last executing test programs:

8m10.048581222s ago: executing program 2 (id=2971):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000c10000000000000007000000850000002f000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000017000000950000000000000028f91595835758911eefc4b6b96509ff9fb27c88"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESHEX=0x0])
read$FUSE(r1, &(0x7f0000002480)={0x2020, 0x0, <r2=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file1\x00', 0x60200, 0x0)
write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r2, {0x7, 0x9, 0x0, 0x1, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x40}}, 0x50)
read$FUSE(r1, &(0x7f0000004580)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r1, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup3(r4, r1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f00000006c0)="00000000000000c88526faac0646", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

8m9.752124707s ago: executing program 2 (id=2973):
syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x40, 0x2}, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x80900, 0x0)
waitid$P_PIDFD(0x3, r0, &(0x7f00000001c0), 0x20000000, &(0x7f0000000380))
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x97, 0xff, 0x82, 0x8, 0x2058, 0x1005, 0xc19b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x8f, 0x0, 0x0, 0xbf, 0x57, 0x5a}}]}}]}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r4, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xc3, 0xaa, 0x37, 0x40, 0x10d6, 0x2200, 0x100, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xab, 0x4, 0x0, 0xac, 0x4, 0x14}}]}}]}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r6, r2, 0x25, 0x2, @val=@tcx}, 0x1c)
close(0xffffffffffffffff)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
syz_emit_ethernet(0x37, &(0x7f00000007c0)=ANY=[], 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = dup(r7)
getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)

8m6.590498047s ago: executing program 2 (id=2984):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
r0 = add_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r0, &(0x7f0000000080)=""/11, 0xb)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000440)='vnet_skip_tx_trigger\x00', r1, 0x0, 0x8000000000000001}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x8000003, 'dh\x00', 0x1, 0x7, 0x49}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0)

8m3.823031277s ago: executing program 2 (id=2990):
r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x5, 0x2, 0x3, "0b69e8e1f41910b2eafa4496ba2900", 0x32314d59})
rseq(&(0x7f0000000980)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
syz_genetlink_get_family_id$gtp(0x0, r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000006080)={'wlan1\x00'})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mount$afs(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="6466ba929f"])
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104004, 0x0)
mount$9p_unix(&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x12c5c18, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x2a05004, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000340)=[{{&(0x7f0000000000)={0x2, 0x4e24, @remote}, 0x10, &(0x7f0000000880)=[{&(0x7f00000009c0)="d1b7f58741760d06138243343c463dce831c872c32578b8e1c132f3f7c7c0248e2161630d5e7cefb8bb149e1f2e9628c4a7e7f3a84887548baca80757f385b0a63c44c3c86cf8e6ee5c537669053c809441385ef5da820ce2f4bccd4e46f2a0aea1cc6821f67a7535c80f2791c784140a437b43b36b1a5175917e2ca703220c4b0439bb438ebff3335e9a4ec8a9003bdc0179de7963dd3", 0x97}, {&(0x7f0000000580)="0180911658b604fb1849e41630ca1c72e299b3c94debcd60cdaed41152c65b0c79a0e280980221d860fd1a7446c618e361fb4fbb769a7aedbd34babd3916b4190816b0899615cda9944b027108465a211625827d59bb33991489ad9c711354446380c989f8ca3bd8c5308b781ab7c144f2e447cc1a24132f3e9115a58553db1db7cdf0a3158c16c1a036e1b43c2f1fdf7ac0370121e7d9121af2a24311af943d7fee8ccc2250af46cba9b6e9fc8b0ebbf387e57c985ddfa0cb92748d6adae3b89ed59bd71ca2a6", 0xc7}, {&(0x7f00000003c0)="caabaa04de704007a59a6e9fd32dca08ab365bbd5096aed16944901f63c0cafddfefd637b602b9df27f72ce5e350a57f5294e7eefe797c2ac10bd5197a7a645b4ea0b471b87e3b50198e0b601e96069554e2e1ff5d2a9652bbfe950b0587280c4faafe9eb7bbc52e5c2a2480abecf8df25fee10a2dc45658cceffcbd0db124308ca0810b3aae2c3c9be6bfebd65a506c1048c8fc687d9986f7842ecddaf0b6acbf0e81bea11b82fa4043d34046933001ff7861bc261ab4dbe96d469f7f69a8fbf63b96e51ffc", 0xc6}, {&(0x7f0000000680)="e8f04ab5849497dc526c242655a73c1865f5a9a5f9905d9ae5a6360cf750218371d10b3b485b4f45cfa174b5a9aa6dd355d9b6cb9890fb36b1fbf7c30804461c7593669d7ec0e8a358b060cc2590bdf0afff94b4c1f4952d05", 0x59}, {&(0x7f0000000700)="8d580e594f5194ea801ce4b1d9ad8ddb743fc4a53a844b2d8349cc3db321726175d7973d1735f48a02aa9d1997e5331916f18a368af35b0a15c20de20d80458e622e060dc3c83abd2f9f52304911298350984d3477f939c5d7d9f7ffd005d73b05f1cdc8e93a4c6f0d38b5b2574f52329bee0b8d7b9d219d0c79e2c93897ea66cd73728387fccee0e7e9cb2118d01363df75e4bf7da21b0fe11edc0c438c4c22601a4b3779202ca36770853a0d09e0971ded9aa58d02477b36bd62e2c91fcc7fabdd9d9d4b192ac88456fb99f17c1e741a6d00"/221, 0xdd}], 0x5}}], 0x1, 0x20008000)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x8, 0x12200)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000080)={0x5, 0x0, 0x120000000000, 0x2, 0x500, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0x9, 0x86, 0x800, 0x80000002}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

8m2.373060972s ago: executing program 2 (id=2994):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x2a0080, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
read$FUSE(r4, &(0x7f0000004dc0)={0x2020}, 0x2020)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000a40), 0xffffffffffffffff)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r4)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x18, 0x140a, 0xd01, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x9040}, 0xc010)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_SIOCADDRT(r7, 0x890b, &(0x7f0000000100)={0x0, @l2tp={0x2, 0x0, @multicast2, 0x3}, @sco={0x1f, @none}, @llc={0x1a, 0x205, 0x1, 0x2, 0x1, 0x9, @local}, 0x200, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10000, 0x8000})
dup3(r0, r7, 0x80000)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)
socket$inet6(0xa, 0x2, 0x0)

8m1.816022232s ago: executing program 2 (id=2997):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x20, r1, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000640)={0x18, r1, 0x0, 0x0, 0x0})

8m1.462826591s ago: executing program 32 (id=2997):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x20, r1, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000640)={0x18, r1, 0x0, 0x0, 0x0})

2m40.468725111s ago: executing program 0 (id=3797):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xee31b000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r5, @ANYBLOB="010000000000000000000c00000018000180140002006261746164765f736c6176655f310000600003805c0003800c000180"], 0x8c}}, 0x0)
listen(r3, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = accept(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r8, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, 0x0, 0x0, 0x0, <r9=>0x0})
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x3, r9, 0x0, 0x0, 0x43, &(0x7f0000000240)="eeaa327af1976a5790f526f61a108cba7e979ec9a0d3c6c46b9a6880af1cc8658705c1b5901e989b7daf7e79ba82ffd3d334ddecdefc605268c876ea9ada98dd460709"})
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x4, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

2m39.74127523s ago: executing program 0 (id=3798):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800c96edca5082bc204307de4530000000000000000000068"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000080)={'nr0\x00', 0x2000})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSSOFTCAR(r5, 0x541a, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x800c69a, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(0xffffffffffffffff)
prlimit64(0x0, 0x7, &(0x7f00000000c0)={0x5, 0x8}, 0x0)

2m38.784817533s ago: executing program 0 (id=3803):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
recvmmsg(r4, &(0x7f0000000180), 0x0, 0x2062, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x10, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@rdma_dest={0x18, 0x114, 0x2, {0x2, 0x7}}], 0x18}, 0x100000)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r6 = socket(0x10, 0x3, 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/address_bits', 0x70400, 0x89)
r8 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
ioctl$LOOP_CHANGE_FD(r8, 0x4c06, r8)
openat$cgroup_ro(r7, &(0x7f0000000140)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'team0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x88, 0x24, 0xf0b, 0x20, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x1], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}]}, 0x88}}, 0x20000000)

2m36.051866445s ago: executing program 0 (id=3807):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x86a305)
socket$inet_udp(0x2, 0x2, 0x0)
write$char_usb(r3, &(0x7f0000000040)="e2", 0x2250)
mknod(0x0, 0x200, 0x1ffffffe)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'ipvlan1\x00'})
r5 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r5, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)
socket$inet_tcp(0x2, 0x1, 0x0)

2m35.352167721s ago: executing program 0 (id=3810):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x10)
sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r1, &(0x7f0000001740)=[{{0x0, 0x500, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1}}], 0x4000210, 0x2, 0x0)

2m27.241382921s ago: executing program 0 (id=3831):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
socket$inet(0x2, 0x5, 0x4)
socket(0x10, 0x3, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000200), 0x1, 0x0)
openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x9, 0x4, 0x1, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0)
preadv(r2, &(0x7f0000000000)=[{&(0x7f0000001340)=""/90, 0x5a}], 0x1, 0x0, 0xd)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000080)={0x4000000})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x1ff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f00002f7000/0xd000)=nil, 0xd000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
r4 = syz_open_dev$ndb(&(0x7f0000000240), 0x0, 0x680)
ioctl$NBD_SET_BLKSIZE(r4, 0xab01, 0x5)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r3, 0x0, 0x0, 0x800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/69, 0x45}], 0x1}, 0x42)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil)
syz_open_dev$video4linux(&(0x7f0000000c80), 0x200087, 0xa402)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, 0x0)
r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140), 0x40940, 0x0)
openat(r6, &(0x7f0000000180)='./file0\x00', 0xd40, 0x82)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000fffffbff00000000000080a0affd2f7bc2abc9addd6105fba3e29d42136987b6dc41dc5fa7dd57c621a47d0ee9c8d4c5"], 0x48)

2m12.15052034s ago: executing program 33 (id=3831):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
socket$inet(0x2, 0x5, 0x4)
socket(0x10, 0x3, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000200), 0x1, 0x0)
openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x9, 0x4, 0x1, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0)
preadv(r2, &(0x7f0000000000)=[{&(0x7f0000001340)=""/90, 0x5a}], 0x1, 0x0, 0xd)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000080)={0x4000000})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x1ff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f00002f7000/0xd000)=nil, 0xd000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
r4 = syz_open_dev$ndb(&(0x7f0000000240), 0x0, 0x680)
ioctl$NBD_SET_BLKSIZE(r4, 0xab01, 0x5)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r3, 0x0, 0x0, 0x800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/69, 0x45}], 0x1}, 0x42)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil)
syz_open_dev$video4linux(&(0x7f0000000c80), 0x200087, 0xa402)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, 0x0)
r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140), 0x40940, 0x0)
openat(r6, &(0x7f0000000180)='./file0\x00', 0xd40, 0x82)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000fffffbff00000000000080a0affd2f7bc2abc9addd6105fba3e29d42136987b6dc41dc5fa7dd57c621a47d0ee9c8d4c5"], 0x48)

15.31499936s ago: executing program 1 (id=4210):
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f00000000c0)="5bffd08307d80c79b1cb7b5f0c5b4d719c69c8513f748fbe425a7bc388c9019bef114779f7a10dc03a883d6e16a0a704f74297f381ff1db75098a9b38bb67206a7ff22e6ca46dc760bdad8a79d5951988c55a368dd1132ba7f129c2e65441eaa27492c069488df0881f123ca01ae873f5b36eb0fddb8f07420f5484d81cabde167c87ffbab6a94b24b5537bb1a08d56469f516fd4b7c66e2ac50d5ff4e52c628d0a89e53d0e78582a5ab2a2c714f66", 0xfe7c}], 0x1)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000240)={0x2000, 0x1000000})
write(0xffffffffffffffff, &(0x7f0000000000)="240000001e00ff", 0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x0, @host}, 0x10)
listen(r0, 0x3d)
accept4$unix(r0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, &(0x7f0000000040)=0x2, 0x4)
sched_setaffinity(0x0, 0x0, 0x0)

12.339053074s ago: executing program 3 (id=4218):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xee31b000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r6, @ANYBLOB="010000000000000000000c00000018000180140002006261746164765f736c6176655f310000600003805c0003800c000180"], 0x8c}}, 0x0)
listen(r4, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r8 = accept(r3, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r9, 0x3ba0, &(0x7f0000000740)={0x48})
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x4, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvfrom(r7, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

12.103324428s ago: executing program 6 (id=4219):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0xfff)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004140)=""/102392, 0x18ff8)
socket$kcm(0x11, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000002100)={0x2020}, 0x2020)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x4, 0x1)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
fsopen(0x0, 0x1e665c10cabf505b)
socket$nl_rdma(0x10, 0x3, 0x14)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r5=>0x0})
connect$can_bcm(r4, &(0x7f00000000c0)={0x1d, r5}, 0x10)
sendmsg$can_bcm(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64, @ANYBLOB="0000000001"], 0x48}}, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="010000006b0100000100000000000000", @ANYRES64=r0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="000000000100000002000030ac"], 0x48}}, 0x20000000)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r6, &(0x7f0000000300), 0x6)
sendmmsg$inet(r3, &(0x7f0000000800)=[{{&(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @broadcast}}}], 0x20}}, {{&(0x7f00000000c0)={0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="34000000000000000000000007000000832304"], 0x38}}], 0x2, 0x80)

12.031259852s ago: executing program 5 (id=4220):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000400)={0x84, &(0x7f00000004c0)={0x0, 0x5, 0xfc, "40643281832732360100a65eb216e1b549441255296621a477704e209b96be345ca342f333a3f0a950bad45f5bf14ecb54187f760d369cfb4aba9c37c4acb89a9b28c0fb465df42f072c003a736bd476d8e56e5dc584b6143526658f05911278e55c2bb8fb1970db776dd08af65aed5b9675095e03e3e8d6dd9bf2cacceae4cc04b00290f76d114b2d51af443faa251a4db939693566293ada96e6d930869c142807854d99462f9b728df0245fa2cd7161526d6e467f75797bf6c7980c0c0470866d1fadc393717346227fa345f3ede463cf670861de5a0e2a7f7dee8b04f70b2697003a9e64aed47ed16d0faf0828ecd0963eac31af37e358117052"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r3 = dup3(r1, r2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x3, &(0x7f00000006c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket(0xa, 0x3, 0xf2c)
r4 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x24, &(0x7f0000000500)=0x40, 0x4)
connect$inet6(r6, &(0x7f0000000040)={0xa, 0x4e20, 0x380002, @dev={0xfe, 0x80, '\x00', 0x34}, 0xa}, 0x1c)
socket(0x40000000015, 0x5, 0x0)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x5453, 0x0)
ioctl$MON_IOCG_STATS(r3, 0xc0109207, &(0x7f00000001c0))

11.961862051s ago: executing program 1 (id=4221):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x2a0080, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
read$FUSE(r4, &(0x7f0000004dc0)={0x2020}, 0x2020)
sendmsg(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000a40), 0xffffffffffffffff)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r4)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x18, 0x140a, 0xd01, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x9040}, 0xc010)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_SIOCADDRT(r7, 0x890b, &(0x7f0000000100)={0x0, @l2tp={0x2, 0x0, @multicast2, 0x3}, @sco={0x1f, @none}, @llc={0x1a, 0x205, 0x1, 0x2, 0x1, 0x9, @local}, 0x200, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10000, 0x8000})
dup3(r0, r7, 0x80000)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)
socket$inet6(0xa, 0x2, 0x0)

11.391998933s ago: executing program 3 (id=4223):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$inet(0x2, 0x3, 0x9)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x4b, 0x1, 0xffffffff, 0x6, 0x0)
r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000080)=[{{0x0, 0x8d, &(0x7f00000009c0)=[{&(0x7f0000000480)='Y', 0xff8d}, {&(0x7f0000000100)="d5", 0xf4240}], 0x2}}], 0x1, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{0xc0010015}]})
syz_emit_ethernet(0x7e, &(0x7f00000005c0)=ANY=[@ANYBLOB="aaaaaadabc8dadb940f794340800bf0cee40fa532c337045c50070006800000101907864015d6b8d1a3b5709d44f1f37690102ac1414aa0400907800000000452500010064000300ffffe0000001890000000001861f0000000200092bde3d79cc40faffffff02000c70444fe3fffdae311fc0440422a144140533ac1414bb00000003e0000001000000000000f7001548f2e34a2caa7da1efbc910800808c85eac0fb42669df6fa2c4e0201f28dc9f1243670aec916cce2a82d620fc2d18a9979f2a87f8dd4375c28b912418d5ca67b13928673de03029e719f89b6c3aa14fb7ca79fd0116be4d1f74c8b1e84f07ac81fcece5f4e78d653aa433235718002495c9104a6c38420c2090d426a00000000005d189d1259d9135b9c930437ec1fc755acf171f293854b91015b12aeca5d59f4e253ba721790e8c44d94b40d5e4c0d25563b40742346a6232d455b59ecdab67b7fc455335ddbd1b41ca3578b3a442b628b5a129ae5db8800ad952c8277891aa2d2c37a2ae6dc5b0267550a9e47"], 0x0)
shutdown(r2, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
r7 = socket(0x10, 0x3, 0x0)
write(r7, &(0x7f0000000580)="240000001e005f031400ff01000000f80700b3586ff606c2e553797c080008e467dc0000", 0x24)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000005001900010000000800160000000100080017"], 0x44}}, 0x0)
recvmmsg(r7, &(0x7f0000005180), 0x400000000000166, 0x1a000, 0x0)

9.645816502s ago: executing program 6 (id=4226):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)='grp5\x01\x00\x00\x00\x01\x00\x00\x00i\x16\xa3\xb5\x17\x139\xa9(\xa3Kwp;9\x83T\xb7?W\xa3pq\x1e\xc2\x95\x7fC{\x81T\xb9\x1a\x17\xa3\xf8\xe7@\x83\xd4\xddP\b\x84\x1e\xfaB:\xaa\x88T\x15\x01\x19\xddu`\x1f\xe4\xd4\xdd\xb9!\xdc7\xbdse\xcd\x1f%\x9d/#\x8d\aP\xe0ENy\xb3\x9e\xaa\xb3\x0f\x10\x95\x94v\xc1\xfcM\xa7,`8\x9e\xab\xfc;\xbd\xa4d\x8f],V\x87\x8b\xf4\x1a\xb8J\xc5\xb9{Lvu^|\x81M%\xfc\xd8\xe5\x92O\x06\xc2\x03\xefo&\x01\x00\x00\x80\x00\x00\x00\x00\xf0\x86\xd5t\xa5\xe9')
syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000000)={0x12f, &(0x7f0000000080)=[{}, {}, {}]})

8.326762539s ago: executing program 6 (id=4228):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x10, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)=ANY=[@ANYBLOB="1c160000030600010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x48d4)
r4 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r6, @ANYBLOB='\b\x00', @ANYRES64=r5], 0x40}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write(0xffffffffffffffff, 0x0, 0x0)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7)
ptrace$setregs(0xf, r7, 0xc, &(0x7f0000000000))
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9b}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}}, 0x0)
ptrace(0x10, 0x0)
ptrace(0x8, 0x0)

8.068816166s ago: executing program 3 (id=4230):
socket$tipc(0x1e, 0x5, 0x0)
fsopen(&(0x7f00000001c0)='sockfs\x00', 0x1)
prctl$PR_MCE_KILL(0x35, 0x1, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
write$rfkill(0xffffffffffffffff, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc090}, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r3)
close_range(r2, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b55385"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180))
ioctl$SIOCSIFHWADDR(r6, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x0, 0x0, 0x0, 0x6}, 0x0, &(0x7f00000002c0)={0x3bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffd, 0xfffffffffffffffc}, 0x0, 0x0)

7.285658043s ago: executing program 1 (id=4231):
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f00000000c0)="5bffd08307d80c79b1cb7b5f0c5b4d719c69c8513f748fbe425a7bc388c9019bef114779f7a10dc03a883d6e16a0a704f74297f381ff1db75098a9b38bb67206a7ff22e6ca46dc760bdad8a79d5951988c55a368dd1132ba7f129c2e65441eaa27492c069488df0881f123ca01ae873f5b36eb0fddb8f07420f5484d81cabde167c87ffbab6a94b24b5537bb1a08d56469f516fd4b7c66e2ac50d5ff4e52c628d0a89e53d0e78582a5ab2a2c714f66", 0xfe7c}], 0x1)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000240)={0x2000, 0x1000000})
write(0xffffffffffffffff, &(0x7f0000000000)="240000001e00ff", 0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x0, @host}, 0x10)
listen(r0, 0x3d)
accept4$unix(r0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, &(0x7f0000000040)=0x2, 0x4)
sched_setaffinity(0x0, 0x0, 0x0)

7.193208358s ago: executing program 6 (id=4232):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x10, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)=ANY=[@ANYBLOB="1c160000030600010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x48d4)
r4 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r6, @ANYBLOB='\b\x00', @ANYRES64=r5], 0x40}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9b}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}}, 0x0)

6.558872003s ago: executing program 5 (id=4233):
socket$inet6_sctp(0xa, 0x1, 0x84)
munmap(&(0x7f0000901000/0x3000)=nil, 0x3000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
gettid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000380)={0x0, 0xfffffffffffffe47, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB="040000c0a03ac22accdb97f600", @ANYRES64=r2, @ANYRESHEX], 0x1c}}, 0x0)
sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=r4], 0x24}}, 0x0)
sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="010002000000fc000000b0abca99"], 0x14}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="14ffeb00", @ANYRES16=r6, @ANYBLOB="796104000000000000007e000000"], 0x14}}, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x149040, 0x142)
mount(&(0x7f0000000000)=@sr0, &(0x7f0000004a00)='./file1\x00', 0x0, 0x100080f, 0x0)
r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)={0x64, r7, 0x201, 0x0, 0x0, {0x3, 0x0, 0x26}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'sit0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @dev}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @remote}]}, 0x64}, 0x8, 0x3000000000002}, 0x40000)
getpeername$netlink(r3, &(0x7f0000000280), &(0x7f0000000400)=0xc)
socket$nl_route(0x10, 0x3, 0x0)
io_uring_setup(0x1fb5, &(0x7f00000002c0)={0x0, 0x0, 0x4000, 0x1, 0xffffffd})

6.443139739s ago: executing program 3 (id=4234):
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000400)='fd\x00')
getdents(r2, &(0x7f0000000000)=""/39, 0x82)
getdents(r2, 0xffffffffffffffff, 0x5a)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000304fc0400"/20, @ANYRES32=0x0, @ANYBLOB="a5fdad8800000000240012800b0001006272696467650000140002800500190006000000050018000100"], 0x44}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000001c0)={<r5=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000200)={r5})
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r8 = dup(r7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r8, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

6.438721517s ago: executing program 4 (id=4235):
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$I2C(0x0, 0x10001, 0x240000)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000080)={0x53, 0xfffffffffffffffe, 0x6, 0x7, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000200)="000039302ce8", 0xfffffffffffffffd, 0x80000800, 0x16, 0x0, 0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x136)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x1, [<r6=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
bind$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e23, 0x1, @empty, 0x3}, 0x1c)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={r6, 0x0, <r7=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r7})
r8 = fsopen(&(0x7f0000000040)='9p\x00', 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
r11 = getpgrp(0x0)
ptrace$cont(0x1f, r11, 0x9, 0xfffffffffffffffa)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'lo\x00', <r12=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001b00)=@newqdisc={0x21c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1ec, 0x2, {{0x0, 0x0, 0x57b2}, [@TCA_NETEM_REORDER={0xc, 0x3, {0xdc, 0x3}}, @TCA_NETEM_LOSS={0xc8, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x4, 0x2, 0x3e}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0x7, 0x2}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0xffffdb68, 0xf, 0x4}}, @NETEM_LOSS_GI={0x30, 0x1, {0x7, 0x1, 0x8, 0x85bc, 0x1ff}}, @NETEM_LOSS_GE={0x14, 0x2, {0x5, 0x8000000, 0x5}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x0, 0x5, 0x7, 0x1}}, @NETEM_LOSS_GE={0x14, 0x2, {0x6, 0xf, 0xa9c8}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x0, 0x8, 0x50195274, 0x1}}, @NETEM_LOSS_GE={0x0, 0x2, {0x4, 0x0, 0x59, 0x2}}]}, @TCA_NETEM_LOSS={0xd0, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x5, 0x3, 0x1, 0xedff, 0x4}}, @NETEM_LOSS_GI={0x88, 0x1, {0x9, 0x9, 0x7, 0xfffff000, 0x3a2}}, @NETEM_LOSS_GE={0x14, 0x2, {0x9, 0x4, 0x3, 0x9}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x4, 0x7, 0x200, 0x40}}, @NETEM_LOSS_GI={0x18, 0x1, {0xffffff54, 0x3, 0x1, 0x3c9, 0xc}}, @NETEM_LOSS_GE={0x9, 0x2, {0x3, 0x5, 0x5, 0x9}}, @NETEM_LOSS_GE={0x14, 0x2, {0x1, 0x9, 0x9, 0x2}}, @NETEM_LOSS_GI={0xffffffffffffffad, 0x1, {0x1, 0x9da, 0x1, 0x141, 0xffff}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x40ae, 0x3, 0x3, 0x6}}]}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x7, 0x100, 0x40, 0x9, 0x2, 0x94}}]}}}]}, 0x21c}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)

4.529236254s ago: executing program 6 (id=4236):
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x1)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="1ce0", 0xffeb, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10)
r0 = socket(0xa, 0x3, 0x3a)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x5eb, 0x101, 0x104, 0x1ff, 0xf}})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1, 0x0, 0x0, 0x44}], 0x1, 0x0)
setsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x20, 0x8f, 0x2, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x4}, 0xe)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000000ec0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x141, 0x0, 0x4}, 0x18)
openat$sequencer2(0xffffff9c, &(0x7f0000000200), 0x143240, 0x0)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x1, 0x1, 0x40}, 0xc)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x0, 0x0, @empty}}, 0x5c)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000080)=0x6, 0x4)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000002, 0x0)
futex(&(0x7f000000cffc)=0x6, 0x3, 0x1, 0x0, &(0x7f0000000000)=0x2, 0xfffffffc)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)

4.527493715s ago: executing program 5 (id=4237):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
eventfd(0x5)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
epoll_create1(0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
pipe(&(0x7f0000000500))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r2, 0x58, &(0x7f0000000040)={0x0, <r3=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000540)={r3, 0xfffffff8}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x3, &(0x7f0000000580)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6(0xa, 0x3, 0x87)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000))
sendmmsg(r4, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x20}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

4.200581203s ago: executing program 4 (id=4238):
openat$zero(0xffffffffffffff9c, &(0x7f0000000500), 0xc80, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xfff2, 0xb}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x6, &(0x7f0000000000), &(0x7f00000002c0)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r4, 0x3b8c, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r6 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
ioctl$IOCTL_CONFIG_SYS_RESOURCE_PARAMETERS(r6, 0x40096100, &(0x7f0000000880)={{}, 0x6})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, 0x0, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
r9 = socket(0x10, 0x80002, 0x0)
sendmmsg$unix(r8, 0x0, 0x0, 0xc000)
sendmsg$nl_route_sched(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x526}, @TCA_SAMPLE_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0)
r10 = socket(0xf, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@newchain={0x24, 0x64, 0x0, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xfff2}, {0x9, 0x10}, {0xb, 0xfff1}}}, 0x24}}, 0x0)

4.11270542s ago: executing program 5 (id=4239):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000c80)=@get={0xe0, 0x13, 0x701, 0x70bd2d, 0x25dfdbff, {{'gcm(aes)\x00'}, '\x00', '\x00', 0x4400, 0x400}}, 0xe0}, 0x1, 0x0, 0x0, 0x44000}, 0x800)
close(0x4)
r1 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
gettid()
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0xc0843, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$vsock_stream(0x28, 0x1, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r5, &(0x7f0000000240)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)
connect$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
rt_sigprocmask(0x1, &(0x7f0000000040)={[0x9832]}, &(0x7f0000000080), 0x8)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000000)={0x5, 0x0, 0x11ffffffffff, 0x2, 0x500, 0x0, 0x1800000000000000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x53bf, 0x0, 0x200000004, 0x4000000000000086, 0x804, 0x3, 0x1}, 0x0, 0x0)
r6 = syz_open_dev$video4linux(&(0x7f0000000740), 0x5, 0x0)
ioctl$VIDIOC_SUBDEV_G_FMT(r6, 0xc0585604, &(0x7f00000001c0)={0x0, 0x1000000, {0x28, 0x64, 0x2025, 0x5, 0x1, 0x0, 0x1, 0x4}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r7=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000200)={'wlan1\x00', &(0x7f0000000280)=@ethtool_stats})
write$selinux_validatetrans(r1, 0x0, 0x8a)
ioctl$EXT4_IOC_SETFSUUID(r2, 0x4008662c, &(0x7f0000000300)={0x10, 0x0, "60b69e6391774b57b398f602eda1f8a0"})

2.957048371s ago: executing program 5 (id=4240):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, 0x0, &(0x7f0000004040)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', 0xffffffffffffffff, 0x0, 0x8000000000000}, 0x18)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0), 0x4)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000001a40)=""/102392, 0x18ff8)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c0000002400010329bd7000f7dbdf250500000001001b000600200031d834f2d80851d7cd1096e6eb4265a984587aeec9745cbf5d527afcd151528eecd2fc45508a94d43492bd84504faacfa017046fc04ce7c74ce7b7ed2511bb178ebaddc5534aff2faecb"], 0x1c}}, 0x0)
ioctl$IOMMU_VFIO_SET_IOMMU(0xffffffffffffffff, 0x3b66, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')

2.698462796s ago: executing program 3 (id=4241):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001964d408861a92e03f530102030109022400010200100309041f0206e917f300090502020002020000090582020002"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000180)={0x20, 0xe, 0x50, "486cf1bda973fd7cdaafd3b6dca2fd22b094a5ad0ee30dc64e5b4bd4f1bb26c524c3f41282c5fa30365bef04aa39f0e50f2a411107f56014cec69e98a56c8c6a1115a6bb4744b919909c489c7d5ef32d"}, 0x0, 0x0})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000600), r1)
socket$tipc(0x1e, 0x2, 0x0)

2.667528196s ago: executing program 1 (id=4242):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x2a0080, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
read$FUSE(r4, &(0x7f0000004dc0)={0x2020}, 0x2020)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000a40), 0xffffffffffffffff)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r4)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x18, 0x140a, 0xd01, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x9040}, 0xc010)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_SIOCADDRT(r7, 0x890b, &(0x7f0000000100)={0x0, @l2tp={0x2, 0x0, @multicast2, 0x3}, @sco={0x1f, @none}, @llc={0x1a, 0x205, 0x1, 0x2, 0x1, 0x9, @local}, 0x200, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10000, 0x8000})
dup3(r0, r7, 0x80000)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)
socket$inet6(0xa, 0x2, 0x0)

2.23256853s ago: executing program 5 (id=4243):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
getrlimit(0xd, &(0x7f0000000000))
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
creat(&(0x7f0000000240)='./file0\x00', 0x100)
pipe2$9p(&(0x7f0000001900), 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'bridge0\x00'})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87088ac6c46dad33", "ce348f58041d01fc00"}, 0x28)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r5=>0x0})
bind$can_raw(r4, &(0x7f0000000000)={0x1d, r5}, 0x10)
setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r8, {0x7, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x0)

2.183888331s ago: executing program 4 (id=4244):
r0 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0xad82, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
write$FUSE_NOTIFY_DELETE(r0, &(0x7f00000001c0)={0x2a, 0x6, 0x0, {0x2, 0x2, 0x1, 0x0, '\x00'}}, 0x2a)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'veth0_to_team\x00', &(0x7f0000000040)=@ethtool_link_settings={0x4c, 0x32, 0xf3, 0x3, 0x80, 0x7, 0x0, 0xc, 0x66, 0x4, [0x20040, 0x9, 0x10, 0x40, 0x6, 0x2, 0x1, 0x2174]}})
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f0000000180)=0x7a, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
sendto$inet(r4, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8a10ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETLINK(r5, 0x400454cd, 0x118)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

1.966485149s ago: executing program 6 (id=4245):
socket$tipc(0x1e, 0x5, 0x0)
fsopen(&(0x7f00000001c0)='sockfs\x00', 0x1)
prctl$PR_MCE_KILL(0x35, 0x1, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
write$rfkill(0xffffffffffffffff, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc090}, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r3)
close_range(r2, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b55385"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180))
ioctl$SIOCSIFHWADDR(r6, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x0, 0x0, 0x0, 0x6}, 0x0, &(0x7f00000002c0)={0x3bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffd, 0xfffffffffffffffc}, 0x0, 0x0)

896.649905ms ago: executing program 1 (id=4246):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="09032dbd7000fedbdf251f"], 0x14}, 0x1, 0x0, 0x0, 0x54}, 0x4)
getpgrp(0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a800f9ff090003400200000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8018cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970166c42c9bddbf37be84ba37fa6a946b76561dc2d1ef50921562c57c54a58fd0656be9", 0xfa}], 0x1}, 0x60044884)

837.091966ms ago: executing program 3 (id=4247):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xee31b000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r6, @ANYBLOB="010000000000000000000c00000018000180140002006261746164765f736c6176655f310000600003805c0003800c000180"], 0x8c}}, 0x0)
listen(r4, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r8 = accept(r3, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r9, 0x3ba0, &(0x7f0000000740)={0x48})
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x4, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvfrom(r7, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

286.301701ms ago: executing program 4 (id=4248):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a69700000000500040000ffed000900020073797a3200000000240007800c00028008000140ffffffff0c0001800800014080ffffff0500140002000000"], 0x6c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="280000000306010800000000000000000200000305000100070000000900020073797a32"], 0x28}, 0x1, 0x0, 0x0, 0x40004}, 0x40080d0)

199.156926ms ago: executing program 4 (id=4249):
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
mmap(&(0x7f0000140000/0x1000)=nil, 0x1000, 0x7, 0x110, 0xffffffffffffffff, 0x487e1000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4c050)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0x26, 0x4, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r1, 0x40384708, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x8, 0x2, "3eccd8000200000500"})
close_range(r0, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f00000066c0)=""/102389, 0x18ff5)
semget$private(0x0, 0x2, 0x6d3)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_dev$swradio(0x0, 0x0, 0x2)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000100))
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, 0x0, 0xc000)

48.946714ms ago: executing program 1 (id=4250):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x8000000000b, 0x28000)
preadv(r0, &(0x7f0000001200)=[{&(0x7f0000000c00)=""/113, 0x71}], 0x1, 0x4, 0xb)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
setpriority(0x0, 0xffffffff, 0xef)
openat$tun(0xffffffffffffff9c, 0x0, 0x200400, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20100, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000140))
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
socket$l2tp(0x2, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000440), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x9, 0x7, 0x3, 0x1c, 0x5, 0x2, 0x4d, 0x3, 0xf9, 0x1, 0x80, 0xc, 0x8000200000000000}, {0x6, 0x80, 0x8, 0xc4, 0x4, 0x7, 0x6, 0x3, 0x7, 0xff, 0x40, 0x7d}, {0xe2a5, 0x401, 0x1, 0x9, 0x2, 0x6, 0x8, 0xb, 0xff, 0x6, 0x56, 0x3, 0x100}]})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x8000, 0x40, 0x0, 0xffffffffffffffff, 0x5, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffc, 0x100000000004, 0x1, 0x0, 0x2, 0x7fffffff], 0x1, 0x245a06})
ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0)

0s ago: executing program 4 (id=4251):
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$I2C(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$I2C(0x0, 0x10001, 0x240000)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000080)={0x53, 0xfffffffffffffffe, 0x6, 0x7, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000200)="000039302ce8", 0xfffffffffffffffd, 0x80000800, 0x16, 0x0, 0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x136)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x1, [<r6=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
bind$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e23, 0x1, @empty, 0x3}, 0x1c)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={r6, 0x0, <r7=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r7})
r8 = fsopen(&(0x7f0000000040)='9p\x00', 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
r11 = getpgrp(0x0)
ptrace$cont(0x1f, r11, 0x9, 0xfffffffffffffffa)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'lo\x00', <r12=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001b00)=@newqdisc={0x21c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1ec, 0x2, {{0x0, 0x0, 0x57b2}, [@TCA_NETEM_REORDER={0xc, 0x3, {0xdc, 0x3}}, @TCA_NETEM_LOSS={0xc8, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x4, 0x2, 0x3e}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0x7, 0x2}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0xffffdb68, 0xf, 0x4}}, @NETEM_LOSS_GI={0x30, 0x1, {0x7, 0x1, 0x8, 0x85bc, 0x1ff}}, @NETEM_LOSS_GE={0x14, 0x2, {0x5, 0x8000000, 0x5}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x0, 0x5, 0x7, 0x1}}, @NETEM_LOSS_GE={0x14, 0x2, {0x6, 0xf, 0xa9c8}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x0, 0x8, 0x50195274, 0x1}}, @NETEM_LOSS_GE={0x0, 0x2, {0x4, 0x0, 0x59, 0x2}}]}, @TCA_NETEM_LOSS={0xd0, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x5, 0x3, 0x1, 0xedff, 0x4}}, @NETEM_LOSS_GI={0x88, 0x1, {0x9, 0x9, 0x7, 0xfffff000, 0x3a2}}, @NETEM_LOSS_GE={0x14, 0x2, {0x9, 0x4, 0x3, 0x9}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x4, 0x7, 0x200, 0x40}}, @NETEM_LOSS_GI={0x18, 0x1, {0xffffff54, 0x3, 0x1, 0x3c9, 0xc}}, @NETEM_LOSS_GE={0x9, 0x2, {0x3, 0x5, 0x5, 0x9}}, @NETEM_LOSS_GE={0x14, 0x2, {0x1, 0x9, 0x9, 0x2}}, @NETEM_LOSS_GI={0xffffffffffffffad, 0x1, {0x1, 0x9da, 0x1, 0x141, 0xffff}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x40ae, 0x3, 0x3, 0x6}}]}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x7, 0x100, 0x40, 0x9, 0x2, 0x94}}]}}}]}, 0x21c}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)

kernel console output (not intermixed with test programs):

-1: config 0 descriptor??
[ 1412.073458][T20399] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1412.356811][ T6018] usb 4-1: USB disconnect, device number 126
[ 1412.410947][ T5955] usb 5-1: new full-speed USB device number 119 using dummy_hcd
[ 1412.581658][ T5955] usb 5-1: config 5 has an invalid interface number: 187 but max is 0
[ 1412.599045][ T5955] usb 5-1: config 5 has no interface number 0
[ 1412.609188][ T5955] usb 5-1: config 5 interface 187 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[ 1412.658523][ T5955] usb 5-1: config 5 interface 187 altsetting 8 has an invalid endpoint descriptor of length 2, skipping
[ 1412.673389][ T5955] usb 5-1: config 5 interface 187 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1412.689018][ T5955] usb 5-1: config 5 interface 187 has no altsetting 0
[ 1412.720966][ T5955] usb 5-1: New USB device found, idVendor=eb1a, idProduct=2801, bcdDevice=21.7a
[ 1412.731262][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1412.749137][ T5955] usb 5-1: Product: syz
[ 1412.754057][ T5955] usb 5-1: Manufacturer: syz
[ 1412.762909][ T5955] usb 5-1: SerialNumber: syz
[ 1413.099113][T20415] tmpfs: Bad value for 'mpol'
[ 1413.105418][ T5905] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 1413.600260][ T5905] usb 6-1: Using ep0 maxpacket: 8
[ 1413.615320][ T5905] usb 6-1: config 0 has an invalid interface number: 143 but max is 0
[ 1413.623741][ T5905] usb 6-1: config 0 has no interface number 0
[ 1413.638527][ T5905] usb 6-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[ 1413.648561][ T5905] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1413.854792][ T5905] usb 6-1: config 0 descriptor??
[ 1413.975618][ T5905] viperboard 6-1:0.143: version 0.00 found at bus 006 address 020
[ 1413.989291][ T5905] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[ 1414.029405][ T5905] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[ 1414.140673][T20422] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1414.153667][T20422] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1414.301489][ T6018] usb 6-1: USB disconnect, device number 20
[ 1414.865719][ T5905] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 1415.069006][ T5905] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1415.092672][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1415.105828][ T5905] usb 4-1: config 0 descriptor??
[ 1415.120504][ T5905] cp210x 4-1:0.0: cp210x converter detected
[ 1415.145170][ T5955] usb 5-1: USB disconnect, device number 119
[ 1415.513811][T20458] overlayfs: missing 'lowerdir'
[ 1415.935424][T14593] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1416.105223][T14593] usb 6-1: Using ep0 maxpacket: 32
[ 1416.143038][T14593] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1416.185007][T14593] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1416.196873][T14593] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1416.365489][T14593] usb 6-1: Product: syz
[ 1416.455919][T20471] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3704'.
[ 1416.489479][T20471] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1416.869727][T14593] usb 6-1: Manufacturer: syz
[ 1416.874389][T14593] usb 6-1: SerialNumber: syz
[ 1416.887544][T14593] usb 6-1: config 0 descriptor??
[ 1416.911581][   T30] audit: type=1400 audit(1416.443:829): avc:  denied  { accept } for  pid=20465 comm="syz.4.3704" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1416.972882][T20456] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1417.190448][ T5906] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[ 1417.240072][T14593] usb 6-1: USB disconnect, device number 21
[ 1417.827803][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1417.842151][ T5906] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[ 1417.852746][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1417.868146][ T5906] usb 2-1: config 0 descriptor??
[ 1418.554574][ T5905] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71
[ 1418.952605][ T5905] cp210x 4-1:0.0: querying part number failed
[ 1418.984487][ T5905] usb 4-1: cp210x converter now attached to ttyUSB0
[ 1419.024232][ T5905] usb 4-1: USB disconnect, device number 127
[ 1419.034773][ T5905] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1419.047982][ T5905] cp210x 4-1:0.0: device disconnected
[ 1419.063686][T20491] syz.3.3710: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[ 1419.167364][T20491] CPU: 0 UID: 0 PID: 20491 Comm: syz.3.3710 Not tainted syzkaller #0 PREEMPT(full) 
[ 1419.167393][T20491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1419.167406][T20491] Call Trace:
[ 1419.167414][T20491]  <TASK>
[ 1419.167422][T20491]  dump_stack_lvl+0x16c/0x1f0
[ 1419.167454][T20491]  warn_alloc+0x248/0x3a0
[ 1419.167478][T20491]  ? __pfx_warn_alloc+0x10/0x10
[ 1419.167497][T20491]  ? __pfx_stack_trace_save+0x10/0x10
[ 1419.167532][T20491]  ? kasan_save_stack+0x42/0x60
[ 1419.167550][T20491]  ? kasan_save_stack+0x33/0x60
[ 1419.167567][T20491]  ? kasan_save_track+0x14/0x30
[ 1419.167584][T20491]  ? xskq_create+0x52/0x1d0
[ 1419.167602][T20491]  ? xsk_setsockopt+0x74e/0x9a0
[ 1419.167618][T20491]  ? do_sock_setsockopt+0xf0/0x1d0
[ 1419.167647][T20491]  ? xskq_create+0xfb/0x1d0
[ 1419.167667][T20491]  __vmalloc_node_range_noprof+0xff5/0x14b0
[ 1419.167704][T20491]  ? xskq_create+0xfb/0x1d0
[ 1419.167731][T20491]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1419.167767][T20491]  ? xskq_create+0xfb/0x1d0
[ 1419.167792][T20491]  vmalloc_user_noprof+0x9e/0xe0
[ 1419.167820][T20491]  ? xskq_create+0xfb/0x1d0
[ 1419.167841][T20491]  xskq_create+0xfb/0x1d0
[ 1419.167865][T20491]  xsk_setsockopt+0x74e/0x9a0
[ 1419.167885][T20491]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1419.167905][T20491]  ? find_held_lock+0x2b/0x80
[ 1419.167934][T20491]  ? selinux_socket_setsockopt+0x6a/0x80
[ 1419.167961][T20491]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1419.167982][T20491]  do_sock_setsockopt+0xf0/0x1d0
[ 1419.168013][T20491]  __sys_setsockopt+0x1a0/0x230
[ 1419.168040][T20491]  __x64_sys_setsockopt+0xbd/0x160
[ 1419.168061][T20491]  ? do_syscall_64+0x91/0x4e0
[ 1419.168084][T20491]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1419.168107][T20491]  do_syscall_64+0xcd/0x4e0
[ 1419.168133][T20491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1419.168152][T20491] RIP: 0033:0x7f0ab298eba9
[ 1419.168172][T20491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1419.168189][T20491] RSP: 002b:00007f0ab3840038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1419.168208][T20491] RAX: ffffffffffffffda RBX: 00007f0ab2bd5fa0 RCX: 00007f0ab298eba9
[ 1419.168221][T20491] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[ 1419.168232][T20491] RBP: 00007f0ab2a11e19 R08: 0000000000000004 R09: 0000000000000000
[ 1419.168243][T20491] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1419.168256][T20491] R13: 00007f0ab2bd6038 R14: 00007f0ab2bd5fa0 R15: 00007ffd277a21a8
[ 1419.168285][T20491]  </TASK>
[ 1419.170631][T20491] Mem-Info:
[ 1419.206947][T20492] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3711'.
[ 1419.227966][ T5906] usb 2-1: USB disconnect, device number 117
[ 1419.232454][T20491] active_anon:14640 inactive_anon:0 isolated_anon:0
[ 1419.232454][T20491]  active_file:18545 inactive_file:41136 isolated_file:0
[ 1419.232454][T20491]  unevictable:768 dirty:347 writeback:0
[ 1419.232454][T20491]  slab_reclaimable:7611 slab_unreclaimable:100766
[ 1419.232454][T20491]  mapped:37479 shmem:1377 pagetables:1395
[ 1419.232454][T20491]  sec_pagetables:0 bounce:0
[ 1419.232454][T20491]  kernel_misc_reclaimable:0
[ 1419.232454][T20491]  free:1277335 free_pcp:18835 free_cma:0
[ 1419.513278][T20491] Node 0 active_anon:58812kB inactive_anon:0kB active_file:74180kB inactive_file:164348kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:154224kB dirty:1420kB writeback:0kB shmem:4096kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11728kB pagetables:5500kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1419.532805][T20489] SELinux: failed to load policy
[ 1419.551612][   T30] audit: type=1400 audit(1419.493:830): avc:  denied  { setattr } for  pid=20488 comm="syz.4.3711" name="dmmidi2" dev="devtmpfs" ino=1305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[ 1419.559333][T20491] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1419.672258][T20491] Node 0 DMA free:15328kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1419.706038][T20491] lowmem_reserve[]: 0 2479 2481 2481 2481
[ 1419.711807][T20491] Node 0 DMA32 free:1211356kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:61796kB inactive_anon:0kB active_file:74180kB inactive_file:163024kB unevictable:1536kB writepending:1420kB present:3129332kB managed:2539320kB mlocked:0kB bounce:0kB free_pcp:71344kB local_pcp:40164kB free_cma:0kB
[ 1419.831863][T20491] lowmem_reserve[]: 0 0 1 1 1
[ 1419.847829][T20491] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB
[ 1419.910241][T20491] lowmem_reserve[]: 0 0 0 0 0
[ 1419.914986][T20491] Node 1 Normal free:3899224kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:8544kB local_pcp:8544kB free_cma:0kB
[ 1420.046258][ T6018] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 1420.054962][T20491] lowmem_reserve[]: 0 0 0 0 0
[ 1420.059747][T20491] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15328kB
[ 1420.073954][T20491] Node 0 DMA32: 416*4kB (UME) 113*8kB (UE) 34*16kB (UM) 176*32kB (UM) 168*64kB (UME) 96*128kB (UME) 106*256kB (UME) 45*512kB (UME) 17*1024kB (UME) 3*2048kB (ME) 270*4096kB (UM) = 1211432kB
[ 1420.092769][T20491] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1420.177816][T20520] ubi: mtd0 is already attached to ubi31
[ 1421.002441][T20491] Node 1 Normal: 178*4kB (UM) 44*8kB (UME) 47*16kB (UME) 254*32kB (UME) 96*64kB (UME) 29*128kB (UME) 6*256kB (UM) 2*512kB (M) 2*1024kB (UM) 2*2048kB (UM) 945*4096kB (M) = 3899224kB
[ 1421.805793][T20491] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1421.815561][T20491] Node 0 hugepages_total=3 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1421.824842][T20491] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1421.838633][ T6018] usb 6-1: Using ep0 maxpacket: 16
[ 1421.845510][ T6018] usb 6-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1421.865176][ T6018] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1421.896788][ T6018] usb 6-1: New USB device found, idVendor=0b05, idProduct=1866, bcdDevice= 0.40
[ 1421.926066][T20491] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1421.942710][ T6018] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1421.977282][ T6018] usb 6-1: Product: 䐺럘者ݓ蓥⬱岸㠚ꪠ卓㒝侚㧷揄힇膹┣摣݉戯裊䆅軒ꋠ콶綡⨂뙪䢑⡚ﴡ韠儮껜ḯ❛胅苟쯋퓏䞥ﬤ었橾㓵砾욷䁌◲朑霴
[ 1422.018602][T20519] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3720'.
[ 1422.049050][T20491] 65759 total pagecache pages
[ 1422.054574][ T6018] usb 6-1: Manufacturer: য路㲢㙇揇ຩ퐟際ᮖ柵ᅁ축ോ盬킬ﭕ⑾㶢鱬窮┻휶ꋜ喕✔✏╹儀舾籍쯻痏鎔ḉ향쯨댲⼂鮌付衠鰲퇢ᘬ鴚閇鑦쉅誼㱇á
[ 1422.102341][T20491] 0 pages in swap cache
[ 1422.128420][T20491] Free swap  = 124996kB
[ 1422.145237][ T6018] usb 6-1: SerialNumber: ж
[ 1422.164829][T20491] Total swap = 124996kB
[ 1422.192762][T20491] 2097051 pages RAM
[ 1422.196777][ T5955] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[ 1422.313966][T20491] 0 pages HighMem/MovableOnly
[ 1422.319851][T20533] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3722'.
[ 1422.334627][T20491] 430259 pages reserved
[ 1422.343466][T20491] 0 pages cma reserved
[ 1422.405262][ T5955] usb 2-1: Using ep0 maxpacket: 8
[ 1422.437687][ T5955] usb 2-1: config 0 has an invalid interface number: 143 but max is 0
[ 1422.458234][ T5955] usb 2-1: config 0 has no interface number 0
[ 1422.473332][ T5955] usb 2-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[ 1422.535672][ T5955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1422.626537][   T48] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[ 1422.675477][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1422.695212][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1422.810989][ T5955] usb 2-1: config 0 descriptor??
[ 1422.886522][ T6018] usbhid 6-1:1.0: can't add hid device: -71
[ 1422.906114][ T6018] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[ 1422.927389][ T6018] usb 6-1: USB disconnect, device number 22
[ 1422.937790][   T48] usb 1-1: Using ep0 maxpacket: 16
[ 1422.943953][ T5955] viperboard 2-1:0.143: version 0.00 found at bus 002 address 118
[ 1422.960031][   T48] usb 1-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1423.132799][   T48] usb 1-1: config 1 interface 0 has no altsetting 0
[ 1423.144823][ T5955] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[ 1423.154819][ T5955] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[ 1423.168030][   T48] usb 1-1: New USB device found, idVendor=0b05, idProduct=1866, bcdDevice= 0.40
[ 1423.178547][T20529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1423.187749][   T48] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1423.305367][   T48] usb 1-1: Product: য路㲢㙇揇ຩ퐟際ᮖ柵ᅁ축ോ盬킬ﭕ⑾㶢鱬窮┻휶ꋜ喕✔✏╹儀舾籍쯻痏鎔ḉ향쯨댲⼂鮌付衠鰲퇢ᘬ鴚閇鑦쉅誼㱇á
[ 1423.337722][T20529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1423.345342][T19287] block nbd0: Possible stuck request ffff88802700e000: control (read@0,1024B). Runtime 60 seconds
[ 1423.357209][T19287] block nbd0: Possible stuck request ffff88802700e1c0: control (read@1024,1024B). Runtime 60 seconds
[ 1423.375265][T19287] block nbd0: Possible stuck request ffff88802700e380: control (read@2048,1024B). Runtime 60 seconds
[ 1423.384984][ T5905] usb 2-1: USB disconnect, device number 118
[ 1423.386629][T19287] block nbd0: Possible stuck request ffff88802700e540: control (read@3072,1024B). Runtime 60 seconds
[ 1423.386675][   T48] usb 1-1: Manufacturer: చ
[ 1423.425282][   T48] usb 1-1: SerialNumber: 䐺럘者ݓ蓥⬱岸㠚ꪠ卓㒝侚㧷揄힇膹┣摣݉戯裊䆅軒ꋠ콶綡⨂뙪䢑⡚ﴡ韠儮껜ḯ❛胅苟쯋퓏䞥ﬤ었橾㓵砾욷䁌◲朑霴
[ 1423.738640][T20544] ubi: mtd0 is already attached to ubi31
[ 1425.167150][   T48] usbhid 1-1:1.0: can't add hid device: -71
[ 1425.181924][   T48] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[ 1425.242704][   T48] usb 1-1: USB disconnect, device number 123
[ 1426.455365][   T48] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[ 1426.627607][   T48] usb 2-1: Using ep0 maxpacket: 8
[ 1426.644839][   T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1426.658128][   T48] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1426.671412][   T48] usb 2-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[ 1426.681883][   T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1426.685200][ T5905] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 1426.756812][   T48] usb 2-1: config 0 descriptor??
[ 1426.856213][ T5905] usb 4-1: Using ep0 maxpacket: 8
[ 1426.862660][ T5905] usb 4-1: config 0 has an invalid interface number: 143 but max is 0
[ 1426.865242][ T6018] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 1426.881690][ T5905] usb 4-1: config 0 has no interface number 0
[ 1426.904820][ T5905] usb 4-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[ 1426.953255][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1427.091729][ T5905] usb 4-1: config 0 descriptor??
[ 1427.096996][ T6018] usb 6-1: Using ep0 maxpacket: 16
[ 1427.103821][ T6018] usb 6-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1427.150221][ T6018] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1427.168968][ T6018] usb 6-1: New USB device found, idVendor=0b05, idProduct=1866, bcdDevice= 0.40
[ 1427.181030][ T6018] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1427.189715][ T6018] usb 6-1: Product: 䐺럘者ݓ蓥⬱岸㠚ꪠ卓㒝侚㧷揄힇膹┣摣݉戯裊䆅軒ꋠ콶綡⨂뙪䢑⡚ﴡ韠儮껜ḯ❛胅苟쯋퓏䞥ﬤ었橾㓵砾욷䁌◲朑霴
[ 1427.211971][ T6018] usb 6-1: Manufacturer: য路㲢㙇揇ຩ퐟際ᮖ柵ᅁ축ോ盬킬ﭕ⑾㶢鱬窮┻휶ꋜ喕✔✏╹儀舾籍쯻痏鎔ḉ향쯨댲⼂鮌付衠鰲퇢ᘬ鴚閇鑦쉅誼㱇á
[ 1427.233786][ T6018] usb 6-1: SerialNumber: ж
[ 1427.325550][ T5905] viperboard 4-1:0.143: version 0.00 found at bus 004 address 002
[ 1427.362930][   T48] hid_parser_main: 1 callbacks suppressed
[ 1427.362949][   T48] hid-rmi 0003:06CB:81A7.0044: unknown main item tag 0x7
[ 1427.367295][ T5905] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[ 1427.404978][T20577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1427.415508][   T48] hid-rmi 0003:06CB:81A7.0044: unknown main item tag 0x0
[ 1427.422783][   T48] hid-rmi 0003:06CB:81A7.0044: unknown main item tag 0x0
[ 1427.430606][   T48] hid-rmi 0003:06CB:81A7.0044: unknown main item tag 0x0
[ 1427.442383][T20577] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1427.450842][   T48] hid-rmi 0003:06CB:81A7.0044: unknown main item tag 0x0
[ 1427.459297][   T48] hid-rmi 0003:06CB:81A7.0044: unknown main item tag 0x0
[ 1427.515513][   T48] hid-rmi 0003:06CB:81A7.0044: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.1-1/input0
[ 1427.525171][ T5905] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[ 1427.905472][ T6018] usbhid 6-1:1.0: can't add hid device: -71
[ 1427.946231][T14593] usb 4-1: USB disconnect, device number 2
[ 1427.955416][ T6018] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[ 1428.028038][ T6018] usb 6-1: USB disconnect, device number 23
[ 1428.481583][T20593] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1429.615430][T19068] Bluetooth: hci2: command 0x0406 tx timeout
[ 1429.623162][ T5906] usb 2-1: USB disconnect, device number 119
[ 1429.975338][ T5865] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[ 1430.145227][ T5865] usb 5-1: Using ep0 maxpacket: 32
[ 1430.226485][ T5865] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1430.250329][ T5865] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1430.266121][ T5865] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1430.276254][ T5865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1430.397035][ T5865] usb 5-1: config 0 descriptor??
[ 1430.755050][T20618] I/O error, dev loop3, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1430.879666][ T5865] ft260 0003:0403:6030.0045: unknown main item tag 0x7
[ 1431.090630][ T5865] ft260 0003:0403:6030.0045: failed to retrieve chip version
[ 1431.098322][ T5865] ft260 0003:0403:6030.0045: probe with driver ft260 failed with error -5
[ 1431.910633][T20629] block device autoloading is deprecated and will be removed.
[ 1433.041335][T20645] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3754'.
[ 1433.083196][T20643] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3753'.
[ 1433.305363][T14593] usb 6-1: new low-speed USB device number 24 using dummy_hcd
[ 1433.712992][T14593] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1433.722339][T14593] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1433.733860][T14593] usb 6-1: config 0 has no interface number 0
[ 1433.745194][T14593] usb 6-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1433.779863][T14593] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1433.789892][T14593] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1433.805243][T14593] usb 6-1: config 0 descriptor??
[ 1433.826573][T14593] iowarrior 6-1:0.1: no interrupt-in endpoint found
[ 1433.941950][ T5865] usb 5-1: USB disconnect, device number 120
[ 1434.261324][T20661] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3758'.
[ 1434.335615][T20645] netlink: 'syz.5.3754': attribute type 1 has an invalid length.
[ 1434.595266][ T5906] usb 2-1: new full-speed USB device number 120 using dummy_hcd
[ 1434.884902][ T5865] usb 6-1: USB disconnect, device number 24
[ 1434.908228][ T5906] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1435.335420][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1435.343495][ T5906] usb 2-1: Product: syz
[ 1435.354040][ T5906] usb 2-1: Manufacturer: syz
[ 1435.359871][T20674] FAULT_INJECTION: forcing a failure.
[ 1435.359871][T20674] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1435.373282][T20674] CPU: 1 UID: 0 PID: 20674 Comm: syz.0.3763 Not tainted syzkaller #0 PREEMPT(full) 
[ 1435.373306][T20674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1435.373316][T20674] Call Trace:
[ 1435.373324][T20674]  <TASK>
[ 1435.373331][T20674]  dump_stack_lvl+0x16c/0x1f0
[ 1435.373360][T20674]  should_fail_ex+0x512/0x640
[ 1435.373387][T20674]  _copy_to_iter+0x29f/0x1710
[ 1435.373420][T20674]  ? __pfx__copy_to_iter+0x10/0x10
[ 1435.373454][T20674]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1435.373481][T20674]  ? __local_bh_enable_ip+0xa4/0x120
[ 1435.373507][T20674]  hash_recvmsg+0x417/0x960
[ 1435.373536][T20674]  sock_recvmsg+0x1f6/0x250
[ 1435.373553][ T5906] usb 2-1: SerialNumber: syz
[ 1435.373566][T20674]  __sys_recvfrom+0x203/0x310
[ 1435.373589][T20674]  ? __pfx___sys_recvfrom+0x10/0x10
[ 1435.373615][T20674]  ? find_held_lock+0x2b/0x80
[ 1435.373650][T20674]  ? xfd_validate_state+0x61/0x180
[ 1435.373679][T20674]  __x64_sys_recvfrom+0xe0/0x1c0
[ 1435.373696][T20674]  ? do_syscall_64+0x91/0x4e0
[ 1435.373716][T20674]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1435.373735][T20674]  do_syscall_64+0xcd/0x4e0
[ 1435.373757][T20674]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1435.373773][T20674] RIP: 0033:0x7f7615d90974
[ 1435.373787][T20674] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04
[ 1435.373802][T20674] RSP: 002b:00007f7616c84ed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[ 1435.373819][T20674] RAX: ffffffffffffffda RBX: 00007f7616c84fc0 RCX: 00007f7615d90974
[ 1435.373830][T20674] RDX: 0000000000001000 RSI: 00007f7616c85010 RDI: 0000000000000004
[ 1435.373840][T20674] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1435.373849][T20674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 1435.373858][T20674] R13: 00007f7616c84f68 R14: 00007f7616c85010 R15: 0000000000000000
[ 1435.373881][T20674]  </TASK>
[ 1435.428282][T20677] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3764'.
[ 1435.431259][ T5906] usb 2-1: config 0 descriptor??
[ 1435.780194][T20689] FAULT_INJECTION: forcing a failure.
[ 1435.780194][T20689] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1435.793771][T20689] CPU: 0 UID: 0 PID: 20689 Comm: syz.4.3768 Not tainted syzkaller #0 PREEMPT(full) 
[ 1435.793796][T20689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1435.793807][T20689] Call Trace:
[ 1435.793813][T20689]  <TASK>
[ 1435.793820][T20689]  dump_stack_lvl+0x16c/0x1f0
[ 1435.793851][T20689]  should_fail_ex+0x512/0x640
[ 1435.793878][T20689]  _copy_from_user+0x2e/0xd0
[ 1435.793905][T20689]  vmemdup_user+0x66/0xe0
[ 1435.793926][T20689]  setxattr_copy+0x148/0x210
[ 1435.793948][T20689]  path_setxattrat+0x104/0x2a0
[ 1435.793968][T20689]  ? __pfx_path_setxattrat+0x10/0x10
[ 1435.793992][T20689]  ? ksys_write+0x190/0x250
[ 1435.794033][T20689]  ? fput+0x9b/0xd0
[ 1435.794055][T20689]  ? ksys_write+0x1ac/0x250
[ 1435.794073][T20689]  ? __pfx_ksys_write+0x10/0x10
[ 1435.794094][T20689]  __x64_sys_setxattr+0xc6/0x140
[ 1435.794114][T20689]  ? do_syscall_64+0x91/0x4e0
[ 1435.794137][T20689]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1435.794158][T20689]  do_syscall_64+0xcd/0x4e0
[ 1435.794183][T20689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1435.794201][T20689] RIP: 0033:0x7fa3cdb8eba9
[ 1435.794216][T20689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1435.794234][T20689] RSP: 002b:00007fa3cea58038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[ 1435.794252][T20689] RAX: ffffffffffffffda RBX: 00007fa3cddd5fa0 RCX: 00007fa3cdb8eba9
[ 1435.794264][T20689] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 0000200000000040
[ 1435.794275][T20689] RBP: 00007fa3cea58090 R08: 0000000000000000 R09: 0000000000000000
[ 1435.794286][T20689] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001
[ 1435.794297][T20689] R13: 00007fa3cddd6038 R14: 00007fa3cddd5fa0 R15: 00007ffce43853f8
[ 1435.794321][T20689]  </TASK>
[ 1436.005555][ T5906] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1436.235362][ T5865] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 1436.286269][T20703] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3773'.
[ 1436.525210][ T5865] usb 4-1: Using ep0 maxpacket: 16
[ 1436.531880][ T5865] usb 4-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1436.543851][ T5865] usb 4-1: config 1 interface 0 has no altsetting 0
[ 1436.565662][ T5865] usb 4-1: New USB device found, idVendor=0b05, idProduct=1866, bcdDevice= 0.40
[ 1436.577640][ T5865] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1436.585937][ T5865] usb 4-1: Product: য路㲢㙇揇ຩ퐟際ᮖ柵ᅁ축ോ盬킬ﭕ⑾㶢鱬窮┻휶ꋜ喕✔✏╹儀舾籍쯻痏鎔ḉ향쯨댲⼂鮌付衠鰲퇢ᘬ鴚閇鑦쉅誼㱇á
[ 1436.621602][ T5865] usb 4-1: Manufacturer: చ
[ 1436.633635][ T5865] usb 4-1: SerialNumber: 䐺럘者ݓ蓥⬱岸㠚ꪠ卓㒝侚㧷揄힇膹┣摣݉戯裊䆅軒ꋠ콶綡⨂뙪䢑⡚ﴡ韠儮껜ḯ❛胅苟쯋퓏䞥ﬤ었橾㓵砾욷䁌◲朑霴
[ 1437.196692][T20707] netlink: 'syz.0.3774': attribute type 10 has an invalid length.
[ 1437.253635][ T5865] usbhid 4-1:1.0: can't add hid device: -71
[ 1437.263221][T20707] 8021q: adding VLAN 0 to HW filter on device team0
[ 1437.277348][T20707] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1437.305618][ T5865] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[ 1437.324948][ T5865] usb 4-1: USB disconnect, device number 3
[ 1437.353562][   T30] audit: type=1400 audit(1437.318:831): avc:  denied  { listen } for  pid=20704 comm="syz.0.3774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1437.412341][   T30] audit: type=1400 audit(1437.318:832): avc:  denied  { accept } for  pid=20704 comm="syz.0.3774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1437.628036][ T5906] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1437.646667][ T5906] usb 2-1: USB disconnect, device number 120
[ 1437.714230][T20712] FAULT_INJECTION: forcing a failure.
[ 1437.714230][T20712] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1437.727701][T20712] CPU: 1 UID: 0 PID: 20712 Comm: syz.4.3775 Not tainted syzkaller #0 PREEMPT(full) 
[ 1437.727726][T20712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1437.727737][T20712] Call Trace:
[ 1437.727744][T20712]  <TASK>
[ 1437.727751][T20712]  dump_stack_lvl+0x16c/0x1f0
[ 1437.727779][T20712]  should_fail_ex+0x512/0x640
[ 1437.727807][T20712]  _copy_from_iter+0x29f/0x1720
[ 1437.727837][T20712]  ? __alloc_skb+0x200/0x380
[ 1437.727859][T20712]  ? __pfx__copy_from_iter+0x10/0x10
[ 1437.727898][T20712]  netlink_sendmsg+0x829/0xdd0
[ 1437.727927][T20712]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1437.727954][T20712]  ? ____sys_sendmsg+0x871/0xc70
[ 1437.727986][T20712]  ____sys_sendmsg+0xa95/0xc70
[ 1437.728014][T20712]  ? copy_msghdr_from_user+0x10a/0x160
[ 1437.728037][T20712]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1437.728079][T20712]  ___sys_sendmsg+0x134/0x1d0
[ 1437.728103][T20712]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1437.728159][T20712]  __sys_sendmsg+0x16d/0x220
[ 1437.728183][T20712]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1437.728225][T20712]  do_syscall_64+0xcd/0x4e0
[ 1437.728251][T20712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1437.728270][T20712] RIP: 0033:0x7fa3cdb8eba9
[ 1437.728285][T20712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1437.728302][T20712] RSP: 002b:00007fa3cea16038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1437.728321][T20712] RAX: ffffffffffffffda RBX: 00007fa3cddd6180 RCX: 00007fa3cdb8eba9
[ 1437.728333][T20712] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000009
[ 1437.728345][T20712] RBP: 00007fa3cea16090 R08: 0000000000000000 R09: 0000000000000000
[ 1437.728356][T20712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1437.728367][T20712] R13: 00007fa3cddd6218 R14: 00007fa3cddd6180 R15: 00007ffce43853f8
[ 1437.728393][T20712]  </TASK>
[ 1439.856260][T20728] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1439.865748][T20728] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1439.920642][T20731] FAULT_INJECTION: forcing a failure.
[ 1439.920642][T20731] name failslab, interval 1, probability 0, space 0, times 0
[ 1439.922567][   T30] audit: type=1400 audit(1439.818:833): avc:  denied  { append } for  pid=20719 comm="syz.0.3779" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1439.970753][T20731] CPU: 1 UID: 0 PID: 20731 Comm: syz.5.3781 Not tainted syzkaller #0 PREEMPT(full) 
[ 1439.970782][T20731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1439.970793][T20731] Call Trace:
[ 1439.970799][T20731]  <TASK>
[ 1439.970806][T20731]  dump_stack_lvl+0x16c/0x1f0
[ 1439.970834][T20731]  should_fail_ex+0x512/0x640
[ 1439.970856][T20731]  ? __kmalloc_noprof+0xbf/0x510
[ 1439.970877][T20731]  ? io_cache_alloc_new+0x45/0xf0
[ 1439.970900][T20731]  should_failslab+0xc2/0x120
[ 1439.970921][T20731]  __kmalloc_noprof+0xd2/0x510
[ 1439.970946][T20731]  io_cache_alloc_new+0x45/0xf0
[ 1439.970970][T20731]  __io_prep_rw+0x21d/0x1090
[ 1439.970990][T20731]  ? __pfx___io_prep_rw+0x10/0x10
[ 1439.971006][T20731]  ? mark_held_locks+0x49/0x80
[ 1439.971033][T20731]  ? __pfx___io_alloc_req_refill+0x10/0x10
[ 1439.971069][T20731]  io_prep_rw+0x24/0x220
[ 1439.971087][T20731]  io_prep_readv+0x20/0xa0
[ 1439.971106][T20731]  io_submit_sqes+0x853/0x25c0
[ 1439.971141][T20731]  __do_sys_io_uring_enter+0xd6a/0x1630
[ 1439.971166][T20731]  ? __fget_files+0x20e/0x3c0
[ 1439.971186][T20731]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[ 1439.971209][T20731]  ? fput+0x9b/0xd0
[ 1439.971233][T20731]  ? ksys_write+0x1ac/0x250
[ 1439.971252][T20731]  ? __pfx_ksys_write+0x10/0x10
[ 1439.971279][T20731]  do_syscall_64+0xcd/0x4e0
[ 1439.971304][T20731]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1439.971323][T20731] RIP: 0033:0x7f228a18eba9
[ 1439.971338][T20731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1439.971355][T20731] RSP: 002b:00007f228b0c5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1439.971374][T20731] RAX: ffffffffffffffda RBX: 00007f228a3d5fa0 RCX: 00007f228a18eba9
[ 1439.971386][T20731] RDX: 0000000000000000 RSI: 00000000000847ba RDI: 0000000000000004
[ 1439.971396][T20731] RBP: 00007f228b0c5090 R08: 0000000000000000 R09: 0000000000000000
[ 1439.971407][T20731] R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000001
[ 1439.971418][T20731] R13: 00007f228a3d6038 R14: 00007f228a3d5fa0 R15: 00007ffd942a5348
[ 1439.971444][T20731]  </TASK>
[ 1440.183156][T20728] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1440.190588][T20728] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1440.447790][T20739] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3783'.
[ 1440.559474][T20741] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1441.282298][T20752] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3784'.
[ 1443.110371][T20780] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3788'.
[ 1443.132480][T20778] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3790'.
[ 1443.195755][T20781] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1445.009701][   T48] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1445.240813][   T48] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1445.260002][   T48] usb 6-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[ 1445.269257][   T48] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1445.281577][   T48] usb 6-1: Product: syz
[ 1445.285995][   T48] usb 6-1: Manufacturer: syz
[ 1445.290659][   T48] usb 6-1: SerialNumber: syz
[ 1445.303321][   T48] usb 6-1: config 0 descriptor??
[ 1445.380920][T20805] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3797'.
[ 1445.421481][T20805] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1446.073744][T20792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1446.483745][T20792] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1446.528911][   T48] usb 6-1: USB disconnect, device number 25
[ 1446.780962][T20825] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3802'.
[ 1446.843781][T20828] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1446.865198][ T5865] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[ 1447.068789][ T5865] usb 2-1: Using ep0 maxpacket: 32
[ 1447.208254][ T5865] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1447.252530][ T5865] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1447.319206][ T5865] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1447.412484][T20839] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3801'.
[ 1447.434009][ T5865] usb 2-1: Product: syz
[ 1447.441691][ T5865] usb 2-1: Manufacturer: syz
[ 1447.449755][ T5865] usb 2-1: SerialNumber: syz
[ 1447.586639][ T5865] usb 2-1: config 0 descriptor??
[ 1448.227439][T20816] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1448.491564][ T5865] usb 2-1: USB disconnect, device number 121
[ 1449.128873][T20851] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1449.739602][T20857] FAULT_INJECTION: forcing a failure.
[ 1449.739602][T20857] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1449.803991][T20857] CPU: 1 UID: 0 PID: 20857 Comm: syz.5.3809 Not tainted syzkaller #0 PREEMPT(full) 
[ 1449.804016][T20857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1449.804025][T20857] Call Trace:
[ 1449.804032][T20857]  <TASK>
[ 1449.804040][T20857]  dump_stack_lvl+0x16c/0x1f0
[ 1449.804067][T20857]  should_fail_ex+0x512/0x640
[ 1449.804096][T20857]  _copy_from_user+0x2e/0xd0
[ 1449.804123][T20857]  iommufd_fops_ioctl+0x2f5/0x540
[ 1449.804148][T20857]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1449.804173][T20857]  ? hook_file_ioctl_common+0x145/0x410
[ 1449.804201][T20857]  ? selinux_file_ioctl+0x180/0x270
[ 1449.804226][T20857]  ? selinux_file_ioctl+0xb4/0x270
[ 1449.804252][T20857]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1449.804274][T20857]  __x64_sys_ioctl+0x18b/0x210
[ 1449.804301][T20857]  do_syscall_64+0xcd/0x4e0
[ 1449.804325][T20857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1449.804343][T20857] RIP: 0033:0x7f228a18eba9
[ 1449.804358][T20857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1449.804373][T20857] RSP: 002b:00007f228b0c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1449.804388][T20857] RAX: ffffffffffffffda RBX: 00007f228a3d5fa0 RCX: 00007f228a18eba9
[ 1449.804398][T20857] RDX: 00002000000004c0 RSI: 0000000000003b83 RDI: 0000000000000003
[ 1449.804408][T20857] RBP: 00007f228b0c5090 R08: 0000000000000000 R09: 0000000000000000
[ 1449.804417][T20857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1449.804427][T20857] R13: 00007f228a3d6038 R14: 00007f228a3d5fa0 R15: 00007ffd942a5348
[ 1449.804451][T20857]  </TASK>
[ 1450.309833][   T30] audit: type=1400 audit(1450.278:834): avc:  denied  { write } for  pid=20854 comm="syz.3.3808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1450.329806][T20855] overlayfs: failed to resolve './file1': -2
[ 1450.337274][T20855] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.3808'.
[ 1450.414865][T20866] SELinux:  Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped).
[ 1450.446444][   T30] audit: type=1400 audit(1450.418:835): avc:  denied  { relabelto } for  pid=20865 comm="syz.1.3812" name="cgroup.procs" dev="cgroup" ino=62 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:semanage_exec_t:s0"
[ 1450.448728][T20866] FAULT_INJECTION: forcing a failure.
[ 1450.448728][T20866] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1450.568462][   T30] audit: type=1400 audit(1450.418:836): avc:  denied  { associate } for  pid=20865 comm="syz.1.3812" name="cgroup.procs" dev="cgroup" ino=62 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 srawcon="system_u:object_r:semanage_exec_t:s0"
[ 1450.668657][T20866] CPU: 0 UID: 0 PID: 20866 Comm: syz.1.3812 Not tainted syzkaller #0 PREEMPT(full) 
[ 1450.668679][T20866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1450.668686][T20866] Call Trace:
[ 1450.668690][T20866]  <TASK>
[ 1450.668695][T20866]  dump_stack_lvl+0x16c/0x1f0
[ 1450.668713][T20866]  should_fail_ex+0x512/0x640
[ 1450.668731][T20866]  _copy_from_user+0x2e/0xd0
[ 1450.668748][T20866]  vmemdup_user+0x66/0xe0
[ 1450.668762][T20866]  setxattr_copy+0x148/0x210
[ 1450.668776][T20866]  path_setxattrat+0x104/0x2a0
[ 1450.668789][T20866]  ? __pfx_path_setxattrat+0x10/0x10
[ 1450.668806][T20866]  ? ksys_write+0x190/0x250
[ 1450.668830][T20866]  ? fput+0x9b/0xd0
[ 1450.668844][T20866]  ? ksys_write+0x1ac/0x250
[ 1450.668855][T20866]  ? __pfx_ksys_write+0x10/0x10
[ 1450.668869][T20866]  __x64_sys_setxattr+0xc6/0x140
[ 1450.668882][T20866]  ? do_syscall_64+0x91/0x4e0
[ 1450.668896][T20866]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1450.668910][T20866]  do_syscall_64+0xcd/0x4e0
[ 1450.668926][T20866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1450.668938][T20866] RIP: 0033:0x7f0205b8eba9
[ 1450.668947][T20866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1450.668958][T20866] RSP: 002b:00007f0206a80038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[ 1450.668969][T20866] RAX: ffffffffffffffda RBX: 00007f0205dd5fa0 RCX: 00007f0205b8eba9
[ 1450.668977][T20866] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 0000200000000040
[ 1450.668983][T20866] RBP: 00007f0206a80090 R08: 0000000000000000 R09: 0000000000000000
[ 1450.668990][T20866] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001
[ 1450.668997][T20866] R13: 00007f0205dd6038 R14: 00007f0205dd5fa0 R15: 00007ffd3be90528
[ 1450.669011][T20866]  </TASK>
[ 1451.539757][T20885] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3811'.
[ 1451.854626][T20891] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3816'.
[ 1451.898275][T20891] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1453.382484][T19287] block nbd0: Possible stuck request ffff88802700e000: control (read@0,1024B). Runtime 90 seconds
[ 1453.394093][T19287] block nbd0: Possible stuck request ffff88802700e1c0: control (read@1024,1024B). Runtime 90 seconds
[ 1453.525766][T19287] block nbd0: Possible stuck request ffff88802700e380: control (read@2048,1024B). Runtime 90 seconds
[ 1453.553668][T19287] block nbd0: Possible stuck request ffff88802700e540: control (read@3072,1024B). Runtime 90 seconds
[ 1453.603816][T20908] pim6reg: entered allmulticast mode
[ 1456.186810][ T5906] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[ 1456.354339][T20931] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3826'.
[ 1456.625169][ T5906] usb 2-1: Using ep0 maxpacket: 8
[ 1456.660715][T20934] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3825'.
[ 1456.680880][ T5906] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1456.695170][ T5906] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1456.710884][ T5906] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1456.747895][ T5906] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1456.762329][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1456.818385][ T5906] usb 2-1: Product: syz
[ 1456.875385][ T5906] usb 2-1: Manufacturer: syz
[ 1456.910582][ T5906] usb 2-1: SerialNumber: syz
[ 1457.088864][T20938] netlink: 92 bytes leftover after parsing attributes in process `syz.4.3827'.
[ 1457.097911][T20938] netem: unknown loss type 0
[ 1457.102528][T20938] netem: change failed
[ 1458.491692][ T5906] usb 2-1: 0:2 : does not exist
[ 1458.938465][ T5906] usb 2-1: USB disconnect, device number 122
[ 1459.000062][T19443] udevd[19443]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1459.674814][   T30] audit: type=1400 audit(1459.638:837): avc:  denied  { append } for  pid=20949 comm="syz.0.3831" name="nbd0" dev="devtmpfs" ino=679 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1460.410306][   T30] audit: type=1400 audit(1460.358:838): avc:  denied  { ioctl } for  pid=20979 comm="syz.4.3836" path="/dev/cpu/1/msr" dev="devtmpfs" ino=89 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1460.545308][T20985] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3835'.
[ 1461.045270][ T5906] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[ 1461.219343][ T5906] usb 2-1: Using ep0 maxpacket: 32
[ 1461.227888][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1461.239073][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1461.249609][ T5906] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1461.258925][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1461.275240][ T6018] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[ 1461.275645][ T5906] usb 2-1: config 0 descriptor??
[ 1461.445262][ T6018] usb 4-1: Using ep0 maxpacket: 32
[ 1461.452084][ T6018] usb 4-1: config 0 has an invalid interface number: 95 but max is 0
[ 1461.575270][ T6018] usb 4-1: config 0 has no interface number 0
[ 1461.582967][ T6018] usb 4-1: config 0 interface 95 has no altsetting 0
[ 1461.592941][ T6018] usb 4-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=d4.52
[ 1461.602894][ T6018] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1461.612418][ T6018] usb 4-1: Product: syz
[ 1461.618275][ T6018] usb 4-1: Manufacturer: syz
[ 1461.623021][ T6018] usb 4-1: SerialNumber: syz
[ 1461.638270][ T6018] usb 4-1: config 0 descriptor??
[ 1461.688309][ T6018] kalmia 4-1:0.95: probe with driver kalmia failed with error -22
[ 1461.814071][ T5906] ft260 0003:0403:6030.0046: unknown main item tag 0x7
[ 1462.272549][ T5906] ft260 0003:0403:6030.0046: chip code: 6432 8183
[ 1462.280440][T21001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1462.289001][T21001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1462.337347][ T5906] ft260 0003:0403:6030.0046: failed to retrieve system status
[ 1462.345205][ T5906] ft260 0003:0403:6030.0046: probe with driver ft260 failed with error -5
[ 1463.460068][ T5976] usb 2-1: USB disconnect, device number 123
[ 1463.511493][T21021] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3846'.
[ 1463.681539][T21022] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3845'.
[ 1463.692352][T21022] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1463.785186][ T5865] usb 6-1: new low-speed USB device number 26 using dummy_hcd
[ 1463.957240][ T5865] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1463.967997][ T5865] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1463.981471][ T5865] usb 6-1: config 0 has no interface number 0
[ 1463.987630][ T5865] usb 6-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1464.000630][ T5865] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1464.009687][ T5865] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1464.020380][ T5865] usb 6-1: config 0 descriptor??
[ 1464.027837][ T5865] iowarrior 6-1:0.1: no interrupt-in endpoint found
[ 1464.059855][   T48] usb 4-1: USB disconnect, device number 4
[ 1464.798550][T21021] netlink: 'syz.5.3846': attribute type 1 has an invalid length.
[ 1465.576695][ T5906] usb 6-1: USB disconnect, device number 26
[ 1465.732144][T21050] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3853'.
[ 1467.454272][T21066] netlink: 92 bytes leftover after parsing attributes in process `syz.5.3858'.
[ 1467.463475][T21066] netem: unknown loss type 0
[ 1467.468131][T21066] netem: change failed
[ 1469.095224][ T5976] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1469.258651][ T5976] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1469.352224][ T5976] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1469.409248][ T5976] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1469.440418][ T5976] usb 6-1: config 0 descriptor??
[ 1469.526764][   T30] audit: type=1400 audit(1469.491:839): avc:  denied  { setopt } for  pid=21079 comm="syz.4.3861" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1470.037458][ T5976] keytouch 0003:0926:3333.0047: fixing up Keytouch IEC report descriptor
[ 1470.140335][ T5976] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0047/input/input46
[ 1470.704848][T21092] openvswitch: netlink: Key type 4112 is out of range max 32
[ 1470.746967][ T5976] keytouch 0003:0926:3333.0047: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[ 1470.878229][ T5976] usb 6-1: USB disconnect, device number 27
[ 1470.965382][T21102] mmap: syz.4.3865 (21102): VmData 25976832 exceed data ulimit 9868. Update limits or use boot option ignore_rlimit_data.
[ 1471.668788][T21106] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3868'.
[ 1471.871128][ T5906] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[ 1472.195502][ T5906] usb 4-1: Using ep0 maxpacket: 32
[ 1472.218805][ T5906] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1472.297135][ T5906] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1472.350668][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1472.381580][ T5906] usb 4-1: Product: syz
[ 1472.391758][ T5906] usb 4-1: Manufacturer: syz
[ 1472.405794][ T5906] usb 4-1: SerialNumber: syz
[ 1472.502880][T21119] netlink: 92 bytes leftover after parsing attributes in process `syz.5.3870'.
[ 1472.512024][T21119] netem: unknown loss type 0
[ 1472.516686][T21119] netem: change failed
[ 1472.639125][ T5906] usb 4-1: config 0 descriptor??
[ 1472.775047][T21114] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3869'.
[ 1472.899032][T21099] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1473.373094][ T5906] usb 4-1: USB disconnect, device number 5
[ 1475.396778][T15357] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1475.408146][T15357] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1475.416826][T15357] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1475.429215][T15357] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1475.438486][T15357] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1475.522086][T21142] FAULT_INJECTION: forcing a failure.
[ 1475.522086][T21142] name failslab, interval 1, probability 0, space 0, times 0
[ 1475.607353][T21142] CPU: 1 UID: 0 PID: 21142 Comm: syz.4.3876 Not tainted syzkaller #0 PREEMPT(full) 
[ 1475.607379][T21142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1475.607389][T21142] Call Trace:
[ 1475.607395][T21142]  <TASK>
[ 1475.607402][T21142]  dump_stack_lvl+0x16c/0x1f0
[ 1475.607429][T21142]  should_fail_ex+0x512/0x640
[ 1475.607451][T21142]  ? fs_reclaim_acquire+0xae/0x150
[ 1475.607477][T21142]  ? tomoyo_encode2+0x100/0x3e0
[ 1475.607500][T21142]  should_failslab+0xc2/0x120
[ 1475.607521][T21142]  __kmalloc_noprof+0xd2/0x510
[ 1475.607545][T21142]  tomoyo_encode2+0x100/0x3e0
[ 1475.607573][T21142]  tomoyo_encode+0x29/0x50
[ 1475.607597][T21142]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1475.607625][T21142]  ? tomoyo_profile+0x47/0x60
[ 1475.607644][T21142]  tomoyo_path_number_perm+0x245/0x580
[ 1475.607666][T21142]  ? tomoyo_path_number_perm+0x237/0x580
[ 1475.607691][T21142]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1475.607716][T21142]  ? find_held_lock+0x2b/0x80
[ 1475.607762][T21142]  ? find_held_lock+0x2b/0x80
[ 1475.607782][T21142]  ? hook_file_ioctl_common+0x145/0x410
[ 1475.607807][T21142]  ? __fget_files+0x20e/0x3c0
[ 1475.607832][T21142]  security_file_ioctl+0x9b/0x240
[ 1475.607860][T21142]  __x64_sys_ioctl+0xb7/0x210
[ 1475.607889][T21142]  do_syscall_64+0xcd/0x4e0
[ 1475.607914][T21142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1475.607932][T21142] RIP: 0033:0x7fa3cdb8eba9
[ 1475.607947][T21142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1475.607963][T21142] RSP: 002b:00007fa3cea58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1475.607980][T21142] RAX: ffffffffffffffda RBX: 00007fa3cddd5fa0 RCX: 00007fa3cdb8eba9
[ 1475.607991][T21142] RDX: 0000200000000040 RSI: 00000000c028aa05 RDI: 0000000000000003
[ 1475.608002][T21142] RBP: 00007fa3cea58090 R08: 0000000000000000 R09: 0000000000000000
[ 1475.608012][T21142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1475.608022][T21142] R13: 00007fa3cddd6038 R14: 00007fa3cddd5fa0 R15: 00007ffce43853f8
[ 1475.608044][T21142]  </TASK>
[ 1475.608059][T21142] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1475.762897][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1476.089670][T21139] chnl_net:caif_netlink_parms(): no params data found
[ 1476.111227][T21158] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3881'.
[ 1476.797999][T21139] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1476.806688][T21139] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1476.900999][T21139] bridge_slave_0: entered allmulticast mode
[ 1476.924306][T21139] bridge_slave_0: entered promiscuous mode
[ 1476.934811][T21139] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1476.946836][ T5906] usb 2-1: new low-speed USB device number 124 using dummy_hcd
[ 1476.956077][T21139] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1477.089626][T21139] bridge_slave_1: entered allmulticast mode
[ 1477.356025][T21139] bridge_slave_1: entered promiscuous mode
[ 1477.373041][ T5906] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1477.406247][ T5906] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1477.426844][ T5906] usb 2-1: config 0 has no interface number 0
[ 1477.433007][ T5906] usb 2-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1477.539582][T15357] Bluetooth: hci4: command tx timeout
[ 1477.585288][ T5906] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1477.595794][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1477.617955][ T5906] usb 2-1: config 0 descriptor??
[ 1477.639504][ T5906] iowarrior 2-1:0.1: no interrupt-in endpoint found
[ 1477.646975][T21181] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3884'.
[ 1477.657159][T21139] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1477.682943][T21139] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1477.851655][T21158] netlink: 'syz.1.3881': attribute type 1 has an invalid length.
[ 1478.050232][ T5906] usb 2-1: USB disconnect, device number 124
[ 1478.185067][T21139] team0: Port device team_slave_0 added
[ 1478.206509][T21139] team0: Port device team_slave_1 added
[ 1478.268438][T21139] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1478.281825][T21139] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1478.364237][T21139] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1478.391672][T21139] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1478.398816][T21139] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1478.425553][T21139] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1478.490365][T21139] hsr_slave_0: entered promiscuous mode
[ 1478.504991][T21139] hsr_slave_1: entered promiscuous mode
[ 1478.518836][T21139] debugfs: 'hsr0' already exists in 'hsr'
[ 1478.525480][T21139] Cannot create hsr debugfs directory
[ 1479.652004][T15357] Bluetooth: hci4: command tx timeout
[ 1479.892391][T21199] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3889'.
[ 1480.148437][T21139] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1480.178844][T21139] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1480.649167][   T30] audit: type=1400 audit(1480.211:840): avc:  denied  { write } for  pid=21202 comm="syz.3.3891" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1480.677179][T21139] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1480.797811][T21139] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1481.690936][T21232] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1481.858443][T19068] Bluetooth: hci4: command tx timeout
[ 1482.099526][T21235] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3897'.
[ 1482.101444][T21139] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1482.164455][T21139] 8021q: adding VLAN 0 to HW filter on device team0
[ 1482.245164][T21239] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3898'.
[ 1482.468872][ T4519] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1482.475977][ T4519] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1482.517931][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1482.525009][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1482.565274][ T5906] usb 4-1: new low-speed USB device number 6 using dummy_hcd
[ 1483.450286][ T5906] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1483.466386][ T5906] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1483.477625][T19287] block nbd0: Possible stuck request ffff88802700e000: control (read@0,1024B). Runtime 120 seconds
[ 1483.488740][T19287] block nbd0: Possible stuck request ffff88802700e1c0: control (read@1024,1024B). Runtime 120 seconds
[ 1483.519140][ T5906] usb 4-1: config 0 has no interface number 0
[ 1483.604986][T19287] block nbd0: Possible stuck request ffff88802700e380: control (read@2048,1024B). Runtime 120 seconds
[ 1483.616233][T19287] block nbd0: Possible stuck request ffff88802700e540: control (read@3072,1024B). Runtime 120 seconds
[ 1483.935372][T19068] Bluetooth: hci4: command tx timeout
[ 1484.102179][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.113346][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.470659][ T5906] usb 4-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1485.794197][ T5906] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1485.803458][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1485.816096][ T5906] usb 4-1: config 0 descriptor??
[ 1485.840834][T21254] netlink: 92 bytes leftover after parsing attributes in process `syz.5.3901'.
[ 1485.863696][ T5906] usb 4-1: can't set config #0, error -71
[ 1485.878030][ T5906] usb 4-1: USB disconnect, device number 6
[ 1485.929653][T21254] netem: unknown loss type 0
[ 1485.941125][T21254] netem: change failed
[ 1486.931726][T21275] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1487.371159][T21278] ubi: mtd0 is already attached to ubi31
[ 1487.384210][T21139] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1487.888162][T21283] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3908'.
[ 1488.437547][T21301] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3912'.
[ 1488.514301][T21139] veth0_vlan: entered promiscuous mode
[ 1488.567452][T21139] veth1_vlan: entered promiscuous mode
[ 1488.600533][T21139] veth0_macvtap: entered promiscuous mode
[ 1488.755235][T10271] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[ 1488.835739][T21139] veth1_macvtap: entered promiscuous mode
[ 1488.844521][T21263] netlink: 'syz.5.3904': attribute type 13 has an invalid length.
[ 1488.852690][T21274] usb 5-1: new low-speed USB device number 121 using dummy_hcd
[ 1488.852766][T21139] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1488.941252][T21263] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1488.977648][T10271] usb 2-1: config 1 has an invalid interface number: 7 but max is 0
[ 1488.987760][T10271] usb 2-1: config 1 has no interface number 0
[ 1488.994002][T10271] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[ 1489.015056][T21274] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1489.018953][T21139] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1489.023394][T21274] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1489.042322][T10271] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[ 1489.062334][T10271] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1489.069465][ T6218] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1489.073331][T21274] usb 5-1: config 0 has no interface number 0
[ 1489.088375][T21274] usb 5-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1489.112216][T10271] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[ 1489.121700][T10271] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1489.123488][ T6218] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1489.132306][T10271] usb 2-1: Product: syz
[ 1489.151320][T21274] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1489.169306][T10271] usb 2-1: Manufacturer: syz
[ 1489.172423][ T1033] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1489.178272][ T1033] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1489.203100][T21274] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1489.265281][T10271] usb 2-1: SerialNumber: syz
[ 1489.277368][T21274] usb 5-1: config 0 descriptor??
[ 1489.327506][T21303] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1489.347139][T21274] iowarrior 5-1:0.1: no interrupt-in endpoint found
[ 1489.562921][T21301] netlink: 'syz.4.3912': attribute type 1 has an invalid length.
[ 1489.574078][T21297] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1489.605132][ T4519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1489.612969][ T4519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1489.904954][ T1033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1489.923474][T10271] usb 2-1: Incompatible driver and firmware versions
[ 1489.972342][ T1033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1490.026296][T21274] usb 5-1: USB disconnect, device number 121
[ 1490.405268][ T5865] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1490.636894][ T5865] usb 7-1: Using ep0 maxpacket: 8
[ 1490.643211][ T5865] usb 7-1: config 0 has an invalid interface number: 143 but max is 0
[ 1490.653787][ T5865] usb 7-1: config 0 has no interface number 0
[ 1490.660604][ T5865] usb 7-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[ 1490.689698][ T5865] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1490.712020][ T5865] usb 7-1: config 0 descriptor??
[ 1490.842068][ T5865] viperboard 7-1:0.143: version 0.00 found at bus 007 address 002
[ 1490.880320][ T5865] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[ 1490.935334][ T5865] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[ 1491.306482][T21331] netlink: 92 bytes leftover after parsing attributes in process `syz.5.3916'.
[ 1491.315508][T21331] netem: unknown loss type 0
[ 1491.320088][T21331] netem: change failed
[ 1491.855597][ T5906] usb 2-1: USB disconnect, device number 125
[ 1492.269183][T14593] usb 7-1: USB disconnect, device number 2
[ 1493.352284][T21347] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3919'.
[ 1493.395352][T21347] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1494.045964][ T5865] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1494.105254][ T6018] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[ 1494.123784][T21359] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3924'.
[ 1494.226430][ T5865] usb 7-1: Using ep0 maxpacket: 8
[ 1494.233707][ T5865] usb 7-1: config 0 has an invalid interface number: 143 but max is 0
[ 1494.242298][ T5865] usb 7-1: config 0 has no interface number 0
[ 1494.249013][ T6018] usb 4-1: device descriptor read/64, error -71
[ 1494.256205][ T5865] usb 7-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[ 1494.265379][ T5865] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1494.283286][ T5865] usb 7-1: config 0 descriptor??
[ 1494.375183][T14593] usb 6-1: new low-speed USB device number 28 using dummy_hcd
[ 1494.405507][ T5865] viperboard 7-1:0.143: version 0.00 found at bus 007 address 003
[ 1494.423091][ T5865] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[ 1494.436370][ T5865] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[ 1494.505171][ T6018] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[ 1494.541160][T14593] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1494.547407][T21351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1494.569917][T21351] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1494.614156][T14593] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1494.650809][ T6018] usb 4-1: device descriptor read/64, error -71
[ 1494.663816][T14593] usb 6-1: config 0 has no interface number 0
[ 1494.674008][T14593] usb 6-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1494.690679][T14593] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1494.701986][T14593] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1494.703451][ T5865] usb 7-1: USB disconnect, device number 3
[ 1494.714739][T14593] usb 6-1: config 0 descriptor??
[ 1494.730445][T14593] iowarrior 6-1:0.1: no interrupt-in endpoint found
[ 1494.767885][ T6018] usb usb4-port1: attempt power cycle
[ 1494.927816][T21359] netlink: 'syz.5.3924': attribute type 1 has an invalid length.
[ 1495.125266][ T6018] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[ 1495.171212][ T6018] usb 4-1: device descriptor read/8, error -71
[ 1495.284430][T14593] usb 6-1: USB disconnect, device number 28
[ 1495.438607][T21371] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3927'.
[ 1495.471332][T21375] netlink: 'syz.4.3929': attribute type 3 has an invalid length.
[ 1495.505213][ T6018] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[ 1495.527603][ T6018] usb 4-1: device descriptor read/8, error -71
[ 1495.645635][ T6018] usb usb4-port1: unable to enumerate USB device
[ 1495.799809][   T30] audit: type=1400 audit(1495.751:841): avc:  denied  { audit_write } for  pid=21374 comm="syz.4.3929" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 1495.820404][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1498.189730][ T5906] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1498.263559][T21400] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3934'.
[ 1498.565319][ T5906] usb 6-1: Using ep0 maxpacket: 16
[ 1498.588542][ T5906] usb 6-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice= 2.73
[ 1499.567418][ T5906] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1499.590067][ T5906] usb 6-1: Product: syz
[ 1499.594251][ T5906] usb 6-1: Manufacturer: syz
[ 1499.599666][ T5906] usb 6-1: SerialNumber: syz
[ 1499.606799][ T5906] usb 6-1: config 0 descriptor??
[ 1499.613380][ T5906] gspca_main: spca501-2.14.0 probing 0497:c001
[ 1499.929606][T21392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1499.982720][T21392] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1500.018216][ T5906] gspca_spca501: reg write: error -71
[ 1500.031022][ T5906] spca501 6-1:0.0: Reg write failed for 0x02,0x07,0x05
[ 1500.165646][ T5906] spca501 6-1:0.0: probe with driver spca501 failed with error -22
[ 1500.317081][ T5906] usb 6-1: USB disconnect, device number 29
[ 1500.632967][T21422] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1501.276933][T21429] netlink: 92 bytes leftover after parsing attributes in process `syz.4.3943'.
[ 1501.286123][T21429] netem: unknown loss type 0
[ 1501.290713][T21429] netem: change failed
[ 1501.345150][T15768] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[ 1502.837555][T15768] usb 4-1: Using ep0 maxpacket: 32
[ 1502.946940][T21442] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1503.189414][T15768] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1503.359496][T21443] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3947'.
[ 1503.390904][T15768] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1503.531564][T15768] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1503.601101][T15768] usb 4-1: Product: syz
[ 1503.610871][T15768] usb 4-1: Manufacturer: syz
[ 1503.618629][T15768] usb 4-1: SerialNumber: syz
[ 1506.618593][T15768] usb 4-1: config 0 descriptor??
[ 1506.625314][T15768] usb 4-1: can't set config #0, error -71
[ 1506.638011][T15768] usb 4-1: USB disconnect, device number 11
[ 1506.709337][T21455] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1506.770328][T21455] FAULT_INJECTION: forcing a failure.
[ 1506.770328][T21455] name failslab, interval 1, probability 0, space 0, times 0
[ 1506.806121][T21455] CPU: 1 UID: 0 PID: 21455 Comm: syz.3.3953 Not tainted syzkaller #0 PREEMPT(full) 
[ 1506.806146][T21455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1506.806157][T21455] Call Trace:
[ 1506.806170][T21455]  <TASK>
[ 1506.806178][T21455]  dump_stack_lvl+0x16c/0x1f0
[ 1506.806205][T21455]  should_fail_ex+0x512/0x640
[ 1506.806228][T21455]  ? fs_reclaim_acquire+0xae/0x150
[ 1506.806254][T21455]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1506.806280][T21455]  should_failslab+0xc2/0x120
[ 1506.806301][T21455]  __kmalloc_noprof+0xd2/0x510
[ 1506.806326][T21455]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1506.806354][T21455]  ? tomoyo_profile+0x47/0x60
[ 1506.806374][T21455]  tomoyo_path_number_perm+0x245/0x580
[ 1506.806396][T21455]  ? tomoyo_path_number_perm+0x237/0x580
[ 1506.806419][T21455]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1506.806444][T21455]  ? find_held_lock+0x2b/0x80
[ 1506.806492][T21455]  ? find_held_lock+0x2b/0x80
[ 1506.806512][T21455]  ? hook_file_ioctl_common+0x145/0x410
[ 1506.806537][T21455]  ? __fget_files+0x20e/0x3c0
[ 1506.806562][T21455]  security_file_ioctl+0x9b/0x240
[ 1506.806589][T21455]  __x64_sys_ioctl+0xb7/0x210
[ 1506.806619][T21455]  do_syscall_64+0xcd/0x4e0
[ 1506.806644][T21455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1506.806661][T21455] RIP: 0033:0x7f0ab298eba9
[ 1506.806680][T21455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1506.806696][T21455] RSP: 002b:00007f0ab3840038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1506.806713][T21455] RAX: ffffffffffffffda RBX: 00007f0ab2bd5fa0 RCX: 00007f0ab298eba9
[ 1506.806725][T21455] RDX: 0000200000000040 RSI: 0000000000003b8c RDI: 0000000000000003
[ 1506.806736][T21455] RBP: 00007f0ab3840090 R08: 0000000000000000 R09: 0000000000000000
[ 1506.806746][T21455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1506.806757][T21455] R13: 00007f0ab2bd6038 R14: 00007f0ab2bd5fa0 R15: 00007ffd277a21a8
[ 1506.806782][T21455]  </TASK>
[ 1506.806839][T21455] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1506.863071][T21462] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1506.954460][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1507.156527][T14593] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[ 1507.315207][T14593] usb 2-1: Using ep0 maxpacket: 16
[ 1508.267151][T14593] usb 2-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice= 2.73
[ 1508.276854][T14593] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1508.292389][T14593] usb 2-1: Product: syz
[ 1508.311877][T14593] usb 2-1: Manufacturer: syz
[ 1508.323143][T14593] usb 2-1: SerialNumber: syz
[ 1508.358781][T14593] usb 2-1: config 0 descriptor??
[ 1508.376064][T14593] gspca_main: spca501-2.14.0 probing 0497:c001
[ 1508.583573][T21460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1508.611871][T21460] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1508.654943][T14593] gspca_spca501: reg write: error -71
[ 1508.679904][T14593] spca501 2-1:0.0: Reg write failed for 0x02,0x07,0x05
[ 1508.689728][T14593] spca501 2-1:0.0: probe with driver spca501 failed with error -22
[ 1508.751633][T14593] usb 2-1: USB disconnect, device number 126
[ 1510.365222][   T48] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[ 1510.545186][   T48] usb 5-1: Using ep0 maxpacket: 32
[ 1510.745748][   T48] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1510.767123][   T48] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1510.799240][   T48] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1510.813604][   T48] usb 5-1: Product: syz
[ 1510.851415][   T48] usb 5-1: Manufacturer: syz
[ 1510.896692][T21511] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3966'.
[ 1510.935935][   T48] usb 5-1: SerialNumber: syz
[ 1510.970782][   T48] usb 5-1: config 0 descriptor??
[ 1511.002168][T21503] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1511.217862][   T48] usb 5-1: USB disconnect, device number 122
[ 1512.880810][T21524] netlink: 'syz.6.3970': attribute type 8 has an invalid length.
[ 1512.985209][T14593] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[ 1512.987191][T21525] netlink: 'syz.6.3970': attribute type 4 has an invalid length.
[ 1513.021168][T21525] netlink: 152 bytes leftover after parsing attributes in process `syz.6.3970'.
[ 1513.189350][T14593] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1513.206898][T14593] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1513.246363][T14593] usb 2-1: Product: syz
[ 1513.256250][T14593] usb 2-1: Manufacturer: syz
[ 1513.265694][T14593] usb 2-1: SerialNumber: syz
[ 1513.324385][T21525] : renamed from bond0 (while UP)
[ 1513.355892][T14593] usb 2-1: config 0 descriptor??
[ 1513.535952][T19287] block nbd0: Possible stuck request ffff88802700e000: control (read@0,1024B). Runtime 150 seconds
[ 1513.546910][T19287] block nbd0: Possible stuck request ffff88802700e1c0: control (read@1024,1024B). Runtime 150 seconds
[ 1513.695667][T19287] block nbd0: Possible stuck request ffff88802700e380: control (read@2048,1024B). Runtime 150 seconds
[ 1513.711066][T19287] block nbd0: Possible stuck request ffff88802700e540: control (read@3072,1024B). Runtime 150 seconds
[ 1514.579914][T21560] netlink: 'syz.6.3975': attribute type 12 has an invalid length.
[ 1515.078796][   T30] audit: type=1400 audit(1515.041:842): avc:  denied  { map } for  pid=21555 comm="syz.6.3975" path="socket:[72774]" dev="sockfs" ino=72774 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1515.889416][T14593] peak_usb 2-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[ 1515.899971][T14593] peak_usb 2-1:0.0: unable to read PCAN-USB FD firmware info (err -71)
[ 1516.174891][T21573] ubi: mtd0 is already attached to ubi31
[ 1516.642407][T21588] netlink: 92 bytes leftover after parsing attributes in process `syz.3.3978'.
[ 1516.651416][T21588] netem: unknown loss type 0
[ 1516.656335][T21588] netem: change failed
[ 1517.528815][T14593] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -71
[ 1517.625523][T14593] usb 2-1: USB disconnect, device number 127
[ 1517.958442][T21602] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3980'.
[ 1518.077408][T21603] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1518.385344][T14593] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 1518.395979][   T30] audit: type=1400 audit(1518.361:843): avc:  denied  { connect } for  pid=21607 comm="syz.6.3983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1518.640423][T21615] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3985'.
[ 1518.984574][T21618] sch_tbf: burst 88 is lower than device macsec0 mtu (1482) !
[ 1519.055151][T14593] usb 2-1: Using ep0 maxpacket: 32
[ 1519.091205][T14593] usb 2-1: device descriptor read/all, error -71
[ 1519.182281][   T30] audit: type=1400 audit(1519.091:844): avc:  denied  { remount } for  pid=21613 comm="syz.6.3985" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1519.871292][T21621] netlink: 92 bytes leftover after parsing attributes in process `syz.4.3986'.
[ 1519.880376][T21621] netem: unknown loss type 0
[ 1519.884964][T21621] netem: change failed
[ 1520.223184][T21627] netlink: 'syz.1.3988': attribute type 11 has an invalid length.
[ 1520.485184][ T5906] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1520.643024][ T5906] usb 7-1: Using ep0 maxpacket: 32
[ 1520.645453][T21653] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3997'.
[ 1521.896586][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1521.907554][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1521.935217][ T5906] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1521.945331][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1521.966558][ T5906] usb 7-1: config 0 descriptor??
[ 1522.245605][   T48] usb 5-1: new low-speed USB device number 123 using dummy_hcd
[ 1523.106655][   T48] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1523.490839][ T5906] ft260 0003:0403:6030.0048: unknown main item tag 0x7
[ 1523.521670][   T48] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1523.555688][ T5906] ft260 0003:0403:6030.0048: chip code: 6432 8183
[ 1523.582333][   T48] usb 5-1: config 0 has no interface number 0
[ 1523.595016][   T48] usb 5-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1523.660444][   T48] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1523.708069][   T48] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1523.747676][   T48] usb 5-1: config 0 descriptor??
[ 1523.782238][   T48] usb 5-1: can't set config #0, error -71
[ 1523.881733][T21683] FAULT_INJECTION: forcing a failure.
[ 1523.881733][T21683] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1523.901251][   T48] usb 5-1: USB disconnect, device number 123
[ 1523.907945][T21683] CPU: 0 UID: 0 PID: 21683 Comm: syz.4.4005 Not tainted syzkaller #0 PREEMPT(full) 
[ 1523.907974][T21683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1523.907985][T21683] Call Trace:
[ 1523.907991][T21683]  <TASK>
[ 1523.907998][T21683]  dump_stack_lvl+0x16c/0x1f0
[ 1523.908025][T21683]  should_fail_ex+0x512/0x640
[ 1523.908052][T21683]  _copy_from_iter+0x29f/0x1720
[ 1523.908080][T21683]  ? __alloc_skb+0x200/0x380
[ 1523.908101][T21683]  ? __pfx__copy_from_iter+0x10/0x10
[ 1523.908128][T21683]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1523.908165][T21683]  netlink_sendmsg+0x829/0xdd0
[ 1523.908192][T21683]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1523.908225][T21683]  ____sys_sendmsg+0xa95/0xc70
[ 1523.908252][T21683]  ? copy_msghdr_from_user+0x10a/0x160
[ 1523.908274][T21683]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1523.908311][T21683]  ___sys_sendmsg+0x134/0x1d0
[ 1523.908333][T21683]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1523.908386][T21683]  __sys_sendmsg+0x16d/0x220
[ 1523.908407][T21683]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1523.908446][T21683]  do_syscall_64+0xcd/0x4e0
[ 1523.908472][T21683]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1523.908489][T21683] RIP: 0033:0x7fa3cdb8eba9
[ 1523.908503][T21683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1523.908520][T21683] RSP: 002b:00007fa3cea58038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1523.908538][T21683] RAX: ffffffffffffffda RBX: 00007fa3cddd5fa0 RCX: 00007fa3cdb8eba9
[ 1523.908550][T21683] RDX: 0000000020000040 RSI: 0000200000000400 RDI: 0000000000000003
[ 1523.908561][T21683] RBP: 00007fa3cea58090 R08: 0000000000000000 R09: 0000000000000000
[ 1523.908571][T21683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1523.908582][T21683] R13: 00007fa3cddd6038 R14: 00007fa3cddd5fa0 R15: 00007ffce43853f8
[ 1523.908606][T21683]  </TASK>
[ 1524.100949][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1524.313177][T10271] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 1524.835326][T10271] usb 6-1: Using ep0 maxpacket: 16
[ 1524.842094][T10271] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1524.874160][T10271] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1524.922254][T10271] usb 6-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00
[ 1524.952199][T10271] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1524.965498][T10271] usb 6-1: config 0 descriptor??
[ 1525.619998][T10271] hid-rmi 0003:17EF:6085.0049: unknown main item tag 0x0
[ 1526.178075][T10271] hid-rmi 0003:17EF:6085.0049: unknown main item tag 0x0
[ 1526.186192][T10271] hid-rmi 0003:17EF:6085.0049: unknown main item tag 0x0
[ 1526.193701][T10271] hid-rmi 0003:17EF:6085.0049: unknown main item tag 0x0
[ 1526.201374][T10271] hid-rmi 0003:17EF:6085.0049: unknown main item tag 0x0
[ 1526.208467][T10271] hid-rmi 0003:17EF:6085.0049: unknown main item tag 0x0
[ 1526.215500][T10271] hid-rmi 0003:17EF:6085.0049: unknown main item tag 0x0
[ 1526.640772][T10271] hid-rmi 0003:17EF:6085.0049: hidraw0: USB HID v1e.00 Device [HID 17ef:6085] on usb-dummy_hcd.5-1/input0
[ 1528.189129][T10271] usb 6-1: USB disconnect, device number 30
[ 1528.263214][T21724] FAULT_INJECTION: forcing a failure.
[ 1528.263214][T21724] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1528.283302][T21724] CPU: 0 UID: 0 PID: 21724 Comm: syz.5.4017 Not tainted syzkaller #0 PREEMPT(full) 
[ 1528.283331][T21724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1528.283342][T21724] Call Trace:
[ 1528.283349][T21724]  <TASK>
[ 1528.283356][T21724]  dump_stack_lvl+0x16c/0x1f0
[ 1528.283382][T21724]  should_fail_ex+0x512/0x640
[ 1528.283407][T21724]  _copy_from_user+0x2e/0xd0
[ 1528.283430][T21724]  do_sock_getsockopt+0x3ca/0x440
[ 1528.283454][T21724]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1528.283474][T21724]  ? __fget_files+0x204/0x3c0
[ 1528.283502][T21724]  __sys_getsockopt+0x12f/0x260
[ 1528.283527][T21724]  __x64_sys_getsockopt+0xbd/0x160
[ 1528.283543][T21724]  ? do_syscall_64+0x91/0x4e0
[ 1528.283563][T21724]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1528.283582][T21724]  do_syscall_64+0xcd/0x4e0
[ 1528.283602][T21724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1528.283619][T21724] RIP: 0033:0x7f228a18eba9
[ 1528.283632][T21724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1528.283647][T21724] RSP: 002b:00007f228b0c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1528.283663][T21724] RAX: ffffffffffffffda RBX: 00007f228a3d5fa0 RCX: 00007f228a18eba9
[ 1528.283673][T21724] RDX: 0000000000002715 RSI: 0000200000000114 RDI: 0000000000000003
[ 1528.283683][T21724] RBP: 00007f228b0c5090 R08: 0000200000000000 R09: 0000000000000000
[ 1528.283693][T21724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1528.283702][T21724] R13: 00007f228a3d6038 R14: 00007f228a3d5fa0 R15: 00007ffd942a5348
[ 1528.283723][T21724]  </TASK>
[ 1528.444659][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1528.577609][ T5906] ft260 0003:0403:6030.0048: failed to retrieve system status
[ 1528.578847][ T5906] ft260 0003:0403:6030.0048: probe with driver ft260 failed with error -110
[ 1529.607887][   T48] usb 7-1: USB disconnect, device number 4
[ 1529.642490][T21741] FAULT_INJECTION: forcing a failure.
[ 1529.642490][T21741] name failslab, interval 1, probability 0, space 0, times 0
[ 1529.690408][T21741] CPU: 0 UID: 0 PID: 21741 Comm: syz.3.4022 Not tainted syzkaller #0 PREEMPT(full) 
[ 1529.690425][T21741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1529.690431][T21741] Call Trace:
[ 1529.690436][T21741]  <TASK>
[ 1529.690441][T21741]  dump_stack_lvl+0x16c/0x1f0
[ 1529.690461][T21741]  should_fail_ex+0x512/0x640
[ 1529.690476][T21741]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1529.690495][T21741]  should_failslab+0xc2/0x120
[ 1529.690508][T21741]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1529.690525][T21741]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1529.690537][T21741]  ? find_held_lock+0x2b/0x80
[ 1529.690550][T21741]  ? create_io_worker+0xc9/0x5b0
[ 1529.690562][T21741]  ? create_io_worker+0x1f/0x5b0
[ 1529.690571][T21741]  create_io_worker+0xc9/0x5b0
[ 1529.690583][T21741]  io_wq_enqueue+0x4cc/0x980
[ 1529.690594][T21741]  ? __pfx_io_wq_enqueue+0x10/0x10
[ 1529.690604][T21741]  ? __pfx_io_wq_work_match_item+0x10/0x10
[ 1529.690622][T21741]  ? io_prep_async_work+0x3c3/0x770
[ 1529.690639][T21741]  ? get_timespec64+0x147/0x240
[ 1529.690659][T21741]  io_queue_iowq+0x246/0x530
[ 1529.690669][T21741]  ? io_req_sqe_copy+0xea/0x130
[ 1529.690682][T21741]  io_queue_sqe_fallback+0xda/0x660
[ 1529.690695][T21741]  io_submit_sqes+0x15ab/0x25c0
[ 1529.690716][T21741]  __do_sys_io_uring_enter+0xd6a/0x1630
[ 1529.690731][T21741]  ? __fget_files+0x20e/0x3c0
[ 1529.690744][T21741]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[ 1529.690758][T21741]  ? fput+0x9b/0xd0
[ 1529.690774][T21741]  ? ksys_write+0x1ac/0x250
[ 1529.690786][T21741]  ? __pfx_ksys_write+0x10/0x10
[ 1529.690802][T21741]  do_syscall_64+0xcd/0x4e0
[ 1529.690819][T21741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1529.690830][T21741] RIP: 0033:0x7f0ab298eba9
[ 1529.690839][T21741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1529.690850][T21741] RSP: 002b:00007f0ab3840038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1529.690862][T21741] RAX: ffffffffffffffda RBX: 00007f0ab2bd5fa0 RCX: 00007f0ab298eba9
[ 1529.690869][T21741] RDX: 0000000000007cab RSI: 0000000000000628 RDI: 0000000000000003
[ 1529.690876][T21741] RBP: 00007f0ab3840090 R08: 0000000000000000 R09: 0000000000000000
[ 1529.690883][T21741] R10: 0000000000000043 R11: 0000000000000246 R12: 0000000000000001
[ 1529.690889][T21741] R13: 00007f0ab2bd6038 R14: 00007f0ab2bd5fa0 R15: 00007ffd277a21a8
[ 1529.690904][T21741]  </TASK>
[ 1529.928536][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1531.073453][T21725] geneve2: entered promiscuous mode
[ 1531.078761][T21725] geneve2: entered allmulticast mode
[ 1531.120490][ T1033] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[ 1531.170701][ T1033] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[ 1531.794748][ T1033] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[ 1531.803733][ T1033] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[ 1531.865456][T21760] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4025'.
[ 1533.044096][T21779] dlm: non-version read from control device 36
[ 1533.111399][T21778] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4027'.
[ 1534.732358][T21814] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4039'.
[ 1534.746098][T21814] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1536.038201][T21845] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4041'.
[ 1536.064698][T21846] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4042'.
[ 1538.199272][T21870] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[ 1538.215802][T21870] hsr0: entered allmulticast mode
[ 1538.220834][T21870] hsr_slave_0: entered allmulticast mode
[ 1538.226522][T21870] hsr_slave_1: entered allmulticast mode
[ 1538.234841][T21870] hsr_slave_0: left promiscuous mode
[ 1538.272104][T21870] hsr_slave_1: left promiscuous mode
[ 1538.370640][T21870] hsr0 (unregistering): left allmulticast mode
[ 1539.691855][T15768] hid (null): invalid report_size 144080202
[ 1539.700888][T15768] hid-generic 0007:FFFFFFFB:0002.004A: unknown main item tag 0x2
[ 1539.835181][T15768] hid-generic 0007:FFFFFFFB:0002.004A: invalid report_size 144080202
[ 1539.843288][T15768] hid-generic 0007:FFFFFFFB:0002.004A: item 0 4 1 7 parsing failed
[ 1539.852402][T15768] hid-generic 0007:FFFFFFFB:0002.004A: probe with driver hid-generic failed with error -22
[ 1540.002155][T21893] ubi: mtd0 is already attached to ubi31
[ 1541.131453][T21884] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1541.138646][T21884] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1541.261438][T21901] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4055'.
[ 1541.410972][T21903] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4058'.
[ 1541.470256][T21884] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1541.492064][T21884] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1541.665372][T13782] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1541.684810][T13782] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1541.737453][T13782] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1541.755155][   T48] usb 4-1: new low-speed USB device number 12 using dummy_hcd
[ 1541.763252][T13782] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1541.969799][T21908] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4060'.
[ 1542.081645][   T48] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1542.192998][   T48] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1542.203718][   T48] usb 4-1: config 0 has no interface number 0
[ 1542.215348][   T48] usb 4-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1542.231018][   T48] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1542.240297][   T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1542.671813][   T48] usb 4-1: config 0 descriptor??
[ 1542.684050][   T48] iowarrior 4-1:0.1: no interrupt-in endpoint found
[ 1543.028812][T21903] netlink: 'syz.3.4058': attribute type 1 has an invalid length.
[ 1543.703097][T19287] block nbd0: Possible stuck request ffff88802700e000: control (read@0,1024B). Runtime 180 seconds
[ 1543.714636][T19287] block nbd0: Possible stuck request ffff88802700e1c0: control (read@1024,1024B). Runtime 180 seconds
[ 1543.745366][T19287] block nbd0: Possible stuck request ffff88802700e380: control (read@2048,1024B). Runtime 180 seconds
[ 1543.756415][T19287] block nbd0: Possible stuck request ffff88802700e540: control (read@3072,1024B). Runtime 180 seconds
[ 1543.951200][ T6018] usb 4-1: USB disconnect, device number 12
[ 1544.059296][T21929] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4063'.
[ 1545.548261][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.556616][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1547.200531][T21960] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4072'.
[ 1549.327013][T21990] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4075'.
[ 1550.080094][T21999] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4082'.
[ 1551.568088][T22010] netlink: 'syz.5.4085': attribute type 8 has an invalid length.
[ 1552.081494][T22018] netlink: 'syz.1.4087': attribute type 4 has an invalid length.
[ 1552.089594][T22018] netlink: 152 bytes leftover after parsing attributes in process `syz.1.4087'.
[ 1552.167482][T22019] sg_write: data in/out 91/154 bytes for SCSI command 0x0-- guessing data in;
[ 1552.167482][T22019]    program syz.1.4087 not setting count and/or reply_len properly
[ 1552.258836][T22018] : renamed from bond0 (while UP)
[ 1552.544872][T22024] ubi: mtd0 is already attached to ubi31
[ 1553.957574][T10271] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 1554.265254][T10271] usb 4-1: Using ep0 maxpacket: 16
[ 1554.337945][T10271] usb 4-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice= 2.73
[ 1554.371028][T10271] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1554.406385][T10271] usb 4-1: Product: syz
[ 1554.419915][T10271] usb 4-1: Manufacturer: syz
[ 1554.430774][T10271] usb 4-1: SerialNumber: syz
[ 1554.520376][T10271] usb 4-1: config 0 descriptor??
[ 1554.774825][T10271] gspca_main: spca501-2.14.0 probing 0497:c001
[ 1554.964050][T22032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1554.974343][T22032] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1555.094340][   T30] audit: type=1400 audit(1555.041:845): avc:  denied  { connect } for  pid=22059 comm="syz.5.4099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1555.098520][   T48] usb 5-1: new high-speed USB device number 124 using dummy_hcd
[ 1555.121335][   T30] audit: type=1400 audit(1555.081:846): avc:  denied  { read } for  pid=22059 comm="syz.5.4099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1555.144369][   T30] audit: type=1400 audit(1555.081:847): avc:  denied  { write } for  pid=22059 comm="syz.5.4099" path="socket:[73630]" dev="sockfs" ino=73630 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1555.297667][T22065] netlink: 'syz.5.4100': attribute type 8 has an invalid length.
[ 1555.305704][ T5906] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 1555.365584][   T48] usb 5-1: Using ep0 maxpacket: 8
[ 1555.410528][   T48] usb 5-1: config 0 has an invalid interface number: 143 but max is 0
[ 1555.437737][T10271] gspca_spca501: reg write: error -110
[ 1555.442369][   T48] usb 5-1: config 0 has no interface number 0
[ 1555.462262][T10271] spca501 4-1:0.0: Reg write failed for 0x02,0x07,0x05
[ 1555.477017][   T48] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[ 1555.477043][   T48] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1555.488538][   T48] usb 5-1: config 0 descriptor??
[ 1555.535221][ T5906] usb 2-1: Using ep0 maxpacket: 8
[ 1555.560496][ T5906] usb 2-1: config 2 has an invalid interface number: 31 but max is 0
[ 1555.575159][ T5906] usb 2-1: config 2 has no interface number 0
[ 1555.588630][T10271] spca501 4-1:0.0: probe with driver spca501 failed with error -22
[ 1555.598589][ T5906] usb 2-1: config 2 interface 31 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[ 1555.622076][T10271] usb 4-1: USB disconnect, device number 13
[ 1555.630134][ T5906] usb 2-1: config 2 interface 31 has no altsetting 0
[ 1555.641609][ T5906] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[ 1555.657191][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1555.671192][ T5906] usb 2-1: Product: syz
[ 1555.676437][ T5906] usb 2-1: Manufacturer: syz
[ 1555.681105][ T5906] usb 2-1: SerialNumber: syz
[ 1555.788356][   T48] viperboard 5-1:0.143: version 0.00 found at bus 005 address 124
[ 1555.825984][   T48] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[ 1555.836744][   T48] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[ 1555.916178][T22076] ubi: mtd0 is already attached to ubi31
[ 1556.513402][T22055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1556.563256][T22055] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1556.676463][T22081] FAULT_INJECTION: forcing a failure.
[ 1556.676463][T22081] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1556.710827][T22081] CPU: 0 UID: 0 PID: 22081 Comm: syz.3.4105 Not tainted syzkaller #0 PREEMPT(full) 
[ 1556.710854][T22081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1556.710865][T22081] Call Trace:
[ 1556.710871][T22081]  <TASK>
[ 1556.710879][T22081]  dump_stack_lvl+0x16c/0x1f0
[ 1556.710911][T22081]  should_fail_ex+0x512/0x640
[ 1556.710937][T22081]  _copy_from_iter+0x29f/0x1720
[ 1556.710967][T22081]  ? __alloc_skb+0x200/0x380
[ 1556.710990][T22081]  ? __pfx__copy_from_iter+0x10/0x10
[ 1556.711013][T22081]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1556.711038][T22081]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1556.711072][T22081]  netlink_sendmsg+0x829/0xdd0
[ 1556.711102][T22081]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1556.711136][T22081]  ____sys_sendmsg+0xa95/0xc70
[ 1556.711164][T22081]  ? copy_msghdr_from_user+0x10a/0x160
[ 1556.711186][T22081]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1556.711225][T22081]  ___sys_sendmsg+0x134/0x1d0
[ 1556.711249][T22081]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1556.711305][T22081]  __sys_sendmsg+0x16d/0x220
[ 1556.711338][T22081]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1556.711378][T22081]  do_syscall_64+0xcd/0x4e0
[ 1556.711404][T22081]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1556.711423][T22081] RIP: 0033:0x7f0ab298eba9
[ 1556.711438][T22081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1556.711456][T22081] RSP: 002b:00007f0ab3840038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1556.711474][T22081] RAX: ffffffffffffffda RBX: 00007f0ab2bd5fa0 RCX: 00007f0ab298eba9
[ 1556.711486][T22081] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1556.711497][T22081] RBP: 00007f0ab3840090 R08: 0000000000000000 R09: 0000000000000000
[ 1556.711508][T22081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1556.711519][T22081] R13: 00007f0ab2bd6038 R14: 00007f0ab2bd5fa0 R15: 00007ffd277a21a8
[ 1556.711544][T22081]  </TASK>
[ 1556.805269][   T48] usb 5-1: USB disconnect, device number 124
[ 1556.844211][ T5906] ch9200 2-1:2.31: probe with driver ch9200 failed with error -22
[ 1557.015332][ T6018] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 1557.217588][ T5906] usb 2-1: USB disconnect, device number 4
[ 1557.315137][ T6018] usb 6-1: Using ep0 maxpacket: 32
[ 1557.322717][ T6018] usb 6-1: config 0 has an invalid interface number: 77 but max is 0
[ 1557.342384][ T6018] usb 6-1: config 0 has no interface number 0
[ 1557.349521][ T6018] usb 6-1: config 0 interface 77 altsetting 7 endpoint 0xF has invalid maxpacket 512, setting to 64
[ 1557.727120][ T6018] usb 6-1: config 0 interface 77 has no altsetting 0
[ 1557.736588][ T6018] usb 6-1: New USB device found, idVendor=0403, idProduct=e700, bcdDevice=2b.8b
[ 1557.774426][ T6018] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1557.788984][ T6018] usb 6-1: Product: syz
[ 1557.805866][ T6018] usb 6-1: Manufacturer: syz
[ 1557.815401][ T6018] usb 6-1: SerialNumber: syz
[ 1557.829603][ T6018] usb 6-1: config 0 descriptor??
[ 1558.460793][T22083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1558.478549][T22083] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1558.540464][ T6018] ftdi_sio 6-1:0.77: FTDI USB Serial Device converter detected
[ 1558.550429][ T6018] ftdi_sio ttyUSB0: unknown device type: 0x2b8b
[ 1559.115131][ T5906] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 1559.547467][ T5906] usb 2-1: Using ep0 maxpacket: 16
[ 1559.566628][ T5906] usb 2-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice= 2.73
[ 1559.587195][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1559.618779][ T5906] usb 2-1: Product: syz
[ 1559.647733][ T5906] usb 2-1: Manufacturer: syz
[ 1559.667942][ T5906] usb 2-1: SerialNumber: syz
[ 1559.706054][ T5906] usb 2-1: config 0 descriptor??
[ 1559.731463][ T5906] gspca_main: spca501-2.14.0 probing 0497:c001
[ 1560.252022][T22105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1560.579365][T22105] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1560.655198][ T5906] gspca_spca501: reg write: error -110
[ 1560.720827][T10271] usb 6-1: USB disconnect, device number 31
[ 1560.738053][ T5906] spca501 2-1:0.0: Reg write failed for 0x02,0x07,0x05
[ 1560.773385][T10271] ftdi_sio 6-1:0.77: device disconnected
[ 1560.804373][ T5906] spca501 2-1:0.0: probe with driver spca501 failed with error -22
[ 1561.525204][T22134] ubi: mtd0 is already attached to ubi31
[ 1562.730572][ T5955] usb 2-1: USB disconnect, device number 5
[ 1563.537491][T22160] netlink: 'syz.5.4121': attribute type 4 has an invalid length.
[ 1563.545557][T22160] netlink: 152 bytes leftover after parsing attributes in process `syz.5.4121'.
[ 1563.561354][T22160] : renamed from bond0
[ 1563.575492][T22157] vivid-000: =================  START STATUS  =================
[ 1563.705244][T22157] vivid-000: Test Pattern: 75% Colorbar
[ 1563.711157][T22157] vivid-000: Fill Percentage of Frame: 100
[ 1563.842175][T22157] vivid-000: Horizontal Movement: No Movement
[ 1564.395902][T22157] vivid-000: Vertical Movement: No Movement
[ 1564.512510][T22157] vivid-000: OSD Text Mode: All
[ 1564.596456][T22157] vivid-000: Show Border: false
[ 1564.601344][T22157] vivid-000: Show Square: false
[ 1564.606771][T22157] vivid-000: Sensor Flipped Horizontally: false
[ 1564.613256][T22157] vivid-000: Sensor Flipped Vertically: false
[ 1564.623280][T22157] vivid-000: Insert SAV Code in Image: false
[ 1564.645127][T22157] vivid-000: Insert EAV Code in Image: false
[ 1564.652629][T22157] vivid-000: Insert Video Guard Band: false
[ 1564.664834][T22157] vivid-000: Reduced Framerate: false
[ 1564.798758][T22157] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[ 1564.807301][T22157] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[ 1564.815494][T22157] vivid-000: Enable Capture Cropping: true grabbed
[ 1564.822063][T22157] vivid-000: Enable Capture Composing: true grabbed
[ 1564.828876][T22157] vivid-000: Enable Capture Scaler: true grabbed
[ 1564.835324][T22157] vivid-000: Timestamp Source: End of Frame
[ 1564.841347][T22157] vivid-000: Colorspace: sRGB
[ 1564.846246][T22157] vivid-000: Transfer Function: Default
[ 1564.851905][T22157] vivid-000: Y'CbCr Encoding: Default
[ 1564.857344][T22157] vivid-000: HSV Encoding: Hue 0-179
[ 1564.935451][T22157] vivid-000: Quantization: Default
[ 1564.940592][T22157] vivid-000: Apply Alpha To Red Only: false
[ 1565.304169][T22157] vivid-000: Standard Aspect Ratio: 4x3
[ 1565.665347][T22157] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[ 1565.673119][T22157] vivid-000: DV Timings: 640x480p59 inactive
[ 1565.779748][T22157] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[ 1565.792018][T22157] vivid-000: Maximum EDID Blocks: 2
[ 1565.818778][T22157] vivid-000: Limited RGB Range (16-235): false
[ 1565.844420][T22157] vivid-000: Rx RGB Quantization Range: Automatic
[ 1565.851097][T22157] vivid-000: Power Present: 0x00000001
[ 1565.857018][T22157] tpg source WxH: 1920x1080 (R'G'B)
[ 1565.865234][T22168] netlink: 92 bytes leftover after parsing attributes in process `syz.4.4127'.
[ 1565.874320][T22157] tpg field: 1
[ 1565.877975][T22157] tpg crop: (0,0)/1920x1080
[ 1565.882484][T22157] tpg compose: (0,0)/1920x1080
[ 1565.889887][T22157] tpg colorspace: 8
[ 1565.893849][T22157] tpg transfer function: 0/2
[ 1565.943853][T22168] netem: unknown loss type 0
[ 1565.948662][T22168] netem: change failed
[ 1565.982354][T22157] tpg quantization: 0/1
[ 1565.990731][T22157] tpg RGB range: 0/2
[ 1566.007857][T22157] vivid-000: ==================  END STATUS  ==================
[ 1566.305187][ T5955] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[ 1566.312811][   T48] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[ 1566.465151][ T5955] usb 7-1: Using ep0 maxpacket: 8
[ 1566.470307][   T48] usb 6-1: Using ep0 maxpacket: 32
[ 1566.492364][ T5955] usb 7-1: config 0 has an invalid interface number: 143 but max is 0
[ 1566.501812][   T48] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1566.512929][ T5955] usb 7-1: config 0 has no interface number 0
[ 1566.521466][   T48] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1566.531526][ T5955] usb 7-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[ 1566.964967][   T48] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1566.974068][ T5955] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1566.982401][   T48] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1566.991866][ T5955] usb 7-1: config 0 descriptor??
[ 1567.000268][   T48] usb 6-1: config 0 descriptor??
[ 1567.116051][ T5955] viperboard 7-1:0.143: version 0.00 found at bus 007 address 005
[ 1567.165154][ T5955] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[ 1567.174931][ T5955] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[ 1567.295327][T22186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1567.306757][T22186] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1567.358405][T22204] netlink: 'syz.4.4135': attribute type 10 has an invalid length.
[ 1567.371377][T22204] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4135'.
[ 1567.557453][ T5905] usb 7-1: USB disconnect, device number 5
[ 1567.584849][   T48] ft260 0003:0403:6030.004B: unknown main item tag 0x7
[ 1568.117202][   T48] ft260 0003:0403:6030.004B: chip code: 6432 8183
[ 1568.328453][T22210] netlink: 92 bytes leftover after parsing attributes in process `syz.4.4137'.
[ 1568.340127][T22210] netem: unknown loss type 0
[ 1568.344734][T22210] netem: change failed
[ 1568.487899][T22217] netlink: 92 bytes leftover after parsing attributes in process `syz.1.4138'.
[ 1568.531085][T22217] netem: unknown loss type 0
[ 1568.537889][T22217] netem: change failed
[ 1569.025152][ T6018] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 1569.715879][ T6018] usb 2-1: Using ep0 maxpacket: 32
[ 1569.751577][ T6018] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1570.857900][ T6018] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1571.014324][ T6018] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1571.024266][ T6018] usb 2-1: Product: syz
[ 1571.030515][ T6018] usb 2-1: Manufacturer: syz
[ 1571.036170][ T6018] usb 2-1: SerialNumber: syz
[ 1571.391753][T22248] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4146'.
[ 1571.425216][T22248] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4146'.
[ 1571.436537][ T6018] usb 2-1: config 0 descriptor??
[ 1571.506515][T22221] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1571.923639][ T5905] usb 2-1: USB disconnect, device number 6
[ 1572.464827][T22254] FAULT_INJECTION: forcing a failure.
[ 1572.464827][T22254] name failslab, interval 1, probability 0, space 0, times 0
[ 1572.496036][T22254] CPU: 0 UID: 0 PID: 22254 Comm: syz.4.4148 Not tainted syzkaller #0 PREEMPT(full) 
[ 1572.496062][T22254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1572.496073][T22254] Call Trace:
[ 1572.496079][T22254]  <TASK>
[ 1572.496086][T22254]  dump_stack_lvl+0x16c/0x1f0
[ 1572.496113][T22254]  should_fail_ex+0x512/0x640
[ 1572.496134][T22254]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1572.496155][T22254]  should_failslab+0xc2/0x120
[ 1572.496174][T22254]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1572.496191][T22254]  ? security_file_alloc+0x34/0x2b0
[ 1572.496213][T22254]  security_file_alloc+0x34/0x2b0
[ 1572.496231][T22254]  init_file+0x93/0x4c0
[ 1572.496247][T22254]  alloc_empty_file+0x73/0x1e0
[ 1572.496267][T22254]  path_openat+0xda/0x2cb0
[ 1572.496286][T22254]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1572.496312][T22254]  ? __pfx_path_openat+0x10/0x10
[ 1572.496338][T22254]  do_filp_open+0x20b/0x470
[ 1572.496352][T22254]  ? __pfx_do_filp_open+0x10/0x10
[ 1572.496376][T22254]  ? alloc_fd+0x471/0x7d0
[ 1572.496392][T22254]  do_sys_openat2+0x11b/0x1d0
[ 1572.496411][T22254]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1572.496437][T22254]  ? __fget_files+0x20e/0x3c0
[ 1572.496460][T22254]  __x64_sys_openat+0x174/0x210
[ 1572.496482][T22254]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1572.496498][T22254]  ? ksys_write+0x1ac/0x250
[ 1572.496514][T22254]  do_syscall_64+0xcd/0x4e0
[ 1572.496531][T22254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1572.496541][T22254] RIP: 0033:0x7fa3cdb8eba9
[ 1572.496554][T22254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1572.496570][T22254] RSP: 002b:00007fa3cea37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1572.496587][T22254] RAX: ffffffffffffffda RBX: 00007fa3cddd6090 RCX: 00007fa3cdb8eba9
[ 1572.496598][T22254] RDX: 0000000000000000 RSI: 0000200000000a80 RDI: ffffffffffffff9c
[ 1572.496608][T22254] RBP: 00007fa3cea37090 R08: 0000000000000000 R09: 0000000000000000
[ 1572.496618][T22254] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[ 1572.496628][T22254] R13: 00007fa3cddd6128 R14: 00007fa3cddd6090 R15: 00007ffce43853f8
[ 1572.496643][T22254]  </TASK>
[ 1572.738342][T22256] netlink: 92 bytes leftover after parsing attributes in process `syz.3.4149'.
[ 1572.747367][T22256] netem: unknown loss type 0
[ 1572.751948][T22256] netem: change failed
[ 1572.885347][ T5905] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 1573.018313][T22266] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4151'.
[ 1573.257669][ T5905] usb 2-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=80.99
[ 1573.267537][   T48] ft260 0003:0403:6030.004B: failed to retrieve system status
[ 1573.278787][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1573.319412][ T5905] usb 2-1: Product: syz
[ 1573.323577][ T5905] usb 2-1: Manufacturer: syz
[ 1573.346105][   T48] ft260 0003:0403:6030.004B: probe with driver ft260 failed with error -110
[ 1573.388033][ T5905] usb 2-1: SerialNumber: syz
[ 1573.407896][ T5905] usb 2-1: config 0 descriptor??
[ 1573.567814][   T48] usb 6-1: USB disconnect, device number 32
[ 1574.756765][ T6075] block nbd0: Possible stuck request ffff88802700e000: control (read@0,1024B). Runtime 210 seconds
[ 1574.767789][   T48] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 1574.775500][ T6075] block nbd0: Possible stuck request ffff88802700e1c0: control (read@1024,1024B). Runtime 210 seconds
[ 1574.786678][ T6075] block nbd0: Possible stuck request ffff88802700e380: control (read@2048,1024B). Runtime 210 seconds
[ 1574.797789][ T6075] block nbd0: Possible stuck request ffff88802700e540: control (read@3072,1024B). Runtime 210 seconds
[ 1575.012831][   T48] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1575.052244][   T48] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1575.318646][   T48] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1575.336349][   T48] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1575.345436][   T48] usb 6-1: SerialNumber: syz
[ 1575.688016][T22283] ubi: mtd0 is already attached to ubi31
[ 1575.726776][   T48] usb 6-1: 0:2 : does not exist
[ 1575.745252][   T48] usb 6-1: unit 2 not found!
[ 1575.805080][T14593] usb 2-1: USB disconnect, device number 7
[ 1575.848520][   T48] usb 6-1: USB disconnect, device number 33
[ 1575.991386][ T5905] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[ 1576.185220][ T5905] usb 4-1: Using ep0 maxpacket: 32
[ 1576.196481][ T5905] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1576.286149][ T5905] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1576.317198][T22307] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4163'.
[ 1576.321500][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1576.348493][ T5905] usb 4-1: Product: syz
[ 1576.352681][ T5905] usb 4-1: Manufacturer: syz
[ 1576.364571][ T5905] usb 4-1: SerialNumber: syz
[ 1576.374906][ T5905] usb 4-1: config 0 descriptor??
[ 1576.444019][T22314] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1576.454692][T22300] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1577.167632][   T48] usb 4-1: USB disconnect, device number 14
[ 1578.891394][T22344] netlink: 'syz.5.4173': attribute type 10 has an invalid length.
[ 1578.957142][T22344] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1579.016707][T22348] netlink: 'syz.5.4173': attribute type 10 has an invalid length.
[ 1579.024519][T22348] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4173'.
[ 1579.067043][T22344] : (slave batadv0): Enslaving as an active interface with an up link
[ 1579.078491][T22348] batadv0: entered promiscuous mode
[ 1579.092797][T22348] batadv0: entered allmulticast mode
[ 1579.102681][T22348] : (slave batadv0): Releasing backup interface
[ 1579.113174][T22348] bridge0: port 3(batadv0) entered blocking state
[ 1579.122285][T22348] bridge0: port 3(batadv0) entered disabled state
[ 1579.476842][   T12] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 1579.486099][   T12] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 1579.794236][T22367] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4178'.
[ 1579.872140][T22370] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4179'.
[ 1579.908910][T22373] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1581.175097][T14593] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[ 1582.155640][T14593] usb 2-1: Using ep0 maxpacket: 32
[ 1582.196354][T14593] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1582.247594][T14593] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1582.266573][T14593] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1582.268334][T22402] netlink: 52 bytes leftover after parsing attributes in process `syz.3.4189'.
[ 1582.298868][T14593] usb 2-1: Product: syz
[ 1582.303045][T14593] usb 2-1: Manufacturer: syz
[ 1582.349986][T14593] usb 2-1: SerialNumber: syz
[ 1582.354679][   T30] audit: type=1400 audit(1582.311:848): avc:  denied  { read } for  pid=22403 comm="syz.4.4190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1582.394416][T14593] usb 2-1: config 0 descriptor??
[ 1582.400502][T22393] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1582.681865][T22409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4192'.
[ 1582.713395][   T48] usb 2-1: USB disconnect, device number 8
[ 1582.799556][T22412] binder: BINDER_SET_CONTEXT_MGR already set
[ 1582.805656][T22412] binder: 22405:22412 ioctl 4018620d 200000000040 returned -16
[ 1582.818858][T22413] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1586.111064][T22440] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4199'.
[ 1586.698438][T22446] netlink: 52 bytes leftover after parsing attributes in process `syz.1.4202'.
[ 1589.374955][   T30] audit: type=1400 audit(1586.891:849): avc:  denied  { accept } for  pid=22449 comm="syz.5.4204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1589.456617][T22456] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4205'.
[ 1589.572711][T22464] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1589.607890][T22465] netlink: 'syz.1.4206': attribute type 4 has an invalid length.
[ 1589.615909][T22465] netlink: 152 bytes leftover after parsing attributes in process `syz.1.4206'.
[ 1590.239170][T22477] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4207'.
[ 1590.345103][   T48] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[ 1590.495139][   T48] usb 6-1: Using ep0 maxpacket: 32
[ 1590.519319][   T48] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1590.545579][   T48] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1590.561863][   T48] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1590.655440][   T48] usb 6-1: Product: syz
[ 1590.682134][   T48] usb 6-1: Manufacturer: syz
[ 1590.705120][   T48] usb 6-1: SerialNumber: syz
[ 1591.016638][   T48] usb 6-1: config 0 descriptor??
[ 1591.039902][T22473] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1591.285374][T22489] ubi: mtd0 is already attached to ubi31
[ 1592.181736][ T5906] usb 6-1: USB disconnect, device number 34
[ 1592.384756][T22492] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303
[ 1592.928694][T22499] FAULT_INJECTION: forcing a failure.
[ 1592.928694][T22499] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1592.987040][T22499] CPU: 1 UID: 0 PID: 22499 Comm: syz.3.4216 Not tainted syzkaller #0 PREEMPT(full) 
[ 1592.987066][T22499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1592.987075][T22499] Call Trace:
[ 1592.987081][T22499]  <TASK>
[ 1592.987089][T22499]  dump_stack_lvl+0x16c/0x1f0
[ 1592.987114][T22499]  should_fail_ex+0x512/0x640
[ 1592.987137][T22499]  _copy_from_iter+0x29f/0x1720
[ 1592.987156][T22499]  ? __alloc_skb+0x200/0x380
[ 1592.987171][T22499]  ? __pfx__copy_from_iter+0x10/0x10
[ 1592.987198][T22499]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1592.987229][T22499]  netlink_sendmsg+0x829/0xdd0
[ 1592.987255][T22499]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1592.987345][T22499]  ____sys_sendmsg+0xa95/0xc70
[ 1592.987372][T22499]  ? copy_msghdr_from_user+0x10a/0x160
[ 1592.987386][T22499]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1592.987410][T22499]  ___sys_sendmsg+0x134/0x1d0
[ 1592.987425][T22499]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1592.987458][T22499]  __sys_sendmsg+0x16d/0x220
[ 1592.987472][T22499]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1592.987496][T22499]  do_syscall_64+0xcd/0x4e0
[ 1592.987513][T22499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1592.987524][T22499] RIP: 0033:0x7f0ab298eba9
[ 1592.987535][T22499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1592.987546][T22499] RSP: 002b:00007f0ab3840038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1592.987557][T22499] RAX: ffffffffffffffda RBX: 00007f0ab2bd5fa0 RCX: 00007f0ab298eba9
[ 1592.987565][T22499] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003
[ 1592.987572][T22499] RBP: 00007f0ab3840090 R08: 0000000000000000 R09: 0000000000000000
[ 1592.987578][T22499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1592.987585][T22499] R13: 00007f0ab2bd6038 R14: 00007f0ab2bd5fa0 R15: 00007ffd277a21a8
[ 1592.987600][T22499]  </TASK>
[ 1593.210490][T22501] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4217'.
[ 1593.385909][T22504] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4218'.
[ 1593.502017][T22503] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1593.788470][T22520] fuse: Bad value for 'user_id'
[ 1593.793395][T22520] fuse: Bad value for 'user_id'
[ 1593.845174][   T48] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 1593.995795][   T48] usb 6-1: Using ep0 maxpacket: 32
[ 1594.023621][   T48] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1594.036797][   T48] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1594.047123][   T48] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1594.068108][   T48] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1594.169854][   T48] usb 6-1: config 0 descriptor??
[ 1594.487662][T22531] ubi: mtd0 is already attached to ubi31
[ 1595.395093][   T30] audit: type=1400 audit(1594.361:850): avc:  denied  { shutdown } for  pid=22524 comm="syz.3.4223" lport=9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1595.656038][   T48] ft260 0003:0403:6030.004C: unknown main item tag 0x7
[ 1595.855929][   T48] ft260 0003:0403:6030.004C: chip code: 6432 8183
[ 1596.160309][   T48] ft260 0003:0403:6030.004C: failed to retrieve system status
[ 1596.291376][   T48] ft260 0003:0403:6030.004C: probe with driver ft260 failed with error -5
[ 1597.633390][ T5906] usb 6-1: USB disconnect, device number 35
[ 1597.845095][ T5905] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[ 1598.005300][ T5905] usb 4-1: Using ep0 maxpacket: 32
[ 1598.181288][ T5905] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1598.183718][ T5905] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1598.204579][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1598.204604][ T5905] usb 4-1: Product: syz
[ 1598.204619][ T5905] usb 4-1: Manufacturer: syz
[ 1598.204634][ T5905] usb 4-1: SerialNumber: syz
[ 1598.208859][ T5905] usb 4-1: config 0 descriptor??
[ 1598.209272][T22554] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1598.437521][ T6018] usb 4-1: USB disconnect, device number 15
[ 1599.135134][T19068] Bluetooth: hci4: command 0x0406 tx timeout
[ 1599.880168][T22577] netlink: 92 bytes leftover after parsing attributes in process `syz.4.4235'.
[ 1599.889241][T22577] netem: unknown loss type 0
[ 1599.893861][T22577] netem: change failed
[ 1601.229753][T22585] bridge1: entered promiscuous mode
[ 1602.947282][T22582] pim6reg: entered allmulticast mode
[ 1603.136822][ T5905] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 1603.376007][ T5905] usb 4-1: Using ep0 maxpacket: 8
[ 1603.397914][ T5905] usb 4-1: config 2 has an invalid interface number: 31 but max is 0
[ 1603.406532][ T5905] usb 4-1: config 2 has no interface number 0
[ 1603.417755][ T5905] usb 4-1: config 2 interface 31 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[ 1603.438828][ T5905] usb 4-1: config 2 interface 31 has no altsetting 0
[ 1603.452671][ T5905] usb 4-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[ 1603.462573][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1603.470791][ T5905] usb 4-1: Product: syz
[ 1603.476652][ T5905] usb 4-1: Manufacturer: syz
[ 1603.481285][ T5905] usb 4-1: SerialNumber: syz
[ 1603.881003][T22623] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4243'.
[ 1603.925243][T15768] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1604.143941][ T5905] ch9200 4-1:2.31: probe with driver ch9200 failed with error -22
[ 1604.154005][ T5905] usb 4-1: USB disconnect, device number 16
[ 1604.158494][T15768] usb 7-1: Using ep0 maxpacket: 32
[ 1604.204572][T15768] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1604.269645][T15768] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1604.281119][T15768] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1604.298117][T15768] usb 7-1: Product: syz
[ 1604.316379][T15768] usb 7-1: Manufacturer: syz
[ 1604.328432][T15768] usb 7-1: SerialNumber: syz
[ 1604.365457][T15768] usb 7-1: config 0 descriptor??
[ 1604.382123][T22618] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1604.622528][T15768] usb 7-1: USB disconnect, device number 6
[ 1604.846978][T22628] netlink: 'syz.1.4246': attribute type 4 has an invalid length.
[ 1604.854793][T22628] netlink: 152 bytes leftover after parsing attributes in process `syz.1.4246'.
[ 1605.071617][ T6075] block nbd0: Possible stuck request ffff88802700e000: control (read@0,1024B). Runtime 240 seconds
[ 1605.082787][ T6075] block nbd0: Possible stuck request ffff88802700e1c0: control (read@1024,1024B). Runtime 240 seconds
[ 1605.095206][ T6075] block nbd0: Possible stuck request ffff88802700e380: control (read@2048,1024B). Runtime 240 seconds
[ 1605.125180][ T6075] block nbd0: Possible stuck request ffff88802700e540: control (read@3072,1024B). Runtime 240 seconds
[ 1605.314031][T22631] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4248'.
[ 1605.336303][T22632] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4247'.
[ 1605.493098][T22629] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1605.691221][T22641] vivid-000: =================  START STATUS  =================
[ 1605.702227][T22641] vivid-000: Generate PTS: true
[ 1605.702523][   T31] INFO: task syz.0.3831:20958 blocked for more than 143 seconds.
[ 1605.715262][T22641] vivid-000: Generate SCR: true
[ 1605.720443][T22641] tpg source WxH: 1920x1080 (R'G'B)
[ 1605.725884][T22641] tpg field: 1
[ 1605.729284][T22641] tpg crop: (0,0)/1920x1080
[ 1605.733826][T22641] tpg compose: (0,0)/1920x1080
[ 1605.738655][T22641] tpg colorspace: 8
[ 1605.742561][T22641] tpg transfer function: 0/2
[ 1605.747680][T22641] tpg quantization: 0/1
[ 1605.751888][T22641] tpg RGB range: 0/2
[ 1605.755926][T22641] vivid-000: ==================  END STATUS  ==================
[ 1605.757185][   T31]       Not tainted syzkaller #0
[ 1606.011452][T22642] netlink: 92 bytes leftover after parsing attributes in process `syz.4.4251'.
[ 1606.021371][T22642] netem: unknown loss type 0
[ 1606.026524][T22642] netem: change failed
[ 1606.985671][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.063313][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1607.065080][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.072329][   T31] task:syz.0.3831      state:D stack:28232 pid:20958 tgid:20949 ppid:18003  task_flags:0x400040 flags:0x00004004
[ 1607.090473][   T31] Call Trace:
[ 1607.094341][   T31]  <TASK>
[ 1607.097767][   T31]  __schedule+0x1190/0x5de0
[ 1607.102495][   T31]  ? __pfx___schedule+0x10/0x10
[ 1607.107724][   T31]  ? find_held_lock+0x2b/0x80
[ 1607.112682][   T31]  ? schedule+0x2d7/0x3a0
[ 1607.117724][   T31]  ? bdev_open+0xa2/0xe40
[ 1607.122459][   T31]  schedule+0xe7/0x3a0
[ 1607.126779][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1607.132734][   T31]  __mutex_lock+0x81b/0x1060
[ 1607.137516][   T31]  ? bdev_open+0xa2/0xe40
[ 1607.141827][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1607.147182][   T31]  ? __pfx_bd_prepare_to_claim+0x10/0x10
[ 1607.152937][   T31]  ? __pfx_ilookup+0x10/0x10
[ 1607.157711][   T31]  ? _atomic_dec_and_lock+0xa2/0x120
[ 1607.162990][   T31]  ? bdev_open+0xa2/0xe40
[ 1607.167461][   T31]  bdev_open+0xa2/0xe40
[ 1607.171600][   T31]  blkdev_open+0x34e/0x4f0
[ 1607.178688][   T31]  do_dentry_open+0x97f/0x1530
[ 1607.184091][   T31]  ? __pfx_blkdev_open+0x10/0x10
[ 1607.189195][   T31]  vfs_open+0x82/0x3f0
[ 1607.193825][   T31]  path_openat+0x1de4/0x2cb0
[ 1607.198610][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1607.203530][   T31]  do_filp_open+0x20b/0x470
[ 1607.208260][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1607.213308][   T31]  ? alloc_fd+0x471/0x7d0
[ 1607.217807][   T31]  do_sys_openat2+0x11b/0x1d0
[ 1607.222789][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1607.228199][   T31]  __x64_sys_openat+0x174/0x210
[ 1607.233098][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1607.241225][   T31]  do_syscall_64+0xcd/0x4e0
[ 1607.260165][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1607.266289][   T31] RIP: 0033:0x7f7615d8d510
[ 1607.270778][   T31] RSP: 002b:00007f7616c43b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1607.279511][   T31] RAX: ffffffffffffffda RBX: 0000000000000680 RCX: 00007f7615d8d510
[ 1607.287731][   T31] RDX: 0000000000000680 RSI: 00007f7616c43c10 RDI: 00000000ffffff9c
[ 1607.296496][   T31] RBP: 00007f7616c43c10 R08: 0000000000000000 R09: 002364626e2f7665
[ 1607.304525][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[ 1607.312721][   T31] R13: 00007f7615fd6218 R14: 00007f7615fd6180 R15: 00007ffc991749d8
[ 1607.320777][   T31]  </TASK>
[ 1607.323892][   T31] 
[ 1607.323892][   T31] Showing all locks held in the system:
[ 1607.332214][   T31] 1 lock held by khungtaskd/31:
[ 1607.342317][   T31]  #0: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[ 1607.358839][   T31] 2 locks held by kworker/u8:7/4519:
[ 1607.364187][   T31]  #0: ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1607.374160][   T31]  #1: ffff8880b8424088 (psi_seq){-.-.}-{0:0}, at: __schedule+0x1861/0x5de0
[ 1607.382925][   T31] 2 locks held by getty/5609:
[ 1607.387628][   T31]  #0: ffff88814dd0e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1607.397398][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[ 1607.408052][   T31] 3 locks held by kworker/u8:9/17977:
[ 1607.413411][   T31]  #0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1607.424560][   T31]  #1: ffffc9000e587d10 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1607.434931][   T31]  #2: ffffffff903851c8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0
[ 1607.444012][   T31] 1 lock held by udevd/19499:
[ 1607.448701][   T31]  #0: ffff888026ade358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[ 1607.458124][   T31] 1 lock held by syz.0.3831/20958:
[ 1607.463220][   T31]  #0: ffff888026ade358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xa2/0xe40
[ 1607.472476][   T31] 2 locks held by syz.6.4245/22617:
[ 1607.477698][   T31]  #0: ffffffff903851c8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[ 1607.486686][   T31]  #1: ffffffff8e5ccb38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[ 1607.496733][   T31] 1 lock held by syz.1.4250/22635:
[ 1607.502464][   T31]  #0: ffffffff8e5cca00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0
[ 1607.513274][   T31] 
[ 1607.534355][   T31] =============================================
[ 1607.534355][   T31] 
[ 1607.542936][   T31] NMI backtrace for cpu 0
[ 1607.542952][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1607.542972][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1607.542982][   T31] Call Trace:
[ 1607.542987][   T31]  <TASK>
[ 1607.542995][   T31]  dump_stack_lvl+0x116/0x1f0
[ 1607.543022][   T31]  nmi_cpu_backtrace+0x27b/0x390
[ 1607.543037][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1607.543056][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1607.543081][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[ 1607.543099][   T31]  watchdog+0xf0e/0x1260
[ 1607.543121][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1607.543146][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1607.543167][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1607.543192][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1607.543209][   T31]  kthread+0x3c2/0x780
[ 1607.543225][   T31]  ? __pfx_kthread+0x10/0x10
[ 1607.543243][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1607.543263][   T31]  ? __pfx_kthread+0x10/0x10
[ 1607.543282][   T31]  ret_from_fork+0x56a/0x730
[ 1607.543299][   T31]  ? __pfx_kthread+0x10/0x10
[ 1607.543319][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1607.543354][   T31]  </TASK>
[ 1607.543361][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1607.667110][    C1] NMI backtrace for cpu 1
[ 1607.667125][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[ 1607.667140][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1607.667148][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 1607.667171][    C1] Code: 7d 61 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 56 15 00 fb f4 <e9> cc 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 1607.667184][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c2
[ 1607.667196][    C1] RAX: 000000000815fe59 RBX: 0000000000000001 RCX: ffffffff8b94bb49
[ 1607.667204][    C1] RDX: 0000000000000000 RSI: ffffffff8de52c58 RDI: ffffffff8c163300
[ 1607.667213][    C1] RBP: ffffed1003c5d488 R08: 0000000000000001 R09: ffffed10170a6655
[ 1607.667222][    C1] R10: ffff8880b85332ab R11: 0000000000000000 R12: 0000000000000001
[ 1607.667230][    C1] R13: ffff88801e2ea440 R14: ffffffff90ab7290 R15: 0000000000000000
[ 1607.667239][    C1] FS:  0000000000000000(0000) GS:ffff8881247b2000(0000) knlGS:0000000000000000
[ 1607.667253][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1607.667261][    C1] CR2: 00007ffdcddeeb18 CR3: 00000000746f5000 CR4: 00000000003526f0
[ 1607.667270][    C1] Call Trace:
[ 1607.667276][    C1]  <TASK>
[ 1607.667280][    C1]  default_idle+0x13/0x20
[ 1607.667298][    C1]  default_idle_call+0x6d/0xb0
[ 1607.667314][    C1]  do_idle+0x391/0x510
[ 1607.667333][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1607.667349][    C1]  ? trace_sched_exit_tp+0x2f/0x120
[ 1607.667365][    C1]  cpu_startup_entry+0x4f/0x60
[ 1607.667380][    C1]  start_secondary+0x21d/0x2b0
[ 1607.667399][    C1]  ? __pfx_start_secondary+0x10/0x10
[ 1607.667419][    C1]  common_startup_64+0x13e/0x148
[ 1607.667439][    C1]  </TASK>
[ 1607.668417][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1607.844298][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1607.853400][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1607.863443][   T31] Call Trace:
[ 1607.866706][   T31]  <TASK>
[ 1607.869621][   T31]  dump_stack_lvl+0x3d/0x1f0
[ 1607.874202][   T31]  vpanic+0x6e8/0x7a0
[ 1607.878176][   T31]  ? __pfx_vpanic+0x10/0x10
[ 1607.882667][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1607.888641][   T31]  panic+0xca/0xd0
[ 1607.892343][   T31]  ? __pfx_panic+0x10/0x10
[ 1607.896737][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1607.902124][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[ 1607.908276][   T31]  ? watchdog+0xd78/0x1260
[ 1607.912687][   T31]  ? watchdog+0xd6b/0x1260
[ 1607.917096][   T31]  watchdog+0xd89/0x1260
[ 1607.921331][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1607.925991][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1607.931178][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1607.936194][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1607.940868][   T31]  kthread+0x3c2/0x780
[ 1607.944938][   T31]  ? __pfx_kthread+0x10/0x10
[ 1607.949518][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1607.954274][   T31]  ? __pfx_kthread+0x10/0x10
[ 1607.958847][   T31]  ret_from_fork+0x56a/0x730
[ 1607.963418][   T31]  ? __pfx_kthread+0x10/0x10
[ 1607.968002][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1607.972759][   T31]  </TASK>
[ 1607.975948][   T31] Kernel Offset: disabled
[ 1607.980244][   T31] Rebooting in 86400 seconds..