
[  658.872173][T13234]  __kvmalloc_node_noprof+0x161/0x5f0
[  658.872201][T13234]  ? bpf_test_run_xdp_live+0x1b5/0x1b10
[  658.872232][T13234]  bpf_test_run_xdp_live+0x1b5/0x1b10
[  658.872262][T13234]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  658.872302][T13234]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  658.872347][T13234]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  658.872371][T13234]  ? 0xffffffffa02057c0
[  658.872391][T13234]  ? 0xffffffffa02057c0
[  658.872460][T13234]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  658.872496][T13234]  ? _copy_from_user+0x94/0xb0
[  658.872517][T13234]  ? bpf_test_init+0x133/0x170
[  658.872538][T13234]  ? xdp_convert_md_to_buff+0x5b/0x330
[  658.872566][T13234]  bpf_prog_test_run_xdp+0x713/0x1000
[  658.872608][T13234]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  658.872639][T13234]  ? __fget_files+0x2a/0x420
[  658.872674][T13234]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  658.872700][T13234]  bpf_prog_test_run+0x2c4/0x340
[  658.872733][T13234]  __sys_bpf+0x4a4/0x860
[  658.872763][T13234]  ? __pfx___sys_bpf+0x10/0x10
[  658.872803][T13234]  ? ksys_write+0x22a/0x250
[  658.872835][T13234]  ? __pfx_ksys_write+0x10/0x10
[  658.872857][T13234]  ? rcu_is_watching+0x15/0xb0
[  658.872897][T13234]  __x64_sys_bpf+0x7c/0x90
[  658.872921][T13234]  do_syscall_64+0xfa/0x3b0
[  658.872952][T13234]  ? lockdep_hardirqs_on+0x9c/0x150
[  658.872983][T13234]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.873004][T13234]  ? clear_bhb_loop+0x60/0xb0
[  658.873030][T13234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.873050][T13234] RIP: 0033:0x7f069b18e929
[  658.873068][T13234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  658.873094][T13234] RSP: 002b:00007f069c040038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  658.873117][T13234] RAX: ffffffffffffffda RBX: 00007f069b3b5fa0 RCX: 00007f069b18e929
[  658.873133][T13234] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  658.873147][T13234] RBP: 00007f069c040090 R08: 0000000000000000 R09: 0000000000000000
[  658.873160][T13234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  658.873172][T13234] R13: 0000000000000000 R14: 00007f069b3b5fa0 R15: 00007ffdf3b80df8
[  658.873205][T13234]  </TASK>
[  659.702505][T12441] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  659.900574][T12441] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  659.936800][T12441] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  660.002954][T12441] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  660.038392][T12441] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  660.071580][T12441] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  660.087908][T12441] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.277145][T12441] usb 2-1: Product: syz
[  660.287295][T12441] usb 2-1: Manufacturer: syz
[  660.305076][T12441] usb 2-1: SerialNumber: syz
[  660.325248][T12441] usb 2-1: config 0 descriptor??
[  660.339847][T12441] kvaser_usb 2-1:0.0: error -EMSGSIZE: Cannot get software info
[  660.351181][T12441] kvaser_usb 2-1:0.0: probe with driver kvaser_usb failed with error -90
[  660.366928][T13267] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  660.724423][T13253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  660.759118][T13253] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  663.565325][T13298] netlink: 'syz.0.2234': attribute type 1 has an invalid length.
[  664.290491][T12441] usb 2-1: USB disconnect, device number 21
[  668.720079][T13376] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  668.727419][T13376] IPv6: NLM_F_CREATE should be set when creating new route
[  669.123945][T13383] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  669.642858][T13406] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2275'.
[  671.169960][T13418] random: crng reseeded on system resumption
[  671.213250][T13420] loop3: detected capacity change from 0 to 1
[  671.221801][T13418] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2281'.
[  671.230833][T13418] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2281'.
[  671.266210][ T5828] Dev loop3: unable to read RDB block 1
[  671.283237][ T5828]  loop3: unable to read partition table
[  671.293999][ T5828] loop3: partition table beyond EOD, truncated
[  671.330700][T13420] Dev loop3: unable to read RDB block 1
[  671.350595][T13420]  loop3: unable to read partition table
[  671.371786][T13420] loop3: partition table beyond EOD, truncated
[  671.391279][T13420] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  672.937227][T13452] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2289'.
[  675.466728][T13470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  676.022243][T13499] netlink: 'syz.5.2304': attribute type 1 has an invalid length.
[  676.090770][T13499] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2304'.
[  676.122473][ T5908] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  676.212391][T13502] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2304'.
[  679.980351][T13499] bond2: entered allmulticast mode
[  680.055282][T13499] 8021q: adding VLAN 0 to HW filter on device bond2
[  680.162588][ T5908] usb 1-1: device descriptor read/all, error -71
[  681.489558][T13502] bond2 (unregistering): Released all slaves
[  682.071234][T13538] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2315'.
[  682.787562][T13549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2318'.
[  682.841812][T13549] lo: entered allmulticast mode
[  682.855745][T13549] tunl0: entered allmulticast mode
[  682.996710][T13549] gre0: entered allmulticast mode
[  683.022549][T13555] erofs (device nullb0): cannot find valid erofs superblock
[  683.054749][T13549] gretap0: entered allmulticast mode
[  683.116781][T13549] erspan0: entered allmulticast mode
[  683.129288][T13549] ip_vti0: entered allmulticast mode
[  683.142628][T13549] ip6_vti0: entered allmulticast mode
[  683.153536][T13549] sit0: entered allmulticast mode
[  683.186220][T13549] ip6tnl0: entered allmulticast mode
[  683.197167][T13549] ip6gre0: entered allmulticast mode
[  683.215835][T13549] syz_tun: entered allmulticast mode
[  683.232025][T13549] ip6gretap0: entered allmulticast mode
[  683.299641][T13549] bridge0: port 1(bridge_slave_0) entered disabled state
[  683.342019][T13549] bridge0: entered allmulticast mode
[  683.356153][T13549] vcan0: entered allmulticast mode
[  683.367423][T13549] team0: entered allmulticast mode
[  683.373070][T13549] team_slave_0: entered allmulticast mode
[  683.380852][T13549] team_slave_1: entered allmulticast mode
[  683.406758][T13549] dummy0: entered allmulticast mode
[  683.434872][T13549] nlmon0: entered allmulticast mode
[  683.447015][T13549] caif0: entered allmulticast mode
[  683.457605][T13549] vxcan0: entered allmulticast mode
[  683.471342][T13549] vxcan1: entered allmulticast mode
[  683.488242][T13549] veth0: entered allmulticast mode
[  683.527185][T13549] veth1: entered allmulticast mode
[  683.600731][T13549] wg0: entered allmulticast mode
[  687.238219][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  687.537919][T13549] wg1: entered allmulticast mode
[  688.636906][T13549] wg2: entered allmulticast mode
[  688.663219][T13549] veth0_to_bridge: entered allmulticast mode
[  688.853065][T13549] veth1_to_bridge: entered allmulticast mode
[  688.882000][T13549] veth0_to_bond: entered allmulticast mode
[  688.897790][T13549] bond_slave_0: entered allmulticast mode
[  688.904362][T13549] veth1_to_bond: entered allmulticast mode
[  688.915990][T13549] bond_slave_1: entered allmulticast mode
[  688.924661][T13549] veth0_to_team: entered allmulticast mode
[  688.937730][T13549] veth1_to_team: entered allmulticast mode
[  688.964124][T13549] veth0_to_batadv: entered allmulticast mode
[  688.984500][T13549] batadv_slave_0: entered allmulticast mode
[  689.003581][T13549] veth1_to_batadv: entered allmulticast mode
[  689.025195][T13549] batadv_slave_1: entered allmulticast mode
[  689.054835][T13549] xfrm0: entered allmulticast mode
[  689.077150][T13549] veth0_to_hsr: entered allmulticast mode
[  689.099206][T13549] hsr_slave_0: entered allmulticast mode
[  689.117983][T13549] veth1_to_hsr: entered allmulticast mode
[  689.138380][T13549] hsr_slave_1: entered allmulticast mode
[  689.168841][T13549] hsr0: entered allmulticast mode
[  689.178155][T13549] veth1_virt_wifi: entered allmulticast mode
[  689.191834][T13549] veth0_virt_wifi: entered allmulticast mode
[  689.200469][T13549] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  689.209274][T13549] veth1_vlan: entered allmulticast mode
[  689.218693][T13549] veth0_vlan: entered allmulticast mode
[  689.230654][T13549] vlan1: entered allmulticast mode
[  689.237712][T13549] macvlan0: entered allmulticast mode
[  689.248085][T13549] macvlan1: entered allmulticast mode
[  689.258258][T13549] ipvlan0: entered allmulticast mode
[  689.265147][T13549] ipvlan1: entered allmulticast mode
[  689.272972][T13549] veth1_macvtap: entered allmulticast mode
[  689.283972][T13549] veth0_macvtap: entered allmulticast mode
[  689.298457][T13549] macvtap0: entered allmulticast mode
[  689.311305][T13549] macsec0: entered allmulticast mode
[  689.324526][T13549] geneve0: entered allmulticast mode
[  689.334211][T13549] geneve1: entered allmulticast mode
[  689.343889][T13549] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  689.380427][T13549] netdevsim netdevsim3 netdevsim1: entered allmulticast mode
[  689.522080][T13549] netdevsim netdevsim3 netdevsim2: entered allmulticast mode
[  689.538048][T13549] netdevsim netdevsim3 netdevsim3: entered allmulticast mode
[  689.564084][T13549] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[  689.587294][T13549] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  689.602740][T13549] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  689.618734][T13549] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  689.628001][T13549] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  689.637006][T13549] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  689.646485][T13549] geneve2: left promiscuous mode
[  689.651587][T13549] geneve2: entered allmulticast mode
[  689.663209][T13549] vlan2: entered allmulticast mode
[  689.678653][T13549] ip6gretap1: entered allmulticast mode
[  689.698506][T13549] bridge1: entered allmulticast mode
[  689.706997][T13549] bridge2: entered allmulticast mode
[  689.735488][T13549] bridge3: entered allmulticast mode
[  689.772133][T13549] : entered allmulticast mode
[  689.992647][T13617] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2329'.
[  691.627689][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  691.627719][   T30] audit: type=1800 audit(1750121325.565:134): pid=13644 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.2336" name="bus" dev="overlay" ino=2638 res=0 errno=0
[  694.949361][T13659] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2341'.
[  695.061584][T13661] 9pnet_fd: Insufficient options for proto=fd
[  697.697404][T13691] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2351'.
[  701.817652][T13704] FAULT_INJECTION: forcing a failure.
[  701.817652][T13704] name failslab, interval 1, probability 0, space 0, times 0
[  701.856333][T13704] CPU: 0 UID: 0 PID: 13704 Comm: syz.1.2357 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  701.856377][T13704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  701.856390][T13704] Call Trace:
[  701.856399][T13704]  <TASK>
[  701.856408][T13704]  dump_stack_lvl+0x189/0x250
[  701.856445][T13704]  ? __pfx____ratelimit+0x10/0x10
[  701.856477][T13704]  ? __pfx_dump_stack_lvl+0x10/0x10
[  701.856508][T13704]  ? __pfx__printk+0x10/0x10
[  701.856540][T13704]  should_fail_ex+0x414/0x560
[  701.856572][T13704]  should_failslab+0xa8/0x100
[  701.856601][T13704]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  701.856626][T13704]  ? rtnl_prop_list_size+0x1ba/0x1e0
[  701.856656][T13704]  ? __alloc_skb+0x112/0x2d0
[  701.856684][T13704]  __alloc_skb+0x112/0x2d0
[  701.856722][T13704]  rtmsg_ifinfo_build_skb+0x84/0x260
[  701.856781][T13704]  rtmsg_ifinfo+0x8c/0x1a0
[  701.856821][T13704]  __dev_notify_flags+0xf4/0x2e0
[  701.856851][T13704]  ? __pfx___dev_notify_flags+0x10/0x10
[  701.856881][T13704]  ? __dev_change_flags+0x4cc/0x6d0
[  701.856913][T13704]  ? __pfx___dev_change_flags+0x10/0x10
[  701.856953][T13704]  netif_change_flags+0xe8/0x1a0
[  701.856984][T13704]  do_setlink+0xc55/0x41c0
[  701.857013][T13704]  ? __kernel_text_address+0xd/0x40
[  701.857041][T13704]  ? arch_stack_walk+0xfc/0x150
[  701.857080][T13704]  ? __pfx_do_setlink+0x10/0x10
[  701.857125][T13704]  ? __lock_acquire+0xab9/0xd20
[  701.857163][T13704]  ? __mutex_trylock_common+0x153/0x260
[  701.857199][T13704]  ? __pfx___mutex_trylock_common+0x10/0x10
[  701.857234][T13704]  ? rcu_is_watching+0x15/0xb0
[  701.857260][T13704]  ? trace_contention_end+0x39/0x120
[  701.857276][T13704]  ? __mutex_lock+0x330/0xe80
[  701.857311][T13704]  ? rtnl_newlink+0x8db/0x1c70
[  701.857327][T13704]  ? rcu_is_watching+0x15/0xb0
[  701.857352][T13704]  ? __pfx___mutex_lock+0x10/0x10
[  701.857389][T13704]  ? ns_capable+0x8a/0xf0
[  701.857415][T13704]  ? rtnl_link_get_net_capable+0x16a/0x350
[  701.857438][T13704]  rtnl_newlink+0x160b/0x1c70
[  701.857467][T13704]  ? __pfx_rtnl_newlink+0x10/0x10
[  701.857482][T13704]  ? is_bpf_text_address+0x26/0x2b0
[  701.857513][T13704]  ? __lock_acquire+0xab9/0xd20
[  701.857545][T13704]  ? __lock_acquire+0xab9/0xd20
[  701.857584][T13704]  ? is_bpf_text_address+0x26/0x2b0
[  701.857616][T13704]  ? is_bpf_text_address+0x292/0x2b0
[  701.857643][T13704]  ? is_bpf_text_address+0x26/0x2b0
[  701.857670][T13704]  ? kernel_text_address+0xa5/0xe0
[  701.857691][T13704]  ? __kernel_text_address+0xd/0x40
[  701.857711][T13704]  ? unwind_get_return_address+0x4d/0x90
[  701.857735][T13704]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  701.857752][T13704]  ? arch_stack_walk+0xfc/0x150
[  701.857782][T13704]  ? __lock_acquire+0xab9/0xd20
[  701.857824][T13704]  ? __pfx_rtnl_newlink+0x10/0x10
[  701.857841][T13704]  rtnetlink_rcv_msg+0x7cf/0xb70
[  701.857871][T13704]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  701.857888][T13704]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  701.857919][T13704]  netlink_rcv_skb+0x205/0x470
[  701.857940][T13704]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  701.857958][T13704]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  701.857988][T13704]  ? netlink_deliver_tap+0x2e/0x1b0
[  701.858007][T13704]  ? netlink_deliver_tap+0x2e/0x1b0
[  701.858032][T13704]  netlink_unicast+0x758/0x8d0
[  701.858058][T13704]  netlink_sendmsg+0x805/0xb30
[  701.858086][T13704]  ? __pfx_netlink_sendmsg+0x10/0x10
[  701.858114][T13704]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  701.858135][T13704]  ? __pfx_netlink_sendmsg+0x10/0x10
[  701.858155][T13704]  __sock_sendmsg+0x21c/0x270
[  701.858185][T13704]  ____sys_sendmsg+0x505/0x830
[  701.858211][T13704]  ? __pfx_____sys_sendmsg+0x10/0x10
[  701.858241][T13704]  ? import_iovec+0x74/0xa0
[  701.858260][T13704]  ___sys_sendmsg+0x21f/0x2a0
[  701.858284][T13704]  ? __pfx____sys_sendmsg+0x10/0x10
[  701.858335][T13704]  ? __fget_files+0x2a/0x420
[  701.858358][T13704]  ? __fget_files+0x3a0/0x420
[  701.858390][T13704]  __x64_sys_sendmsg+0x19b/0x260
[  701.858413][T13704]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  701.858443][T13704]  ? __pfx_ksys_write+0x10/0x10
[  701.858461][T13704]  ? rcu_is_watching+0x15/0xb0
[  701.858490][T13704]  ? do_syscall_64+0xbe/0x3b0
[  701.858520][T13704]  do_syscall_64+0xfa/0x3b0
[  701.858545][T13704]  ? lockdep_hardirqs_on+0x9c/0x150
[  701.858569][T13704]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.858587][T13704]  ? clear_bhb_loop+0x60/0xb0
[  701.858607][T13704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.858624][T13704] RIP: 0033:0x7f55e318e929
[  701.858639][T13704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  701.858655][T13704] RSP: 002b:00007f55e40a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  701.858674][T13704] RAX: ffffffffffffffda RBX: 00007f55e33b5fa0 RCX: 00007f55e318e929
[  701.858687][T13704] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005
[  701.858722][T13704] RBP: 00007f55e40a5090 R08: 0000000000000000 R09: 0000000000000000
[  701.858733][T13704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  701.858743][T13704] R13: 0000000000000000 R14: 00007f55e33b5fa0 R15: 00007ffff33f9438
[  701.858768][T13704]  </TASK>
[  701.858788][T13704] netlink: 'syz.1.2357': attribute type 2 has an invalid length.
[  704.677893][T13736] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2365'.
[  705.709470][T13745] overlayfs: bad index found (index=index/00fb210001c48dddb8154d4dbfb44fe5540e377ad9074b79427f0a000000000000, ftype=2000, origin ftype=8000).
[  705.753790][T13749] netlink: 92 bytes leftover after parsing attributes in process `syz.3.2369'.
[  706.695926][T13758] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2371'.
[  707.493249][T13567] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  708.471730][T13567] usb 4-1: Using ep0 maxpacket: 16
[  708.492431][T13567] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  708.503728][T13567] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  708.533313][T13567] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  708.588222][T13567] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  708.728657][T13567] usb 4-1: config 0 descriptor??
[  709.013629][T13796] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2381'.
[  710.977230][T13567] input: HID 05ac:8241 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:05AC:8241.0006/input/input13
[  713.863917][T13807] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2387'.
[  714.043124][T13567] appleir 0003:05AC:8241.0006: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0
[  714.059318][T13567] usb 4-1: USB disconnect, device number 15
[  714.427006][T13822] fido_id[13822]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  714.737504][T13833] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2395'.
[  717.957851][T13855] netlink: 'syz.2.2400': attribute type 1 has an invalid length.
[  718.040777][T13858] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2400'.
[  718.663304][T13862] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2400'.
[  718.688137][T13855] bond2: entered allmulticast mode
[  718.728178][T13855] 8021q: adding VLAN 0 to HW filter on device bond2
[  718.965361][T13562] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  719.026059][T13877] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2406'.
[  719.045573][T13877] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  719.052163][T13877] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  719.072589][T13877] vhci_hcd vhci_hcd.0: Device attached
[  719.086064][T13877] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(11)
[  719.092744][T13877] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  719.101035][T13877] vhci_hcd vhci_hcd.0: Device attached
[  719.110232][T13877] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(13)
[  719.116890][T13877] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  719.125375][T13877] vhci_hcd vhci_hcd.0: Device attached
[  719.141997][T13877] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(15)
[  719.148674][T13877] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  719.152562][T13887] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2408'.
[  719.157894][T13877] vhci_hcd vhci_hcd.0: Device attached
[  719.180743][T13562] usb 1-1: New USB device found, idVendor=045e, idProduct=0cbf, bcdDevice=7b.41
[  719.191826][T13562] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.200127][T13562] usb 1-1: Product: syz
[  719.210736][T13562] usb 1-1: Manufacturer: syz
[  719.212514][T13888] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(17)
[  719.220375][T13562] usb 1-1: SerialNumber: syz
[  719.222029][T13888] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  719.233930][T13888] vhci_hcd vhci_hcd.0: Device attached
[  719.276460][T13562] usb 1-1: config 0 descriptor??
[  719.321889][T13606] usb 39-1: new low-speed USB device number 3 using vhci_hcd
[  719.338592][T13877] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(19)
[  719.345275][T13877] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  719.367716][T13877] vhci_hcd vhci_hcd.0: Device attached
[  719.374456][T13888] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(22)
[  719.381120][T13888] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  719.402180][T13888] vhci_hcd vhci_hcd.0: Device attached
[  719.404561][T13862] bond2 (unregistering): Released all slaves
[  719.424595][T13877] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  719.467365][T13877] vhci_hcd vhci_hcd.0: pdev(3) rhport(6) sockfd(25)
[  719.474048][T13877] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  719.884379][T13877] vhci_hcd vhci_hcd.0: Device attached
[  719.924436][T13902] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2402'.
[  721.775756][T13888] vhci_hcd vhci_hcd.0: pdev(3) rhport(7) sockfd(30)
[  721.782457][T13888] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  721.893032][T13888] vhci_hcd vhci_hcd.0: Device attached
[  722.894593][T13562] usb 1-1: USB disconnect, device number 12
[  723.168733][T13898] vhci_hcd: connection closed
[  723.207522][ T6012] vhci_hcd: stop threads
[  723.274238][T13882] vhci_hcd: connection closed
[  723.278475][T13880] vhci_hcd: connection closed
[  723.284269][T13889] vhci_hcd: connection closed
[  723.292837][T13885] vhci_hcd: connection closed
[  723.308289][T13895] vhci_hcd: connection closed
[  723.322314][T13878] vhci_hcd: connection reset by peer
[  723.420171][T13891] vhci_hcd: connection closed
[  723.451913][ T6012] vhci_hcd: release socket
[  723.499208][ T6012] vhci_hcd: disconnect device
[  723.680707][ T6012] vhci_hcd: stop threads
[  723.737098][ T6012] vhci_hcd: release socket
[  723.797933][ T6012] vhci_hcd: disconnect device
[  723.897000][ T6012] vhci_hcd: stop threads
[  723.959381][ T6012] vhci_hcd: release socket
[  724.036732][ T6012] vhci_hcd: disconnect device
[  724.190325][ T6012] vhci_hcd: stop threads
[  724.267895][ T6012] vhci_hcd: release socket
[  724.337435][ T6012] vhci_hcd: disconnect device
[  724.525057][ T6012] vhci_hcd: stop threads
[  724.529410][ T6012] vhci_hcd: release socket
[  724.544273][T13879] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  724.571213][ T6012] vhci_hcd: disconnect device
[  724.613678][T13904] vhci_hcd: connection closed
[  724.627050][ T6012] vhci_hcd: stop threads
[  724.640312][ T6012] vhci_hcd: release socket
[  724.644964][ T6012] vhci_hcd: disconnect device
[  724.652222][ T6012] vhci_hcd: stop threads
[  724.656530][ T6012] vhci_hcd: release socket
[  724.661098][ T6012] vhci_hcd: disconnect device
[  724.666013][ T6012] vhci_hcd: stop threads
[  724.670308][ T6012] vhci_hcd: release socket
[  724.677209][ T6012] vhci_hcd: disconnect device
[  724.696369][ T6012] vhci_hcd: stop threads
[  724.711738][ T6012] vhci_hcd: release socket
[  724.716572][ T6012] vhci_hcd: disconnect device
[  724.950658][T13606] vhci_hcd: vhci_device speed not set
[  726.246987][T13934] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2419'.
[  726.486905][T13939] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  726.791901][T13566] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  726.805164][T13567] usb usb40-port1: attempt power cycle
[  726.906723][T13949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2424'.
[  726.974500][T13566] usb 2-1: Using ep0 maxpacket: 8
[  727.040930][T13566] usb 2-1: unable to get BOS descriptor or descriptor too short
[  727.113410][T13566] usb 2-1: config 4 interface 0 has no altsetting 0
[  727.232012][T13566] usb 2-1: string descriptor 0 read error: -22
[  727.299386][T13566] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  727.387413][T13566] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  727.445902][T13567] usb usb40-port1: unable to enumerate USB device
[  727.785040][T13566] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  727.870082][T13566] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  727.896986][T13942] usb 2-1: dvb_usb_au6610: wlen=0, aborting
[  727.944557][T13566] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  728.000973][T13566] usb 2-1: media controller created
[  728.091228][T13961] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2427'.
[  728.110095][T13566] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  728.119710][T13961] FAULT_INJECTION: forcing a failure.
[  728.119710][T13961] name failslab, interval 1, probability 0, space 0, times 0
[  728.134785][T13961] CPU: 0 UID: 0 PID: 13961 Comm: syz.3.2427 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  728.134813][T13961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  728.134826][T13961] Call Trace:
[  728.134835][T13961]  <TASK>
[  728.134844][T13961]  dump_stack_lvl+0x189/0x250
[  728.134878][T13961]  ? __pfx____ratelimit+0x10/0x10
[  728.134908][T13961]  ? __pfx_dump_stack_lvl+0x10/0x10
[  728.134936][T13961]  ? __pfx__printk+0x10/0x10
[  728.134961][T13961]  ? __pfx___might_resched+0x10/0x10
[  728.134988][T13961]  ? fs_reclaim_acquire+0x7d/0x100
[  728.135019][T13961]  should_fail_ex+0x414/0x560
[  728.135049][T13961]  should_failslab+0xa8/0x100
[  728.135077][T13961]  __kmalloc_cache_noprof+0x70/0x3d0
[  728.135100][T13961]  ? netlbl_cipsov4_add+0x54e/0x24b0
[  728.135136][T13961]  netlbl_cipsov4_add+0x54e/0x24b0
[  728.135169][T13961]  ? __pfx_netlbl_cipsov4_add+0x10/0x10
[  728.135196][T13961]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  728.135234][T13961]  genl_family_rcv_msg_doit+0x212/0x300
[  728.135271][T13961]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  728.135313][T13961]  ? bpf_lsm_capable+0x9/0x20
[  728.135340][T13961]  ? security_capable+0x7e/0x2e0
[  728.135375][T13961]  genl_rcv_msg+0x60e/0x790
[  728.135411][T13961]  ? __pfx_genl_rcv_msg+0x10/0x10
[  728.135442][T13961]  ? __pfx_netlbl_cipsov4_add+0x10/0x10
[  728.135480][T13961]  netlink_rcv_skb+0x205/0x470
[  728.135505][T13961]  ? __pfx_genl_rcv_msg+0x10/0x10
[  728.135535][T13961]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  728.135576][T13961]  ? down_read+0x1ad/0x2e0
[  728.135599][T13961]  genl_rcv+0x28/0x40
[  728.135625][T13961]  netlink_unicast+0x758/0x8d0
[  728.135657][T13961]  netlink_sendmsg+0x805/0xb30
[  728.135691][T13961]  ? __pfx_netlink_sendmsg+0x10/0x10
[  728.135724][T13961]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  728.135748][T13961]  ? __pfx_netlink_sendmsg+0x10/0x10
[  728.135772][T13961]  __sock_sendmsg+0x21c/0x270
[  728.135806][T13961]  ____sys_sendmsg+0x505/0x830
[  728.135837][T13961]  ? __pfx_____sys_sendmsg+0x10/0x10
[  728.135871][T13961]  ? import_iovec+0x74/0xa0
[  728.135894][T13961]  ___sys_sendmsg+0x21f/0x2a0
[  728.135922][T13961]  ? __pfx____sys_sendmsg+0x10/0x10
[  728.135983][T13961]  ? __fget_files+0x2a/0x420
[  728.136008][T13961]  ? __fget_files+0x3a0/0x420
[  728.136046][T13961]  __x64_sys_sendmsg+0x19b/0x260
[  728.136072][T13961]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  728.136104][T13961]  ? __pfx_ksys_write+0x10/0x10
[  728.136131][T13961]  ? rcu_is_watching+0x15/0xb0
[  728.136166][T13961]  ? do_syscall_64+0xbe/0x3b0
[  728.136200][T13961]  do_syscall_64+0xfa/0x3b0
[  728.136228][T13961]  ? lockdep_hardirqs_on+0x9c/0x150
[  728.136256][T13961]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.136276][T13961]  ? clear_bhb_loop+0x60/0xb0
[  728.136300][T13961]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.136320][T13961] RIP: 0033:0x7f069b18e929
[  728.136338][T13961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  728.136355][T13961] RSP: 002b:00007f069c01f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  728.136376][T13961] RAX: ffffffffffffffda RBX: 00007f069b3b6080 RCX: 00007f069b18e929
[  728.136390][T13961] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006
[  728.136403][T13961] RBP: 00007f069c01f090 R08: 0000000000000000 R09: 0000000000000000
[  728.136415][T13961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  728.136427][T13961] R13: 0000000000000000 R14: 00007f069b3b6080 R15: 00007ffdf3b80df8
[  728.136458][T13961]  </TASK>
[  728.169467][T13566] zl10353_read_register: readreg error (reg=127, ret==0)
[  728.172923][    C0] vkms_vblank_simulate: vblank timer overrun
[  728.930804][T13566] usb 2-1: USB disconnect, device number 22
[  729.123634][T13970] wg2: entered promiscuous mode
[  729.128579][T13970] wg2: entered allmulticast mode
[  729.198163][T13975] netlink: 'syz.5.2433': attribute type 1 has an invalid length.
[  729.392516][T13975] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2433'.
[  729.540028][T13979] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2435'.
[  729.981812][   T30] audit: type=1326 audit(1750121363.935:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13984 comm="syz.5.2436" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ecab8e929 code=0x0
[  731.180946][T14001] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  731.193149][T14001] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  731.839908][T14000] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  731.865740][T14000] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  731.885915][T14000] kvm: requested 12571 ns i8254 timer period limited to 200000 ns
[  731.921175][T14000] kvm: requested 12571 ns i8254 timer period limited to 200000 ns
[  731.975938][T14000] kvm: requested 85485 ns i8254 timer period limited to 200000 ns
[  731.983995][T14000] kvm: requested 93028 ns i8254 timer period limited to 200000 ns
[  732.001576][T14000] kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  732.021903][T14000] kvm: requested 10057 ns i8254 timer period limited to 200000 ns
[  732.088578][T14000] kvm: requested 155047 ns i8254 timer period limited to 200000 ns
[  732.127408][T14000] kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  732.406045][T14022] bridge1: entered allmulticast mode
[  732.443765][T14022] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2446'.
[  732.481685][T13566] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  733.172277][T13566] usb 3-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62
[  733.201659][T13566] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  733.220119][T13566] usb 3-1: Product: syz
[  733.224681][T13566] usb 3-1: Manufacturer: syz
[  733.229338][T13566] usb 3-1: SerialNumber: syz
[  733.259014][T13566] usb 3-1: config 0 descriptor??
[  733.288695][T13566] usb 3-1: selecting invalid altsetting 1
[  733.296997][T13566] comedi comedi0: could not switch to alternate setting 1
[  733.345592][T13566] usbduxfast 3-1:0.0: driver 'usbduxfast' failed to auto-configure device.
[  733.431185][T14041] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2451'.
[  733.478997][T13562] usb 3-1: USB disconnect, device number 16
[  733.577353][T14045] netlink: 'syz.5.2453': attribute type 1 has an invalid length.
[  733.656166][T14045] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2453'.
[  733.734831][T14054] bond2: entered allmulticast mode
[  733.740516][T14054] 8021q: adding VLAN 0 to HW filter on device bond2
[  733.797681][T14045] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2453'.
[  734.985816][T14045] bond2 (unregistering): Released all slaves
[  735.016454][T14059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2458'.
[  735.026605][T14059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2458'.
[  735.081598][T13561] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  735.232069][T13561] usb 3-1: Using ep0 maxpacket: 16
[  735.247440][T13561] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  735.291229][T13561] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  735.303570][T13561] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  735.316785][T13561] usb 3-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[  735.329040][T13561] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  735.342653][T13561] usb 3-1: config 0 descriptor??
[  735.917540][T13561] hid-multitouch 0003:0457:07DA.0007: item fetching failed at offset 30/34
[  736.068283][T13561] hid-multitouch 0003:0457:07DA.0007: probe with driver hid-multitouch failed with error -22
[  736.336634][T13561] usb 3-1: USB disconnect, device number 17
[  737.436959][T14106] syz.3.2474 (14106): /proc/14105/oom_adj is deprecated, please use /proc/14105/oom_score_adj instead.
[  738.272080][T13562] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  738.314626][T14101] netlink: 'syz.2.2472': attribute type 11 has an invalid length.
[  738.662910][T14101] XFS (nbd2): no-recovery mounts must be read-only.
[  744.021047][T14149] overlay: ./file0 is not a directory
[  744.652847][T14148] syz_tun: entered allmulticast mode
[  744.659132][T14146] syz_tun: left allmulticast mode
[  747.277050][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  750.750638][T14227] vivid-003: disconnect
[  750.862179][T14222] vivid-003: reconnect
[  753.876358][T14260] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2519'.
[  754.621649][T14271] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan1, syncid = 5, id = 0
[  757.371711][T13562] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  757.541809][T13562] usb 4-1: Using ep0 maxpacket: 16
[  757.561013][T13562] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  757.901795][T13562] usb 4-1: New USB device found, idVendor=5543, idProduct=0005, bcdDevice=28.8b
[  757.911660][T13562] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  758.584119][T13562] usb 4-1: config 0 descriptor??
[  758.852194][T14322] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2535'.
[  759.332025][T14326] bridge2: entered allmulticast mode
[  761.251022][T13562] usbhid 4-1:0.0: can't add hid device: -71
[  761.259974][T13562] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  761.305727][T13562] usb 4-1: USB disconnect, device number 16
[  762.435039][T14349] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  762.501472][T13562] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  762.683321][T13562] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  762.701520][T13562] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  762.726154][T13562] usb 6-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  762.741842][T13562] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  762.760062][T13562] usb 6-1: Manufacturer: syz
[  762.779001][T13562] usb 6-1: config 0 descriptor??
[  762.877359][T13606] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  763.092841][T14359] loop9: detected capacity change from 0 to 8
[  763.114597][T14359]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  763.120166][T14359] loop9: partition table partially beyond EOD, truncated
[  763.129175][T14359] loop9: p1 size 81768186 extends beyond EOD, truncated
[  763.795104][T13606] usb 4-1: Using ep0 maxpacket: 32
[  763.815647][T13606] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  763.825205][T13606] usb 4-1: config 0 has no interface number 0
[  763.861037][T13606] usb 4-1: config 0 interface 2 has no altsetting 0
[  763.879767][T12294] udevd[12294]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory
[  763.894916][T13606] usb 4-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[  763.904939][T13606] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  763.928283][T13606] usb 4-1: Product: syz
[  764.157440][T13606] usb 4-1: Manufacturer: syz
[  764.165184][T13606] usb 4-1: SerialNumber: syz
[  764.182452][T13606] usb 4-1: config 0 descriptor??
[  764.491949][T13562] usbhid 6-1:0.0: can't add hid device: -71
[  764.498075][T13562] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  764.682382][T13606] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  764.721156][T14372] netlink: 'syz.2.2548': attribute type 29 has an invalid length.
[  765.356000][T13562] usb 6-1: USB disconnect, device number 7
[  766.054040][T14380] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2551'.
[  766.122466][T13606] usb 4-1: USB disconnect, device number 17
[  766.258249][T12218] udevd[12218]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  766.560185][T14380] 8021q: adding VLAN 0 to HW filter on device bond2
[  766.720435][T14388] vlan3: entered allmulticast mode
[  766.759786][T14388] geneve0: entered allmulticast mode
[  766.816469][T14388] bond2: (slave vlan3): Error -34 calling dev_set_mtu
[  767.885962][T14406] 9pnet_fd: Insufficient options for proto=fd
[  768.570560][T14410] FAULT_INJECTION: forcing a failure.
[  768.570560][T14410] name failslab, interval 1, probability 0, space 0, times 0
[  768.592131][T14410] CPU: 1 UID: 0 PID: 14410 Comm: syz.0.2557 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  768.592154][T14410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  768.592165][T14410] Call Trace:
[  768.592171][T14410]  <TASK>
[  768.592178][T14410]  dump_stack_lvl+0x189/0x250
[  768.592207][T14410]  ? __pfx____ratelimit+0x10/0x10
[  768.592231][T14410]  ? __pfx_dump_stack_lvl+0x10/0x10
[  768.592254][T14410]  ? __pfx__printk+0x10/0x10
[  768.592273][T14410]  ? __pfx___might_resched+0x10/0x10
[  768.592296][T14410]  ? fs_reclaim_acquire+0x7d/0x100
[  768.592322][T14410]  should_fail_ex+0x414/0x560
[  768.592345][T14410]  should_failslab+0xa8/0x100
[  768.592367][T14410]  __kmalloc_noprof+0xcb/0x4f0
[  768.592384][T14410]  ? kfree+0x4d/0x440
[  768.592399][T14410]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  768.592427][T14410]  tomoyo_realpath_from_path+0xe3/0x5d0
[  768.592453][T14410]  ? tomoyo_domain+0xda/0x130
[  768.592481][T14410]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  768.592500][T14410]  tomoyo_path_number_perm+0x1e8/0x5a0
[  768.592522][T14410]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  768.592555][T14410]  ? __lock_acquire+0xab9/0xd20
[  768.592590][T14410]  ? __fget_files+0x2a/0x420
[  768.592613][T14410]  ? __fget_files+0x2a/0x420
[  768.592632][T14410]  ? __fget_files+0x3a0/0x420
[  768.592652][T14410]  ? __fget_files+0x2a/0x420
[  768.592675][T14410]  security_file_ioctl+0xcb/0x2d0
[  768.592698][T14410]  __se_sys_ioctl+0x47/0x170
[  768.592717][T14410]  do_syscall_64+0xfa/0x3b0
[  768.592740][T14410]  ? lockdep_hardirqs_on+0x9c/0x150
[  768.592762][T14410]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  768.592778][T14410]  ? clear_bhb_loop+0x60/0xb0
[  768.592798][T14410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  768.592821][T14410] RIP: 0033:0x7f5c8098e929
[  768.592836][T14410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  768.592849][T14410] RSP: 002b:00007f5c8176c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  768.592866][T14410] RAX: ffffffffffffffda RBX: 00007f5c80bb6080 RCX: 00007f5c8098e929
[  768.592878][T14410] RDX: 0000200000000040 RSI: 0000000040045431 RDI: 000000000000000a
[  768.592888][T14410] RBP: 00007f5c8176c090 R08: 0000000000000000 R09: 0000000000000000
[  768.592898][T14410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  768.592907][T14410] R13: 0000000000000000 R14: 00007f5c80bb6080 R15: 00007ffeb31d8f98
[  768.592930][T14410]  </TASK>
[  768.592937][T14410] ERROR: Out of memory at tomoyo_realpath_from_path.
[  769.367482][T13562] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  769.771576][T13562] usb 3-1: Using ep0 maxpacket: 8
[  769.787307][T13562] usb 3-1: unable to get BOS descriptor or descriptor too short
[  769.796620][T13562] usb 3-1: config 4 interface 0 has no altsetting 0
[  769.807470][T13562] usb 3-1: string descriptor 0 read error: -22
[  769.814627][T13562] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  769.836262][T13562] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  769.923371][T13562] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  769.970716][T13562] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  770.015240][T13562] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  770.041513][T13562] usb 3-1: media controller created
[  770.090831][T14416] usb 3-1: dvb_usb_au6610: wlen=0, aborting
[  770.185980][T13562] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  770.283887][T13562] zl10353_read_register: readreg error (reg=127, ret==0)
[  770.303300][   T30] audit: type=1326 audit(1750121404.265:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14425 comm="syz.0.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8098e929 code=0x7ffc0000
[  770.398045][   T30] audit: type=1326 audit(1750121404.265:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14425 comm="syz.0.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8098e929 code=0x7ffc0000
[  770.466566][T13562] usb 3-1: USB disconnect, device number 19
[  770.487222][   T30] audit: type=1326 audit(1750121404.285:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14425 comm="syz.0.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f5c8098e929 code=0x7ffc0000
[  770.540663][   T30] audit: type=1326 audit(1750121404.285:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14425 comm="syz.0.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8098e929 code=0x7ffc0000
[  770.621142][T14430] FAULT_INJECTION: forcing a failure.
[  770.621142][T14430] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  770.643284][T14430] CPU: 0 UID: 0 PID: 14430 Comm: syz.3.2562 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  770.643317][T14430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  770.643330][T14430] Call Trace:
[  770.643339][T14430]  <TASK>
[  770.643348][T14430]  dump_stack_lvl+0x189/0x250
[  770.643386][T14430]  ? __pfx____ratelimit+0x10/0x10
[  770.643420][T14430]  ? __pfx_dump_stack_lvl+0x10/0x10
[  770.643450][T14430]  ? __pfx__printk+0x10/0x10
[  770.643470][T14430]  ? __might_fault+0xb0/0x130
[  770.643508][T14430]  should_fail_ex+0x414/0x560
[  770.643538][T14430]  _copy_from_user+0x2d/0xb0
[  770.643561][T14430]  do_sock_getsockopt+0x1cd/0x650
[  770.643592][T14430]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  770.643618][T14430]  ? do_syscall_64+0x80/0x3b0
[  770.643660][T14430]  ? __fget_files+0x3a0/0x420
[  770.643689][T14430]  ? __fget_files+0x2a/0x420
[  770.643726][T14430]  __x64_sys_getsockopt+0x1a5/0x250
[  770.643752][T14430]  ? do_syscall_64+0x80/0x3b0
[  770.643787][T14430]  ? do_syscall_64+0x80/0x3b0
[  770.643824][T14430]  do_syscall_64+0xfa/0x3b0
[  770.643867][T14430]  ? lockdep_hardirqs_on+0x9c/0x150
[  770.643899][T14430]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  770.643921][T14430]  ? clear_bhb_loop+0x60/0xb0
[  770.643951][T14430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  770.643972][T14430] RIP: 0033:0x7f069b18e929
[  770.643991][T14430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  770.644011][T14430] RSP: 002b:00007f069c01f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  770.644033][T14430] RAX: ffffffffffffffda RBX: 00007f069b3b6080 RCX: 00007f069b18e929
[  770.644049][T14430] RDX: 0000000000000001 RSI: 0000000000000065 RDI: 000000000000000a
[  770.644062][T14430] RBP: 00007f069c01f090 R08: 0000200000000140 R09: 0000000000000000
[  770.644076][T14430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  770.644089][T14430] R13: 0000000000000000 R14: 00007f069b3b6080 R15: 00007ffdf3b80df8
[  770.644121][T14430]  </TASK>
[  770.863962][   T30] audit: type=1326 audit(1750121404.295:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14425 comm="syz.0.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5c8098e929 code=0x7ffc0000
[  771.380526][   T30] audit: type=1326 audit(1750121404.295:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14425 comm="syz.0.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8098e929 code=0x7ffc0000
[  771.485445][   T30] audit: type=1326 audit(1750121404.295:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14425 comm="syz.0.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5c8098e929 code=0x7ffc0000
[  771.713242][   T30] audit: type=1326 audit(1750121404.295:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14425 comm="syz.0.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8098e929 code=0x7ffc0000
[  771.736752][   T30] audit: type=1326 audit(1750121404.295:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14425 comm="syz.0.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8098e929 code=0x7ffc0000
[  771.820110][   T30] audit: type=1326 audit(1750121404.295:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14425 comm="syz.0.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5c8098e929 code=0x7ffc0000
[  773.428340][T14443] netlink: 'syz.1.2565': attribute type 21 has an invalid length.
[  773.478391][T14443] netlink: 'syz.1.2565': attribute type 1 has an invalid length.
[  773.487303][T14443] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2565'.
[  776.168227][T14487] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  776.591991][T13606] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  776.651510][T13561] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  776.811575][T13606] usb 6-1: Using ep0 maxpacket: 8
[  776.903034][T13606] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 13
[  776.911593][T13561] usb 4-1: Using ep0 maxpacket: 8
[  776.915747][T13606] usb 6-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  776.927489][T13606] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  776.935748][T13606] usb 6-1: Product: syz
[  776.938781][T13561] usb 4-1: unable to get BOS descriptor or descriptor too short
[  776.948495][T13606] usb 6-1: Manufacturer: syz
[  776.953302][T13561] usb 4-1: config 4 interface 0 has no altsetting 0
[  776.985151][T13561] usb 4-1: string descriptor 0 read error: -22
[  776.988472][T13606] usb 6-1: SerialNumber: syz
[  776.991960][T13561] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  777.101971][T14492] kAFS: No cell specified
[  777.102724][T13606] usb 6-1: config 0 descriptor??
[  777.292045][T13561] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  777.319935][T13606] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  777.369946][T13561] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  777.398476][T13561] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  777.424226][T13561] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  777.432136][T13561] usb 4-1: media controller created
[  777.473566][T13606] gspca_zc3xx: reg_w_i err -71
[  777.499309][T13561] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  778.062102][T13606] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  778.092384][T13606] gspca_zc3xx 6-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  778.148859][T13606] usb 6-1: USB disconnect, device number 8
[  778.697904][T13561] zl10353_read_register: readreg error (reg=127, ret==0)
[  778.711652][T13566] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  778.736136][T14486] usb 4-1: dvb_usb_au6610: wlen=0, aborting
[  778.842878][T13561] usb 4-1: USB disconnect, device number 18
[  778.856241][T14524] netlink: 'syz.0.2590': attribute type 4 has an invalid length.
[  778.862893][T13566] usb 2-1: device descriptor read/64, error -71
[  779.134276][T13566] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  779.221976][T14529] kAFS: No cell specified
[  779.597871][T14528] netlink: set zone limit has 4 unknown bytes
[  779.651450][T13566] usb 2-1: device descriptor read/64, error -71
[  779.762580][T13566] usb usb2-port1: attempt power cycle
[  779.793723][T14539] FAULT_INJECTION: forcing a failure.
[  779.793723][T14539] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  779.811890][T14539] CPU: 1 UID: 0 PID: 14539 Comm: syz.0.2597 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  779.811925][T14539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  779.811939][T14539] Call Trace:
[  779.811948][T14539]  <TASK>
[  779.811959][T14539]  dump_stack_lvl+0x189/0x250
[  779.811997][T14539]  ? __pfx____ratelimit+0x10/0x10
[  779.812031][T14539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  779.812063][T14539]  ? __pfx__printk+0x10/0x10
[  779.812099][T14539]  should_fail_ex+0x414/0x560
[  779.812133][T14539]  _copy_to_user+0x31/0xb0
[  779.812156][T14539]  simple_read_from_buffer+0xe1/0x170
[  779.812190][T14539]  proc_fail_nth_read+0x1df/0x250
[  779.812226][T14539]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  779.812261][T14539]  ? rw_verify_area+0x258/0x650
[  779.812295][T14539]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  779.812328][T14539]  vfs_read+0x200/0x980
[  779.812358][T14539]  ? __pfx___mutex_lock+0x10/0x10
[  779.812393][T14539]  ? __pfx_vfs_read+0x10/0x10
[  779.812419][T14539]  ? __fget_files+0x2a/0x420
[  779.812454][T14539]  ? __fget_files+0x3a0/0x420
[  779.812481][T14539]  ? __fget_files+0x2a/0x420
[  779.812521][T14539]  ksys_read+0x145/0x250
[  779.812544][T14539]  ? __fget_files+0x3a0/0x420
[  779.812574][T14539]  ? __pfx_ksys_read+0x10/0x10
[  779.812605][T14539]  ? do_syscall_64+0xbe/0x3b0
[  779.812649][T14539]  do_syscall_64+0xfa/0x3b0
[  779.812681][T14539]  ? lockdep_hardirqs_on+0x9c/0x150
[  779.812713][T14539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.812735][T14539]  ? clear_bhb_loop+0x60/0xb0
[  779.812762][T14539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.812783][T14539] RIP: 0033:0x7f5c8098d33c
[  779.812814][T14539] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  779.812833][T14539] RSP: 002b:00007f5c8178d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  779.812857][T14539] RAX: ffffffffffffffda RBX: 00007f5c80bb5fa0 RCX: 00007f5c8098d33c
[  779.812873][T14539] RDX: 000000000000000f RSI: 00007f5c8178d0a0 RDI: 0000000000000004
[  779.812887][T14539] RBP: 00007f5c8178d090 R08: 0000000000000000 R09: 0000000000000000
[  779.812901][T14539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  779.812913][T14539] R13: 0000000000000000 R14: 00007f5c80bb5fa0 R15: 00007ffeb31d8f98
[  779.812947][T14539]  </TASK>
[  780.323620][T14532] block nbd5: shutting down sockets
[  780.351258][T14546] kvm: pic: non byte write
[  780.581484][T13566] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  780.610224][T13566] usb 2-1: device descriptor read/8, error -71
[  780.862046][T13566] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  781.626659][T13566] usb 2-1: device descriptor read/8, error -71
[  781.763687][T13566] usb usb2-port1: unable to enumerate USB device
[  781.862609][T14563] nfs: Unknown parameter 'et/arp'
[  782.069006][T13562] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  782.124293][T14570] kAFS: No cell specified
[  782.427435][T13561] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  782.521462][T13562] usb 1-1: Using ep0 maxpacket: 8
[  782.528918][T13562] usb 1-1: unable to get BOS descriptor or descriptor too short
[  782.540540][T13562] usb 1-1: config 4 interface 0 has no altsetting 0
[  782.563646][T13562] usb 1-1: string descriptor 0 read error: -22
[  782.583315][T13562] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  782.615622][T13562] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  782.652061][T13561] usb 3-1: Using ep0 maxpacket: 16
[  782.689246][T13562] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  782.705678][T13561] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  782.727833][T13561] usb 3-1: config 0 has no interface number 0
[  782.761106][T13561] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  782.770959][T13562] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  782.781847][T13561] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  782.792310][T13562] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  782.799702][T13561] usb 3-1: Product: syz
[  782.804305][T13562] usb 1-1: media controller created
[  782.811432][T13561] usb 3-1: Manufacturer: syz
[  782.819923][T13561] usb 3-1: SerialNumber: syz
[  782.842304][T13561] usb 3-1: config 0 descriptor??
[  782.865178][T13561] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  782.874146][T14561] usb 1-1: dvb_usb_au6610: wlen=0, aborting
[  782.907163][T13562] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  782.984815][T13562] zl10353_read_register: readreg error (reg=127, ret==0)
[  783.579615][T13562] usb 1-1: USB disconnect, device number 13
[  784.812340][T13561] gspca_spca1528: reg_w err -110
[  784.842611][T13561] spca1528 3-1:0.1: probe with driver spca1528 failed with error -110
[  785.288394][T13566] usb 3-1: USB disconnect, device number 20
[  785.367997][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  785.368018][   T30] audit: type=1800 audit(1750121419.325:179): pid=14600 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.2615" name="/" dev="fuse" ino=1 res=0 errno=0
[  785.549866][   T30] audit: type=1804 audit(1750121419.355:180): pid=14603 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.2615" name="/newroot/525/file1" dev="fuse" ino=1 res=1 errno=0
[  785.713109][   T30] audit: type=1800 audit(1750121419.445:181): pid=14603 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.2615" name="/" dev="fuse" ino=1 res=0 errno=0
[  785.757364][T14606] kAFS: No cell specified
[  787.608605][T13580] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  787.907499][T13580] usb 4-1: Using ep0 maxpacket: 8
[  788.024856][T13580] usb 4-1: unable to get BOS descriptor or descriptor too short
[  788.053503][T13580] usb 4-1: config 4 interface 0 has no altsetting 0
[  788.072380][T13580] usb 4-1: string descriptor 0 read error: -22
[  788.078783][T13580] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  788.109899][T13580] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  788.158852][T13580] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  788.185363][T13580] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  788.208929][T13580] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  788.990853][T13580] usb 4-1: media controller created
[  789.018218][T13580] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  789.113414][T13580] zl10353_read_register: readreg error (reg=127, ret==0)
[  789.230617][T13580] usb 4-1: USB disconnect, device number 19
[  789.370215][T13562] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  789.531527][T13562] usb 6-1: Using ep0 maxpacket: 16
[  789.557119][T13562] usb 6-1: config 8 has an invalid interface number: 39 but max is 0
[  789.571447][T13562] usb 6-1: config 8 has no interface number 0
[  789.577650][T13562] usb 6-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  789.616673][T13562] usb 6-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[  789.643630][T13562] usb 6-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0
[  789.656690][T13562] usb 6-1: config 8 interface 39 has no altsetting 0
[  789.677963][T13562] usb 6-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  789.688730][T13562] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  789.736186][T13562] usb 6-1: Product: syz
[  789.740458][T13562] usb 6-1: Manufacturer: syz
[  789.745507][T13562] usb 6-1: SerialNumber: syz
[  790.522286][T13580] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  790.574923][T13562] ipheth 6-1:8.39: ipheth_enable_ncm: usb_control_msg: 0
[  790.618028][T14657] netlink: 'syz.3.2632': attribute type 1 has an invalid length.
[  790.672179][T14660] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2632'.
[  790.770286][T13562] ipheth 6-1:8.39: Apple iPhone USB Ethernet device attached
[  790.781468][T13580] usb 2-1: Using ep0 maxpacket: 8
[  790.788279][T13562] usb 6-1: USB disconnect, device number 9
[  790.808808][T14663] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2632'.
[  790.808956][T13580] usb 2-1: config 162 has an invalid interface number: 246 but max is 1
[  790.828582][T13580] usb 2-1: config 162 has an invalid interface number: 245 but max is 1
[  790.840779][T13580] usb 2-1: config 162 has no interface number 0
[  790.847204][T13580] usb 2-1: config 162 has no interface number 1
[  790.859501][T13580] usb 2-1: config 162 interface 246 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  790.872957][T13580] usb 2-1: config 162 interface 245 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  790.879892][T14665] FAULT_INJECTION: forcing a failure.
[  790.879892][T14665] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  790.884052][T13580] usb 2-1: config 162 interface 245 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  790.917138][T13580] usb 2-1: config 162 interface 245 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  790.928899][T13580] usb 2-1: config 162 interface 245 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  790.929106][T14661] bond0: entered allmulticast mode
[  790.939360][T13580] usb 2-1: config 162 interface 245 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  790.946554][T14665] CPU: 1 UID: 0 PID: 14665 Comm: syz.0.2634 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  790.946587][T14665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  790.946602][T14665] Call Trace:
[  790.946612][T14665]  <TASK>
[  790.946622][T14665]  dump_stack_lvl+0x189/0x250
[  790.946665][T14665]  ? __pfx____ratelimit+0x10/0x10
[  790.946702][T14665]  ? __pfx_dump_stack_lvl+0x10/0x10
[  790.946738][T14665]  ? __pfx__printk+0x10/0x10
[  790.946769][T14665]  ? __might_fault+0xb0/0x130
[  790.946813][T14665]  should_fail_ex+0x414/0x560
[  790.946849][T14665]  _copy_from_user+0x2d/0xb0
[  790.946873][T14665]  __sys_bpf+0x1ed/0x860
[  790.946907][T14665]  ? __pfx___sys_bpf+0x10/0x10
[  790.946953][T14665]  ? ksys_write+0x1e1/0x250
[  790.946984][T14665]  ? __pfx_ksys_write+0x10/0x10
[  790.947010][T14665]  ? rcu_is_watching+0x15/0xb0
[  790.947054][T14665]  __x64_sys_bpf+0x7c/0x90
[  790.947083][T14665]  do_syscall_64+0xfa/0x3b0
[  790.947118][T14665]  ? lockdep_hardirqs_on+0x9c/0x150
[  790.947154][T14665]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  790.947177][T14665]  ? clear_bhb_loop+0x60/0xb0
[  790.947207][T14665]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  790.947230][T14665] RIP: 0033:0x7f5c8098e929
[  790.947251][T14665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  790.947273][T14665] RSP: 002b:00007f5c8178d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  790.947297][T14665] RAX: ffffffffffffffda RBX: 00007f5c80bb5fa0 RCX: 00007f5c8098e929
[  790.947315][T14665] RDX: 0000000000000040 RSI: 00002000000002c0 RDI: 0000000000000010
[  790.947332][T14665] RBP: 00007f5c8178d090 R08: 0000000000000000 R09: 0000000000000000
[  790.947348][T14665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  790.947361][T14665] R13: 0000000000000000 R14: 00007f5c80bb5fa0 R15: 00007ffeb31d8f98
[  790.947398][T14665]  </TASK>
[  791.066061][T14661] 8021q: adding VLAN 0 to HW filter on device bond0
[  791.075347][T13580] usb 2-1: config 162 interface 246 has no altsetting 0
[  791.166208][T13580] usb 2-1: config 162 interface 245 has no altsetting 0
[  791.259537][T13580] usb 2-1: New USB device found, idVendor=8087, idProduct=0a5a, bcdDevice=5f.2c
[  791.292740][T13580] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  791.352916][T13580] usb 2-1: Product: syz
[  791.361770][T13580] usb 2-1: Manufacturer: syz
[  791.389303][T13580] usb 2-1: SerialNumber: syz
[  791.396019][T13562] ipheth 6-1:8.39: Apple iPhone USB Ethernet now disconnected
[  792.276915][T13580] Bluetooth: failed to set interface 0, alt 0 -22
[  792.307101][T13580] btusb 2-1:162.245: probe with driver btusb failed with error -22
[  792.426790][T14663] bond0 (unregistering): Released all slaves
[  792.441709][T13580] usb 2-1: USB disconnect, device number 27
[  793.072369][T14686] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2640'.
[  793.463518][T13566] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  793.732501][T13566] usb 1-1: Using ep0 maxpacket: 8
[  793.947235][T13566] usb 1-1: unable to get BOS descriptor or descriptor too short
[  793.982465][T13566] usb 1-1: config 4 interface 0 has no altsetting 0
[  794.170886][T13566] usb 1-1: string descriptor 0 read error: -22
[  794.178226][T13566] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  794.187690][T13566] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  794.209739][T13566] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  794.220561][T14700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2645'.
[  794.279693][T13566] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  794.336984][T13566] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  794.370735][T14697] bridge1: the hash_elasticity option has been deprecated and is always 16
[  794.389989][T13566] usb 1-1: media controller created
[  794.518548][T13566] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  794.602612][T13566] zl10353_read_register: readreg error (reg=127, ret==0)
[  794.764841][T13566] usb 1-1: USB disconnect, device number 14
[  795.346810][T14739] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  796.392259][T13566] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  797.131867][T13566] usb 6-1: Using ep0 maxpacket: 8
[  797.166321][T13566] usb 6-1: unable to get BOS descriptor or descriptor too short
[  797.180382][T13566] usb 6-1: config 4 interface 0 has no altsetting 0
[  797.212944][T13566] usb 6-1: string descriptor 0 read error: -22
[  797.219307][T13566] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  797.242857][T13566] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  797.452151][T13566] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  797.482770][T13566] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  797.640323][T14779] netlink: 'syz.1.2672': attribute type 15 has an invalid length.
[  797.754851][T14781] netlink: 'syz.2.2669': attribute type 1 has an invalid length.
[  798.740154][T14785] netlink: 'syz.3.2673': attribute type 1 has an invalid length.
[  798.743754][T13566] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  798.801505][T13566] usb 6-1: media controller created
[  798.855003][T14787] bond0: entered allmulticast mode
[  798.876005][T14787] 8021q: adding VLAN 0 to HW filter on device bond0
[  798.932652][T14785] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2673'.
[  798.979396][T13566] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  799.043230][T13566] zl10353_read_register: readreg error (reg=127, ret==0)
[  799.200526][T13566] usb 6-1: USB disconnect, device number 10
[  799.221576][T13567] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  799.419212][T13567] usb 3-1: Using ep0 maxpacket: 8
[  799.440713][T13567] usb 3-1: unable to get BOS descriptor or descriptor too short
[  799.456178][T13567] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  799.501683][T13567] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  799.545934][T13567] usb 3-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  799.567792][T13567] usb 3-1: New USB device strings: Mfr=34, Product=2, SerialNumber=3
[  799.582504][T13567] usb 3-1: Product: syz
[  799.588790][T13567] usb 3-1: Manufacturer: syz
[  799.594273][T13567] usb 3-1: SerialNumber: syz
[  799.596973][T14785] bond0 (unregistering): Released all slaves
[  799.762164][T13567] usb 3-1: config 0 descriptor??
[  799.826492][T13567] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  800.590358][T14793] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2674'.
[  800.769615][T13567] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -2
[  800.825037][T12294] udevd[12294]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  801.134470][T14822] netlink: 'syz.5.2684': attribute type 1 has an invalid length.
[  801.843586][T14826] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2683'.
[  802.342567][T14825] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  803.022888][T14833] FAULT_INJECTION: forcing a failure.
[  803.022888][T14833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  803.098729][T14833] CPU: 0 UID: 0 PID: 14833 Comm: syz.0.2688 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  803.098760][T14833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  803.098774][T14833] Call Trace:
[  803.098782][T14833]  <TASK>
[  803.098791][T14833]  dump_stack_lvl+0x189/0x250
[  803.098828][T14833]  ? __pfx____ratelimit+0x10/0x10
[  803.098859][T14833]  ? __pfx_dump_stack_lvl+0x10/0x10
[  803.098890][T14833]  ? __pfx__printk+0x10/0x10
[  803.098911][T14833]  ? __might_fault+0xb0/0x130
[  803.098948][T14833]  should_fail_ex+0x414/0x560
[  803.098980][T14833]  _copy_from_user+0x2d/0xb0
[  803.099002][T14833]  ___sys_sendmsg+0x158/0x2a0
[  803.099032][T14833]  ? __pfx____sys_sendmsg+0x10/0x10
[  803.099115][T14833]  ? __fget_files+0x2a/0x420
[  803.099142][T14833]  ? __fget_files+0x3a0/0x420
[  803.099184][T14833]  __x64_sys_sendmsg+0x19b/0x260
[  803.099214][T14833]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  803.099253][T14833]  ? __pfx_ksys_write+0x10/0x10
[  803.099275][T14833]  ? rcu_is_watching+0x15/0xb0
[  803.099313][T14833]  ? do_syscall_64+0xbe/0x3b0
[  803.099350][T14833]  do_syscall_64+0xfa/0x3b0
[  803.099393][T14833]  ? lockdep_hardirqs_on+0x9c/0x150
[  803.099423][T14833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  803.099444][T14833]  ? clear_bhb_loop+0x60/0xb0
[  803.099471][T14833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  803.099491][T14833] RIP: 0033:0x7f5c8098e929
[  803.099519][T14833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  803.099537][T14833] RSP: 002b:00007f5c8178d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  803.099559][T14833] RAX: ffffffffffffffda RBX: 00007f5c80bb5fa0 RCX: 00007f5c8098e929
[  803.099575][T14833] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 0000000000000003
[  803.099589][T14833] RBP: 00007f5c8178d090 R08: 0000000000000000 R09: 0000000000000000
[  803.099601][T14833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  803.099613][T14833] R13: 0000000000000000 R14: 00007f5c80bb5fa0 R15: 00007ffeb31d8f98
[  803.099646][T14833]  </TASK>
[  803.657403][T13606] usb 3-1: USB disconnect, device number 21
[  805.486938][T14865] netlink: 'syz.1.2698': attribute type 2 has an invalid length.
[  805.563882][T14865] bridge: RTM_NEWNEIGH with invalid ether address
[  805.784210][T14880] overlay: Bad value for 'metacopy'
[  806.061512][T13567] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  806.222427][T13567] usb 6-1: Using ep0 maxpacket: 8
[  806.229585][T13567] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  806.238203][T13567] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  806.267135][T13567] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  806.281449][T13606] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[  806.310113][T13567] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  806.343212][T13567] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  806.370944][T13567] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  806.380504][T13567] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  806.403776][T13567] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  806.448545][T13567] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  806.480271][T13606] usb 4-1: config 0 has an invalid interface number: 206 but max is 1
[  806.493479][T13567] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  806.512284][T13606] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  806.532175][T13606] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  806.546023][T13567] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  806.561809][T13567] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  806.581726][T13606] usb 4-1: config 0 has no interface number 0
[  806.601109][T13567] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  806.615626][T13606] usb 4-1: config 0 interface 206 altsetting 2 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  806.629858][T13606] usb 4-1: config 0 interface 206 altsetting 2 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  806.643942][T13567] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  806.655964][T13606] usb 4-1: config 0 interface 206 altsetting 2 endpoint 0x8C has invalid maxpacket 30768, setting to 64
[  806.670182][T13567] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  806.683025][T13606] usb 4-1: config 0 interface 206 altsetting 2 has 5 endpoint descriptors, different from the interface descriptor's value: 7
[  806.697387][T13606] usb 4-1: config 0 interface 206 has no altsetting 0
[  806.708576][T13567] usb 6-1: string descriptor 0 read error: -22
[  806.715631][T13567] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  806.725364][T13567] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.738585][T13606] usb 4-1: New USB device found, idVendor=0499, idProduct=1007, bcdDevice=df.8f
[  806.748751][T13606] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.780951][T13567] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  806.788910][T13606] usb 4-1: Product: syz
[  806.793477][T13606] usb 4-1: Manufacturer: syz
[  806.815252][T13606] usb 4-1: SerialNumber: syz
[  806.841189][T13606] usb 4-1: config 0 descriptor??
[  806.850226][T14885] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  807.075047][T14885] tmpfs: Unknown parameter ''
[  807.114164][T13567] usb 6-1: USB disconnect, device number 11
[  807.387684][T14915] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2711'.
[  808.726091][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  808.787674][T13606] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  809.142948][T13606] usb 4-1: USB disconnect, device number 20
[  811.912546][T14964] netlink: 'syz.0.2722': attribute type 1 has an invalid length.
[  812.523771][T13606] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  812.731519][T13606] usb 4-1: Using ep0 maxpacket: 8
[  812.739799][T13606] usb 4-1: unable to get BOS descriptor or descriptor too short
[  812.755946][T13606] usb 4-1: config 4 interface 0 has no altsetting 0
[  812.766433][T13606] usb 4-1: string descriptor 0 read error: -22
[  812.791673][T13606] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  812.800840][T13606] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  812.853842][T13606] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  812.883922][T14972] FAULT_INJECTION: forcing a failure.
[  812.883922][T14972] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  812.898324][T13606] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  812.913893][ T1151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  812.932553][ T1151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  812.940506][T13606] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  812.959672][T13606] usb 4-1: media controller created
[  812.991812][T14972] CPU: 1 UID: 0 PID: 14972 Comm: syz.0.2725 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  812.991843][T14972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  812.991857][T14972] Call Trace:
[  812.991865][T14972]  <TASK>
[  812.991875][T14972]  dump_stack_lvl+0x189/0x250
[  812.991912][T14972]  ? __pfx____ratelimit+0x10/0x10
[  812.991943][T14972]  ? __pfx_dump_stack_lvl+0x10/0x10
[  812.991974][T14972]  ? __pfx__printk+0x10/0x10
[  812.992009][T14972]  should_fail_ex+0x414/0x560
[  812.992042][T14972]  _copy_to_user+0x31/0xb0
[  812.992065][T14972]  simple_read_from_buffer+0xe1/0x170
[  812.992098][T14972]  proc_fail_nth_read+0x1df/0x250
[  812.992132][T14972]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  812.992166][T14972]  ? rw_verify_area+0x258/0x650
[  812.992188][T14972]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  812.992220][T14972]  vfs_read+0x200/0x980
[  812.992250][T14972]  ? __pfx___mutex_lock+0x10/0x10
[  812.992283][T14972]  ? __pfx_vfs_read+0x10/0x10
[  812.992309][T14972]  ? __fget_files+0x2a/0x420
[  812.992342][T14972]  ? __fget_files+0x3a0/0x420
[  812.992369][T14972]  ? __fget_files+0x2a/0x420
[  812.992407][T14972]  ksys_read+0x145/0x250
[  812.992430][T14972]  ? __fget_files+0x3a0/0x420
[  812.992459][T14972]  ? __pfx_ksys_read+0x10/0x10
[  812.992495][T14972]  ? do_syscall_64+0xbe/0x3b0
[  812.992532][T14972]  do_syscall_64+0xfa/0x3b0
[  812.992562][T14972]  ? lockdep_hardirqs_on+0x9c/0x150
[  812.992592][T14972]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  812.992612][T14972]  ? clear_bhb_loop+0x60/0xb0
[  812.992639][T14972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  812.992658][T14972] RIP: 0033:0x7f5c8098d33c
[  812.992676][T14972] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  812.992695][T14972] RSP: 002b:00007f5c8178d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  812.992716][T14972] RAX: ffffffffffffffda RBX: 00007f5c80bb5fa0 RCX: 00007f5c8098d33c
[  812.992732][T14972] RDX: 000000000000000f RSI: 00007f5c8178d0a0 RDI: 0000000000000004
[  812.992745][T14972] RBP: 00007f5c8178d090 R08: 0000000000000000 R09: 0000000000000000
[  812.992758][T14972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  812.992770][T14972] R13: 0000000000000000 R14: 00007f5c80bb5fa0 R15: 00007ffeb31d8f98
[  812.992804][T14972]  </TASK>
[  813.230838][    C1] vkms_vblank_simulate: vblank timer overrun
[  813.329909][T14960] usb 4-1: dvb_usb_au6610: wlen=0, aborting
[  813.395891][T13606] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  813.467650][T13606] zl10353_read_register: readreg error (reg=127, ret==0)
[  813.544752][T13606] usb 4-1: USB disconnect, device number 21
[  814.333537][T15007] FAULT_INJECTION: forcing a failure.
[  814.333537][T15007] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  814.370440][T15007] CPU: 1 UID: 0 PID: 15007 Comm: syz.1.2737 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  814.370471][T15007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  814.370484][T15007] Call Trace:
[  814.370493][T15007]  <TASK>
[  814.370502][T15007]  dump_stack_lvl+0x189/0x250
[  814.370539][T15007]  ? __pfx____ratelimit+0x10/0x10
[  814.370571][T15007]  ? __pfx_dump_stack_lvl+0x10/0x10
[  814.370602][T15007]  ? __pfx__printk+0x10/0x10
[  814.370625][T15007]  ? fs_reclaim_acquire+0x7d/0x100
[  814.370672][T15007]  should_fail_ex+0x414/0x560
[  814.370704][T15007]  prepare_alloc_pages+0x213/0x610
[  814.370743][T15007]  __alloc_frozen_pages_noprof+0x123/0x370
[  814.370780][T15007]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  814.370822][T15007]  ? policy_nodemask+0x27c/0x720
[  814.370846][T15007]  ? __lock_acquire+0xab9/0xd20
[  814.370879][T15007]  alloc_pages_mpol+0x232/0x4a0
[  814.370912][T15007]  vma_alloc_folio_noprof+0xe4/0x200
[  814.370943][T15007]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  814.370985][T15007]  folio_prealloc+0x30/0x180
[  814.371031][T15007]  __handle_mm_fault+0x2c88/0x5620
[  814.371076][T15007]  ? __pfx___handle_mm_fault+0x10/0x10
[  814.371120][T15007]  ? find_vma+0xe7/0x160
[  814.371145][T15007]  ? __pfx_find_vma+0x10/0x10
[  814.371167][T15007]  ? __up_read+0x280/0x680
[  814.371191][T15007]  handle_mm_fault+0x2d5/0x7f0
[  814.371230][T15007]  do_user_addr_fault+0x764/0x1390
[  814.371276][T15007]  exc_page_fault+0x76/0xf0
[  814.371312][T15007]  asm_exc_page_fault+0x26/0x30
[  814.371332][T15007] RIP: 0010:rep_stos_alternative+0x5b/0x80
[  814.371372][T15007] Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47 28 48 89 47 30 <48> 89 47 38 48 83 c7 40 48 83 e9 40 48 83 f9 40 73 d3 83 f9 08 73
[  814.371390][T15007] RSP: 0018:ffffc9000cd07ca8 EFLAGS: 00050202
[  814.371409][T15007] RAX: 0000000000000000 RBX: 000000000000fef7 RCX: 0000000000008677
[  814.371422][T15007] RDX: 0000000000000000 RSI: ffffffff8db5a445 RDI: 0000200000007fc2
[  814.371436][T15007] RBP: ffffc9000cd07e01 R08: 0000000000000000 R09: ffffffff820a4470
[  814.371450][T15007] R10: dffffc0000000000 R11: fffffbfff17b67ac R12: 00007ffffffff000
[  814.371465][T15007] R13: 000000000000001f R14: 0000200000000742 R15: 0000200000010639
[  814.371485][T15007]  ? __might_fault+0xb0/0x130
[  814.371517][T15007]  keyctl_capabilities+0xf1/0x170
[  814.371549][T15007]  __se_sys_keyctl+0x49f/0x910
[  814.371582][T15007]  ? __pfx___se_sys_keyctl+0x10/0x10
[  814.371614][T15007]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  814.371662][T15007]  ? __fget_files+0x3a0/0x420
[  814.371704][T15007]  ? fput+0xa0/0xd0
[  814.371733][T15007]  ? ksys_write+0x22a/0x250
[  814.371757][T15007]  ? __pfx_ksys_write+0x10/0x10
[  814.371785][T15007]  ? do_syscall_64+0xbe/0x3b0
[  814.371814][T15007]  ? __x64_sys_keyctl+0x20/0xc0
[  814.371843][T15007]  do_syscall_64+0xfa/0x3b0
[  814.371872][T15007]  ? lockdep_hardirqs_on+0x9c/0x150
[  814.371900][T15007]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  814.371919][T15007]  ? clear_bhb_loop+0x60/0xb0
[  814.371943][T15007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  814.371961][T15007] RIP: 0033:0x7f55e318e929
[  814.371978][T15007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  814.371994][T15007] RSP: 002b:00007f55e40a5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  814.372011][T15007] RAX: ffffffffffffffda RBX: 00007f55e33b5fa0 RCX: 00007f55e318e929
[  814.372025][T15007] RDX: 000000000000fef9 RSI: 0000200000000740 RDI: 000000000000001f
[  814.372037][T15007] RBP: 00007f55e40a5090 R08: 0000000000000000 R09: 0000000000000000
[  814.372049][T15007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  814.372061][T15007] R13: 0000000000000001 R14: 00007f55e33b5fa0 R15: 00007ffff33f9438
[  814.372093][T15007]  </TASK>
[  814.744926][    C1] vkms_vblank_simulate: vblank timer overrun
[  815.573432][T15013] FAULT_INJECTION: forcing a failure.
[  815.573432][T15013] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  815.613110][T15013] CPU: 1 UID: 0 PID: 15013 Comm: syz.3.2739 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  815.613141][T15013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  815.613154][T15013] Call Trace:
[  815.613162][T15013]  <TASK>
[  815.613172][T15013]  dump_stack_lvl+0x189/0x250
[  815.613207][T15013]  ? __pfx____ratelimit+0x10/0x10
[  815.613248][T15013]  ? __pfx_dump_stack_lvl+0x10/0x10
[  815.613294][T15013]  ? __pfx__printk+0x10/0x10
[  815.613329][T15013]  should_fail_ex+0x414/0x560
[  815.613359][T15013]  _copy_to_user+0x31/0xb0
[  815.613383][T15013]  simple_read_from_buffer+0xe1/0x170
[  815.613414][T15013]  proc_fail_nth_read+0x1df/0x250
[  815.613447][T15013]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  815.613489][T15013]  ? rw_verify_area+0x258/0x650
[  815.613508][T15013]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  815.613535][T15013]  vfs_read+0x200/0x980
[  815.613560][T15013]  ? __pfx___mutex_lock+0x10/0x10
[  815.613589][T15013]  ? __pfx_vfs_read+0x10/0x10
[  815.613610][T15013]  ? __fget_files+0x2a/0x420
[  815.613639][T15013]  ? __fget_files+0x3a0/0x420
[  815.613668][T15013]  ? __fget_files+0x2a/0x420
[  815.613706][T15013]  ksys_read+0x145/0x250
[  815.613731][T15013]  ? __pfx_ksys_read+0x10/0x10
[  815.613753][T15013]  ? rcu_is_watching+0x15/0xb0
[  815.613791][T15013]  ? do_syscall_64+0xbe/0x3b0
[  815.613825][T15013]  do_syscall_64+0xfa/0x3b0
[  815.613850][T15013]  ? lockdep_hardirqs_on+0x9c/0x150
[  815.613883][T15013]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  815.613897][T15013]  ? clear_bhb_loop+0x60/0xb0
[  815.613914][T15013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  815.613928][T15013] RIP: 0033:0x7f069b18d33c
[  815.613941][T15013] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  815.613953][T15013] RSP: 002b:00007f069c040030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  815.613968][T15013] RAX: ffffffffffffffda RBX: 00007f069b3b5fa0 RCX: 00007f069b18d33c
[  815.613979][T15013] RDX: 000000000000000f RSI: 00007f069c0400a0 RDI: 0000000000000004
[  815.613988][T15013] RBP: 00007f069c040090 R08: 0000000000000000 R09: 0000000000000000
[  815.613996][T15013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  815.614004][T15013] R13: 0000000000000000 R14: 00007f069b3b5fa0 R15: 00007ffdf3b80df8
[  815.614026][T15013]  </TASK>
[  815.852011][    C1] vkms_vblank_simulate: vblank timer overrun
[  815.929299][T15017] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  817.195060][T13563] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  817.352448][T13563] usb 6-1: Using ep0 maxpacket: 8
[  817.360000][T13563] usb 6-1: unable to get BOS descriptor or descriptor too short
[  817.374522][T13563] usb 6-1: config 4 interface 0 has no altsetting 0
[  817.392623][T13563] usb 6-1: string descriptor 0 read error: -22
[  817.400285][T13563] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  817.430905][T13563] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  817.692916][T13563] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  818.177739][T13563] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  818.214904][T13563] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  818.229088][T13563] usb 6-1: media controller created
[  818.265747][T13563] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  818.451546][T13563] zl10353_read_register: readreg error (reg=127, ret==0)
[  818.584088][T13563] usb 6-1: USB disconnect, device number 12
[  819.044132][T15071] xt_hashlimit: max too large, truncated to 1048576
[  819.152892][T15071] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  819.978422][T15081] netlink: 'syz.2.2756': attribute type 11 has an invalid length.
[  820.946975][T15091] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2761'.
[  820.956581][T15092] netlink: 'syz.2.2762': attribute type 3 has an invalid length.
[  821.234929][T13606] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  822.073565][T13606] usb 6-1: Using ep0 maxpacket: 8
[  822.154585][T13606] usb 6-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d
[  822.221008][T13606] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  822.274522][T13606] usb 6-1: Product: syz
[  822.303298][T13606] usb 6-1: Manufacturer: syz
[  822.335765][T13606] usb 6-1: SerialNumber: syz
[  822.479637][T13606] usb 6-1: config 0 descriptor??
[  822.603638][T13606] gspca_main: sonixj-2.14.0 probing 0c45:614a
[  822.606481][T15102] binder: 15101:15102 ioctl c018620c 200000000700 returned -1
[  824.092911][T13606] gspca_sonixj: reg_w1 err -110
[  824.097936][T13606] sonixj 6-1:0.0: probe with driver sonixj failed with error -110
[  824.515813][T13580] usb 6-1: USB disconnect, device number 13
[  825.310716][T15135] afs: Unknown parameter 'dyn/wireless'
[  825.585711][T15139] bridge3: entered allmulticast mode
[  828.344578][T15208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2789'.
[  828.447111][T15210] random: crng reseeded on system resumption
[  829.389624][T15204] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2788'.
[  829.639798][T15218] bridge4: entered allmulticast mode
[  829.980931][T15223] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2794'.
[  830.526769][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  830.538728][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  830.552765][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  830.561624][T13580] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  830.593835][ T5835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  830.612883][ T5835] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  830.741539][T13580] usb 2-1: Using ep0 maxpacket: 32
[  830.750352][T13580] usb 2-1: config 0 has no interfaces?
[  830.769640][T13580] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  830.788707][T13580] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  830.839685][T13580] usb 2-1: config 0 descriptor??
[  831.083861][T13562] usb 2-1: USB disconnect, device number 28
[  831.577388][T15245] netlink: 'syz.3.2798': attribute type 4 has an invalid length.
[  831.585354][T15245] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2798'.
[  832.632407][T11324] Bluetooth: hci4: command tx timeout
[  832.802200][T15229] chnl_net:caif_netlink_parms(): no params data found
[  832.863130][T15252] bridge4: entered allmulticast mode
[  833.244822][T15229] bridge0: port 1(bridge_slave_0) entered blocking state
[  833.302541][T15229] bridge0: port 1(bridge_slave_0) entered disabled state
[  833.341643][T15229] bridge_slave_0: entered allmulticast mode
[  833.379206][T15229] bridge_slave_0: entered promiscuous mode
[  833.406125][T15229] bridge0: port 2(bridge_slave_1) entered blocking state
[  833.437285][T15229] bridge0: port 2(bridge_slave_1) entered disabled state
[  833.464955][T15229] bridge_slave_1: entered allmulticast mode
[  833.489392][T15229] bridge_slave_1: entered promiscuous mode
[  833.586231][T15229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  833.607241][T15229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  833.704834][T15229] team0: Port device team_slave_0 added
[  833.734004][T15229] team0: Port device team_slave_1 added
[  833.839833][T15229] batman_adv: batadv0: Adding interface: batadv_slave_0
[  833.852632][T15229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  833.916986][T15229] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  833.960914][T15283] bridge5: entered allmulticast mode
[  833.979754][T15229] batman_adv: batadv0: Adding interface: batadv_slave_1
[  833.998272][T15229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  834.024651][    C1] vkms_vblank_simulate: vblank timer overrun
[  834.055886][T15229] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  834.712657][T11324] Bluetooth: hci4: command tx timeout
[  834.889394][T15229] hsr_slave_0: entered promiscuous mode
[  834.923506][T15229] hsr_slave_1: entered promiscuous mode
[  834.929945][T15229] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  834.949093][T15229] Cannot create hsr debugfs directory
[  835.096364][T15300] evm: overlay not supported
[  835.561682][T13606] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  835.721972][T13606] usb 6-1: Using ep0 maxpacket: 32
[  835.873921][T13606] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  835.880252][T15325] bridge2: entered allmulticast mode
[  835.942963][T13606] usb 6-1: config 0 has no interface number 0
[  835.961522][T13606] usb 6-1: config 0 interface 12 has no altsetting 0
[  835.994447][T13606] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  836.016789][T13606] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  836.049036][T13606] usb 6-1: Product: syz
[  836.086397][T13606] usb 6-1: Manufacturer: syz
[  836.138117][T13606] usb 6-1: SerialNumber: syz
[  836.470370][T13606] usb 6-1: config 0 descriptor??
[  836.742821][T15229] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  836.764419][T15229] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  836.781030][T15229] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  836.791577][T11324] Bluetooth: hci4: command tx timeout
[  836.803822][T15229] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  837.896283][T15359] batadv0: entered promiscuous mode
[  837.902987][T15359] 8021q: adding VLAN 0 to HW filter on device batadv0
[  838.113941][T15229] 8021q: adding VLAN 0 to HW filter on device bond0
[  838.221198][T15229] 8021q: adding VLAN 0 to HW filter on device team0
[  838.305475][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state
[  838.314160][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state
[  838.329084][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state
[  838.336395][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  838.462186][T13606] f81534 6-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  838.471574][T13606] f81534 6-1:0.12: f81534_find_config_idx: read failed: -71
[  838.480103][T13606] f81534 6-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  838.489148][T13606] f81534 6-1:0.12: probe with driver f81534 failed with error -71
[  838.666021][T13606] usb 6-1: USB disconnect, device number 14
[  838.891636][T11324] Bluetooth: hci4: command tx timeout
[  839.343173][T15375] bridge5: entered allmulticast mode
[  840.162645][T15391] FAULT_INJECTION: forcing a failure.
[  840.162645][T15391] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  840.182248][T15391] CPU: 0 UID: 0 PID: 15391 Comm: syz.5.2840 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  840.182277][T15391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  840.182289][T15391] Call Trace:
[  840.182297][T15391]  <TASK>
[  840.182306][T15391]  dump_stack_lvl+0x189/0x250
[  840.182342][T15391]  ? __pfx____ratelimit+0x10/0x10
[  840.182372][T15391]  ? __pfx_dump_stack_lvl+0x10/0x10
[  840.182412][T15391]  ? __pfx__printk+0x10/0x10
[  840.182433][T15391]  ? fs_reclaim_acquire+0x7d/0x100
[  840.182468][T15391]  should_fail_ex+0x414/0x560
[  840.182497][T15391]  prepare_alloc_pages+0x213/0x610
[  840.182534][T15391]  __alloc_frozen_pages_noprof+0x123/0x370
[  840.182568][T15391]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  840.182609][T15391]  ? __might_fault+0xb0/0x130
[  840.182637][T15391]  __alloc_pages_noprof+0xa/0x30
[  840.182664][T15391]  ___kmalloc_large_node+0x85/0x210
[  840.182693][T15391]  __kmalloc_large_node_noprof+0x18/0x90
[  840.182720][T15391]  __kmalloc_noprof+0x36f/0x4f0
[  840.182743][T15391]  ? iovec_from_user+0x87/0x250
[  840.182766][T15391]  iovec_from_user+0x87/0x250
[  840.182783][T15391]  ? get_pid_task+0x20/0x1f0
[  840.182808][T15391]  __import_iovec+0x163/0x7f0
[  840.182837][T15391]  import_iovec+0x74/0xa0
[  840.182861][T15391]  vfs_readv+0x185/0x850
[  840.182896][T15391]  ? __pfx_vfs_readv+0x10/0x10
[  840.182939][T15391]  ? __fget_files+0x2a/0x420
[  840.182970][T15391]  ? __fget_files+0x3a0/0x420
[  840.182996][T15391]  ? __fget_files+0x2a/0x420
[  840.183031][T15391]  __x64_sys_preadv+0x197/0x2a0
[  840.183060][T15391]  ? __pfx___x64_sys_preadv+0x10/0x10
[  840.183082][T15391]  ? rcu_is_watching+0x15/0xb0
[  840.183116][T15391]  ? do_syscall_64+0xbe/0x3b0
[  840.183150][T15391]  do_syscall_64+0xfa/0x3b0
[  840.183178][T15391]  ? lockdep_hardirqs_on+0x9c/0x150
[  840.183206][T15391]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  840.183226][T15391]  ? clear_bhb_loop+0x60/0xb0
[  840.183251][T15391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  840.183270][T15391] RIP: 0033:0x7f4ecab8e929
[  840.183288][T15391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  840.183306][T15391] RSP: 002b:00007f4ecb9d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  840.183328][T15391] RAX: ffffffffffffffda RBX: 00007f4ecadb5fa0 RCX: 00007f4ecab8e929
[  840.183343][T15391] RDX: 00000000000003e8 RSI: 0000200000001300 RDI: 0000000000000004
[  840.183355][T15391] RBP: 00007f4ecb9d4090 R08: 0000000000000000 R09: 0000000000000000
[  840.183367][T15391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  840.183379][T15391] R13: 0000000000000000 R14: 00007f4ecadb5fa0 R15: 00007ffc32781d18
[  840.183416][T15391]  </TASK>
[  840.458837][    C0] vkms_vblank_simulate: vblank timer overrun
[  840.680239][T15229] 8021q: adding VLAN 0 to HW filter on device batadv0
[  840.738992][T15229] veth0_vlan: entered promiscuous mode
[  840.754827][T15229] veth1_vlan: entered promiscuous mode
[  840.793431][T15229] veth0_macvtap: entered promiscuous mode
[  840.808101][T15229] veth1_macvtap: entered promiscuous mode
[  840.931510][T13606] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  840.990513][T15229] batman_adv: batadv0: Interface activated: batadv_slave_0
[  841.011245][T15229] batman_adv: batadv0: Interface activated: batadv_slave_1
[  841.038598][T15229] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  841.061974][T15229] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  841.070768][T15229] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  841.094768][T13606] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  841.111721][T13606] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  841.124925][T13606] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.7d
[  841.126178][T13562] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  841.134844][T13606] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  841.160659][T13606] usb 6-1: config 0 descriptor??
[  841.171654][T15229] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  841.308731][ T1151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  841.319717][ T1151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  841.321533][T13562] usb 2-1: Using ep0 maxpacket: 8
[  841.338903][T13562] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  841.347459][T13562] usb 2-1: config 179 has no interface number 0
[  841.370097][T13562] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  841.401625][T13562] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  841.421512][T13562] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  841.423388][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  841.445730][T13562] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  841.446873][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  841.474474][T13562] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  841.499263][T13562] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  841.520983][T13562] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  841.536753][T15403] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  841.675625][T13606] usb 6-1: string descriptor 0 read error: -71
[  841.714776][T13606] uclogic 0003:256C:006D.0008: failed retrieving string descriptor #200: -71
[  841.744825][T13606] uclogic 0003:256C:006D.0008: failed retrieving pen parameters: -71
[  841.773193][T15403] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  841.779808][T15403] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  841.800135][T15413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2793'.
[  841.809761][T13606] uclogic 0003:256C:006D.0008: failed probing pen v2 parameters: -71
[  841.832314][T13606] uclogic 0003:256C:006D.0008: failed probing parameters: -71
[  841.839972][T13606] uclogic 0003:256C:006D.0008: probe with driver uclogic failed with error -71
[  842.098526][T13606] usb 6-1: USB disconnect, device number 15
[  842.113418][T15403] vhci_hcd vhci_hcd.0: Device attached
[  842.192299][T13562] usb 35-1: new low-speed USB device number 2 using vhci_hcd
[  842.478518][T15421] bridge1: entered allmulticast mode
[  845.247050][T15443] libceph: resolve '.
[  845.247050][T15443] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  845.247050][T15443] ' (ret=-3): failed
[  845.507673][T15451] netlink: 'syz.5.2856': attribute type 1 has an invalid length.
[  845.546994][T13568] usb 2-1: USB disconnect, device number 29
[  845.547105][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  845.561292][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  845.570465][    C0] ==================================================================
[  845.578568][    C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290
[  845.586392][    C0] Read of size 4 at addr ffff888067b4685c by task kthreadd/2
[  845.593772][    C0] 
[  845.596118][    C0] CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  845.596138][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  845.596149][    C0] Call Trace:
[  845.596156][    C0]  <IRQ>
[  845.596164][    C0]  dump_stack_lvl+0x189/0x250
[  845.596193][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[  845.596231][    C0]  ? rcu_is_watching+0x15/0xb0
[  845.596256][    C0]  ? __kasan_check_byte+0x12/0x40
[  845.596279][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  845.596304][    C0]  ? rcu_is_watching+0x15/0xb0
[  845.596328][    C0]  ? lock_release+0x4b/0x3e0
[  845.596353][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[  845.596369][    C0]  ? __virt_addr_valid+0x4a5/0x5c0
[  845.596385][    C0]  print_report+0xd2/0x2b0
[  845.596407][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  845.596424][    C0]  kasan_report+0x118/0x150
[  845.596446][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  845.596468][    C0]  do_raw_spin_lock+0x23d/0x290
[  845.596485][    C0]  ? __wake_up_common_lock+0x2f/0x1f0
[  845.596505][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  845.596528][    C0]  _raw_spin_lock_irqsave+0xb3/0xf0
[  845.596552][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  845.596576][    C0]  ? kcov_remote_stop+0x78/0x6d0
[  845.596600][    C0]  __wake_up_common_lock+0x2f/0x1f0
[  845.596623][    C0]  __usb_hcd_giveback_urb+0x4d7/0x690
[  845.596643][    C0]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[  845.596662][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  845.596684][    C0]  ? usb_hcd_giveback_urb+0x10e/0x420
[  845.596703][    C0]  dummy_timer+0x862/0x4550
[  845.596721][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  845.596757][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  845.596789][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  845.596809][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  845.596826][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  845.596842][    C0]  __hrtimer_run_queues+0x529/0xc60
[  845.596878][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  845.596902][    C0]  ? read_tsc+0x9/0x20
[  845.596922][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  845.596950][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  845.596980][    C0]  handle_softirqs+0x286/0x870
[  845.597006][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  845.597033][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  845.597062][    C0]  __irq_exit_rcu+0xca/0x1f0
[  845.597086][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  845.597114][    C0]  irq_exit_rcu+0x9/0x30
[  845.597137][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  845.597162][    C0]  </IRQ>
[  845.597167][    C0]  <TASK>
[  845.597174][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  845.597193][    C0] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x8/0x90
[  845.597223][    C0] Code: 48 89 44 11 20 e9 d8 a8 a1 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 b0 99 92 65 8b 15 f8 4f d9 10 81 e2 00 01 ff 00
[  845.597239][    C0] RSP: 0018:ffffc900000774d8 EFLAGS: 00000287
[  845.597256][    C0] RAX: ffffffff82110c9a RBX: ffffc9000f080000 RCX: 0000000000007fff
[  845.597269][    C0] RDX: 0000000000000000 RSI: ffffc9000f080000 RDI: fffffffffffff000
[  845.597282][    C0] RBP: ffffc90000077618 R08: ffff88801a45d803 R09: 1ffff1100348bb00
[  845.597296][    C0] R10: dffffc0000000000 R11: ffffed100348bb01 R12: 0000000000009000
[  845.597308][    C0] R13: 0000000000008000 R14: 0000000000010fff R15: 0000000000008000
[  845.597324][    C0]  ? alloc_vmap_area+0x2fa/0x1490
[  845.597349][    C0]  alloc_vmap_area+0x2fa/0x1490
[  845.597376][    C0]  ? __pfx_alloc_vmap_area+0x10/0x10
[  845.597396][    C0]  ? __kasan_kmalloc+0x93/0xb0
[  845.597417][    C0]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  845.597439][    C0]  ? __get_vm_area_node+0x13f/0x300
[  845.597460][    C0]  ? copy_process+0x54b/0x3c00
[  845.597486][    C0]  __get_vm_area_node+0x1f8/0x300
[  845.597510][    C0]  __vmalloc_node_range_noprof+0x301/0x12f0
[  845.597534][    C0]  ? copy_process+0x54b/0x3c00
[  845.597573][    C0]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  845.597598][    C0]  ? memcpy_and_pad+0x48/0x80
[  845.597620][    C0]  __vmalloc_node_noprof+0xc2/0x110
[  845.597643][    C0]  ? copy_process+0x54b/0x3c00
[  845.597667][    C0]  ? copy_process+0x54b/0x3c00
[  845.597694][    C0]  dup_task_struct+0x3e7/0x860
[  845.597723][    C0]  copy_process+0x54b/0x3c00
[  845.597750][    C0]  ? __switch_to+0xd74/0x1600
[  845.597776][    C0]  ? finish_task_switch+0x18b/0x950
[  845.597800][    C0]  ? __pfx_copy_process+0x10/0x10
[  845.597827][    C0]  ? finish_task_switch+0x266/0x950
[  845.597850][    C0]  ? __pfx_kthread+0x10/0x10
[  845.597867][    C0]  kernel_clone+0x224/0x7f0
[  845.597884][    C0]  ? __pfx_kernel_clone+0x10/0x10
[  845.597899][    C0]  ? __schedule+0x16c0/0x4cb0
[  845.597930][    C0]  ? __pfx_kthread+0x10/0x10
[  845.597947][    C0]  kernel_thread+0x10c/0x160
[  845.597964][    C0]  ? __pfx_kernel_thread+0x10/0x10
[  845.597992][    C0]  ? __lock_acquire+0xab9/0xd20
[  845.598017][    C0]  ? __pfx_kthread+0x10/0x10
[  845.598038][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  845.598057][    C0]  kthreadd+0x575/0x770
[  845.598072][    C0]  ? kthreadd+0x30b/0x770
[  845.598087][    C0]  ? __pfx_kthreadd+0x10/0x10
[  845.598123][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  845.598146][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  845.598170][    C0]  ? __pfx_kthreadd+0x10/0x10
[  845.598185][    C0]  ret_from_fork+0x3fc/0x770
[  845.598210][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  845.598240][    C0]  ? __switch_to_asm+0x39/0x70
[  845.598256][    C0]  ? __switch_to_asm+0x33/0x70
[  845.598271][    C0]  ? __pfx_kthreadd+0x10/0x10
[  845.598286][    C0]  ret_from_fork_asm+0x1a/0x30
[  845.598310][    C0]  </TASK>
[  845.598316][    C0] 
[  846.139348][    C0] Allocated by task 13562:
[  846.143780][    C0]  kasan_save_track+0x3e/0x80
[  846.148469][    C0]  __kasan_kmalloc+0x93/0xb0
[  846.153070][    C0]  __kmalloc_cache_noprof+0x230/0x3d0
[  846.158449][    C0]  xpad_probe+0x428/0x1fc0
[  846.162879][    C0]  usb_probe_interface+0x644/0xbc0
[  846.168024][    C0]  really_probe+0x26a/0x9a0
[  846.172581][    C0]  __driver_probe_device+0x18c/0x2f0
[  846.177895][    C0]  driver_probe_device+0x4f/0x430
[  846.182941][    C0]  __device_attach_driver+0x2ce/0x530
[  846.188325][    C0]  bus_for_each_drv+0x251/0x2e0
[  846.193197][    C0]  __device_attach+0x2b8/0x400
[  846.197970][    C0]  bus_probe_device+0x185/0x260
[  846.202837][    C0]  device_add+0x7b6/0xb50
[  846.207183][    C0]  usb_set_configuration+0x1a87/0x20e0
[  846.212662][    C0]  usb_generic_driver_probe+0x8d/0x150
[  846.218159][    C0]  usb_probe_device+0x1c4/0x390
[  846.223029][    C0]  really_probe+0x26a/0x9a0
[  846.227549][    C0]  __driver_probe_device+0x18c/0x2f0
[  846.232856][    C0]  driver_probe_device+0x4f/0x430
[  846.237922][    C0]  __device_attach_driver+0x2ce/0x530
[  846.243309][    C0]  bus_for_each_drv+0x251/0x2e0
[  846.248230][    C0]  __device_attach+0x2b8/0x400
[  846.253007][    C0]  bus_probe_device+0x185/0x260
[  846.257876][    C0]  device_add+0x7b6/0xb50
[  846.262218][    C0]  usb_new_device+0xa39/0x16c0
[  846.266991][    C0]  hub_event+0x2941/0x4a00
[  846.271430][    C0]  process_scheduled_works+0xade/0x17b0
[  846.276993][    C0]  worker_thread+0x8a0/0xda0
[  846.281605][    C0]  kthread+0x70e/0x8a0
[  846.285773][    C0]  ret_from_fork+0x3fc/0x770
[  846.290378][    C0]  ret_from_fork_asm+0x1a/0x30
[  846.295168][    C0] 
[  846.297511][    C0] Freed by task 13568:
[  846.301591][    C0]  kasan_save_track+0x3e/0x80
[  846.306308][    C0]  kasan_save_free_info+0x46/0x50
[  846.311364][    C0]  __kasan_slab_free+0x62/0x70
[  846.316174][    C0]  kfree+0x18e/0x440
[  846.320088][    C0]  xpad_disconnect+0x350/0x480
[  846.324874][    C0]  usb_unbind_interface+0x26e/0x8f0
[  846.330089][    C0]  device_release_driver_internal+0x4d9/0x7c0
[  846.336169][    C0]  bus_remove_device+0x34d/0x410
[  846.341123][    C0]  device_del+0x511/0x8e0
[  846.345458][    C0]  usb_disable_device+0x3e9/0x8a0
[  846.350512][    C0]  usb_disconnect+0x330/0x910
[  846.355232][    C0]  hub_event+0x1cdb/0x4a00
[  846.359715][    C0]  process_scheduled_works+0xade/0x17b0
[  846.365293][    C0]  worker_thread+0x8a0/0xda0
[  846.369910][    C0]  kthread+0x70e/0x8a0
[  846.374014][    C0]  ret_from_fork+0x3fc/0x770
[  846.378630][    C0]  ret_from_fork_asm+0x1a/0x30
[  846.383416][    C0] 
[  846.385747][    C0] The buggy address belongs to the object at ffff888067b46800
[  846.385747][    C0]  which belongs to the cache kmalloc-1k of size 1024
[  846.399825][    C0] The buggy address is located 92 bytes inside of
[  846.399825][    C0]  freed 1024-byte region [ffff888067b46800, ffff888067b46c00)
[  846.413994][    C0] 
[  846.416334][    C0] The buggy address belongs to the physical page:
[  846.422771][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x67b40
[  846.431555][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  846.440175][    C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  846.447763][    C0] page_type: f5(slab)
[  846.451759][    C0] raw: 00fff00000000040 ffff88801a441dc0 dead000000000100 dead000000000122
[  846.460353][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  846.468961][    C0] head: 00fff00000000040 ffff88801a441dc0 dead000000000100 dead000000000122
[  846.477643][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  846.486326][    C0] head: 00fff00000000003 ffffea00019ed001 00000000ffffffff 00000000ffffffff
[  846.495045][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  846.503724][    C0] page dumped because: kasan: bad access detected
[  846.510173][    C0] page_owner tracks the page as allocated
[  846.515916][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1151, tgid 1151 (kworker/u8:7), ts 189649019072, free_ts 189182020781
[  846.535383][    C0]  post_alloc_hook+0x240/0x2a0
[  846.540167][    C0]  get_page_from_freelist+0x21d5/0x22b0
[  846.545728][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  846.551580][    C0]  alloc_pages_mpol+0x232/0x4a0
[  846.556473][    C0]  allocate_slab+0x8a/0x3b0
[  846.560993][    C0]  ___slab_alloc+0xbfc/0x1480
[  846.565686][    C0]  __kmalloc_noprof+0x305/0x4f0
[  846.570546][    C0]  ieee802_11_parse_elems_full+0x152/0x2b20
[  846.576461][    C0]  ieee80211_ibss_rx_queued_mgmt+0x462/0x2ae0
[  846.582541][    C0]  ieee80211_iface_work+0x806/0xfe0
[  846.587778][    C0]  cfg80211_wiphy_work+0x2dc/0x460
[  846.592902][    C0]  process_scheduled_works+0xade/0x17b0
[  846.598465][    C0]  worker_thread+0x8a0/0xda0
[  846.603089][    C0]  kthread+0x70e/0x8a0
[  846.607170][    C0]  ret_from_fork+0x3fc/0x770
[  846.611780][    C0]  ret_from_fork_asm+0x1a/0x30
[  846.616554][    C0] page last free pid 6786 tgid 6779 stack trace:
[  846.622897][    C0]  __free_frozen_pages+0xc65/0xe60
[  846.628053][    C0]  __put_partials+0x161/0x1c0
[  846.632800][    C0]  put_cpu_partial+0x17c/0x250
[  846.637629][    C0]  __slab_free+0x2f7/0x400
[  846.642077][    C0]  qlist_free_all+0x97/0x140
[  846.646683][    C0]  kasan_quarantine_reduce+0x148/0x160
[  846.652158][    C0]  __kasan_slab_alloc+0x22/0x80
[  846.657025][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  846.662501][    C0]  getname_flags+0xb8/0x540
[  846.667020][    C0]  __x64_sys_mkdir+0x5d/0x80
[  846.671623][    C0]  do_syscall_64+0xfa/0x3b0
[  846.676143][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  846.682049][    C0] 
[  846.684419][    C0] Memory state around the buggy address:
[  846.690054][    C0]  ffff888067b46700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  846.698137][    C0]  ffff888067b46780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  846.706210][    C0] >ffff888067b46800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  846.714279][    C0]                                                     ^
[  846.721220][    C0]  ffff888067b46880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  846.729386][    C0]  ffff888067b46900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  846.737453][    C0] ==================================================================
[  846.745568][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  846.752782][    C0] CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  846.762598][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  846.772666][    C0] Call Trace:
[  846.775953][    C0]  <IRQ>
[  846.778810][    C0]  dump_stack_lvl+0x99/0x250
[  846.783434][    C0]  ? __asan_memcpy+0x40/0x70
[  846.788055][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  846.793295][    C0]  ? __pfx__printk+0x10/0x10
[  846.797906][    C0]  panic+0x2db/0x790
[  846.801826][    C0]  ? __pfx_panic+0x10/0x10
[  846.806261][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  846.812172][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  846.818523][    C0]  ? print_memory_metadata+0x314/0x400
[  846.824006][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  846.829050][    C0]  check_panic_on_warn+0x89/0xb0
[  846.834012][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  846.839065][    C0]  end_report+0x78/0x160
[  846.843336][    C0]  kasan_report+0x129/0x150
[  846.847863][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  846.852907][    C0]  do_raw_spin_lock+0x23d/0x290
[  846.857779][    C0]  ? __wake_up_common_lock+0x2f/0x1f0
[  846.863164][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  846.868547][    C0]  _raw_spin_lock_irqsave+0xb3/0xf0
[  846.873771][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  846.879709][    C0]  ? kcov_remote_stop+0x78/0x6d0
[  846.884669][    C0]  __wake_up_common_lock+0x2f/0x1f0
[  846.889891][    C0]  __usb_hcd_giveback_urb+0x4d7/0x690
[  846.895280][    C0]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[  846.901126][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  846.907035][    C0]  ? usb_hcd_giveback_urb+0x10e/0x420
[  846.912424][    C0]  dummy_timer+0x862/0x4550
[  846.916943][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  846.923305][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  846.928793][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  846.933767][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  846.938714][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  846.943667][    C0]  __hrtimer_run_queues+0x529/0xc60
[  846.948911][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  846.954651][    C0]  ? read_tsc+0x9/0x20
[  846.958736][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  846.964563][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  846.969696][    C0]  handle_softirqs+0x286/0x870
[  846.974581][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  846.979364][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  846.984676][    C0]  __irq_exit_rcu+0xca/0x1f0
[  846.989285][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  846.994588][    C0]  irq_exit_rcu+0x9/0x30
[  846.998850][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  847.004502][    C0]  </IRQ>
[  847.007446][    C0]  <TASK>
[  847.010393][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  847.016391][    C0] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x8/0x90
[  847.023172][    C0] Code: 48 89 44 11 20 e9 d8 a8 a1 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 b0 99 92 65 8b 15 f8 4f d9 10 81 e2 00 01 ff 00
[  847.042810][    C0] RSP: 0018:ffffc900000774d8 EFLAGS: 00000287
[  847.048918][    C0] RAX: ffffffff82110c9a RBX: ffffc9000f080000 RCX: 0000000000007fff
[  847.056908][    C0] RDX: 0000000000000000 RSI: ffffc9000f080000 RDI: fffffffffffff000
[  847.064890][    C0] RBP: ffffc90000077618 R08: ffff88801a45d803 R09: 1ffff1100348bb00
[  847.072870][    C0] R10: dffffc0000000000 R11: ffffed100348bb01 R12: 0000000000009000
[  847.080857][    C0] R13: 0000000000008000 R14: 0000000000010fff R15: 0000000000008000
[  847.088858][    C0]  ? alloc_vmap_area+0x2fa/0x1490
[  847.093910][    C0]  alloc_vmap_area+0x2fa/0x1490
[  847.098786][    C0]  ? __pfx_alloc_vmap_area+0x10/0x10
[  847.104135][    C0]  ? __kasan_kmalloc+0x93/0xb0
[  847.108958][    C0]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  847.114971][    C0]  ? __get_vm_area_node+0x13f/0x300
[  847.120192][    C0]  ? copy_process+0x54b/0x3c00
[  847.124981][    C0]  __get_vm_area_node+0x1f8/0x300
[  847.130031][    C0]  __vmalloc_node_range_noprof+0x301/0x12f0
[  847.135960][    C0]  ? copy_process+0x54b/0x3c00
[  847.140773][    C0]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  847.147136][    C0]  ? memcpy_and_pad+0x48/0x80
[  847.151841][    C0]  __vmalloc_node_noprof+0xc2/0x110
[  847.157067][    C0]  ? copy_process+0x54b/0x3c00
[  847.161870][    C0]  ? copy_process+0x54b/0x3c00
[  847.166746][    C0]  dup_task_struct+0x3e7/0x860
[  847.171558][    C0]  copy_process+0x54b/0x3c00
[  847.176179][    C0]  ? __switch_to+0xd74/0x1600
[  847.180901][    C0]  ? finish_task_switch+0x18b/0x950
[  847.186125][    C0]  ? __pfx_copy_process+0x10/0x10
[  847.191175][    C0]  ? finish_task_switch+0x266/0x950
[  847.196400][    C0]  ? __pfx_kthread+0x10/0x10
[  847.201012][    C0]  kernel_clone+0x224/0x7f0
[  847.205532][    C0]  ? __pfx_kernel_clone+0x10/0x10
[  847.210598][    C0]  ? __schedule+0x16c0/0x4cb0
[  847.215319][    C0]  ? __pfx_kthread+0x10/0x10
[  847.219928][    C0]  kernel_thread+0x10c/0x160
[  847.224550][    C0]  ? __pfx_kernel_thread+0x10/0x10
[  847.229674][    C0]  ? __lock_acquire+0xab9/0xd20
[  847.234553][    C0]  ? __pfx_kthread+0x10/0x10
[  847.239167][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  847.244387][    C0]  kthreadd+0x575/0x770
[  847.248556][    C0]  ? kthreadd+0x30b/0x770
[  847.252901][    C0]  ? __pfx_kthreadd+0x10/0x10
[  847.257592][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  847.262814][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  847.268038][    C0]  ? __pfx_kthreadd+0x10/0x10
[  847.272743][    C0]  ret_from_fork+0x3fc/0x770
[  847.277351][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  847.282485][    C0]  ? __switch_to_asm+0x39/0x70
[  847.287265][    C0]  ? __switch_to_asm+0x33/0x70
[  847.292076][    C0]  ? __pfx_kthreadd+0x10/0x10
[  847.296782][    C0]  ret_from_fork_asm+0x1a/0x30
[  847.301570][    C0]  </TASK>
[  847.304926][    C0] Kernel Offset: disabled
[  847.309264][    C0] Rebooting in 86400 seconds..