last executing test programs:

9m54.12496685s ago: executing program 1 (id=383):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@private1, 0x0, 0x0, 0x3, 0x1, 0x2, 0x400}, 0x20)
sendmmsg$inet6(r0, 0x0, 0x0, 0x931766f6319eed40)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
flock(0xffffffffffffffff, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@gettaction={0x3c, 0x32, 0x400, 0x70bd2a, 0x25cfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4000009}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81f7}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4048844)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bond0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000304000000d9ff000000000004", @ANYRES32=r4, @ANYBLOB="60bc010004a701003c00128009000100626f6e640000"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x4000044)

9m52.707347648s ago: executing program 1 (id=385):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000007b01"])
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f00000001c0)={0x0, 0x8})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000240)={0x400, 0x30, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x80, 0x0, 0x7, 0x0, 0x9, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x1, 0x16, 0x0, 0x0, 0x5})
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000140)=0x8, 0x4)
sendto$packet(r8, &(0x7f0000000340)="05030006e8fe091c6202a0ffffffff006003000000007f141434e3177f43055762cb80948864113b022543424aa608", 0xfef2, 0x0, &(0x7f0000000a80)={0x11, 0x88a8, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x8, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000073019f000000000095000000000000009ae50dcddbbbcc43b3f59d9ec25bed920c52f309c48989a45c66f1bda882a835ab268f9ae6938687f7f310633c7f315302df947c826265c40a51b7762705aa44d9ac1aa0d52a86daadb7dda241814ffc29394f84bc9ebec6254c1cea226e7e7b113798d508288df6e3e0ac"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000071121300000000009500000000000000c91f49b5e4acf8c3d9551580e663b0a811576bd1d330cdbfce572f65ce87320ed480a448dc276afec3aae4b70b75ede3f30dd71223cc70eb309eb27d858503a58b744830b6d1a7989b3658302c6ffacfe407c031dc59840542f442eaa7d4a6"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
keyctl$KEYCTL_CAPABILITIES(0x1f, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001540)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x4}}}}]}, 0x40}}, 0x0)

9m50.705599884s ago: executing program 1 (id=390):
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000480)={'erspan0\x00', 0x400})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f0000005940)='/sys/fs/smackfs/cipso2\x00', 0x2, 0x0)
r4 = fanotify_init(0x8, 0x400)
r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
fanotify_mark(r4, 0x11, 0x8000012, r5, 0x0)
r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r6, &(0x7f00000004c0)=ANY=[], 0x232)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=@migrate={0xf8, 0x21, 0x1, 0x0, 0x0, {{@in, @in6=@remote}}, [@migrate={0x9c, 0x11, [{@in=@empty, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@multicast2, @in6=@empty}, {@in=@empty, @in=@private, @in6=@remote, @in6=@mcast2}]}, @policy_type={0xa}]}, 0xf8}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002b80)=@delchain={0x6c4, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x688, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FD={0x8}, @TCA_BPF_ACT={0xd4, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_ctinfo={0xa0, 0x1b, 0x0, 0x0, {{0xb}, {0x74, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6, 0x4, 0x401}, @TCA_CTINFO_ACT={0x18, 0x3, {0xd, 0x6, 0x3, 0x101, 0x1}}, @TCA_CTINFO_ACT={0x18, 0x3, {0x8, 0x8, 0x5, 0x0, 0x9}}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x8}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0xfffffffe}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0xffffffb4}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x3}, @TCA_CTINFO_ACT={0x18, 0x3, {0x0, 0x0, 0xe, 0x8, 0x512ce089}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_FD={0x8}, @TCA_BPF_ACT={0x58c, 0x1, [@m_tunnel_key={0x188, 0x18, 0x0, 0x0, {{0xf}, {0x58, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x697, 0x0, 0x4, 0x100}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @broadcast}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x20}}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x4}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @local}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @loopback}]}, {0x104, 0x6, "39211532c68866bc11f78348e628abc1ad84d1601df6ec416cf625f90a17a99b39a666020a400000000000000056996ead43539758b141e01d4feddfa4f2d6608c468e5ca2264f490beef1d6e6cd9490307b7f21c63dbf59621d69ed3ec2c275d88f91e5cc855b5137d18436c7291010c45e671d1962c7f9d9878bd386815376eaafbcd8c812a453208ac096a38425cdf925c16ed1ce03cab7ce439366b1ca3c66423afac7ebaf980efe5a414a842bc4599527a910901a7255d8d69b7502419069106471ba33f7782d337dd860074cfcca09c0a3e4dad91d7794c2bcbff9f6e7d3b6e4f15a7d5c4e7bda56aca1ea47389ca413dbfd719e4f113166094ac13e82"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_connmark={0x164, 0x7, 0x0, 0x0, {{0xd}, {0x90, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0xf, 0xb411d50005397f39, 0xa, 0x10001}, 0x9e61}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7ce, 0xa, 0x0, 0x5, 0x1}, 0x7fff}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfe1, 0xc0000, 0x1, 0x3, 0x5}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x28d4483e, 0xa41, 0x20000000, 0x8, 0x14eb}, 0x2}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4a3, 0x6, 0x7, 0x1c05, 0x4}, 0x1000}}]}, {0xa5, 0x6, "79bfcd7af533d072a8c29f36e68ab9904831686d6cd3390377cca5e53a8926070630448b3fc4cd7c92ec53371be4232497d515edab99ceda9fe783a4517aa76f458d17bb770e71e0ba14efb8375ac49ead1660b083f443d1ffcecd5197019986b82c2d3c1f0d2b0de14eead0041991bd7874be9402d799e64d44c3fe6d48dd4a8f6782a95c290cea018ba0470c73b3032f66a39bf3cba21d7301df8362d3324b6a"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_vlan={0x9c, 0xf, 0x0, 0x0, {{0x9}, {0x4}, {0x6d, 0x6, "01f4310969d021b8053bb1aca7e8d7615c1d03580900c583f834dae8ea05e484960378a34a6b952d073cc12d15ce11e941d47c907715c5f99ee7525bcab58cfe612fa780af8ced2963cf55b3491748a46eec685aebc1e625b20a01ecf302ae7d7ed9067bf6c6e18ea5"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ct={0xe0, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0xb5, 0x6, "a616d32bc9a40ffc05a9cfa844689a40a38f9c9dde823878dadbebac8dfeb6c0573014ab9b67ca56390a49810c141041aa1ce1a4a552f838935a2c6a0c7e50caf726971b4e3a5e4a890a708d5ff8cc5782730d6c40a80692655341d51186010bd7ac039c5590977b6209427e7f3ac341d7c17699720b480343199351638cf1aaa801e3ac2d7f47644169b0fb5df7337d38415bca88827cd00547dd225097fc54ce5876f4cda9be7baa3f1f79f0cc4974bf"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_nat={0x120, 0x18, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x14, 0xffff, 0x5, 0x1b5, 0x1}, @multicast1, @empty, 0xffffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0x1bf, 0x7, 0xa40, 0x4}, @broadcast, @private=0xa010101}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xa, 0xcd22, 0x3, 0x401, 0xdd6}, @dev={0xac, 0x14, 0x14, 0x28}, @multicast1, 0xffffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x7, 0x7, 0x10000000, 0x5, 0x3}, @dev={0xac, 0x14, 0x14, 0x1c}, @multicast2, 0xffffffff}}]}, {0x56, 0x6, "3c4de620394a1ec9d32b02e8852bcda1b117be44fbc50bcafbb19c875a21ad495407bde357d915ad0343070ae962171054e873b97e12005b620c785a770a1fa82636fe09b44d8f14f2ab844d9941a0e2f270"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x6c4}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
socket$inet6_tcp(0xa, 0x1, 0x0)

9m48.590227492s ago: executing program 1 (id=394):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x3, 0x0, &(0x7f0000000000))
socket$kcm(0x29, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x404001c}, 0x8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='veno\x00', 0x5)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume_offset', 0xc8c02, 0x151)
write$smackfs_cipsonum(r2, &(0x7f0000000080)=0x7fffffffffffffff, 0x14)
r3 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$getregset(0x4204, r4, 0x1, &(0x7f0000000340)={&(0x7f0000000240)=""/204, 0xcc})

9m44.161543755s ago: executing program 1 (id=402):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
r0 = syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000000c0)=@multiplanar_mmap={0x7, 0xa, 0x4, 0x100000, 0x3, {0x0, 0x2710}, {0x1, 0xc, 0x7, 0x7, 0x80, 0x5, "2852dfcf"}, 0x8, 0x1, {&(0x7f0000000040)=[{0x0, 0x80000001, {0xc54}, 0x1}, {0x7, 0x80, {0x1000}, 0x6}]}, 0x5})
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x26, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x16, 0x8b}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f000000af40)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x8, 0x2, [@TCA_CGROUP_POLICE={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003d00000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x42000, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2})
ioctl$TUNSETLINK(r7, 0x400454cd, 0x20)
close(0x3)
add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000d80)="0000000000000004ff6943b80000000800000028f20000000086070000", 0x4000, r6)
r8 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000080)='\x00', 0x1, r6)
pipe2$watch_queue(&(0x7f0000000140)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r10, 0x5760, 0x14)
keyctl$KEYCTL_WATCH_KEY(0x20, r8, r10, 0x100000000000f7)
read$watch_queue(r9, &(0x7f0000000000)=""/1, 0x1)
keyctl$revoke(0x3, r8)

9m42.195331396s ago: executing program 1 (id=407):
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @ipv4={'\x00', '\xff\xff', @loopback}, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff, 0x20, 0xf8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x401, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000ec0)={'syz0\x00', {0x0, 0x0, 0xfffe, 0x9}, 0x37, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0xffffffaa, 0x4, 0x10000, 0xcd, 0x3, 0x8, 0x5, 0x20001, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffc, 0x2, 0x7b8ec57e, 0x2000006, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2000000, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x6, 0x0, 0x0, 0x1000000, 0xffffffff], [0x0, 0x0, 0x4, 0x9, 0x2, 0x200000, 0x0, 0x0, 0xffffffff, 0x0, 0x7ff, 0x0, 0xfffffffe, 0x0, 0x2, 0x800, 0x9, 0x24, 0x0, 0x200401, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x1010, 0x0, 0xf, 0x0, 0x7fff, 0x0, 0x1, 0xffff8000, 0xfffffffe, 0x862, 0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffd, 0x0, 0xfffffffa, 0xa10000, 0x80000000, 0x0, 0x0, 0x3, 0x80000000, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffe, 0xb, 0xffffffff, 0x0, 0x0, 0x4], [0x7, 0x3, 0x4, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, 0x0, 0x0, 0x6, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4c44, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x1ff, 0x2, 0x8, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0xfffffffe, 0x7ffffffd, 0x17, 0x5], [0xfffffffc, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, 0x0, 0xc045, 0xfffffffe, 0x0, 0x7, 0x1000, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x20000, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffc, 0xffffffff, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x4, 0x7, 0x8000, 0x0, 0xfffffffd, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x5]}, 0x45c)
read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
r1 = gettid()
rt_sigsuspend(&(0x7f0000000040)={[0x3]}, 0x8)
tkill(r1, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1c, 0x8, &(0x7f0000001380)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, &(0x7f0000000280), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
gettid()
mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x84)

9m26.630112278s ago: executing program 32 (id=407):
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @ipv4={'\x00', '\xff\xff', @loopback}, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff, 0x20, 0xf8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x401, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000ec0)={'syz0\x00', {0x0, 0x0, 0xfffe, 0x9}, 0x37, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0xffffffaa, 0x4, 0x10000, 0xcd, 0x3, 0x8, 0x5, 0x20001, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffc, 0x2, 0x7b8ec57e, 0x2000006, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2000000, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x6, 0x0, 0x0, 0x1000000, 0xffffffff], [0x0, 0x0, 0x4, 0x9, 0x2, 0x200000, 0x0, 0x0, 0xffffffff, 0x0, 0x7ff, 0x0, 0xfffffffe, 0x0, 0x2, 0x800, 0x9, 0x24, 0x0, 0x200401, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x1010, 0x0, 0xf, 0x0, 0x7fff, 0x0, 0x1, 0xffff8000, 0xfffffffe, 0x862, 0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffd, 0x0, 0xfffffffa, 0xa10000, 0x80000000, 0x0, 0x0, 0x3, 0x80000000, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffe, 0xb, 0xffffffff, 0x0, 0x0, 0x4], [0x7, 0x3, 0x4, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, 0x0, 0x0, 0x6, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4c44, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x1ff, 0x2, 0x8, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0xfffffffe, 0x7ffffffd, 0x17, 0x5], [0xfffffffc, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, 0x0, 0xc045, 0xfffffffe, 0x0, 0x7, 0x1000, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x20000, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffc, 0xffffffff, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x4, 0x7, 0x8000, 0x0, 0xfffffffd, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x5]}, 0x45c)
read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
r1 = gettid()
rt_sigsuspend(&(0x7f0000000040)={[0x3]}, 0x8)
tkill(r1, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1c, 0x8, &(0x7f0000001380)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, &(0x7f0000000280), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
gettid()
mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x84)

11.402439811s ago: executing program 4 (id=1869):
socket$nl_route(0x10, 0x3, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x20000840)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
mknod$loop(0x0, 0x2000, 0x1)
r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)

9.87611778s ago: executing program 2 (id=1871):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\\'], 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f1068", 0x9, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffffffffff280012800b00010065"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

8.945439958s ago: executing program 2 (id=1876):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
accept4$netrom(r3, 0x0, 0x0, 0x80800)

7.930730542s ago: executing program 2 (id=1878):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
epoll_create(0x8)
ioctl$TIOCPKT(r2, 0x5420, 0x0)

7.873393492s ago: executing program 3 (id=1879):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200"/62, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\\'], 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f1068", 0x9, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

7.51745038s ago: executing program 3 (id=1882):
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
pipe2(0x0, 0x4000)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00')
preadv(r1, &(0x7f0000000100)=[{&(0x7f0000000580)=""/4085, 0xff5}], 0x1, 0x3ab3, 0x0)

6.666019777s ago: executing program 5 (id=1886):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x8040, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
r1 = syz_open_pts(r0, 0x141601)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
write(r1, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000080)={0x8, 0x20000000, 0xfffffffc, 0x7fffffd, 0x5, "682341f2fd71a6a76177920ea7e60c0ac7a4a5"})

6.545383274s ago: executing program 4 (id=1887):
creat(&(0x7f0000000000)='./file1\x00', 0x5c)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32, 0x0, 0x3}, 0x9c)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x7, 0xe, &(0x7f0000001500)=ANY=[@ANYBLOB="b702000010000000bfa300000000000007030000f0ffffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b2314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8dd63d4b77b206000000000000e254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3813e2c25a61ec45c3af9948f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469600241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c12e28ef97d9ebd9c77f1774cf4683c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f011000000f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497a6103876843ee04ed9ff002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd1304202274f20675eb781925440578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b96508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e25c89b552d7fcd116bce9c764c714c9402c21d1aac59efb28d4f91652f6000000000000000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a575939206d0c0f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x50009405, &(0x7f0000000440))
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000340)={0x4})
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x6, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0xd, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x34000}], 0x1}}], 0x1, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a20000000020a01020000000000000000010000000c0004400000000000000002140000001100010000000000000000000700000a8eba4ed823f301a840e48a2f45d8afe25b98cb395e5667a8ac3b6a2e633a6058cbe6f6d2bb830db470a8b68c34014bda0e1594d43c2da6f0e02fbfbc0bdafb18a08df3ca839868379098a0cf8eb157565bb697a9d0931e46d8e1aaa733ffe88b9dc9bd38e9562cdf6c104cb6475c9ab3514a44dd7522581a3a9aa8b471977ae5d0a3c53f88f847c6526394e3577c64837bdf957b3b1edb177be4e18a98c7bbdd0b1457fc3287b6a6c235846ed24ce181349cd93a5e3178b863dd1e56acc8341f5c1cb88d239202413b7077eba37e2f40a3b63ea4e30db6a6875f73a9"], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x20080090)
openat$fuse(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

6.530109297s ago: executing program 3 (id=1888):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
accept4$netrom(r3, 0x0, 0x0, 0x80800)

6.461306407s ago: executing program 0 (id=1889):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x7, @loopback, 0x800000}, 0x1c)

6.037604569s ago: executing program 5 (id=1890):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000001300)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, r2, 0x3, 0x0, @val=@perf_event={0x1}}, 0x18)

5.568097872s ago: executing program 0 (id=1891):
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
r1 = socket(0x1e, 0x4, 0x0)
r2 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f28000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c000080"], 0xe8}}, 0x0)

5.42797685s ago: executing program 5 (id=1892):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x54)
socket$inet6_icmp(0xa, 0x2, 0x3a)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_freezer_state(r1, &(0x7f0000000180), 0x2, 0x0)
sendfile(r2, r2, 0x0, 0x9)

5.42662903s ago: executing program 3 (id=1893):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
accept4$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14, 0x80800)
r3 = syz_open_procfs(0x0, &(0x7f0000000440)='net/route\x00')
preadv(r3, &(0x7f00000001c0)=[{&(0x7f0000002380)=""/169, 0xa9}], 0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000480)=0x19)

4.392842158s ago: executing program 2 (id=1894):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
capset(0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r4}, &(0x7f0000001c00), &(0x7f0000001c40)=r5}, 0x20)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/fib_trie\x00')
read$FUSE(r6, &(0x7f0000006180)={0x2020}, 0x2020)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_pidfd_open(r0, 0x0)

3.990162713s ago: executing program 4 (id=1895):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/81, 0x51}], 0x1, 0xa3, 0x0)

3.761566881s ago: executing program 5 (id=1896):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000280)=[{0x6}]})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="86922449549186190100000002000000009a0000"], 0x50)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0182101, &(0x7f00000004c0))

3.332519667s ago: executing program 0 (id=1897):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x6)
ioctl$TCSETS(r4, 0x5402, 0x0)
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)

3.331945931s ago: executing program 3 (id=1898):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x281}, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7aa, &(0x7f0000000000)={{@my=0x1}, @local})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = open(0x0, 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000300)="91ead75e13022c6cc46e3c2022155070390a89a9a086b505abe17ab760cfa56b5d71f6403b4e3e0d3e5486ab7360867f34e5e751d0c4b0c64782", 0x3a)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[@ANYBLOB="cc002a076a0300005002000002000000ea0100000600000000000000000000005d948a6b13555f099a18523444f8a45600862649b71f0ab1bcb806e87545ed0d98662adb9aba71dbd25437ccd27bf3533928b7e6e0ed40bbf51a14d3080d5fba5ba5cc04656eb057595f43578547ebe8068e8e371d3d7361245800"/513], 0x77a)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x10, 0x1411, 0x225, 0x70bd29, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x4004}, 0xc010)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
write(r5, &(0x7f0000000000)="14000000140005b7ffccca38b9000000010860eb", 0x14)

1.588319747s ago: executing program 2 (id=1899):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000200)={0x775, 0x0, 0x0, 'queue0\x00'})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0xc, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x842a}})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1e, {}, {}, @raw32}], 0xffc8)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01)
write$sndseq(r1, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @tick=0x8, {0x0, 0x1}, {}, @result}], 0x1c)

1.519900206s ago: executing program 0 (id=1900):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@newqdisc={0x7c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x4c, 0x2, {{0x4, 0x10000, 0x0, 0xffffffff}, [@TCA_NETEM_LOSS={0x30, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8001, 0xfffffffc, 0x2, 0x5}}, @NETEM_LOSS_GI={0x18, 0x1, {0x409, 0xa4, 0x3, 0xc11a, 0x1}}]}]}}}]}, 0x7c}}, 0x0)

1.519502732s ago: executing program 4 (id=1901):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)
listen(r0, 0x7)

1.462816868s ago: executing program 5 (id=1902):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r6 = fanotify_init(0x8, 0x80000)
fanotify_mark(r6, 0x105, 0x4800003a, r5, 0x0)
mkdir(0x0, 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
r7 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r7, &(0x7f0000000340)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMON'], 0x86)
r8 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r8, r7, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r9 = open(&(0x7f0000000580)='./file1\x00', 0x80342, 0x1df2a23c5997fa5f)
sendfile(r9, r9, 0x0, 0x7f03)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0)
socket$inet(0x2, 0x1, 0x100)

1.161564919s ago: executing program 0 (id=1903):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
accept4$netrom(r3, 0x0, 0x0, 0x80800)

1.142647654s ago: executing program 4 (id=1904):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='scalable\x00', 0x9)
shutdown(r0, 0x1)

1.073149567s ago: executing program 2 (id=1905):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000380)={@val={0x20}, @void, @eth={@broadcast, @random="dff306308693", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x32, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1}, {0x0, 0x0, 0x8}}}}}}, 0x2e)

1.005337982s ago: executing program 3 (id=1906):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/dev\x00')
preadv(r5, &(0x7f0000000840)=[{&(0x7f0000000880)=""/192, 0xc0}], 0x1, 0x180, 0x0)
ioctl$UI_DEV_SETUP(r5, 0x405c5503, 0x0)

246.344719ms ago: executing program 5 (id=1907):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
fallocate(0xffffffffffffffff, 0x3, 0x0, 0x8003)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}}, 0x0)

91.931228ms ago: executing program 0 (id=1908):
lgetxattr(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000080)=@known='com.apple.system.Security\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
iopl(0x3)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x2f, 0x7, 0xcd, 0x9, 0x18, @private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x38}, 0x7, 0x8, 0x400, 0x8001}})
r2 = mq_open(0x0, 0x41, 0x80, 0x0)
mmap(&(0x7f000074f000/0x1000)=nil, 0x1000, 0xb635773f04ebbeee, 0x11, r2, 0x15b77000)
pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
openat$cgroup_ro(r3, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$NS_GET_USERNS(r3, 0xb701, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$VIDIOC_QBUF(r4, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0x20800})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x46d03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x15, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x8c}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
syz_io_uring_setup(0x1da1, &(0x7f00000000c0)={0x0, 0xe876, 0x40, 0x2, 0x2d4}, &(0x7f0000000280), &(0x7f0000000080))

0s ago: executing program 4 (id=1909):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x218, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, {0x0, 0x80, 0x0, 0x0, 0x1, 0x12}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0xbb8)

kernel console output (not intermixed with test programs):

o interface number 0
[  359.939087][  T981] usb 3-1: config 0 interface 184 has no altsetting 0
[  359.948681][ T8100] cgroup: none used incorrectly
[  359.984393][  T981] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  360.027134][  T981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.084584][  T981] usb 3-1: Product: syz
[  360.120071][  T981] usb 3-1: Manufacturer: syz
[  360.193707][  T981] usb 3-1: SerialNumber: syz
[  360.458094][  T981] usb 3-1: config 0 descriptor??
[  360.653257][  T981] smsc75xx v1.0.0
[  361.928554][  T981] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  362.249511][  T981] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  362.336537][  T981] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  362.550282][  T981] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  362.566745][  T981] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  362.577097][  T981] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71
[  362.677058][  T981] usb 3-1: USB disconnect, device number 11
[  364.153426][ T8133] netlink: 'syz.3.564': attribute type 11 has an invalid length.
[  364.323386][ T8133] netlink: 149476 bytes leftover after parsing attributes in process `syz.3.564'.
[  364.912311][ T8131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.602818][ T5910] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  366.948918][ T2155] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  366.987398][ T5910] usb 6-1: New USB device found, idVendor=090a, idProduct=1200, bcdDevice=24.87
[  366.997328][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.010691][ T5910] usb 6-1: config 0 descriptor??
[  367.020130][ T8171] loop6: detected capacity change from 0 to 7
[  367.990389][ T8171] Dev loop6: unable to read RDB block 7
[  367.996270][ T8171]  loop6: unable to read partition table
[  368.002065][ T8171] loop6: partition table beyond EOD, truncated
[  368.008267][ T8171] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  368.099187][ T5910] usb-storage 6-1:0.0: USB Mass Storage device detected
[  368.125955][ T2155] usb 5-1: Using ep0 maxpacket: 32
[  368.134693][ T5910] usb-storage 6-1:0.0: This device (090a,1200,2487 S 01 P 00) has an unneeded SubClass entry in unusual_devs.h (kernel 6.16.0-rc1-syzkaller-00239-g08215f5486ec)
[  368.134693][ T5910]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[  368.162687][    C1] vkms_vblank_simulate: vblank timer overrun
[  368.304368][ T2155] usb 5-1: config 4 has an invalid interface number: 128 but max is 0
[  368.312648][ T2155] usb 5-1: config 4 has no interface number 0
[  368.319057][ T2155] usb 5-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.340494][ T2155] usb 5-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.350654][ T2155] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  368.370332][ T2155] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.397598][ T2155] hub 5-1:4.128: USB hub found
[  369.526271][ T5910] usb 6-1: USB disconnect, device number 2
[  370.388835][ T2155] hub 5-1:4.128: config failed, can't read hub descriptor (err -22)
[  370.444083][ T2155] usb 5-1: USB disconnect, device number 10
[  370.762692][ T8203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  371.031029][ T8203] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  371.737243][ T5816] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  371.803249][ T5898] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  372.073716][ T5816] usb 3-1: device descriptor read/64, error -71
[  372.244757][ T5898] usb 4-1: device descriptor read/64, error -71
[  372.393291][ T5816] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[  372.601868][ T5898] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  372.618647][ T5816] usb 3-1: device descriptor read/64, error -71
[  372.784816][ T5816] usb usb3-port1: attempt power cycle
[  372.847560][ T5898] usb 4-1: device descriptor read/64, error -71
[  372.995023][ T5898] usb usb4-port1: attempt power cycle
[  373.642989][ T5816] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  374.252935][ T5816] usb 3-1: device not accepting address 14, error -71
[  374.763005][ T5816] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  374.793925][ T5816] usb 3-1: Using ep0 maxpacket: 32
[  374.801641][ T5816] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  374.842900][ T5816] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  374.885359][ T5816] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  374.940069][ T5816] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  374.950475][ T5816] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.962005][ T5816] usb 3-1: config 0 descriptor??
[  375.943621][ T5816] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0006/input/input10
[  376.167854][ T5816] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0006/input/input11
[  376.207733][ T5816] kye 0003:0458:5011.0006: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.2-1/input0
[  376.499120][ T5816] usb 3-1: USB disconnect, device number 15
[  378.799055][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  378.808202][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  379.367246][ T8274] lo speed is unknown, defaulting to 1000
[  380.045313][ T8283] netlink: 'syz.3.606': attribute type 1 has an invalid length.
[  380.131544][ T8283] netlink: 216 bytes leftover after parsing attributes in process `syz.3.606'.
[  382.494061][ T8308] netlink: 28 bytes leftover after parsing attributes in process `syz.5.611'.
[  386.003931][ T8327] netlink: 20 bytes leftover after parsing attributes in process `syz.3.615'.
[  386.109225][ T8329] IPv6: Can't replace route, no match found
[  389.660632][ T8327] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  389.691071][ T8323] IPv6: Can't replace route, no match found
[  391.456068][ T8350] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  396.376873][ T8386] netlink: 20 bytes leftover after parsing attributes in process `syz.0.631'.
[  396.662344][ T8386] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  398.343170][   T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  398.716758][ T8401] mmap: syz.3.635 (8401): VmData 37728256 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  398.883327][   T24] usb 6-1: Using ep0 maxpacket: 8
[  398.913127][   T24] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  398.941713][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.203952][   T24] usb 6-1: config 0 descriptor??
[  399.264661][ T8418] Cannot find del_set index 3 as target
[  400.884058][   T24] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  400.902146][   T24] asix 6-1:0.0: probe with driver asix failed with error -71
[  400.916978][   T24] usb 6-1: USB disconnect, device number 3
[  401.543183][ T8442] netlink: 20 bytes leftover after parsing attributes in process `syz.5.646'.
[  401.793914][ T8439] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  404.810256][   T30] audit: type=1326 audit(1750057766.760:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8484 comm="syz.5.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  404.822930][ T8472] netlink: 32 bytes leftover after parsing attributes in process `syz.0.654'.
[  404.921617][   T30] audit: type=1326 audit(1750057766.790:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8484 comm="syz.5.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  405.613053][   T30] audit: type=1326 audit(1750057766.830:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8484 comm="syz.5.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  405.652576][   T30] audit: type=1326 audit(1750057766.830:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8484 comm="syz.5.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  405.673953][    C1] vkms_vblank_simulate: vblank timer overrun
[  405.683542][   T30] audit: type=1326 audit(1750057766.840:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8484 comm="syz.5.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  405.748646][   T30] audit: type=1326 audit(1750057766.850:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8484 comm="syz.5.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7feaacb8e963 code=0x7ffc0000
[  405.929771][   T30] audit: type=1326 audit(1750057766.860:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8484 comm="syz.5.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7feaacb8e963 code=0x7ffc0000
[  405.950983][    C0] vkms_vblank_simulate: vblank timer overrun
[  406.054057][   T30] audit: type=1326 audit(1750057766.870:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8484 comm="syz.5.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  406.092016][   T30] audit: type=1326 audit(1750057766.870:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8484 comm="syz.5.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  406.120882][   T30] audit: type=1326 audit(1750057766.940:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8484 comm="syz.5.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  407.851336][ T8525] smk_cipso_doi:679 remove rc = -2
[  407.857890][ T8525] smk_cipso_doi:692 cipso add rc = -17
[  409.155385][ T5944] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  409.602973][ T5944] usb 3-1: Using ep0 maxpacket: 32
[  410.066557][ T5944] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  410.094381][ T5944] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  410.126849][ T5944] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  410.152265][ T5944] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  410.167146][ T5944] usb 3-1: config 0 interface 0 has no altsetting 0
[  410.179636][ T5944] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  410.189068][ T5944] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  410.219006][ T5944] usb 3-1: Product: syz
[  410.223546][ T5944] usb 3-1: Manufacturer: syz
[  410.235052][ T5944] usb 3-1: SerialNumber: syz
[  410.255674][ T5944] usb 3-1: config 0 descriptor??
[  410.270265][ T5944] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  410.290909][ T5944] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  410.682135][ T5816] usb 3-1: USB disconnect, device number 16
[  410.693446][ T5816] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  413.789232][ T5816] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  413.982809][ T8581] IPv6: Can't replace route, no match found
[  414.633837][ T5816] usb 4-1: device not accepting address 13, error -71
[  419.643512][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  419.643534][   T30] audit: type=1326 audit(1750057781.600:53): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=8624 comm="syz.2.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f774a18e929 code=0x7ffc0000
[  419.953085][   T10] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  420.464911][   T30] audit: type=1326 audit(1750057781.600:54): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=8624 comm="syz.2.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f774a18e929 code=0x7ffc0000
[  420.708820][   T30] audit: type=1326 audit(1750057781.620:55): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=8624 comm="syz.2.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f774a18e929 code=0x7ffc0000
[  420.777023][ T8630] IPv6: Can't replace route, no match found
[  421.052925][   T30] audit: type=1326 audit(1750057781.620:56): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=8624 comm="syz.2.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f774a18e929 code=0x7ffc0000
[  421.095173][   T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  421.127026][   T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  421.142838][   T30] audit: type=1326 audit(1750057781.620:57): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=8624 comm="syz.2.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f774a18e929 code=0x7ffc0000
[  421.164837][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.197044][   T10] usb 3-1: Product: syz
[  421.203302][   T10] usb 3-1: Manufacturer: syz
[  421.213007][   T10] usb 3-1: SerialNumber: syz
[  421.214667][   T24] kernel write not supported for file /509/attr/exec (pid: 24 comm: kworker/1:0)
[  421.222854][   T30] audit: type=1326 audit(1750057781.630:58): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=8624 comm="syz.2.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f774a18e929 code=0x7ffc0000
[  421.339952][   T30] audit: type=1326 audit(1750057781.630:59): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=8624 comm="syz.2.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f774a18e929 code=0x7ffc0000
[  421.403194][   T30] audit: type=1326 audit(1750057781.630:60): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=8624 comm="syz.2.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f774a18e929 code=0x7ffc0000
[  421.433734][   T30] audit: type=1326 audit(1750057781.630:61): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=8624 comm="syz.2.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f774a18d290 code=0x7ffc0000
[  421.527627][   T30] audit: type=1326 audit(1750057781.630:62): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=8624 comm="syz.2.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f774a18e52b code=0x7ffc0000
[  421.583550][ T8648] netlink: 20 bytes leftover after parsing attributes in process `syz.3.705'.
[  422.631335][ T8657] netlink: 124 bytes leftover after parsing attributes in process `syz.3.705'.
[  422.756330][   T10] cdc_ncm 3-1:1.0: bind() failure
[  422.764609][   T10] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  422.773008][   T10] cdc_ncm 3-1:1.1: bind() failure
[  422.780810][   T10] usb 3-1: USB disconnect, device number 17
[  425.560876][ T8695] IPv6: Can't replace route, no match found
[  426.063495][ T8700] netlink: 20 bytes leftover after parsing attributes in process `syz.5.720'.
[  426.522319][ T8700] netlink: 124 bytes leftover after parsing attributes in process `syz.5.720'.
[  427.035133][ T8713] syz.2.724 (8713): /proc/8710/oom_adj is deprecated, please use /proc/8710/oom_score_adj instead.
[  427.435233][ T8721] netlink: 12 bytes leftover after parsing attributes in process `syz.2.728'.
[  430.766627][ T8742] smk_cipso_doi:679 remove rc = -2
[  430.772383][ T8742] smk_cipso_doi:692 cipso add rc = -17
[  431.396268][ T8746] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  435.609839][ T8787] smk_cipso_doi:679 remove rc = -2
[  435.615178][ T8787] smk_cipso_doi:692 cipso add rc = -17
[  437.839049][ T5834] Bluetooth: hci5: command 0x0406 tx timeout
[  438.514244][ T8818] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  440.210105][ T8831] overlayfs: upper fs does not support file handles, falling back to index=off.
[  440.238511][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  440.245122][ T8831] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  440.253375][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  440.321433][ T8833] smk_cipso_doi:679 remove rc = -2
[  440.326879][ T8833] smk_cipso_doi:692 cipso add rc = -17
[  441.163270][   T10] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  441.415785][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  441.488531][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  441.632835][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  441.757669][   T10] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  441.834290][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  442.339061][   T10] usb 1-1: config 0 descriptor??
[  442.462632][   T10] usb 1-1: can't set config #0, error -71
[  442.487986][   T10] usb 1-1: USB disconnect, device number 9
[  442.878094][ T5944] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  443.602864][    T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  443.720484][ T8863] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  443.983657][    T9] usb 3-1: Using ep0 maxpacket: 32
[  444.014442][ T5944] usb 4-1: Using ep0 maxpacket: 8
[  444.231901][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  444.243241][ T5944] usb 4-1: config 6 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  444.253732][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  444.263684][ T5944] usb 4-1: config 6 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  445.509086][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  445.520755][ T5944] usb 4-1: config 6 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 1024
[  445.532017][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.543192][ T5944] usb 4-1: config 6 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 1024
[  445.556817][    T9] usb 3-1: config 0 descriptor??
[  445.567236][ T5944] usb 4-1: string descriptor 0 read error: -71
[  445.575358][    T9] hub 3-1:0.0: USB hub found
[  445.622969][ T5944] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  445.632116][ T5944] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.710148][    T9] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  445.737023][ T8876] overlayfs: upper fs does not support file handles, falling back to index=off.
[  445.771741][ T5944] usb 4-1: can't set config #6, error -71
[  445.786308][    T9] usbhid 3-1:0.0: can't add hid device: -71
[  445.804405][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  445.821264][ T5944] usb 4-1: USB disconnect, device number 15
[  445.886204][ T8884] smk_cipso_doi:679 remove rc = -2
[  445.891606][ T8884] smk_cipso_doi:692 cipso add rc = -17
[  445.907394][ T8876] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  446.009802][    T9] usb 3-1: USB disconnect, device number 18
[  451.182440][ T8915] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  452.263158][ T8925] netlink: 20 bytes leftover after parsing attributes in process `syz.0.789'.
[  452.426610][ T8929] overlayfs: upper fs does not support file handles, falling back to index=off.
[  452.468562][ T8929] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  454.219879][ T8946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.794'.
[  454.972833][    T9] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  455.132807][    T9] usb 4-1: Using ep0 maxpacket: 8
[  455.140480][    T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  455.148833][    T9] usb 4-1: config 0 has no interface number 0
[  455.155133][    T9] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  455.166343][    T9] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  455.175640][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.187218][    T9] usb 4-1: config 0 descriptor??
[  455.207006][    T9] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  456.905668][ T8972] netlink: 20 bytes leftover after parsing attributes in process `syz.5.803'.
[  458.220726][    T9] usb 4-1: USB disconnect, device number 16
[  458.392039][ T8987] netlink: 4 bytes leftover after parsing attributes in process `syz.2.807'.
[  461.063289][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  461.628795][    T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  461.638489][    T9] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  461.664076][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  461.691006][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  461.735673][ T9020] netlink: 20 bytes leftover after parsing attributes in process `syz.2.816'.
[  461.898205][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  461.952490][    T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  462.615778][    T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  462.623882][    T9] usb 1-1: Product: syz
[  462.719923][    T9] usb 1-1: Manufacturer: syz
[  463.286371][ T9030] netlink: 65023 bytes leftover after parsing attributes in process `syz.5.820'.
[  463.335886][    T9] usb 1-1: can't set config #1, error -71
[  463.358787][    T9] usb 1-1: USB disconnect, device number 10
[  467.780698][ T9062] netlink: 20 bytes leftover after parsing attributes in process `syz.0.829'.
[  468.423026][ T5910] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  469.033716][ T5910] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  469.197933][ T5910] usb 4-1: config 1 has an invalid descriptor of length 47, skipping remainder of the config
[  469.438420][ T5910] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  469.643714][ T5910] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 47, changing to 9
[  469.834506][ T5910] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33410, setting to 1024
[  470.476554][ T5910] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  470.486472][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  470.496718][ T5910] usb 4-1: Product: syz
[  470.500950][ T5910] usb 4-1: Manufacturer: syz
[  470.719479][ T5910] cdc_wdm 4-1:1.0: skipping garbage
[  470.724918][ T5910] cdc_wdm 4-1:1.0: skipping garbage
[  470.798350][ T5910] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  470.814509][ T5910] cdc_wdm 4-1:1.0: Unknown control protocol
[  470.880935][ T5816] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  471.129793][ T5816] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  471.199939][ T5816] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  471.247457][    T9] usb 4-1: USB disconnect, device number 17
[  471.346490][ T5816] usb 3-1: config 220 has no interface number 2
[  471.417501][ T5816] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  471.630010][ T5816] usb 3-1: config 220 interface 0 has no altsetting 0
[  471.637095][ T5816] usb 3-1: config 220 interface 76 has no altsetting 0
[  471.644120][ T5816] usb 3-1: config 220 interface 1 has no altsetting 0
[  471.654231][ T5816] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  471.816451][ T5816] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.969271][ T5816] usb 3-1: Product: syz
[  471.984797][ T5816] usb 3-1: Manufacturer: syz
[  472.045942][ T5816] usb 3-1: SerialNumber: syz
[  472.289960][ T9098] netlink: 20 bytes leftover after parsing attributes in process `syz.5.842'.
[  472.348216][ T5816] usb 3-1: selecting invalid altsetting 0
[  472.369405][ T5816] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  472.412901][ T5816] usb 3-1: No valid video chain found.
[  472.435318][ T5816] usb 3-1: selecting invalid altsetting 0
[  472.441218][ T5816] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[  472.470732][ T5816] usb 3-1: USB disconnect, device number 19
[  472.829232][ T9108] smk_cipso_doi:679 remove rc = -2
[  472.834527][ T9108] smk_cipso_doi:692 cipso add rc = -17
[  476.801329][ T9143] smk_cipso_doi:679 remove rc = -2
[  476.806645][ T9143] smk_cipso_doi:692 cipso add rc = -17
[  479.734285][ T9170] netlink: 76 bytes leftover after parsing attributes in process `syz.5.863'.
[  479.874797][ T9173] x_tables: duplicate underflow at hook 1
[  479.894957][ T9173] veth0_vlan: entered allmulticast mode
[  480.057493][ T9170] syz.5.863 (9170): attempted to duplicate a private mapping with mremap.  This is not supported.
[  480.374129][ T9173] veth0_vlan: left promiscuous mode
[  480.394084][    T9] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  480.408533][ T9173] veth0_vlan: entered promiscuous mode
[  480.706057][   T30] kauditd_printk_skb: 86 callbacks suppressed
[  480.706081][   T30] audit: type=1326 audit(1750057842.390:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9168 comm="syz.5.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  480.734526][    C0] vkms_vblank_simulate: vblank timer overrun
[  480.922939][   T30] audit: type=1326 audit(1750057842.390:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9168 comm="syz.5.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  481.008915][   T30] audit: type=1326 audit(1750057842.720:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9168 comm="syz.5.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  481.030344][    C0] vkms_vblank_simulate: vblank timer overrun
[  481.204647][   T30] audit: type=1326 audit(1750057842.720:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9168 comm="syz.5.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  481.227051][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  481.238052][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  481.252533][   T30] audit: type=1326 audit(1750057842.720:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9168 comm="syz.5.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  481.274355][   T30] audit: type=1326 audit(1750057842.730:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9168 comm="syz.5.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  481.296384][    C0] vkms_vblank_simulate: vblank timer overrun
[  482.085110][   T30] audit: type=1326 audit(1750057842.730:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9168 comm="syz.5.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  482.089897][    T9] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  482.122845][   T30] audit: type=1326 audit(1750057842.730:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9168 comm="syz.5.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  482.212597][ T9192] smk_cipso_doi:679 remove rc = -2
[  482.221718][ T9192] smk_cipso_doi:692 cipso add rc = -17
[  482.316794][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  482.325813][    T9] usb 4-1: Product: syz
[  482.453210][   T30] audit: type=1326 audit(1750057842.740:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9168 comm="syz.5.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  482.461967][    T9] usb 4-1: Manufacturer: syz
[  482.477960][   T30] audit: type=1326 audit(1750057842.740:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9168 comm="syz.5.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  482.532102][    T9] usb 4-1: SerialNumber: syz
[  482.601213][    T9] usb 4-1: config 0 descriptor??
[  484.699957][    T9] usb 4-1: can't set config #0, error -71
[  484.710215][    T9] usb 4-1: USB disconnect, device number 18
[  484.963944][   T24] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  485.256323][   T24] usb 6-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  485.315795][ T9218] netlink: 8 bytes leftover after parsing attributes in process `syz.4.876'.
[  485.349744][   T24] usb 6-1: config 1 interface 0 has no altsetting 0
[  485.366386][ T9218] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0)
[  485.375567][   T24] usb 6-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40
[  485.395744][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.405313][ T9218] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535
[  485.472321][   T24] usb 6-1: Product: syz
[  485.482448][   T24] usb 6-1: Manufacturer: syz
[  485.674012][ T5944] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  485.770062][   T24] usb 6-1: SerialNumber: syz
[  486.003836][ T9206] tap0: tun_chr_ioctl cmd 1074025677
[  486.009462][ T9206] tap0: linktype set to 805
[  486.173918][ T5944] usb 5-1: too many configurations: 151, using maximum allowed: 8
[  486.195623][ T5944] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.211208][ T5944] usb 5-1: config 0 has no interfaces?
[  486.220165][ T5944] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.234711][ T5944] usb 5-1: config 0 has no interfaces?
[  486.242841][ T5944] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.259761][ T5944] usb 5-1: config 0 has no interfaces?
[  486.267138][ T5944] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.285395][ T5944] usb 5-1: config 0 has no interfaces?
[  486.296333][ T5944] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.315297][ T5944] usb 5-1: config 0 has no interfaces?
[  486.328717][ T5944] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.352776][ T5944] usb 5-1: config 0 has no interfaces?
[  486.365273][ T5944] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.392251][ T5944] usb 5-1: config 0 has no interfaces?
[  486.447351][ T9229] IPv6: Can't replace route, no match found
[  486.455466][ T5944] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.535721][ T5944] usb 5-1: config 0 has no interfaces?
[  486.598370][ T5944] usb 5-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[  486.687229][ T5944] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[  486.776587][ T5944] usb 5-1: Product: syz
[  486.819465][ T5944] usb 5-1: Manufacturer: syz
[  486.867608][ T5944] usb 5-1: SerialNumber: syz
[  486.990548][ T5944] usb 5-1: config 0 descriptor??
[  487.559612][ T5816] usb 5-1: USB disconnect, device number 11
[  488.206683][ T9241] smk_cipso_doi:679 remove rc = -2
[  488.211896][ T9241] smk_cipso_doi:692 cipso add rc = -17
[  488.605821][ T9245] IPv6: Can't replace route, no match found
[  492.241236][   T24] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input12
[  495.159750][ T9270] IPv6: Can't replace route, no match found
[  497.672122][ T9280] IPv6: Can't replace route, no match found
[  497.919345][ T9291] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  497.932244][ T9293] smk_cipso_doi:679 remove rc = -2
[  497.937746][ T9293] smk_cipso_doi:692 cipso add rc = -17
[  497.951860][ T9291] netlink: 148 bytes leftover after parsing attributes in process `syz.3.899'.
[  497.969515][ T9291] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  500.776497][ T9316] IPv6: Can't replace route, no match found
[  501.590807][ T9319] mmap: syz.3.910 (9319) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  501.680525][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  501.687075][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  501.821266][ T9320] IPv6: Can't replace route, no match found
[  502.912993][ T5898] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  503.243035][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  503.310424][ T5898] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  503.413420][ T5898] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  503.488142][ T5898] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  503.518929][ T5898] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  503.730858][ T5898] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  503.765007][ T5898] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  503.778259][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.826002][ T9341] netlink: 4 bytes leftover after parsing attributes in process `syz.5.915'.
[  504.410529][ T9346] netlink: 4 bytes leftover after parsing attributes in process `syz.4.914'.
[  504.871662][ T9328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.876331][ T5898] usb 4-1: usb_control_msg returned -32
[  504.894950][ T9328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  504.945975][ T5898] usbtmc 4-1:16.0: can't read capabilities
[  507.303507][ T9366] IPv6: Can't replace route, no match found
[  509.635967][ T9369] IPv6: Can't replace route, no match found
[  509.828157][  T981] usb 4-1: USB disconnect, device number 19
[  510.168700][ T9403] netlink: 4 bytes leftover after parsing attributes in process `syz.2.928'.
[  510.273300][  T981] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  510.843286][  T981] usb 4-1: Using ep0 maxpacket: 32
[  511.240416][  T981] usb 4-1: config 0 has an invalid interface number: 114 but max is 3
[  511.327620][  T981] usb 4-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  511.502545][  T981] usb 4-1: config 0 has an invalid interface number: 33 but max is 3
[  511.650429][  T981] usb 4-1: config 0 has an invalid interface number: 26 but max is 3
[  511.670769][  T981] usb 4-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  511.694866][  T981] usb 4-1: config 0 has an invalid interface number: 9 but max is 3
[  511.725177][  T981] usb 4-1: config 0 has no interface number 0
[  511.741751][  T981] usb 4-1: config 0 has no interface number 1
[  511.751919][  T981] usb 4-1: config 0 has no interface number 2
[  511.770095][  T981] usb 4-1: config 0 has no interface number 3
[  511.786798][  T981] usb 4-1: config 0 interface 114 altsetting 2 endpoint 0x8 has an invalid bInterval 64, changing to 7
[  511.820625][  T981] usb 4-1: config 0 interface 114 altsetting 2 bulk endpoint 0xB has invalid maxpacket 1024
[  511.853504][  T981] usb 4-1: config 0 interface 114 altsetting 2 has a duplicate endpoint with address 0x8, skipping
[  511.892408][  T981] usb 4-1: config 0 interface 114 altsetting 2 endpoint 0x4 has invalid maxpacket 1024, setting to 64
[  511.923222][  T981] usb 4-1: config 0 interface 26 altsetting 10 endpoint 0x2 has an invalid bInterval 254, changing to 7
[  511.976153][  T981] usb 4-1: config 0 interface 26 altsetting 10 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  511.997207][  T981] usb 4-1: config 0 interface 26 altsetting 10 has a duplicate endpoint with address 0x4, skipping
[  512.030576][  T981] usb 4-1: config 0 interface 26 altsetting 10 has a duplicate endpoint with address 0x4, skipping
[  512.066235][ T9420] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  512.075077][ T9420] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  512.083457][ T9420] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  512.092209][ T9420] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  512.101278][  T981] usb 4-1: config 0 interface 26 altsetting 10 has an invalid descriptor for endpoint zero, skipping
[  512.126342][  T981] usb 4-1: config 0 interface 9 altsetting 12 has an invalid descriptor for endpoint zero, skipping
[  512.231071][  T981] usb 4-1: config 0 interface 9 altsetting 12 has a duplicate endpoint with address 0xD, skipping
[  512.292600][  T981] usb 4-1: config 0 interface 9 altsetting 12 has a duplicate endpoint with address 0x8, skipping
[  512.470169][  T981] usb 4-1: config 0 interface 9 altsetting 12 has a duplicate endpoint with address 0x9, skipping
[  512.487283][  T981] usb 4-1: config 0 interface 9 altsetting 12 has an invalid descriptor for endpoint zero, skipping
[  512.500793][  T981] usb 4-1: config 0 interface 9 altsetting 12 has an invalid descriptor for endpoint zero, skipping
[  512.513764][  T981] usb 4-1: config 0 interface 9 altsetting 12 has a duplicate endpoint with address 0x4, skipping
[  512.525751][  T981] usb 4-1: config 0 interface 9 altsetting 12 has a duplicate endpoint with address 0x3, skipping
[  512.546680][  T981] usb 4-1: config 0 interface 9 altsetting 12 has a duplicate endpoint with address 0x9, skipping
[  512.567185][  T981] usb 4-1: config 0 interface 9 altsetting 12 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  512.583420][  T981] usb 4-1: config 0 interface 9 altsetting 12 endpoint 0x1 has invalid maxpacket 1023, setting to 64
[  512.595051][  T981] usb 4-1: config 0 interface 9 altsetting 12 has a duplicate endpoint with address 0x9, skipping
[  512.606730][  T981] usb 4-1: config 0 interface 9 altsetting 12 endpoint 0x5 has invalid maxpacket 1128, setting to 64
[  512.625319][  T981] usb 4-1: config 0 interface 9 altsetting 12 has a duplicate endpoint with address 0x9, skipping
[  512.962640][  T981] usb 4-1: config 0 interface 9 altsetting 12 has a duplicate endpoint with address 0x4, skipping
[  513.126575][  T981] usb 4-1: config 0 interface 9 altsetting 12 has a duplicate endpoint with address 0x8, skipping
[  513.302843][  T981] usb 4-1: config 0 interface 114 has no altsetting 0
[  513.309734][  T981] usb 4-1: config 0 interface 33 has no altsetting 0
[  513.368662][  T981] usb 4-1: config 0 interface 26 has no altsetting 0
[  513.378363][  T981] usb 4-1: config 0 interface 9 has no altsetting 0
[  513.388796][  T981] usb 4-1: string descriptor 0 read error: -71
[  513.413022][  T981] usb 4-1: New USB device found, idVendor=07b8, idProduct=2870, bcdDevice=2e.e8
[  513.422182][  T981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.544540][  T981] usb 4-1: config 0 descriptor??
[  513.613236][  T981] usb 4-1: can't set config #0, error -71
[  513.682039][  T981] usb 4-1: USB disconnect, device number 20
[  513.785777][ T9466] IPv6: Can't replace route, no match found
[  513.927197][ T9467] IPv6: Can't replace route, no match found
[  517.072365][ T9488] netlink: 4 bytes leftover after parsing attributes in process `syz.2.939'.
[  518.962846][  T918] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  521.603399][  T918] usb 3-1: Using ep0 maxpacket: 32
[  521.617446][  T918] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  521.625748][  T918] usb 3-1: config 0 has no interface number 0
[  521.640570][  T918] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  521.649968][  T918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  521.658058][  T918] usb 3-1: Product: syz
[  521.662372][  T918] usb 3-1: Manufacturer: syz
[  521.670349][  T918] usb 3-1: SerialNumber: syz
[  521.678336][  T918] usb 3-1: config 0 descriptor??
[  521.691124][  T918] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  521.872833][  T918] usb 3-1: qt2_attach - failed to power on unit: -71
[  521.881155][  T918] quatech2 3-1:0.51: probe with driver quatech2 failed with error -71
[  521.993549][  T918] usb 3-1: USB disconnect, device number 20
[  522.236431][ T9524] IPv6: Can't replace route, no match found
[  522.273645][ T9525] netlink: 92 bytes leftover after parsing attributes in process `syz.3.947'.
[  523.290873][ T9531] FAULT_INJECTION: forcing a failure.
[  523.290873][ T9531] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  523.304246][ T9531] CPU: 1 UID: 0 PID: 9531 Comm: syz.2.951 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  523.304274][ T9531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  523.304286][ T9531] Call Trace:
[  523.304295][ T9531]  <TASK>
[  523.304304][ T9531]  dump_stack_lvl+0x189/0x250
[  523.304341][ T9531]  ? __pfx____ratelimit+0x10/0x10
[  523.304374][ T9531]  ? __pfx_dump_stack_lvl+0x10/0x10
[  523.304404][ T9531]  ? __pfx__printk+0x10/0x10
[  523.304427][ T9531]  ? __might_fault+0xb0/0x130
[  523.304475][ T9531]  should_fail_ex+0x414/0x560
[  523.304509][ T9531]  _copy_from_user+0x2d/0xb0
[  523.304532][ T9531]  ___sys_sendmsg+0x158/0x2a0
[  523.304563][ T9531]  ? __pfx____sys_sendmsg+0x10/0x10
[  523.304633][ T9531]  ? __fget_files+0x2a/0x420
[  523.304661][ T9531]  ? __fget_files+0x3a0/0x420
[  523.304702][ T9531]  __sys_sendmmsg+0x227/0x430
[  523.304736][ T9531]  ? __pfx___sys_sendmmsg+0x10/0x10
[  523.304760][ T9531]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  523.304823][ T9531]  ? ksys_write+0x22a/0x250
[  523.304851][ T9531]  ? __pfx_ksys_write+0x10/0x10
[  523.304872][ T9531]  ? rcu_is_watching+0x15/0xb0
[  523.304910][ T9531]  __x64_sys_sendmmsg+0xa0/0xc0
[  523.304940][ T9531]  do_syscall_64+0xfa/0x3b0
[  523.304969][ T9531]  ? lockdep_hardirqs_on+0x9c/0x150
[  523.304996][ T9531]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.305017][ T9531]  ? clear_bhb_loop+0x60/0xb0
[  523.305043][ T9531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.305063][ T9531] RIP: 0033:0x7f774a18e929
[  523.305083][ T9531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  523.305102][ T9531] RSP: 002b:00007f774b079038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  523.305124][ T9531] RAX: ffffffffffffffda RBX: 00007f774a3b6080 RCX: 00007f774a18e929
[  523.305139][ T9531] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000007
[  523.305154][ T9531] RBP: 00007f774b079090 R08: 0000000000000000 R09: 0000000000000000
[  523.305166][ T9531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  523.305179][ T9531] R13: 0000000000000000 R14: 00007f774a3b6080 R15: 00007ffe1099a798
[  523.305212][ T9531]  </TASK>
[  523.529915][    C1] vkms_vblank_simulate: vblank timer overrun
[  526.740204][ T9548] netlink: 371 bytes leftover after parsing attributes in process `syz.3.957'.
[  535.019314][ T9617] netlink: 'syz.5.975': attribute type 1 has an invalid length.
[  535.060949][ T9617] 8021q: adding VLAN 0 to HW filter on device bond1
[  535.103051][  T918] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  535.278532][  T918] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  535.306056][  T918] usb 5-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=7a.b1
[  535.336101][  T918] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.357026][  T918] usb 5-1: Product: syz
[  535.370572][  T918] usb 5-1: Manufacturer: syz
[  535.387778][  T918] usb 5-1: SerialNumber: syz
[  536.408384][  T918] usb 5-1: config 0 descriptor??
[  536.542372][  T918] usb_ehset_test 5-1:0.0: probe with driver usb_ehset_test failed with error -32
[  540.037436][  T918] usb 5-1: USB disconnect, device number 12
[  541.167276][ T9667] netlink: 16 bytes leftover after parsing attributes in process `syz.3.989'.
[  541.332314][ T9678] set match dimension is over the limit!
[  541.337776][ T9674] delete_channel: no stack
[  541.761302][ T9679] netlink: 4 bytes leftover after parsing attributes in process `syz.2.993'.
[  541.982505][ T9681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  541.991345][ T9681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  542.004935][ T9681] netlink: 4 bytes leftover after parsing attributes in process `syz.5.994'.
[  542.016216][ T9681] netlink: 28 bytes leftover after parsing attributes in process `syz.5.994'.
[  542.038087][ T9681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  542.052623][ T9681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  542.088126][ T9684] netlink: 20 bytes leftover after parsing attributes in process `syz.4.995'.
[  542.229740][ T9689] netlink: 124 bytes leftover after parsing attributes in process `syz.4.995'.
[  546.171317][ T9726] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1006'.
[  552.092039][ T9776] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1018'.
[  552.273956][ T9782] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1020'.
[  552.462480][ T9781] netlink: 124 bytes leftover after parsing attributes in process `syz.3.1018'.
[  552.891217][ T9780] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1021'.
[  553.809322][ T9798] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1023'.
[  556.874521][ T9824] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1030'.
[  557.408554][ T9826] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  557.463666][ T9826] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  561.540792][ T9875] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1047'.
[  562.465429][ T9879] binder: 9876:9879 ioctl c0306201 200000000240 returned -14
[  563.121962][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  563.128477][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  574.351652][ T9987] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1076'.
[  576.089946][T10001] 9pnet_fd: Insufficient options for proto=fd
[  582.215109][T10030] FAULT_INJECTION: forcing a failure.
[  582.215109][T10030] name failslab, interval 1, probability 0, space 0, times 0
[  582.228456][T10030] CPU: 0 UID: 0 PID: 10030 Comm: syz.0.1087 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  582.228484][T10030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  582.228496][T10030] Call Trace:
[  582.228504][T10030]  <TASK>
[  582.228512][T10030]  dump_stack_lvl+0x189/0x250
[  582.228549][T10030]  ? __pfx____ratelimit+0x10/0x10
[  582.228580][T10030]  ? __pfx_dump_stack_lvl+0x10/0x10
[  582.228610][T10030]  ? __pfx__printk+0x10/0x10
[  582.228639][T10030]  ? __pfx___might_resched+0x10/0x10
[  582.228667][T10030]  ? fs_reclaim_acquire+0x7d/0x100
[  582.228702][T10030]  should_fail_ex+0x414/0x560
[  582.228735][T10030]  should_failslab+0xa8/0x100
[  582.228765][T10030]  __kmalloc_cache_noprof+0x70/0x3d0
[  582.228789][T10030]  ? genl_start+0x1c9/0x6c0
[  582.228823][T10030]  genl_start+0x1c9/0x6c0
[  582.228849][T10030]  ? netlink_lookup+0x30/0x200
[  582.228880][T10030]  __netlink_dump_start+0x469/0x7e0
[  582.228922][T10030]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  582.228957][T10030]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  582.228984][T10030]  ? genl_get_cmd+0x7d9/0x910
[  582.229019][T10030]  ? __pfx_genl_start+0x10/0x10
[  582.229044][T10030]  ? __pfx_genl_dumpit+0x10/0x10
[  582.229068][T10030]  ? __pfx_genl_done+0x10/0x10
[  582.229115][T10030]  genl_rcv_msg+0x5da/0x790
[  582.229153][T10030]  ? __pfx_genl_rcv_msg+0x10/0x10
[  582.229177][T10030]  ? ref_tracker_free+0x63a/0x7d0
[  582.229203][T10030]  ? __pfx_psample_nl_cmd_get_group_dumpit+0x10/0x10
[  582.229230][T10030]  ? __pfx_ref_tracker_free+0x10/0x10
[  582.229270][T10030]  netlink_rcv_skb+0x205/0x470
[  582.229294][T10030]  ? __pfx_genl_rcv_msg+0x10/0x10
[  582.229325][T10030]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  582.229371][T10030]  ? down_read+0x1ad/0x2e0
[  582.229395][T10030]  genl_rcv+0x28/0x40
[  582.229422][T10030]  netlink_unicast+0x758/0x8d0
[  582.229459][T10030]  netlink_sendmsg+0x805/0xb30
[  582.229495][T10030]  ? __pfx_netlink_sendmsg+0x10/0x10
[  582.229531][T10030]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  582.229555][T10030]  ? __pfx_netlink_sendmsg+0x10/0x10
[  582.229580][T10030]  __sock_sendmsg+0x21c/0x270
[  582.229616][T10030]  ____sys_sendmsg+0x505/0x830
[  582.229649][T10030]  ? __pfx_____sys_sendmsg+0x10/0x10
[  582.229682][T10030]  ? import_iovec+0x74/0xa0
[  582.229703][T10030]  ___sys_sendmsg+0x21f/0x2a0
[  582.229732][T10030]  ? __pfx____sys_sendmsg+0x10/0x10
[  582.229805][T10030]  ? __fget_files+0x2a/0x420
[  582.229832][T10030]  ? __fget_files+0x3a0/0x420
[  582.229873][T10030]  __x64_sys_sendmsg+0x19b/0x260
[  582.229901][T10030]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  582.229949][T10030]  ? __pfx_ksys_write+0x10/0x10
[  582.229970][T10030]  ? rcu_is_watching+0x15/0xb0
[  582.230005][T10030]  ? do_syscall_64+0xbe/0x3b0
[  582.230041][T10030]  do_syscall_64+0xfa/0x3b0
[  582.230069][T10030]  ? lockdep_hardirqs_on+0x9c/0x150
[  582.230097][T10030]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.230117][T10030]  ? clear_bhb_loop+0x60/0xb0
[  582.230143][T10030]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.230162][T10030] RIP: 0033:0x7f806e98e929
[  582.230182][T10030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  582.230200][T10030] RSP: 002b:00007f806f749038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  582.230223][T10030] RAX: ffffffffffffffda RBX: 00007f806ebb5fa0 RCX: 00007f806e98e929
[  582.230238][T10030] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000006
[  582.230251][T10030] RBP: 00007f806f749090 R08: 0000000000000000 R09: 0000000000000000
[  582.230264][T10030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  582.230276][T10030] R13: 0000000000000000 R14: 00007f806ebb5fa0 R15: 00007fffe489c448
[  582.230313][T10030]  </TASK>
[  583.099503][T10041] loop7: detected capacity change from 0 to 16384
[  583.323106][T10044] I/O error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 16 prio class 0
[  583.409217][T10044] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  583.441205][T10044] Buffer I/O error on dev loop7, logical block 1, lost async page write
[  583.485626][T10044] Buffer I/O error on dev loop7, logical block 2, lost async page write
[  583.517425][T10044] Buffer I/O error on dev loop7, logical block 3, lost async page write
[  583.705306][T10044] Buffer I/O error on dev loop7, logical block 4, lost async page write
[  583.729097][T10044] Buffer I/O error on dev loop7, logical block 5, lost async page write
[  583.744871][T10041] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  583.754994][T10044] Buffer I/O error on dev loop7, logical block 6, lost async page write
[  583.764159][T10044] Buffer I/O error on dev loop7, logical block 7, lost async page write
[  584.422996][T10041] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  584.461072][T10044] Buffer I/O error on dev loop7, logical block 8, lost async page write
[  584.499434][T10044] Buffer I/O error on dev loop7, logical block 9, lost async page write
[  585.621711][  T918] hid (null): invalid report_size -1358781365
[  585.648131][  T918] hid-generic 0001:0009:0001.0007: unknown main item tag 0x3
[  585.696652][  T918] hid-generic 0001:0009:0001.0007: unknown main item tag 0x6
[  585.718692][  T918] hid-generic 0001:0009:0001.0007: invalid report_size -1358781365
[  585.731175][T10067] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  585.750588][  T918] hid-generic 0001:0009:0001.0007: item 0 4 1 7 parsing failed
[  585.760704][T10067] UDF-fs: Scanning with blocksize 512 failed
[  585.774218][  T918] hid-generic 0001:0009:0001.0007: probe with driver hid-generic failed with error -22
[  585.807628][T10067] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  585.946646][T10071] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1097'.
[  585.988193][T10067] UDF-fs: Scanning with blocksize 1024 failed
[  586.492934][T10067] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  586.793213][T10067] UDF-fs: Scanning with blocksize 2048 failed
[  586.820223][T10067] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  586.852255][T10067] UDF-fs: Scanning with blocksize 4096 failed
[  586.887906][T10073] lo speed is unknown, defaulting to 1000
[  593.606466][T10160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'.
[  593.616010][T10160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'.
[  593.625550][T10160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'.
[  593.635155][T10160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'.
[  593.644728][T10160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'.
[  593.654240][T10160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'.
[  593.663767][T10160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'.
[  593.673715][T10160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'.
[  593.684249][T10160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'.
[  593.693782][T10160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'.
[  599.961589][T10206] bridge0: entered promiscuous mode
[  599.969640][T10206] bond0: entered promiscuous mode
[  599.974946][T10206] bond_slave_0: entered promiscuous mode
[  599.980859][T10206] bond_slave_1: entered promiscuous mode
[  599.989471][T10206] hsr1: entered allmulticast mode
[  599.994588][T10206] bridge0: entered allmulticast mode
[  599.999908][T10206] bond0: entered allmulticast mode
[  600.005176][T10206] bond_slave_0: entered allmulticast mode
[  600.010932][T10206] bond_slave_1: entered allmulticast mode
[  602.338764][T10233] binfmt_misc: register: failed to install interpreter file ./file0
[  602.341684][T10237] __nla_validate_parse: 43 callbacks suppressed
[  602.341702][T10237] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1147'.
[  602.413892][T10239] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1146'.
[  602.511945][T10241] FAULT_INJECTION: forcing a failure.
[  602.511945][T10241] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  602.538812][T10241] CPU: 1 UID: 0 PID: 10241 Comm: syz.3.1148 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  602.538846][T10241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  602.538858][T10241] Call Trace:
[  602.538867][T10241]  <TASK>
[  602.538876][T10241]  dump_stack_lvl+0x189/0x250
[  602.538912][T10241]  ? __pfx____ratelimit+0x10/0x10
[  602.538942][T10241]  ? __pfx_dump_stack_lvl+0x10/0x10
[  602.538971][T10241]  ? __pfx__printk+0x10/0x10
[  602.539006][T10241]  should_fail_ex+0x414/0x560
[  602.539035][T10241]  _copy_to_user+0x31/0xb0
[  602.539058][T10241]  simple_read_from_buffer+0xe1/0x170
[  602.539091][T10241]  proc_fail_nth_read+0x1df/0x250
[  602.539123][T10241]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  602.539154][T10241]  ? rw_verify_area+0x258/0x650
[  602.539176][T10241]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  602.539206][T10241]  vfs_read+0x200/0x980
[  602.539236][T10241]  ? __pfx___mutex_lock+0x10/0x10
[  602.539268][T10241]  ? __pfx_vfs_read+0x10/0x10
[  602.539294][T10241]  ? __fget_files+0x2a/0x420
[  602.539334][T10241]  ? __fget_files+0x3a0/0x420
[  602.539359][T10241]  ? __fget_files+0x2a/0x420
[  602.539397][T10241]  ksys_read+0x145/0x250
[  602.539422][T10241]  ? __pfx_ksys_read+0x10/0x10
[  602.539442][T10241]  ? rcu_is_watching+0x15/0xb0
[  602.539477][T10241]  ? do_syscall_64+0xbe/0x3b0
[  602.539510][T10241]  do_syscall_64+0xfa/0x3b0
[  602.539538][T10241]  ? lockdep_hardirqs_on+0x9c/0x150
[  602.539567][T10241]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  602.539587][T10241]  ? clear_bhb_loop+0x60/0xb0
[  602.539613][T10241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  602.539632][T10241] RIP: 0033:0x7f2a4cf8d33c
[  602.539650][T10241] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  602.539668][T10241] RSP: 002b:00007f2a4dd50030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  602.539691][T10241] RAX: ffffffffffffffda RBX: 00007f2a4d1b5fa0 RCX: 00007f2a4cf8d33c
[  602.539705][T10241] RDX: 000000000000000f RSI: 00007f2a4dd500a0 RDI: 0000000000000005
[  602.539717][T10241] RBP: 00007f2a4dd50090 R08: 0000000000000000 R09: 0000000000000000
[  602.539729][T10241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  602.539748][T10241] R13: 0000000000000000 R14: 00007f2a4d1b5fa0 R15: 00007ffdce820118
[  602.539783][T10241]  </TASK>
[  602.773882][    C1] vkms_vblank_simulate: vblank timer overrun
[  602.928504][T10248] IPv6: Can't replace route, no match found
[  603.092879][ T5898] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  603.233059][ T5898] usb 5-1: device descriptor read/64, error -71
[  603.799208][T10249] IPv6: Can't replace route, no match found
[  603.872773][ T5898] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  604.112726][ T5898] usb 5-1: device descriptor read/64, error -71
[  604.984845][ T5898] usb usb5-port1: attempt power cycle
[  608.438694][T10285] lo speed is unknown, defaulting to 1000
[  608.554216][ T5834] Bluetooth: hci0: command 0x1003 tx timeout
[  608.562716][   T51] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  608.731199][T10292] IPv6: Can't replace route, no match found
[  613.042812][ T5947] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  613.572911][ T5947] usb 4-1: Using ep0 maxpacket: 16
[  613.604572][ T5947] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  613.632805][ T5947] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  613.680526][ T5947] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  613.722331][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.758927][ T5947] usb 4-1: Product: syz
[  613.772061][ T5947] usb 4-1: Manufacturer: syz
[  613.786574][ T5947] usb 4-1: SerialNumber: syz
[  614.074501][T10314] netlink: 2036 bytes leftover after parsing attributes in process `syz.3.1168'.
[  614.084125][T10314] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1168'.
[  614.353942][T10325] netlink: 'syz.3.1168': attribute type 1 has an invalid length.
[  614.363009][T10325] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1168'.
[  615.017288][T10328] sp0: Synchronizing with TNC
[  615.105877][T10328] tipc: Started in network mode
[  615.110821][T10328] tipc: Node identity 4, cluster identity 4711
[  615.119563][T10328] tipc: Node number set to 4
[  615.125469][T10333] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1174'.
[  615.287512][T10334] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1173'.
[  615.297975][T10334] netlink: 'syz.5.1173': attribute type 1 has an invalid length.
[  615.552770][  T918] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  616.370799][ T5947] usb 4-1: 0:2 : does not exist
[  616.398421][ T5947] usb 4-1: USB disconnect, device number 21
[  616.477277][  T918] usb 1-1: config 0 has an invalid interface number: 33 but max is 0
[  616.506789][  T918] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  616.531401][  T918] usb 1-1: config 0 has no interface number 0
[  616.537893][  T918] usb 1-1: config 0 interface 33 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023
[  616.548717][  T918] usb 1-1: config 0 interface 33 altsetting 0 endpoint 0x7 has invalid maxpacket 24576, setting to 1024
[  616.561047][  T918] usb 1-1: config 0 interface 33 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 1024
[  617.017041][  T918] usb 1-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=68.64
[  617.050325][  T918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.064696][  T918] usb 1-1: Product: syz
[  617.068922][  T918] usb 1-1: Manufacturer: syz
[  617.075034][  T918] usb 1-1: SerialNumber: syz
[  617.544479][  T918] usb 1-1: config 0 descriptor??
[  617.563049][T10333] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  617.585089][T10343] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1177'.
[  617.603686][  T918] hdpvr 1-1:0.33: Could not find bulk-in endpoint
[  617.610201][  T918] hdpvr 1-1:0.33: probe with driver hdpvr failed with error -12
[  620.032219][ T5944] usb 1-1: USB disconnect, device number 11
[  620.641804][T10357] IPv6: Can't replace route, no match found
[  624.563220][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  624.573562][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  627.584917][T10003] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  628.002962][T10003] usb 5-1: config 0 has an invalid interface number: 50 but max is 0
[  628.011097][T10003] usb 5-1: config 0 has no interface number 0
[  628.022818][T10003] usb 5-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  628.195470][T10003] usb 5-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid maxpacket 255, setting to 64
[  628.454826][T10003] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  628.511520][T10003] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.541466][T10003] usb 5-1: Product: syz
[  628.565340][T10430] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1199'.
[  628.574924][T10003] usb 5-1: Manufacturer: syz
[  629.037307][T10003] usb 5-1: SerialNumber: syz
[  629.083105][T10430] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1199'.
[  629.173143][T10003] usb 5-1: config 0 descriptor??
[  629.498137][T10424] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  629.552341][T10003] yurex 5-1:0.50: USB YUREX device now attached to Yurex #0
[  629.824447][T10441] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1201'.
[  630.829089][T10450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1203'.
[  631.640503][ T5944] usb 5-1: USB disconnect, device number 16
[  631.666105][ T5944] yurex 5-1:0.50: USB YUREX #0 now disconnected
[  634.049134][T10472] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1210'.
[  634.061546][T10472] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1210'.
[  635.191351][T10488] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1213'.
[  635.327949][T10489] lo speed is unknown, defaulting to 1000
[  638.875403][T10512] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1218'.
[  640.692940][T10532] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  643.893739][T10551] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1228'.
[  643.931312][T10545] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1225'.
[  647.300356][T10578] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  650.923218][T10608] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1241'.
[  651.010153][T10620] can0: slcan on ptm0.
[  651.247547][T10619] can0 (unregistered): slcan off ptm0.
[  657.148501][T10654] IPv6: Can't replace route, no match found
[  658.673489][T10669] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1259'.
[  661.998925][T10712] IPv6: Can't replace route, no match found
[  662.478495][T10715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.506972][T10715] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  663.182790][T10717] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1273'.
[  664.953546][T10729] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1275'.
[  665.862782][ T5944] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  666.682677][ T5944] usb 5-1: Using ep0 maxpacket: 32
[  666.717878][ T5944] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  666.726357][ T5944] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  666.742670][ T5944] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  666.762632][ T5944] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  667.737601][ T5944] usb 5-1: config 0 interface 0 has no altsetting 0
[  668.270967][T10761] syz.5.1281 (10761): drop_caches: 2
[  668.879626][ T5944] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  668.893062][ T5944] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  668.914355][ T5944] usb 5-1: Product: syz
[  668.952871][ T5944] usb 5-1: config 0 descriptor??
[  668.977674][ T5944] usb 5-1: can't set config #0, error -71
[  668.985255][ T5944] usb 5-1: USB disconnect, device number 17
[  670.714542][T10796] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  670.722726][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  670.722746][   T30] audit: type=1804 audit(2000000129.440:164): pid=10796 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.1292" name="file1" dev="ramfs" ino=28853 res=1 errno=0
[  670.744537][T10796] batman_adv: batadv0: Removing interface: batadv_slave_0
[  670.808849][T10796] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  670.841047][T10796] batman_adv: batadv0: Removing interface: batadv_slave_1
[  673.726670][T10818] smk_cipso_doi:679 remove rc = -2
[  673.731928][T10818] smk_cipso_doi:692 cipso add rc = -17
[  676.378380][T10842] FAULT_INJECTION: forcing a failure.
[  676.378380][T10842] name failslab, interval 1, probability 0, space 0, times 0
[  676.464450][T10842] CPU: 0 UID: 0 PID: 10842 Comm: syz.2.1305 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  676.464483][T10842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  676.464495][T10842] Call Trace:
[  676.464503][T10842]  <TASK>
[  676.464513][T10842]  dump_stack_lvl+0x189/0x250
[  676.464549][T10842]  ? __pfx____ratelimit+0x10/0x10
[  676.464579][T10842]  ? __pfx_dump_stack_lvl+0x10/0x10
[  676.464609][T10842]  ? __pfx__printk+0x10/0x10
[  676.464636][T10842]  ? __pfx___might_resched+0x10/0x10
[  676.464672][T10842]  should_fail_ex+0x414/0x560
[  676.464703][T10842]  should_failslab+0xa8/0x100
[  676.464732][T10842]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  676.464758][T10842]  ? __alloc_skb+0x112/0x2d0
[  676.464787][T10842]  __alloc_skb+0x112/0x2d0
[  676.464814][T10842]  netlink_sendmsg+0x5c6/0xb30
[  676.464849][T10842]  ? __pfx_netlink_sendmsg+0x10/0x10
[  676.464883][T10842]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  676.464925][T10842]  ? __pfx_netlink_sendmsg+0x10/0x10
[  676.464950][T10842]  __sock_sendmsg+0x21c/0x270
[  676.464985][T10842]  ____sys_sendmsg+0x505/0x830
[  676.465017][T10842]  ? __pfx_____sys_sendmsg+0x10/0x10
[  676.465053][T10842]  ? import_iovec+0x74/0xa0
[  676.465088][T10842]  ___sys_sendmsg+0x21f/0x2a0
[  676.465116][T10842]  ? __pfx____sys_sendmsg+0x10/0x10
[  676.465184][T10842]  ? __fget_files+0x2a/0x420
[  676.465211][T10842]  ? __fget_files+0x3a0/0x420
[  676.465250][T10842]  __x64_sys_sendmsg+0x19b/0x260
[  676.465279][T10842]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  676.465316][T10842]  ? __pfx_ksys_write+0x10/0x10
[  676.465337][T10842]  ? rcu_is_watching+0x15/0xb0
[  676.465373][T10842]  ? do_syscall_64+0xbe/0x3b0
[  676.465408][T10842]  do_syscall_64+0xfa/0x3b0
[  676.465436][T10842]  ? lockdep_hardirqs_on+0x9c/0x150
[  676.465465][T10842]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.465485][T10842]  ? clear_bhb_loop+0x60/0xb0
[  676.465510][T10842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.465530][T10842] RIP: 0033:0x7f774a18e929
[  676.465549][T10842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  676.465567][T10842] RSP: 002b:00007f774b09a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  676.465591][T10842] RAX: ffffffffffffffda RBX: 00007f774a3b5fa0 RCX: 00007f774a18e929
[  676.465606][T10842] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  676.465620][T10842] RBP: 00007f774b09a090 R08: 0000000000000000 R09: 0000000000000000
[  676.465632][T10842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  676.465644][T10842] R13: 0000000000000000 R14: 00007f774a3b5fa0 R15: 00007ffe1099a798
[  676.465677][T10842]  </TASK>
[  676.735853][    C0] vkms_vblank_simulate: vblank timer overrun
[  676.802768][ T5910] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  676.952927][ T5910] usb 4-1: Using ep0 maxpacket: 32
[  676.968725][ T5910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  677.073729][ T5910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  677.229116][ T5910] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  677.655305][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.676957][ T5910] usb 4-1: config 0 descriptor??
[  677.700410][ T5910] hub 4-1:0.0: USB hub found
[  677.972118][ T5910] hub 4-1:0.0: 1 port detected
[  679.062770][T10846] tipc: Started in network mode
[  679.210668][T10846] tipc: Node identity 2000007, cluster identity 4711
[  679.342703][T10846] tipc: Node number set to 33554439
[  679.348373][T10846] tipc: Cannot configure node identity twice
[  680.354350][T10003] hub 4-1:0.0: hub_ext_port_status failed (err = -32)
[  681.086515][T10881] bond0: Unable to set down delay as MII monitoring is disabled
[  681.103349][ T5947] usb 4-1: USB disconnect, device number 22
[  681.165476][T10881] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  681.233146][T10881] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  681.411243][T10889] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1319'.
[  684.029962][T10923] bridge_slave_0: left allmulticast mode
[  684.035758][T10923] bridge_slave_0: left promiscuous mode
[  684.042839][T10923] bridge0: port 1(bridge_slave_0) entered disabled state
[  684.055021][T10923] bridge_slave_1: left allmulticast mode
[  684.060680][T10923] bridge_slave_1: left promiscuous mode
[  684.066429][T10923] bridge0: port 2(bridge_slave_1) entered disabled state
[  684.085026][T10923] bond0: (slave bond_slave_0): Releasing backup interface
[  684.116830][T10923] bond0: (slave bond_slave_1): Releasing backup interface
[  684.201803][T10923] team0: Port device team_slave_0 removed
[  684.255436][T10923] team0: Port device team_slave_1 removed
[  684.261772][T10923] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  684.269319][T10923] batman_adv: batadv0: Removing interface: batadv_slave_0
[  684.281133][T10923] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  684.288711][T10923] batman_adv: batadv0: Removing interface: batadv_slave_1
[  684.953035][T10938] ntfs3(nullb0): Primary boot signature is not NTFS.
[  684.962093][T10938] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  686.383301][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  686.389829][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  686.686010][T10950] FAULT_INJECTION: forcing a failure.
[  686.686010][T10950] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  686.735790][T10950] CPU: 1 UID: 0 PID: 10950 Comm: syz.5.1336 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  686.735817][T10950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  686.735826][T10950] Call Trace:
[  686.735833][T10950]  <TASK>
[  686.735841][T10950]  dump_stack_lvl+0x189/0x250
[  686.735869][T10950]  ? __pfx____ratelimit+0x10/0x10
[  686.735893][T10950]  ? __pfx_dump_stack_lvl+0x10/0x10
[  686.735914][T10950]  ? __pfx__printk+0x10/0x10
[  686.735930][T10950]  ? __might_fault+0xb0/0x130
[  686.735958][T10950]  should_fail_ex+0x414/0x560
[  686.735982][T10950]  _copy_from_user+0x2d/0xb0
[  686.736058][T10950]  ___sys_sendmsg+0x158/0x2a0
[  686.736097][T10950]  ? __pfx____sys_sendmsg+0x10/0x10
[  686.736149][T10950]  ? __fget_files+0x2a/0x420
[  686.736170][T10950]  ? __fget_files+0x3a0/0x420
[  686.736199][T10950]  __x64_sys_sendmsg+0x19b/0x260
[  686.736220][T10950]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  686.736248][T10950]  ? __pfx_ksys_write+0x10/0x10
[  686.736263][T10950]  ? rcu_is_watching+0x15/0xb0
[  686.736291][T10950]  ? do_syscall_64+0xbe/0x3b0
[  686.736318][T10950]  do_syscall_64+0xfa/0x3b0
[  686.736339][T10950]  ? lockdep_hardirqs_on+0x9c/0x150
[  686.736361][T10950]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.736377][T10950]  ? clear_bhb_loop+0x60/0xb0
[  686.736396][T10950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.736410][T10950] RIP: 0033:0x7feaacb8e929
[  686.736426][T10950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  686.736439][T10950] RSP: 002b:00007feaad95c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  686.736457][T10950] RAX: ffffffffffffffda RBX: 00007feaacdb5fa0 RCX: 00007feaacb8e929
[  686.736469][T10950] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  686.736478][T10950] RBP: 00007feaad95c090 R08: 0000000000000000 R09: 0000000000000000
[  686.736488][T10950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  686.736497][T10950] R13: 0000000000000000 R14: 00007feaacdb5fa0 R15: 00007ffe5b7f4a78
[  686.736523][T10950]  </TASK>
[  687.081525][T10946] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1335'.
[  688.687739][T10958] overlay: ./file0 is not a directory
[  688.801003][T10963] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  689.088427][T10977] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1341'.
[  689.108080][T10977] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1341'.
[  689.137773][T10977] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1341'.
[  689.916594][T10966] loop2: detected capacity change from 0 to 7
[  689.932812][T10966] Dev loop2: unable to read RDB block 7
[  689.967403][T10966]  loop2: unable to read partition table
[  690.001317][T10966] loop2: partition table beyond EOD, truncated
[  690.062739][T10966] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  690.164521][T10986] random: crng reseeded on system resumption
[  690.170907][    C0] vcan0: j1939_tp_rxtimer: 0xffff888029a6f000: rx timeout, send abort
[  690.671024][    C0] vcan0: j1939_tp_rxtimer: 0xffff888029a6f000: abort rx timeout. Force session deactivation
[  691.569711][T11004] FAULT_INJECTION: forcing a failure.
[  691.569711][T11004] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  691.977221][T11004] CPU: 1 UID: 0 PID: 11004 Comm: syz.4.1352 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  691.977254][T11004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  691.977265][T11004] Call Trace:
[  691.977273][T11004]  <TASK>
[  691.977282][T11004]  dump_stack_lvl+0x189/0x250
[  691.977318][T11004]  ? __pfx____ratelimit+0x10/0x10
[  691.977348][T11004]  ? __pfx_dump_stack_lvl+0x10/0x10
[  691.977378][T11004]  ? __pfx__printk+0x10/0x10
[  691.977413][T11004]  should_fail_ex+0x414/0x560
[  691.977443][T11004]  _copy_to_user+0x31/0xb0
[  691.977466][T11004]  simple_read_from_buffer+0xe1/0x170
[  691.977498][T11004]  proc_fail_nth_read+0x1df/0x250
[  691.977532][T11004]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  691.977564][T11004]  ? rw_verify_area+0x258/0x650
[  691.977586][T11004]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  691.977614][T11004]  vfs_read+0x200/0x980
[  691.977644][T11004]  ? __pfx___mutex_lock+0x10/0x10
[  691.977673][T11004]  ? __pfx_vfs_read+0x10/0x10
[  691.977696][T11004]  ? __fget_files+0x2a/0x420
[  691.977728][T11004]  ? __fget_files+0x3a0/0x420
[  691.977752][T11004]  ? __fget_files+0x2a/0x420
[  691.977789][T11004]  ksys_read+0x145/0x250
[  691.977810][T11004]  ? __fget_files+0x3a0/0x420
[  691.977838][T11004]  ? __pfx_ksys_read+0x10/0x10
[  691.977868][T11004]  ? do_syscall_64+0xbe/0x3b0
[  691.977901][T11004]  do_syscall_64+0xfa/0x3b0
[  691.977938][T11004]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.977963][T11004]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  691.977981][T11004]  ? clear_bhb_loop+0x60/0xb0
[  691.978004][T11004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.978023][T11004] RIP: 0033:0x7f582f58d33c
[  691.978042][T11004] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  691.978058][T11004] RSP: 002b:00007f58303b6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  691.978081][T11004] RAX: ffffffffffffffda RBX: 00007f582f7b5fa0 RCX: 00007f582f58d33c
[  691.978096][T11004] RDX: 000000000000000f RSI: 00007f58303b60a0 RDI: 0000000000000006
[  691.978107][T11004] RBP: 00007f58303b6090 R08: 0000000000000000 R09: 0000000000000000
[  691.978118][T11004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  691.978130][T11004] R13: 0000000000000000 R14: 00007f582f7b5fa0 R15: 00007ffea1ce2898
[  691.978163][T11004]  </TASK>
[  693.210931][T11022] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=4194894 (134236608 ns) > initial count (65536 ns). Using initial count to start timer.
[  694.205763][T11037] smk_cipso_doi:679 remove rc = -2
[  694.217276][T11037] smk_cipso_doi:692 cipso add rc = -17
[  699.165959][T11131] syz.5.1400 (11131) used greatest stack depth: 17464 bytes left
[  699.386743][T11150] bond_slave_0: entered promiscuous mode
[  699.393622][T11150] bond_slave_1: entered promiscuous mode
[  699.399880][T11150] macsec1: entered allmulticast mode
[  699.407585][T11150] bond0: entered allmulticast mode
[  699.413058][T11150] bond_slave_0: entered allmulticast mode
[  699.418833][T11150] bond_slave_1: entered allmulticast mode
[  699.427471][T11150] bond0: left allmulticast mode
[  699.432421][T11150] bond_slave_0: left allmulticast mode
[  699.448588][T11150] bond_slave_1: left allmulticast mode
[  699.478000][T11150] bond_slave_0: left promiscuous mode
[  699.483586][T11150] bond_slave_1: left promiscuous mode
[  701.992083][T11188] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1418'.
[  703.880846][T11208] xt_hashlimit: max too large, truncated to 1048576
[  706.152810][ T5834] Bluetooth: hci2: command 0x0406 tx timeout
[  706.210164][   T51] Bluetooth: hci2: Opcode 0x206a failed: -110
[  709.897784][T11265] usb 6-1: USB disconnect, device number 4
[  711.831163][T11285] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  721.228642][T11352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  721.238912][T11352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  725.579835][T11386] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  725.579835][T11386]    program syz.0.1474 not setting count and/or reply_len properly
[  727.037216][T11400] netlink: 'syz.3.1479': attribute type 10 has an invalid length.
[  727.046740][T11400] veth1_macvtap: left promiscuous mode
[  727.058156][T11400] bridge0: port 3(macsec0) entered blocking state
[  727.065370][T11400] bridge0: port 3(macsec0) entered disabled state
[  727.093322][T11400] macsec0: entered allmulticast mode
[  727.186207][T11400] macsec0: entered promiscuous mode
[  727.468603][ T5947] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  727.911410][ T5947] usb 4-1: unable to get BOS descriptor or descriptor too short
[  727.928049][ T5947] usb 4-1: config 0 has no interfaces?
[  727.984002][ T5947] usb 4-1: New USB device found, idVendor=0af0, idProduct=d357, bcdDevice= 0.00
[  728.000713][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.142073][ T5947] usb 4-1: Product: syz
[  728.148645][ T5947] usb 4-1: Manufacturer: syz
[  728.171743][ T5947] usb 4-1: SerialNumber: syz
[  729.003643][ T5947] usb 4-1: config 0 descriptor??
[  731.566551][ T5816] usb 4-1: USB disconnect, device number 23
[  732.961262][T11448] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  732.969237][T11448] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  733.414426][T11452] kvm: pic: non byte read
[  733.429977][T11452] kvm: pic: level sensitive irq not supported
[  733.430089][T11452] kvm: pic: non byte read
[  733.462990][T11452] kvm: pic: level sensitive irq not supported
[  733.463077][T11452] kvm: pic: non byte read
[  733.513164][T11452] kvm: pic: level sensitive irq not supported
[  733.513250][T11452] kvm: pic: non byte read
[  733.553913][T11452] kvm: pic: level sensitive irq not supported
[  733.553998][T11452] kvm: pic: non byte read
[  733.593373][T11452] kvm: pic: level sensitive irq not supported
[  733.593458][T11452] kvm: pic: non byte read
[  733.623015][T11452] kvm: pic: level sensitive irq not supported
[  733.623101][T11452] kvm: pic: non byte read
[  733.653011][T11452] kvm: pic: level sensitive irq not supported
[  733.653099][T11452] kvm: pic: non byte read
[  733.673260][T11452] kvm: pic: level sensitive irq not supported
[  733.673354][T11452] kvm: pic: non byte read
[  733.703027][T11452] kvm: pic: level sensitive irq not supported
[  733.703113][T11452] kvm: pic: non byte read
[  733.746334][T11452] kvm: pic: level sensitive irq not supported
[  734.631999][T11462] syz.0.1500 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  735.593994][T11473] trusted_key: syz.0.1503 sent an empty control message without MSG_MORE.
[  735.785573][T11470] kvm: kvm [11469]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  735.985377][ T5910] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  736.249123][ T5910] usb 4-1: Using ep0 maxpacket: 8
[  736.275151][ T5910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  736.363600][ T5910] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  736.392872][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  736.408671][ T5910] usb 4-1: config 0 descriptor??
[  736.741684][ T5910] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  736.913571][T11489] hub 6-0:1.0: USB hub found
[  736.929676][T11489] hub 6-0:1.0: 1 port detected
[  737.297402][    T9] usb 4-1: USB disconnect, device number 24
[  737.358420][ T6037] Bluetooth: hci0: Frame reassembly failed (-84)
[  737.394514][  T918] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  738.352737][  T918] usb 6-1: device descriptor read/64, error -32
[  738.706076][T11498] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1509'.
[  738.724233][  T918] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  739.550847][   T51] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  739.557856][  T918] usb 6-1: device descriptor read/64, error -32
[  739.624212][T11505] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1511'.
[  739.634817][T11505] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1511'.
[  739.643978][T11505] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1511'.
[  739.699979][  T918] usb usb6-port1: attempt power cycle
[  740.162743][  T918] raw-gadget.1 gadget.5: failed to queue resume event
[  740.170621][  T918] raw-gadget.1 gadget.5: failed to queue reset event
[  740.383226][  T918] raw-gadget.1 gadget.5: failed to queue resume event
[  740.462997][  T918] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  740.652872][    C0] raw-gadget.1 gadget.5: ignoring, device is not running
[  740.660122][  T918] usb 6-1: device descriptor read/8, error -32
[  740.773061][  T918] raw-gadget.1 gadget.5: failed to queue suspend event
[  740.789206][  T918] raw-gadget.1 gadget.5: failed to queue reset event
[  740.971859][  T918] raw-gadget.1 gadget.5: failed to queue resume event
[  741.192711][  T918] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  741.777180][    C0] raw-gadget.1 gadget.5: ignoring, device is not running
[  741.794580][  T918] usb 6-1: device descriptor read/8, error -32
[  742.058942][T11529] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1517'.
[  742.068170][T11529] netlink: 'syz.3.1517': attribute type 5 has an invalid length.
[  742.076356][T11529] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1517'.
[  742.095856][  T918] raw-gadget.1 gadget.5: failed to queue suspend event
[  742.117919][T11529] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  742.127455][T11529] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  742.136656][T11529] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  742.145743][T11529] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  742.157088][T11529] geneve2: entered promiscuous mode
[  742.162649][T11529] geneve2: entered allmulticast mode
[  742.172674][ T5944] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[  742.261827][  T918] usb usb6-port1: unable to enumerate USB device
[  743.196820][ T5944] usb 3-1: config 0 has no interfaces?
[  743.228283][ T5944] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  743.326022][ T5944] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.373143][ T5944] usb 3-1: Product: syz
[  743.420063][ T5944] usb 3-1: Manufacturer: syz
[  743.432564][ T5944] usb 3-1: SerialNumber: syz
[  743.507499][ T5944] usb 3-1: config 0 descriptor??
[  744.382866][   T43] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  744.577800][   T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  744.617831][   T43] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  744.654663][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  744.907354][   T43] usb 5-1: config 0 descriptor??
[  744.940398][   T43] pwc: Askey VC010 type 2 USB webcam detected.
[  745.319887][ T5910] usb 3-1: USB disconnect, device number 21
[  745.341728][   T43] pwc: recv_control_msg error -32 req 02 val 2b00
[  745.351158][   T43] pwc: recv_control_msg error -32 req 02 val 2700
[  745.401141][   T43] pwc: recv_control_msg error -32 req 02 val 2c00
[  745.414819][   T43] pwc: recv_control_msg error -32 req 04 val 1000
[  745.428207][   T43] pwc: recv_control_msg error -32 req 04 val 1300
[  745.813325][   T43] pwc: recv_control_msg error -32 req 04 val 1400
[  745.885848][   T43] pwc: recv_control_msg error -32 req 02 val 2000
[  746.239558][   T43] pwc: recv_control_msg error -71 req 04 val 1500
[  746.252401][   T43] pwc: recv_control_msg error -71 req 02 val 2500
[  746.277861][   T43] pwc: recv_control_msg error -71 req 02 val 2400
[  746.307165][   T43] pwc: recv_control_msg error -71 req 02 val 2600
[  746.370675][   T43] pwc: recv_control_msg error -71 req 02 val 2900
[  746.390432][   T43] pwc: recv_control_msg error -71 req 02 val 2800
[  746.408376][   T43] pwc: recv_control_msg error -71 req 04 val 1100
[  746.423487][   T43] pwc: recv_control_msg error -71 req 04 val 1200
[  746.450042][   T43] pwc: Registered as video103.
[  746.479455][   T43] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input13
[  746.628838][   T43] usb 5-1: USB disconnect, device number 18
[  747.476813][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  747.503472][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  749.237426][T11590] tmpfs: Bad value for 'mpol'
[  751.099681][   T30] audit: type=1326 audit(2000000209.820:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11591 comm="syz.5.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  751.164216][   T30] audit: type=1326 audit(2000000209.820:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11591 comm="syz.5.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  752.127343][   T30] audit: type=1326 audit(2000000209.830:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11591 comm="syz.5.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feaacb2ab19 code=0x7ffc0000
[  752.149131][   T30] audit: type=1326 audit(2000000209.830:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11591 comm="syz.5.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feaacb2ab19 code=0x7ffc0000
[  752.170938][   T30] audit: type=1326 audit(2000000209.830:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11591 comm="syz.5.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feaacb2ab19 code=0x7ffc0000
[  752.193315][   T30] audit: type=1326 audit(2000000209.830:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11591 comm="syz.5.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feaacb2ab19 code=0x7ffc0000
[  752.214935][   T30] audit: type=1326 audit(2000000209.830:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11591 comm="syz.5.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feaacb2ab19 code=0x7ffc0000
[  752.236658][   T30] audit: type=1326 audit(2000000209.830:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11591 comm="syz.5.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feaacb2ab19 code=0x7ffc0000
[  752.264975][   T30] audit: type=1326 audit(2000000209.830:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11591 comm="syz.5.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feaacb2ab19 code=0x7ffc0000
[  752.319073][   T30] audit: type=1326 audit(2000000209.830:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11591 comm="syz.5.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feaacb2ab19 code=0x7ffc0000
[  752.369794][T11616] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1546'.
[  755.554784][T11651] ceph: No mds server is up or the cluster is laggy
[  755.576406][   T43] libceph: connect (1)[c::]:6789 error -101
[  755.605503][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  756.465240][T11668] kvm: kvm [11662]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x80
[  756.509647][T11668] kvm: kvm [11662]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0
[  756.518520][T11668] kvm: kvm [11662]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  756.804171][T11677] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  756.832277][T11677] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  756.847882][T11677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  756.861735][T11677] misc userio: No port type given on /dev/userio
[  756.870058][T11677] misc userio: The device must be registered before sending interrupts
[  760.142468][T11695] netlink: 292 bytes leftover after parsing attributes in process `syz.3.1570'.
[  760.876356][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x7
[  760.907198][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  760.933819][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  760.970212][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  760.999864][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x2
[  761.040883][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.061843][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.086122][T11711] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1575'.
[  761.095366][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.105525][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.121465][T11711] syz_tun: entered promiscuous mode
[  761.128677][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.138967][T11711] syz_tun: left promiscuous mode
[  761.144263][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.159834][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.193098][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.259751][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.404997][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.477576][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.567358][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.576232][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.584080][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.591918][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.600395][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.681237][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.969261][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  761.987567][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  762.005602][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  762.024395][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  762.050272][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  762.174895][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  762.182364][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  762.189882][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  762.198441][T10003] hid-generic 0000:0000:0000.0008: unknown main item tag 0x1
[  762.246252][T10003] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  774.552267][T11839] warning: `syz.2.1611' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  777.094306][T11492] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  784.869545][T11933] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  788.345082][   T30] kauditd_printk_skb: 251 callbacks suppressed
[  788.345103][   T30] audit: type=1326 audit(2000000246.950:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.5.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  788.968634][   T30] audit: type=1326 audit(2000000246.950:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.5.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  789.773139][   T30] audit: type=1326 audit(2000000246.990:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.5.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  789.794869][   T30] audit: type=1326 audit(2000000246.990:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.5.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  789.862928][   T30] audit: type=1326 audit(2000000246.990:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.5.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  789.893994][   T30] audit: type=1326 audit(2000000247.000:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.5.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  790.178078][   T30] audit: type=1326 audit(2000000247.010:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.5.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  790.203144][   T30] audit: type=1326 audit(2000000247.010:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.5.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  790.970764][   T30] audit: type=1326 audit(2000000247.010:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.5.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  791.026443][   T30] audit: type=1326 audit(2000000247.020:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.5.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x7ffc0000
[  793.097421][T11971] netlink: 'syz.4.1652': attribute type 4 has an invalid length.
[  793.162672][T11971] netlink: 'syz.4.1652': attribute type 4 has an invalid length.
[  793.410254][T11987] lo speed is unknown, defaulting to 1000
[  794.560501][T12001] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1657'.
[  794.681983][T12001] bridge_slave_0: left allmulticast mode
[  794.765856][T12001] bridge_slave_0: left promiscuous mode
[  794.777055][T12001] bridge0: port 1(bridge_slave_0) entered disabled state
[  795.170182][T12001] bridge_slave_1: left allmulticast mode
[  795.251031][T12001] bridge_slave_1: left promiscuous mode
[  795.293316][T12001] bridge0: port 2(bridge_slave_1) entered disabled state
[  795.657490][T12001] bond0: (slave bond_slave_0): Releasing backup interface
[  796.363356][T12001] bond0: (slave bond_slave_1): Releasing backup interface
[  796.541890][T12001] team0: Port device team_slave_0 removed
[  796.637694][T12001] team0: Port device team_slave_1 removed
[  797.116333][T12023] bridge_slave_0: default FDB implementation only supports local addresses
[  797.610595][T12035] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  797.617461][T12035] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  797.626174][T12035] vhci_hcd vhci_hcd.0: Device attached
[  798.143114][ T5944] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  798.641898][T12036] vhci_hcd: connection reset by peer
[  798.880979][   T13] vhci_hcd: stop threads
[  798.887799][ T5960] Bluetooth: hci0: Frame reassembly failed (-84)
[  798.906693][   T13] vhci_hcd: release socket
[  798.950926][   T13] vhci_hcd: disconnect device
[  799.114901][T12045] netlink: 165 bytes leftover after parsing attributes in process `syz.4.1668'.
[  799.566137][T12051] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1669'.
[  800.952929][ T5816] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  800.962290][   T51] Bluetooth: hci0: command 0x1003 tx timeout
[  801.002811][T11492] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  801.612630][ T5816] usb 1-1: Using ep0 maxpacket: 32
[  801.630970][ T5816] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  801.649592][ T5816] usb 1-1: config 0 has no interface number 0
[  801.664425][ T5816] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  802.142767][ T5816] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  802.225387][ T5816] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  802.314211][ T5816] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  802.668579][ T5816] usb 1-1: config 0 descriptor??
[  803.342899][ T5944] vhci_hcd: vhci_device speed not set
[  803.428353][ T5816] uclogic 0003:28BD:0094.0009: pen parameters not found
[  803.456037][ T5816] uclogic 0003:28BD:0094.0009: interface is invalid, ignoring
[  803.528017][T12091] capability: warning: `syz.5.1680' uses 32-bit capabilities (legacy support in use)
[  804.335599][ T5816] usb 1-1: USB disconnect, device number 12
[  807.103151][ T5816] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  807.277447][ T5816] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  807.328907][ T5816] usb 3-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  807.444717][ T5816] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  807.739823][ T5816] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  808.085619][ T5816] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  808.676659][T12134] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[  808.926740][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  808.937963][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  809.202219][T12132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  809.268034][T12132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  809.273191][ T5816] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2
[  809.349154][T11492] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[  809.362808][T11492] CPU: 0 UID: 0 PID: 11492 Comm: kworker/u9:1 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  809.362840][T11492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  809.362875][T11492] Workqueue: hci5 hci_rx_work
[  809.362912][T11492] Call Trace:
[  809.362921][T11492]  <TASK>
[  809.362932][T11492]  dump_stack_lvl+0x189/0x250
[  809.362982][T11492]  ? kernfs_path_from_node+0x2c/0x260
[  809.363015][T11492]  ? __pfx_dump_stack_lvl+0x10/0x10
[  809.363047][T11492]  ? __pfx__printk+0x10/0x10
[  809.363073][T11492]  ? kernfs_path_from_node+0x2c/0x260
[  809.363100][T11492]  ? kernfs_path_from_node+0x2c/0x260
[  809.363131][T11492]  ? kernfs_path_from_node+0x22c/0x260
[  809.363158][T11492]  ? kernfs_path_from_node+0x2c/0x260
[  809.363192][T11492]  sysfs_create_dir_ns+0x259/0x280
[  809.363224][T11492]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  809.363257][T11492]  ? do_raw_spin_unlock+0x122/0x240
[  809.363285][T11492]  kobject_add_internal+0x59f/0xb40
[  809.363315][T11492]  kobject_add+0x155/0x220
[  809.363342][T11492]  ? __pfx_kobject_add+0x10/0x10
[  809.363364][T11492]  ? _raw_spin_unlock+0x28/0x50
[  809.363399][T11492]  ? get_device_parent+0x366/0x3a0
[  809.363428][T11492]  device_add+0x408/0xb50
[  809.363456][T11492]  hci_conn_add_sysfs+0xd5/0x1e0
[  809.363492][T11492]  le_conn_complete_evt+0xc3a/0x1220
[  809.363535][T11492]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  809.363560][T11492]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  809.363590][T11492]  ? __asan_memcpy+0x40/0x70
[  809.363613][T11492]  ? __pfx___mutex_lock+0x10/0x10
[  809.363646][T11492]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  809.363676][T11492]  ? skb_pull_data+0xfb/0x200
[  809.363714][T11492]  hci_le_conn_complete_evt+0x187/0x450
[  809.363748][T11492]  hci_event_packet+0x78c/0x1200
[  809.363784][T11492]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  809.363810][T11492]  ? __pfx_hci_event_packet+0x10/0x10
[  809.363844][T11492]  ? kcov_remote_start+0x4d3/0x7f0
[  809.363881][T11492]  ? lockdep_hardirqs_on+0x20/0x150
[  809.363913][T11492]  ? hci_send_to_monitor+0xe2/0x570
[  809.363940][T11492]  hci_rx_work+0x46a/0xe80
[  809.363983][T11492]  ? process_scheduled_works+0x9ef/0x17b0
[  809.364015][T11492]  process_scheduled_works+0xade/0x17b0
[  809.364083][T11492]  ? __pfx_process_scheduled_works+0x10/0x10
[  809.364137][T11492]  worker_thread+0x8a0/0xda0
[  809.364170][T11492]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  809.364211][T11492]  ? __kthread_parkme+0x7b/0x200
[  809.364255][T11492]  kthread+0x70e/0x8a0
[  809.364283][T11492]  ? __pfx_worker_thread+0x10/0x10
[  809.364312][T11492]  ? __pfx_kthread+0x10/0x10
[  809.364337][T11492]  ? _raw_spin_unlock_irq+0x23/0x50
[  809.364361][T11492]  ? lockdep_hardirqs_on+0x9c/0x150
[  809.364385][T11492]  ? __pfx_kthread+0x10/0x10
[  809.364406][T11492]  ret_from_fork+0x3fc/0x770
[  809.364438][T11492]  ? __pfx_ret_from_fork+0x10/0x10
[  809.364475][T11492]  ? __switch_to_asm+0x39/0x70
[  809.364493][T11492]  ? __switch_to_asm+0x33/0x70
[  809.364511][T11492]  ? __pfx_kthread+0x10/0x10
[  809.364535][T11492]  ret_from_fork_asm+0x1a/0x30
[  809.364577][T11492]  </TASK>
[  809.364610][T11492] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  810.133911][T11492] Bluetooth: hci5: failed to register connection device
[  810.349455][ T5910] usb 3-1: USB disconnect, device number 22
[  811.623045][T12154] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1705'.
[  815.108372][ T5816] IPVS: starting estimator thread 0...
[  815.262885][T12186] IPVS: using max 23 ests per chain, 55200 per kthread
[  818.523705][T12226] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1729'.
[  818.532782][T12226] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1729'.
[  818.541715][T12226] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1729'.
[  819.407013][T12233] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1730'.
[  820.107924][T12241] sch_tbf: burst 32855 is lower than device lo mtu (11337746) !
[  821.428161][T12241] sctp: failed to load transform for md5: -2
[  821.580338][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  821.580358][   T30] audit: type=1326 audit(2000000280.300:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12250 comm="syz.3.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2a4cf2ab19 code=0x7ffc0000
[  821.745134][   T30] audit: type=1326 audit(2000000280.300:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12250 comm="syz.3.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a4cf8e929 code=0x7ffc0000
[  822.659671][   T30] audit: type=1326 audit(2000000280.300:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12250 comm="syz.3.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2a4cf2ab19 code=0x7ffc0000
[  822.682611][   T30] audit: type=1326 audit(2000000280.300:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12250 comm="syz.3.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a4cf8e929 code=0x7ffc0000
[  822.704353][   T30] audit: type=1326 audit(2000000280.300:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12250 comm="syz.3.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2a4cf2ab19 code=0x7ffc0000
[  822.727544][   T30] audit: type=1326 audit(2000000280.300:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12250 comm="syz.3.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a4cf8e929 code=0x7ffc0000
[  822.752800][   T30] audit: type=1326 audit(2000000280.300:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12250 comm="syz.3.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2a4cf2ab19 code=0x7ffc0000
[  822.775178][   T30] audit: type=1326 audit(2000000280.300:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12250 comm="syz.3.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2a4cf2ab19 code=0x7ffc0000
[  822.796950][   T30] audit: type=1326 audit(2000000280.300:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12250 comm="syz.3.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a4cf8e929 code=0x7ffc0000
[  822.818693][   T30] audit: type=1326 audit(2000000280.300:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12250 comm="syz.3.1738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2a4cf2ab19 code=0x7ffc0000
[  822.961279][T12275] unsupported nlmsg_type 40
[  824.012622][ T5910] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  824.185995][ T5910] usb 1-1: config 0 has an invalid interface number: 109 but max is 0
[  824.206043][ T5910] usb 1-1: config 0 has no interface number 0
[  824.212230][ T5910] usb 1-1: New USB device found, idVendor=100d, idProduct=cb01, bcdDevice=84.d1
[  824.275119][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  824.319705][ T5910] usb 1-1: config 0 descriptor??
[  824.352615][ T5816] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  824.369535][ T5910] cxacru 1-1:0.109: usbatm_usb_probe: bind failed: -19!
[  824.522717][ T5816] usb 5-1: Using ep0 maxpacket: 8
[  824.532626][ T5816] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  824.591570][ T5816] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  824.868950][ T5816] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  825.632378][ T5816] usb 5-1: config 0 descriptor??
[  826.692516][ T5816] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  827.085022][T10003] usb 5-1: USB disconnect, device number 19
[  827.803252][ T5898] usb 1-1: USB disconnect, device number 13
[  830.344059][T12348] bridge_slave_0: entered promiscuous mode
[  830.356148][T12348] bridge_slave_0: entered allmulticast mode
[  833.002587][ T5898] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  833.156437][T12386] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1781'.
[  833.166229][T12386] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1781'.
[  833.175341][T12386] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1781'.
[  833.204025][ T5898] usb 3-1: Using ep0 maxpacket: 8
[  833.226985][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  833.248825][ T5898] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  833.258172][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  833.275466][ T5898] usb 3-1: config 0 descriptor??
[  833.312638][    T9] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  833.491330][ T5898] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  833.509388][    T9] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  833.525731][    T9] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  833.538650][    T9] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  833.552371][    T9] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  833.569709][    T9] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  833.605067][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  833.635735][    T9] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  833.665974][    T9] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  833.711693][ T5898] usb 3-1: USB disconnect, device number 23
[  833.717798][    T9] usb 1-1: Product: syz
[  833.722007][    T9] usb 1-1: Manufacturer: syz
[  833.726811][    T9] usb 1-1: SerialNumber: syz
[  833.743028][    T9] usb 1-1: config 0 descriptor??
[  833.749071][T12379] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  833.760261][    T9] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  833.777880][    T9] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  834.247916][    T9] usb 1-1: USB disconnect, device number 14
[  834.297987][    T9] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  835.169047][T12423] netlink: 1010 bytes leftover after parsing attributes in process `syz.3.1795'.
[  835.179510][T12423] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  835.370159][T12425] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1794'.
[  835.379241][T12425] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1794'.
[  835.388255][T12425] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1794'.
[  836.022904][T10003] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  836.243104][T10003] usb 1-1: Using ep0 maxpacket: 8
[  836.351986][T10003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  836.606021][T10003] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  836.701127][T10003] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  836.740999][T10003] usb 1-1: config 0 descriptor??
[  836.801237][T12450] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1804'.
[  837.013635][ T5898] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  837.025615][T10003] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  837.187368][ T5898] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  837.197875][ T5898] usb 4-1: config 0 has no interfaces?
[  837.206818][ T5898] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  837.216668][T10003] usb 1-1: USB disconnect, device number 15
[  837.222824][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  837.237935][ T5898] usb 4-1: Product: syz
[  837.242987][ T5898] usb 4-1: Manufacturer: syz
[  837.247925][ T5898] usb 4-1: SerialNumber: syz
[  837.255257][ T5898] usb 4-1: config 0 descriptor??
[  837.470695][ T5944] usb 4-1: USB disconnect, device number 25
[  839.415914][T12470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1810'.
[  839.425106][T12470] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1810'.
[  840.353819][T12470] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1810'.
[  841.463788][ T5944] libceph: connect (1)[c::]:6789 error -101
[  841.472792][ T5944] libceph: mon0 (1)[c::]:6789 connect error
[  841.552791][T12486] ceph: No mds server is up or the cluster is laggy
[  841.992900][ T5944] libceph: connect (1)[c::]:6789 error -101
[  842.332660][ T5944] libceph: mon0 (1)[c::]:6789 connect error
[  847.518266][T12520] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  851.659693][T12572] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1841'.
[  852.068629][T12572] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1841'.
[  852.122566][T12572] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1841'.
[  852.782710][  T918] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  853.022668][  T918] usb 4-1: Using ep0 maxpacket: 32
[  853.037972][  T918] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  853.061110][  T918] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  853.079139][  T918] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  853.141316][  T918] usb 4-1: Product: syz
[  853.171340][  T918] usb 4-1: Manufacturer: syz
[  853.189143][  T918] usb 4-1: SerialNumber: syz
[  853.225860][  T918] usb 4-1: config 0 descriptor??
[  853.236793][T12578] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  853.458258][T12591] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  855.960206][  T918] usb 4-1: USB disconnect, device number 26
[  857.482127][   T30] kauditd_printk_skb: 147 callbacks suppressed
[  857.482149][   T30] audit: type=1326 audit(2000000030.710:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12616 comm="syz.4.1853" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f582f58e929 code=0x0
[  859.608911][T12631] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1856'.
[  859.774489][T12631] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1856'.
[  859.811168][T12631] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1856'.
[  861.038101][   T30] audit: type=1326 audit(2000000034.220:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12641 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f806e98e929 code=0x7ffc0000
[  861.269249][   T30] audit: type=1326 audit(2000000034.220:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12641 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f806e98e929 code=0x7ffc0000
[  861.520273][   T30] audit: type=1326 audit(2000000034.240:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12641 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f806e98e929 code=0x7ffc0000
[  861.787729][   T30] audit: type=1326 audit(2000000034.240:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12641 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f806e98e929 code=0x7ffc0000
[  861.976341][   T30] audit: type=1326 audit(2000000034.250:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12641 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f806e98e929 code=0x7ffc0000
[  861.998268][   T30] audit: type=1326 audit(2000000034.250:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12641 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f806e98e929 code=0x7ffc0000
[  862.024494][   T30] audit: type=1326 audit(2000000034.260:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12641 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f806e98e929 code=0x7ffc0000
[  862.046308][   T30] audit: type=1326 audit(2000000034.260:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12641 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f806e98e929 code=0x7ffc0000
[  862.657901][T12656] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1862'.
[  863.417705][   T30] audit: type=1326 audit(2000000036.640:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12659 comm="syz.2.1866" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f774a18e929 code=0x0
[  865.205288][ T5898] raw-gadget.1 gadget.5: failed to queue reset event
[  865.460300][ T5898] raw-gadget.1 gadget.5: failed to queue resume event
[  865.724042][ T5898] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  865.731819][    C1] raw-gadget.1 gadget.5: ignoring, device is not running
[  865.757930][ T5898] raw-gadget.1 gadget.5: failed to queue reset event
[  865.842691][ T5898] raw-gadget.1 gadget.5: failed to queue resume event
[  865.942603][ T5898] usb 6-1: device descriptor read/64, error -32
[  866.052645][ T5898] raw-gadget.1 gadget.5: failed to queue suspend event
[  866.209343][ T5898] raw-gadget.1 gadget.5: failed to queue reset event
[  866.302794][ T5898] raw-gadget.1 gadget.5: failed to queue resume event
[  866.393075][ T5898] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  866.462183][    C1] raw-gadget.1 gadget.5: ignoring, device is not running
[  866.514188][ T5898] raw-gadget.1 gadget.5: failed to queue reset event
[  866.733873][ T5898] raw-gadget.1 gadget.5: failed to queue resume event
[  866.943815][T12699] kvm: kvm [12691]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x6669
[  867.012563][ T5898] usb 6-1: device descriptor read/64, error -32
[  867.139586][ T5898] raw-gadget.1 gadget.5: failed to queue suspend event
[  867.359336][ T5898] usb usb6-port1: attempt power cycle
[  867.365710][ T5898] raw-gadget.1 gadget.5: failed to queue disconnect event
[  867.373614][ T5898] raw-gadget.1 gadget.5: failed to queue reset event
[  867.406126][T12713] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1880'.
[  867.443471][ T5898] raw-gadget.1 gadget.5: failed to queue resume event
[  867.461182][ T5898] raw-gadget.1 gadget.5: failed to queue reset event
[  867.530648][   T30] audit: type=1326 audit(2000000040.760:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12714 comm="syz.5.1881" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x0
[  867.705831][ T5898] raw-gadget.1 gadget.5: failed to queue resume event
[  867.782680][ T5898] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  867.838605][    C1] raw-gadget.1 gadget.5: ignoring, device is not running
[  867.846070][ T5898] usb 6-1: device descriptor read/8, error -32
[  867.952618][ T5898] raw-gadget.1 gadget.5: failed to queue suspend event
[  867.974760][ T5898] raw-gadget.1 gadget.5: failed to queue reset event
[  868.065501][T12721] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1883'.
[  868.082685][ T5898] raw-gadget.1 gadget.5: failed to queue resume event
[  868.152709][ T5898] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  868.199124][    C1] raw-gadget.1 gadget.5: ignoring, device is not running
[  868.220622][ T5898] usb 6-1: device descriptor read/8, error -32
[  868.342844][ T5898] raw-gadget.1 gadget.5: failed to queue suspend event
[  868.360193][ T5898] usb usb6-port1: unable to enumerate USB device
[  868.381312][T12678] hub 6-0:1.0: USB hub found
[  868.390478][T12678] hub 6-0:1.0: 1 port detected
[  868.453709][ T5910] raw-gadget.1 gadget.5: failed to queue reset event
[  868.528662][ T5910] raw-gadget.1 gadget.5: failed to queue resume event
[  868.602635][ T5910] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  868.627686][    C1] raw-gadget.1 gadget.5: ignoring, device is not running
[  868.636532][ T5910] raw-gadget.1 gadget.5: failed to queue reset event
[  868.838463][T12737] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  869.628883][ T5910] raw-gadget.1 gadget.5: failed to queue resume event
[  869.757904][T12745] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1891'.
[  869.783278][T12745] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1891'.
[  869.832689][ T5910] usb 6-1: device descriptor read/64, error -32
[  870.269649][ T5910] raw-gadget.1 gadget.5: failed to queue suspend event
[  870.278229][ T5910] raw-gadget.1 gadget.5: failed to queue reset event
[  870.316847][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  870.829171][T12745] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1891'.
[  870.842182][ T5910] raw-gadget.1 gadget.5: failed to queue resume event
[  870.849118][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  871.022886][ T5910] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[  871.030665][    C1] raw-gadget.1 gadget.5: ignoring, device is not running
[  871.038909][ T5910] raw-gadget.1 gadget.5: failed to queue reset event
[  871.190292][ T5910] raw-gadget.1 gadget.5: failed to queue resume event
[  871.686973][ T5910] usb 6-1: device descriptor read/64, error -32
[  871.993191][ T5910] raw-gadget.1 gadget.5: failed to queue suspend event
[  872.006451][ T5910] usb usb6-port1: attempt power cycle
[  872.023498][ T5910] raw-gadget.1 gadget.5: failed to queue disconnect event
[  872.034871][ T5910] raw-gadget.1 gadget.5: failed to queue reset event
[  873.024401][   T30] audit: type=1326 audit(2000000046.230:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12767 comm="syz.5.1896" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feaacb8e929 code=0x0
[  873.431711][ T5910] raw-gadget.1 gadget.5: failed to queue resume event
[  873.439279][ T5910] raw-gadget.1 gadget.5: failed to queue reset event
[  873.653993][ T5910] raw-gadget.1 gadget.5: failed to queue resume event
[  873.912062][ T5910] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  873.932868][    C1] raw-gadget.1 gadget.5: ignoring, device is not running
[  873.940149][ T5910] usb 6-1: device descriptor read/8, error -32
[  874.228181][T12790] ALSA: mixer_oss: invalid OSS volume 'MON'
[  874.236148][T12790] overlayfs: failed to resolve './file1': -2
[  874.271025][ T5910] raw-gadget.1 gadget.5: failed to queue suspend event
[  874.754001][ T5910] raw-gadget.1 gadget.5: failed to queue reset event
[  874.932639][ T5910] raw-gadget.1 gadget.5: failed to queue resume event
[  875.027398][ T5910] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  875.077085][    C1] raw-gadget.1 gadget.5: ignoring, device is not running
[  875.086542][ T5910] usb 6-1: device descriptor read/8, error -32
[  875.102242][   T69] ------------[ cut here ]------------
[  875.108634][   T69] RTNL: assertion failed at ./include/net/netdev_lock.h (72)
[  875.119618][   T69] WARNING: CPU: 1 PID: 69 at ./include/net/netdev_lock.h:72 __linkwatch_sync_dev+0x303/0x350
[  875.129909][   T69] Modules linked in:
[  875.134168][   T69] CPU: 1 UID: 0 PID: 69 Comm: kworker/u8:4 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  875.146318][   T69] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  875.156454][   T69] Workqueue: bond0 bond_mii_monitor
[  875.161669][   T69] RIP: 0010:__linkwatch_sync_dev+0x303/0x350
[  875.167880][   T69] Code: 7c fe ff ff e8 8e d0 70 f8 c6 05 e9 5f 3a 06 01 90 48 c7 c7 80 e4 91 8c 48 c7 c6 ec 5b 9b 8d ba 48 00 00 00 e8 5e 7b 34 f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff
[  875.187968][   T69] RSP: 0018:ffffc9000211f670 EFLAGS: 00010246
[  875.194408][   T69] RAX: 39576b6425bb5700 RBX: ffff888073b64000 RCX: ffff88802129da00
[  875.202542][   T69] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  875.210555][   T69] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  875.218590][   T69] R10: dffffc0000000000 R11: fffffbfff1bfa9e4 R12: 1ffff1100e76c85d
[  875.226635][   T69] R13: dffffc0000000000 R14: ffffffff8c1b7208 R15: 0000000000000000
[  875.234681][   T69] FS:  0000000000000000(0000) GS:ffff888125d85000(0000) knlGS:0000000000000000
[  875.243727][   T69] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  875.250362][   T69] CR2: 000000110c3b0c68 CR3: 00000000329c4000 CR4: 00000000003526f0
[  875.258444][   T69] Call Trace:
[  875.261768][   T69]  <TASK>
[  875.264803][   T69]  ? ethtool_op_get_link+0xd/0x70
[  875.269919][   T69]  ethtool_op_get_link+0x15/0x70
[  875.275912][   T69]  bond_check_dev_link+0x444/0x6c0
[  875.281081][   T69]  ? __pfx_bond_check_dev_link+0x10/0x10
[  875.287155][   T69]  ? netdev_lower_get_next_private_rcu+0x9f/0x100
[  875.293647][   T69]  bond_mii_monitor+0x428/0x2e00
[  875.298643][   T69]  ? bond_mii_monitor+0x153/0x2e00
[  875.303874][   T69]  ? __pfx_bond_mii_monitor+0x10/0x10
[  875.309274][   T69]  ? __lock_acquire+0xab9/0xd20
[  875.314199][   T69]  ? process_scheduled_works+0x9ef/0x17b0
[  875.319933][   T69]  ? _raw_spin_unlock_irq+0x23/0x50
[  875.325221][   T69]  ? process_scheduled_works+0x9ef/0x17b0
[  875.330955][   T69]  ? process_scheduled_works+0x9ef/0x17b0
[  875.336745][   T69]  process_scheduled_works+0xade/0x17b0
[  875.342326][   T69]  ? __pfx_process_scheduled_works+0x10/0x10
[  875.342536][ T5944] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  875.348458][   T69]  worker_thread+0x8a0/0xda0
[  875.360877][   T69]  kthread+0x70e/0x8a0
[  875.365036][   T69]  ? __pfx_worker_thread+0x10/0x10
[  875.370194][   T69]  ? __pfx_kthread+0x10/0x10
[  875.374840][   T69]  ? _raw_spin_unlock_irq+0x23/0x50
[  875.380419][   T69]  ? lockdep_hardirqs_on+0x9c/0x150
[  875.385840][   T69]  ? __pfx_kthread+0x10/0x10
[  875.390445][   T69]  ret_from_fork+0x3fc/0x770
[  875.395126][   T69]  ? __pfx_ret_from_fork+0x10/0x10
[  875.400267][   T69]  ? __switch_to_asm+0x39/0x70
[  875.405120][   T69]  ? __switch_to_asm+0x33/0x70
[  875.409912][   T69]  ? __pfx_kthread+0x10/0x10
[  875.414602][   T69]  ret_from_fork_asm+0x1a/0x30
[  875.419392][   T69]  </TASK>
[  875.422412][   T69] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  875.429714][   T69] CPU: 1 UID: 0 PID: 69 Comm: kworker/u8:4 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  875.441688][   T69] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  875.451756][   T69] Workqueue: bond0 bond_mii_monitor
[  875.456967][   T69] Call Trace:
[  875.460265][   T69]  <TASK>
[  875.463196][   T69]  dump_stack_lvl+0x99/0x250
[  875.467790][   T69]  ? __asan_memcpy+0x40/0x70
[  875.472395][   T69]  ? __pfx_dump_stack_lvl+0x10/0x10
[  875.477615][   T69]  ? __pfx__printk+0x10/0x10
[  875.482231][   T69]  panic+0x2db/0x790
[  875.486153][   T69]  ? __pfx_panic+0x10/0x10
[  875.490594][   T69]  ? ret_from_fork_asm+0x1a/0x30
[  875.495532][   T69]  __warn+0x31b/0x4b0
[  875.499512][   T69]  ? __linkwatch_sync_dev+0x303/0x350
[  875.504884][   T69]  ? __linkwatch_sync_dev+0x303/0x350
[  875.510260][   T69]  report_bug+0x2be/0x4f0
[  875.514596][   T69]  ? __linkwatch_sync_dev+0x303/0x350
[  875.519966][   T69]  ? __linkwatch_sync_dev+0x303/0x350
[  875.525348][   T69]  ? __linkwatch_sync_dev+0x305/0x350
[  875.533502][   T69]  handle_bug+0x84/0x160
[  875.537744][   T69]  exc_invalid_op+0x1a/0x50
[  875.542247][   T69]  asm_exc_invalid_op+0x1a/0x20
[  875.547121][   T69] RIP: 0010:__linkwatch_sync_dev+0x303/0x350
[  875.553105][   T69] Code: 7c fe ff ff e8 8e d0 70 f8 c6 05 e9 5f 3a 06 01 90 48 c7 c7 80 e4 91 8c 48 c7 c6 ec 5b 9b 8d ba 48 00 00 00 e8 5e 7b 34 f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff
[  875.572711][   T69] RSP: 0018:ffffc9000211f670 EFLAGS: 00010246
[  875.578779][   T69] RAX: 39576b6425bb5700 RBX: ffff888073b64000 RCX: ffff88802129da00
[  875.586752][   T69] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  875.594735][   T69] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  875.602719][   T69] R10: dffffc0000000000 R11: fffffbfff1bfa9e4 R12: 1ffff1100e76c85d
[  875.610701][   T69] R13: dffffc0000000000 R14: ffffffff8c1b7208 R15: 0000000000000000
[  875.618692][   T69]  ? ethtool_op_get_link+0xd/0x70
[  875.623744][   T69]  ethtool_op_get_link+0x15/0x70
[  875.628685][   T69]  bond_check_dev_link+0x444/0x6c0
[  875.633805][   T69]  ? __pfx_bond_check_dev_link+0x10/0x10
[  875.639461][   T69]  ? netdev_lower_get_next_private_rcu+0x9f/0x100
[  875.645877][   T69]  bond_mii_monitor+0x428/0x2e00
[  875.650820][   T69]  ? bond_mii_monitor+0x153/0x2e00
[  875.655941][   T69]  ? __pfx_bond_mii_monitor+0x10/0x10
[  875.661336][   T69]  ? __lock_acquire+0xab9/0xd20
[  875.666197][   T69]  ? process_scheduled_works+0x9ef/0x17b0
[  875.671950][   T69]  ? _raw_spin_unlock_irq+0x23/0x50
[  875.677160][   T69]  ? process_scheduled_works+0x9ef/0x17b0
[  875.682885][   T69]  ? process_scheduled_works+0x9ef/0x17b0
[  875.688630][   T69]  process_scheduled_works+0xade/0x17b0
[  875.694567][   T69]  ? __pfx_process_scheduled_works+0x10/0x10
[  875.700576][   T69]  worker_thread+0x8a0/0xda0
[  875.705186][   T69]  kthread+0x70e/0x8a0
[  875.709254][   T69]  ? __pfx_worker_thread+0x10/0x10
[  875.714369][   T69]  ? __pfx_kthread+0x10/0x10
[  875.719051][   T69]  ? _raw_spin_unlock_irq+0x23/0x50
[  875.724341][   T69]  ? lockdep_hardirqs_on+0x9c/0x150
[  875.729717][   T69]  ? __pfx_kthread+0x10/0x10
[  875.734304][   T69]  ret_from_fork+0x3fc/0x770
[  875.738905][   T69]  ? __pfx_ret_from_fork+0x10/0x10
[  875.744039][   T69]  ? __switch_to_asm+0x39/0x70
[  875.748805][   T69]  ? __switch_to_asm+0x33/0x70
[  875.753577][   T69]  ? __pfx_kthread+0x10/0x10
[  875.758183][   T69]  ret_from_fork_asm+0x1a/0x30
[  875.762959][   T69]  </TASK>
[  875.766313][   T69] Kernel Offset: disabled
[  875.770640][   T69] Rebooting in 86400 seconds..