last executing test programs:

16m7.628414704s ago: executing program 0 (id=7):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='sched_switch\x00', r4}, 0x18)
io_uring_setup(0x5594, &(0x7f0000000100)={0x0, 0x10000000, 0x1, 0x1, 0x1d2})
r5 = syz_io_uring_setup(0xa0, &(0x7f0000000100)={0x0, 0x200089bd, 0x80, 0x1, 0x385}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x40, 0x2007, @fd=r0, 0xc000000, &(0x7f00000000c0)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x1e})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
io_uring_enter(r5, 0x32dc, 0x0, 0xe, 0x0, 0x0)

16m5.221672314s ago: executing program 0 (id=9):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0, 0x0, 0x4}, 0x18)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socket(0x2a, 0x80000, 0xb)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b)

16m2.466981735s ago: executing program 0 (id=11):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000140)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'sit0\x00'})
r4 = fsopen(&(0x7f0000000240)='rpc_pipefs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000180)='rootcontext', &(0x7f0000000040)='E\xe1\x85\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0), 0x802, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

16m0.835973024s ago: executing program 0 (id=13):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x100010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r4, r3, 0x0, 0x20000023893)

15m59.560589844s ago: executing program 0 (id=14):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4005000}, 0x0)
sendmsg$NFT_MSG_GETCHAIN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x2c, 0x4, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffd}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000800)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001200010a00000000000000008004"], 0x26}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
sendmmsg(r0, &(0x7f0000000ec0)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @private=0xa010100, 0x4}, 0x80, &(0x7f0000000340)=[{&(0x7f00000006c0)="cc5c84001214dbd9e5943aa8a315357330c56529d6b619a78687eea13ea02981afbb0fab70e8c3ab037cd82bd48f4947702a177974e7eff5f2ccdec909645f69e3dea5153157374459f6a21ba8609552d9ada54e81b0f19b55b77cf382ad229baa9decce1ea639a300f1fa65b945a0e29d36cb8ed369e91698c0e9", 0x7b}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb74a9d08d9afa4c86a507485b0e6821ba9d82e6b8522a6eba1734eccbc5659567aa08b5b93be09bc2a6d6319acbd1aeb751f8e9b7ce", 0xb5}, {&(0x7f0000001400)="9af390e2aadb61017e08249a2485ad46a590a90910858e1ceefc66db2ed8f32bf6be0e2f94e7e4db6454393a128402ed26580c7c5ebc85db639da17c927c23dbde640ab030889e8b61f26d270bc73b21c9ac8ba542e6b4ad2cd147059128ba038e4b9ebb20537f437b23b46ec790720e1fb74cef3c677e9978662a84cf2fcf73c73a5e763358496737af6284226bad34fb9083f87d853ab78c816cf32c90bd5c40ff6446214552d29745d34e0c4bfa623d00e5cbb393972371503122a0f44135db5654ace67cddb85a12df91fcf994fc680afe5d34268b23447589ef3f5383d152bf6dd104984297180f896ec8b1ba50952c5ab76e144f5636692d7cf17922c9b447ed6d59553ec6085e07413034875c1ae0947280e1a6f0d5e7f23b32e56ead8590d3269fdcb624cc870968b2f100bf3bc3d2ab105a5f61456d4969181fbd207b6f4d6d9ca0a1920daabec06d0c5e276d18f2571e88373dd41af9080d72aa88b10f8900b48acb61a61007dd4dd0e9240af5382a26f68bd706a83d8df76a4a5d02b39d07f97c4f86dad9e14eb957cc4be52b027a462262589929e3d035188dd9f0561e3ba2de6bafe743d9ae397e9aa423644fba8b2d6425ac1cd78c76e52e04d3a29e74075625fb5e674bab02843991ce804e0d04961f2978f3749c5ad83f355ae5da936fd6e0178d2bd12aacbe0205aa9a15579fd61d738f8d36412e814ba500edaf28ea68b0e96fb1839acf8416d8f5df7fad3b663f68e2ee5784fd01c7021130a490e629b1348acf3479e0392ecabbeeb18ec421c26e76f6f5c480e7decc85a0583a56180f199d26090b10ee5057ec4c1e04be948a5960acda014d646cf91bfdfb9d327f8ab545f8b41e8dbab94f195b189a8642a6b95e0ceb36b640fbdfe21925cc110bd2ef2c3fe24f12f95771b60e2ffbc47e58b2237b5574cadc32aab0f0db3202e4adc44a0651ef97703957857cfb6022578c97802f486bd7f48129f0c120700d0b70e048618a9f1de9f34dbb1f92dadc86f09e6288eb1bdbd1f700cc2df781654dfd57d9da779607080d3bc6dede5818aa8d6c99fa1ffdbb6a1a43040fe1379cf2a8b4b862db428c29e388a6e6b863bc818c2139a0d4238f10baf22f498b6629181f997ac280547e92fe300d0f8dd8b6724df5aa14be73cd630b808a29bfb52707b8db7d0065bd753b3773f8df58c74ea56f4582caa2fa8532b8049fd9ba775afc5b92b767ed0b35d4c086d9af6f7b7ed96f5f9d3734e703fc683fe0ed82b7763c67734067759e27b60036a3b4c53526716c175d75a9fa6ed019d3e1047bcb9c6510665de23cc2802804a0c3a347faba392282df430e5e6141f9eb660f7cb0eaedb832a7880c953bc0188c1f28eb466799e2768886ef81096847f50159278b572b0cca7744d6a572a81ddd2bcea73da3c8a59680bcaaadaf95e1fe91e41a8036835975b072a9587c560e3da854c96c64011755d08fef5228bb2db62a445bc0b9e17dea88854cd6a7c8a288727d5690fc4941978dee5eda2dbdc85915e7a2fdae978adb217b3f6b31cf69b51b9f805f8b447a4868b442933fc0e03860a7084230ff8fdff70665717f9c0bade31f87f5de99643e800feceb0dfdd6d1b67d4056a52f0efa2ed2b1142132c6242d917b46d939aade6a362bf586058385d7fcef1b4e358a093d6781b9e9bf280520ff083a6026bf701237e38927ed21209dbf407a7944ef687b93619b181b9112477fa902f391a7163f93bec2d6369ffba644f4fd5139890fb66bd6017a61d9fd043154eb0ab0de3046cdb8a182a553cece0701a922518cf09cd1ab421ee8ec677a8d453cd8c21bdaa5f8dd804dfe80fffec8c4d778d5e260b65a2f0d3c1b09e9d6bd1f3746aa7fe07374a028a89fc96eb66affbcddfaa01a72058566e33af88e37f43fbba73c0423d54079fad54c136ec5fcd61d5134f833ab44f6cfbc2348871f190ac4c4bc20c97fcb29f4823a8e3bf76f85b10dfd33df0001646a7e0b2ee3e14455f6c8f225b80eed457e772cb2504ded46a24e911428decff4a130be797b6530c33ec1be7b0dd4df6206eca1c4c8dfda776336bcb876d80043195de773fbcf0d3abe53e9a38da0af7a6598815a71ffc937203f5a04e87eb532e579d66d42b06b791b6ebd50e7855f6645d29434bb0280fdf1511b163b12838f39ca864516711501bbe345d46b34ab2f0d8317d45376f73e302a90f5c362b18e1840668a9f27e90f2b715b4b6ae7a6dc387583110a42fd4977635275f7244a1912d0c67cf53d5da8a384839020d71db234fcc4388a735275763f01b2b4967e99f551e489bcc28f693a1e688ac8c39a971f8ae9d973cc7adac4a642a7a84ecca2d0bd24c300b94dff82fa4f95c1ce5fdb9128466443cb8442048e53cd46334d59774de0e2ceefcd4cd2e6c9da7cdc2162346111f7da236d72f33d509d73133951e1a3f84fa7e767cf56fc9bfb3986c5ec501634b92a780f63e0ee61e3d25f51c39b975ea587027a101059e9386f1eaaaab8ebfd5c453e9f86c851f9c78e4e06184f04fa9a54ba0bba5d18108c2973f50cb626eca6e3d5b2907b00d2ad4fff9546482815291bd220fa31c1d1a735562174644fe06131e31ce66064fa6a02d5bda756994f81163b97e854274183bbc4ddeb9bb823944afc3e07caf510732df2835fd11de82cb318b88f4d385adb57ac73ffe7f3d1e387848766e11000c94123f2a7d33a93d3b030ebb1206f26221a1ceef44a708693796ab80add7d9b6907c653c6becc21d49c380b3fea419276a387ad482fc3614fa7cac6ea9d07dffc85c1d3f01f57aa9816f32e3237b05d191c3f3d2ed31c313346176d18dc53307afc3aea306a5b44189b6fce062cd21319f1c0a5cf3bc84aaff275491d5fa26d12173e134bdb776478c27502dd4786cc079b6eb00d05f1c8c27a2e326ef11ad1866529b60e6a9e9ae776f01071e364a4604dfe79fbdfc9828628e50940398cc6b925ea8806ee3bbd22129c5d37551eb5e1ef613b027aebce0a83963888396f3e7c953e5416b522fd3a0660fefaea0fc97ca7d82191e2e8f23ca2aa56e8b9de2e1d3e093b8c3f4d7e700b7193b3d83c5b6bb1e7ff2a1c574c9d15ad79631573e41d46653601c510ec7cd0d6125c8e600ebb41247988c28305ac47eead817fecf4460c2221a399134d1d11363401090691a7bf1f58f27a09311d6591cef3d879570667e9e10eebf7df32ec9417f0132be9f1485b167b58b0bf88e31fb2d3957fa05a4d3f191c1d1caa189fc0c11c04287ceaee39a147aced6e3e9c2fe8f51a9823401ad4bf92b0fd4070aae1fe886b8c160a0d2a1507259e58c5608654f05f444877bf9ec215933d6f0a89a3f6199a23c535d8cf9541f2eb970261b12325884fe64330f67a8b07748522c58e5096a04afc67f08b4b0b3da2c9e010b8f079fabdbd187b3d1f69b9f8110e0ec3a488aa8b8563745f7e9fdc1faeaf542858f417d3a75d416e8f55c46cd962d9ac96ce8b56f7a0e22350d2b9e8a537780edddd519fd43baec4834aa6abb0b8c4007dfbb9dac74bf3802108966bf7d5a2999d16110ad0d2cab1c72c2d0ddce14e5043ee62fe9b722355dd2b7e728a589da59ef46dae95f1b89c22d5487a855bc1ee5f9d1427f643e2fa8748e07e6b51e365ab5e23e32401acc229c09f56868532ca611fa678b13f7f580392aee230878817f9dadc9b071245f75b7f626ab6f3342e8d80c3735e3a37646dfddeddec617fd3c155bb0735dd74eb1b71b957645978638f6bab555681b1e0047f7ccf370051f8fd42b171d16291a79ab5aad78940d12129d4de9f1d0a17f539fe333c7e3af31703dd147044ab4efd666cda9942c14cb25fae13cdb497bf7d71094192765df81234cf3dc9d38cdf373a06f5b723ab987708c8ed1b1b7c14cf55663298e752621be837d9e8f806552e0d605515dc0346354c76536d7681bac9dce48479abf18fc8b45862471ce1d75957a23c6bee5b2eb0022d557b6ad6153124e4594d26cc4a6e70de89086e0365039d215c2d9c7d881766b564b58be42104b4a4cad074eb1600be3a98fd7e19296066ee8a8d141d1b9f070c06c58c4f6e5c73b43022f39a13e701220064ceac7951818b1a88f68b2241efc57d37f224161533c75e279500896058aa03ce9571567172b57dbd40e1e14f8068cec77cde8da6aebf54039de9c7251289192616dca9d90bcc3ca24708dde9309d00d9a61c7be33f5858729ca3726fd8e8fdf911e58d3908797ec7b53cec49a8d51a3a30c3172b4277a8be98346488f10385ab3396ba34390f5f44a6f51606a392c25f4b6c65d3cee98004c5312b9f2a6349facbb7f0491fa0505ddc859e25963fae59e8ff05282c108be2a267690c8d53cd2ab7189b997cca8f0905ebcdc86a29b851546284870b348d54023e16262e78c034885696e931e1b2a7b2c23c59ef21393370a16f068ce46115e6b1c3ba9375bb9cb644ec9032bb2eb57eb4897284164af7a8b0a7019a610985dad9f1ce9f12a9a2399ee63fd6d21ee4adc8cbeb7ffe22b50e14c959042197ae45c8f8db2a5d03d6d9c2d5e826112a0bf6d21854a6d5fc77604e4117d7e9a92804c7db9f3eeca536b61a079654f8afbccc140602db833e537ac3c591b98549b5c70734e98b5a47eb9cc16ab2e0ed4f32ff69558e5dcfa2a3b54b8cf3326d4cdd7e9a0c19e4b703070a996acb40a882c2c512e38b4e3d31fe918a3562526132c7bbd497d3f5d40881e6c7363f2e21c8ae8d3ade72d57b6fe9a6cce7f100ae63775c6706b5004312b057aa9191e7614a69584974629c81e536b6422072cdb55b5d98418bf0b15268551548fbc6a9c84f4f701461c5e8e9f12573cc7611758c085582c823f9500d1fb8fa0eb44423f78fa60262f1578304c834865ba39ae3a1a393cfc3c9892518fca1ce37752f488faeabcb616700e831239025481f489c56331ea60ab91a77a73aca23da9fc2a2f171a0b42708ca64bc23985acd303b5eb32045bd55755facde52d4c5d134374736438996a956b5515a21c3c92968187235f0ec1cc68f671776f6b9805f2597bf6f0f93e55c843db7e590a923867da924981b1f653882bb744b3642e31fc43edbd028e804a71e40a80f0f3945fef279b7d7e060e3f2c3cf755b26a37f600021015ff3096c726ea948c2a25d1dbd7e5f7a6865109a83e99ec6e57bb1eea68c40131e1237e33766212f5fab50541a7028d734aaf1b6da21ef19b513a83d0f66f2db05960d404f918d23095e731b7f95bf79b04c91e419891fd04338508b1d44d47c954855550b1db8ab5e4c6d433d3e0113a9a5945d8f1bfb76a3cedad512d85103cb0bb1d32f7d3e30c19ee27bcadb3924ac774c79a5f5a7dd0d5e5d37400c070d7d97cd0e8841f55dce9461e98e2a3958dee488518f8481125530fb869e128e299c40e7bf341b363d14ed5707c176fc806997145ac1fbc2295c1b47c42b1cd1a1d455e7346c3a5d3fb29fb105a8b17ec42486f0ef3891aa9aeffaabfbafb0d3660609dfca3880209f18fedcee0b53338e4d3d72a4798c53604bc9adf78789be08fd2b2b227e0f37dcf7e30d3b2308dea145e6cd0c7a0a5cf637e192188b5a9f499fe3382c954cf76a889eb975250066a13f7cf275470491d135b9b61eac107d21c41aa4db597b25a0b579ee93", 0xfb6}], 0x3}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000880)="90b9f79fecb3ad0dc00ca95fb148a3ba4355cee5ce27d2c10d8474464a37dea0c1ab2a961404f5aa5493cdadb4b6bf4131e96c0aef0f89065db2aa551c68ce3fa911638fd608ff9e30cce409b6e516e59c272cdbbb88c83dc61199d70f8f7e05d9639d278d53151a6720a51979ffd78dcc1a000929160435bd61e3f36c78b9bd5baef79be54e537dfc26029f52cfd5b4dd3416fc140fce45c077ab5ee206763130ccdaedd3bff9b7a20b6b02e558fd", 0xaf}, {&(0x7f0000000a40)}], 0x3}}], 0x2, 0x11)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

15m59.296644116s ago: executing program 0 (id=15):
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
pwritev(r0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r5, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r6, 0xffffffef}}, 0x10)
close(r5)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10suse\x00\x00\x00\x00\x00\x00\x00dn\x00\x00\x00', 0x0)
r7 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0xd3, &(0x7f0000000180)="f964d59b408171b3", 0x8)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4003}, 0xf1)
sendmmsg$inet6(r7, &(0x7f0000002940), 0x40000000000017d, 0x811)
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r8, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0xfffffffd, 0x0, 0x0, {}, {}, {}, {0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc})
sendto$inet6(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x40d4, &(0x7f0000000140)={0xa, 0x4e23, 0x4, @loopback, 0xffffffff}, 0x1c)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

15m43.470258221s ago: executing program 32 (id=15):
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
pwritev(r0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r5, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r6, 0xffffffef}}, 0x10)
close(r5)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10suse\x00\x00\x00\x00\x00\x00\x00dn\x00\x00\x00', 0x0)
r7 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0xd3, &(0x7f0000000180)="f964d59b408171b3", 0x8)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4003}, 0xf1)
sendmmsg$inet6(r7, &(0x7f0000002940), 0x40000000000017d, 0x811)
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r8, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0xfffffffd, 0x0, 0x0, {}, {}, {}, {0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc})
sendto$inet6(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x40d4, &(0x7f0000000140)={0xa, 0x4e23, 0x4, @loopback, 0xffffffff}, 0x1c)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

15m14.874946201s ago: executing program 4 (id=67):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1a, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e76, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xc}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x880}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r4, 0xc1105511, &(0x7f0000000180)={{0xb, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 'syz1\x00', 0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
sendmmsg$sock(r5, &(0x7f00000044c0), 0x4000000000001c0, 0x0)

15m12.148022507s ago: executing program 4 (id=70):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1a, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e76, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xc}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x880}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(0xffffffffffffffff, 0x8008330e, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
sendmmsg$sock(r4, &(0x7f00000044c0), 0x4000000000001c0, 0x0)

15m10.640823102s ago: executing program 4 (id=74):
r0 = socket(0x10, 0x3, 0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000880)={0x3, 0x2, 0x5, 0xff5})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x22020600)
r4 = syz_clone(0x200, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace(0x8, r4)
syz_pidfd_open(r4, 0x0)
wait4(0x0, 0x0, 0x0, 0x0)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x800452d2, &(0x7f0000000100))
write(r0, &(0x7f0000000140)="fc0000001a000708ab092500090007000aab0700a90100001d60369321000100ff800000000000000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00030026000000140000270400117c22ebc205214000000000008934d07302ade01720d7d5bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a87", 0xfc)

15m8.283701838s ago: executing program 4 (id=76):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8000000000000001}, 0x0)
r3 = add_key$user(&(0x7f0000000240), &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000480)="73ca83", 0x3, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000800)={r3}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={'sha384\x00'}})

15m5.054027247s ago: executing program 4 (id=79):
socket$inet(0x2, 0xa, 0x7ff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0x1, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000000), 0xcff5}, 0x38)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000280)={0x0, 0x800, 0x0, 0x0, 0x4, "0062ba7d820000001652bdc5fcbdc8dace6b04"})
socket$phonet(0x23, 0x2, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000080)=0x5, 0x4)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r2, 0x0, 0x0, 0x0, 0x0)

14m55.775226445s ago: executing program 4 (id=89):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00')
pwritev(r0, &(0x7f0000000100)=[{&(0x7f00000001c0)="da575ee739d8d01fbe5237a0a03cb4e4843f794481be29c6d29d138430612e15a0efc1af9858facf20b8a5ab3556f63191447b96e69cf2bba8bd6669", 0x3c}], 0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r4)
getrlimit(0xfcc1d92dc64ffe8e, &(0x7f0000000100))
r5 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0)
r6 = userfaultfd(0x80801)
syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000040)={0x8098f908, 0x0, "60889f90ac0600000500fdfd9ab67e1db9c9a431078d40f722e600"})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0)
write$sequencer(r0, &(0x7f0000000280)=ANY=[], 0x8)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000380)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0x0, 0x48)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})

14m40.451889586s ago: executing program 33 (id=89):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00')
pwritev(r0, &(0x7f0000000100)=[{&(0x7f00000001c0)="da575ee739d8d01fbe5237a0a03cb4e4843f794481be29c6d29d138430612e15a0efc1af9858facf20b8a5ab3556f63191447b96e69cf2bba8bd6669", 0x3c}], 0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r4)
getrlimit(0xfcc1d92dc64ffe8e, &(0x7f0000000100))
r5 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0)
r6 = userfaultfd(0x80801)
syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000040)={0x8098f908, 0x0, "60889f90ac0600000500fdfd9ab67e1db9c9a431078d40f722e600"})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0)
write$sequencer(r0, &(0x7f0000000280)=ANY=[], 0x8)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000380)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0x0, 0x48)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})

9.827797511s ago: executing program 5 (id=3820):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500)={r0}, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000540)=ANY=[@ANYBLOB="180200000000000000000000030000008500000017000000b7080000000000007b8af8ff00000000b7080000000000807b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0], &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc09b6f2609", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

9.680577811s ago: executing program 5 (id=3821):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x150)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
dup(0xffffffffffffffff)
r1 = openat$cgroup_int(r0, &(0x7f0000001180)='pids.max\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x3)

8.921362958s ago: executing program 5 (id=3822):
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="e000000000000000290000000b00000015"], 0xe0}}], 0x1, 0x480c0)

8.662808795s ago: executing program 5 (id=3826):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50)

8.004600839s ago: executing program 5 (id=3832):
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0xa)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
ioctl$sock_bt_hci(r0, 0x400448e0, &(0x7f00000001c0))

6.915234468s ago: executing program 1 (id=3833):
r0 = getpid()
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x1, 0x28}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
sched_setscheduler(r0, 0x1, 0x0)
process_vm_writev(r0, &(0x7f0000000200), 0x0, &(0x7f0000000900)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
syz_usb_control_io(r3, &(0x7f0000000340)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3c01}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000001d80)={0x2c, 0x0, &(0x7f0000000a40)={0x0, 0x3, 0x4, @string={0x4, 0x3, "d7ef"}}, &(0x7f0000001c00)={0x0, 0xf, 0x8, {0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}}, 0x0, &(0x7f0000001d40)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x2, 0x2, 0x6, 0x7, 0xa, 0xf}}}, &(0x7f00000021c0)={0x84, &(0x7f0000001dc0)={0x20, 0x1c}, &(0x7f0000001e00)={0x0, 0xa, 0x1, 0x81}, &(0x7f0000001e40)={0x0, 0x8, 0x1, 0x2}, 0x0, &(0x7f0000001ec0)={0x20, 0x0, 0x4, {0x200, 0x2}}, &(0x7f0000001f00)={0x40, 0x7, 0x2, 0x1ff}, &(0x7f0000001f40)={0x40, 0x9, 0x1, 0x2}, 0x0, &(0x7f0000001fc0)={0x40, 0xf, 0x2, 0x99}, 0x0, &(0x7f0000002040)={0x40, 0x17, 0x6, @broadcast}, 0x0, &(0x7f00000020c0)={0x40, 0x1a, 0x2, 0x2}, &(0x7f0000002100)={0x40, 0x1c, 0x1, 0x6}, &(0x7f0000002140)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000002180)={0x40, 0x21, 0x1, 0xfc}})
socket$pppl2tp(0x18, 0x1, 0x1)
syz_usb_control_io(r3, 0x0, 0x0)

5.741289245s ago: executing program 2 (id=3840):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = gettid()
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfff}, [@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
readv(r2, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5.424645797s ago: executing program 2 (id=3841):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500)={r0}, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000540)=ANY=[@ANYBLOB="180200000000000000000000030000008500000017000000b7080000000000007b8af8ff00000000b7080000000000807b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc09b6f2609", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.256656659s ago: executing program 2 (id=3842):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x7fff0006}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x842, 0x0)

4.919611396s ago: executing program 1 (id=3843):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
close(0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20)

4.149535671s ago: executing program 1 (id=3844):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x12, 0x2, 0x8, 0xd0eb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50)
recvmsg(0xffffffffffffffff, 0x0, 0x1f00)

3.96635926s ago: executing program 2 (id=3845):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000003e40), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$usbfs(0x0, 0x77, 0x41341)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000711210000000000095000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f0000000080)={'wg2\x00', <r7=>0x0})
sendmsg$WG_CMD_GET_DEVICE(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x1c, r5, 0x301, 0x70bd28, 0x25dfdc06, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x40000)

3.779282445s ago: executing program 3 (id=3846):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
socket(0x10, 0x3, 0x0)
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8)
read(r1, &(0x7f00000002c0)=""/153, 0x99)

3.649503137s ago: executing program 6 (id=3847):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x34180081, 0xfff9, 0x1000, 0xfffffffe, 0x7, 0x0, 0x0, 0x20, 0x8}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0xc00, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

3.554151478s ago: executing program 3 (id=3848):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000400), 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90})
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000180)={0x2, 0x0, 0xe094, 0xb7d375beb1f4ba0d})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000100)={0x4, 0xd6, "ae50e74ba166ea39b2fe57d6c4671314f7e8a03e7e5243a96c75fb36caec7363d79c4dc9fbd8c17c7ce933d30c971a484b143eab4b1a95a3754f19595ca86bc1ac3a591757ea6081c1e110690aee705a119c00b68985398b422dc055bd01e41276899cc9a29edabda26d1c837df1fe520314251b6e09a992a74588d56e498c8bb05381644fe702340f877a522db842942ba084287e7f4910b751d3817fb021454fe4f7129d14222ff464ea8fb09335b98cd716c8781f8cc3df7f36c50915fad36fdac2d011735afa27f9ea66a8d86525be74ef7cdd1f"})

3.500323875s ago: executing program 6 (id=3849):
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd211"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r1, r2, 0x26, 0x0, @void}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r3, r1, 0x0, r1}, 0x10)

2.833748919s ago: executing program 5 (id=3850):
getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0x14)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0xe, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r1}, 0x18)
r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1770, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xb0, 0x0, [{{0x9, 0x4, 0x0, 0xfa, 0xff, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xf4f6, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0x9}}}}}]}}]}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r5 = dup(r4)
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18)
write$FUSE_INIT(r5, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x34180081, 0xfff9, 0x1000, 0xfffffffe, 0x7, 0x0, 0x0, 0x20, 0x8}}, 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffbfff, 0x1, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r6}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0xc00, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}})
syz_usb_control_io$hid(r2, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x89a0, &(0x7f00000002c0)={'syzkaller1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}})
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r9=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r9, 0x89a2, &(0x7f0000000080)={'syzkaller1\x00', @random="060000000010"})
syz_usb_control_io(r2, &(0x7f0000000300)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="2010180000001810945b"], 0x0, 0x0, 0x0, 0x0}, 0x0)

2.544525s ago: executing program 2 (id=3851):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
unshare(0x400)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000040)={0xffffffffffffffff, 0x2, 0x5, 0xc})
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x27, 0x0, 0x3}, 0x6)
listen(r1, 0x3)
ppoll(&(0x7f0000000100)=[{r1, 0x3000}], 0x1, &(0x7f0000000180), 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x14fe8796, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000004000000e27f00000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000006c0)={r4, &(0x7f0000000500), &(0x7f00000003c0)=""/155}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r5, &(0x7f0000000040), &(0x7f0000000480)=""/146}, 0x1d)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x2, 0x3000000, 0x3, 0x80000000, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000040)={0x3ff, 0x7e7, 0x0, 0x9, 0x1, 0x4, 0x7ffffffb, 0x83f8}, 0x0, 0x0)

2.424709603s ago: executing program 3 (id=3852):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000070000002a00000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_kthread_work_queue_work\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r4}, 0x10)
close(r2)

2.372981553s ago: executing program 6 (id=3853):
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(0xffffffffffffffff, 0x40045402, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
fchmodat(0xffffffffffffff9c, 0x0, 0xffffffca)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000080)=@x86={0x0, 0xfb, 0x3, 0x0, 0xffffffff, 0x7, 0x6, 0xe, 0xf, 0x2, 0x6, 0xfd, 0x0, 0xc03, 0x8, 0x0, 0x10, 0x0, 0x0, '\x00', 0x87, 0x2})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

2.172526819s ago: executing program 6 (id=3854):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/145}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10)
ioctl$USBDEVFS_CONTROL(r4, 0xc0105500, &(0x7f0000000040)={0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0})

2.123668152s ago: executing program 1 (id=3855):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f00000010c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r0)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={0x0, 0x1e4}, 0x1, 0x0, 0x0, 0x4004050}, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r1, 0x2103)
socket$nl_generic(0x10, 0x3, 0x10)
mount$binderfs(0x0, &(0x7f0000000580)='./binderfs\x00', &(0x7f0000000140), 0x1003000, &(0x7f00000004c0)=ANY=[@ANYBLOB])
socket$can_raw(0x1d, 0x3, 0x1)

2.122717404s ago: executing program 3 (id=3856):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1038, 0x1410, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xf, &(0x7f00000006c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x18)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x7, {[@local=@item_4={0x3, 0x2, 0x7, "954d0268"}, @local=@item_012={0x1, 0x2, 0x2, "cc"}]}}, 0x0}, 0x0)

1.568587462s ago: executing program 2 (id=3857):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000002040), 0x82401, 0x0)
clock_adjtime(0xffffffd3, &(0x7f0000000000)={0x1, 0x6, 0x4, 0x0, 0x7, 0x8, 0x652, 0x7, 0x8000009658, 0x7, 0x9, 0x0, 0x10, 0x800000000b, 0x80000000000000, 0xcc0, 0x1, 0x1, 0x94d6, 0x10000000000001, 0x0, 0x809, 0x0, 0xfffffffffffffffa, 0x80003, 0xf64d})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
timer_settime(0x0, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7f, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f00000001c0)={0xbe, 0x0, 0x1})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x4b564d05}]})
r3 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xa, 0x4, 0x4, 0x5, 0x2}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00'}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

1.136206882s ago: executing program 6 (id=3858):
r0 = socket(0x8000000010, 0x2, 0x0)
write(r0, 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r2, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}})

1.102413049s ago: executing program 1 (id=3859):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
timer_create(0x0, 0x0, &(0x7f0000000000))
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

300.554983ms ago: executing program 3 (id=3860):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[], 0x118)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0x4, 0x89727a31546dcc4b, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

26.55899ms ago: executing program 1 (id=3861):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x403, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x22c20}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x7, 0x1}}]}]}, @IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}]}, 0x48}}, 0x0)

25.765384ms ago: executing program 6 (id=3862):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000400), 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90})
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000180)={0x2, 0x0, 0xe094, 0xb7d375beb1f4ba0d})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000100)={0x4, 0xd6, "ae50e74ba166ea39b2fe57d6c4671314f7e8a03e7e5243a96c75fb36caec7363d79c4dc9fbd8c17c7ce933d30c971a484b143eab4b1a95a3754f19595ca86bc1ac3a591757ea6081c1e110690aee705a119c00b68985398b422dc055bd01e41276899cc9a29edabda26d1c837df1fe520314251b6e09a992a74588d56e498c8bb05381644fe702340f877a522db842942ba084287e7f4910b751d3817fb021454fe4f7129d14222ff464ea8fb09335b98cd716c8781f8cc3df7f36c50915fad36fdac2d011735afa27f9ea66a8d86525be74ef7cdd1f"})

0s ago: executing program 3 (id=3863):
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b9104006"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r1, r2, 0x26, 0x0, @void}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r3, r1, 0x0, r1}, 0x10)

kernel console output (not intermixed with test programs):

51 has a duplicate endpoint with address 0x3, skipping
[  924.713643][ T9528] usb 4-1: config 2 interface 103 altsetting 255 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  924.713667][ T9528] usb 4-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  924.713688][ T9528] usb 4-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  924.713706][ T9528] usb 4-1: config 2 interface 103 altsetting 255 has a duplicate endpoint with address 0xC, skipping
[  924.713741][ T9528] usb 4-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  924.713763][ T9528] usb 4-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  924.713783][ T9528] usb 4-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x7, skipping
[  924.713805][ T9528] usb 4-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  924.713826][ T9528] usb 4-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  924.713846][ T9528] usb 4-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x3, skipping
[  924.713867][ T9528] usb 4-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0xC, skipping
[  924.713886][ T9528] usb 4-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[  924.713907][ T9528] usb 4-1: config 2 interface 230 has no altsetting 0
[  924.713924][ T9528] usb 4-1: config 2 interface 103 has no altsetting 0
[  924.713941][ T9528] usb 4-1: config 2 interface 192 has no altsetting 0
[  924.716976][ T9528] usb 4-1: New USB device found, idVendor=0172, idProduct=cbd5, bcdDevice=dc.a8
[  924.717008][ T9528] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  924.717027][ T9528] usb 4-1: Product: syz
[  924.717042][ T9528] usb 4-1: Manufacturer: Љ
[  924.717056][ T9528] usb 4-1: SerialNumber: syz
[  925.028351][T15193] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  925.045022][T15226] ALSA: seq fatal error: cannot create timer (-19)
[  925.408828][ T9528] usb 4-1: USB disconnect, device number 32
[  925.483873][T15243] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3115'.
[  927.029673][ T5883] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  927.229378][ T5883] usb 7-1: Using ep0 maxpacket: 32
[  927.245278][ T5883] usb 7-1: config 2 has an invalid interface number: 230 but max is 2
[  927.245305][ T5883] usb 7-1: config 2 has an invalid interface number: 103 but max is 2
[  927.245323][ T5883] usb 7-1: config 2 has an invalid interface number: 192 but max is 2
[  927.245384][ T5883] usb 7-1: config 2 has no interface number 0
[  927.245401][ T5883] usb 7-1: config 2 has no interface number 1
[  927.245417][ T5883] usb 7-1: config 2 has no interface number 2
[  927.245501][ T5883] usb 7-1: config 2 interface 230 altsetting 51 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  927.245529][ T5883] usb 7-1: config 2 interface 230 altsetting 51 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  927.245556][ T5883] usb 7-1: config 2 interface 230 altsetting 51 endpoint 0x9 has invalid maxpacket 304, setting to 64
[  927.245582][ T5883] usb 7-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x9, skipping
[  927.245604][ T5883] usb 7-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0xC, skipping
[  927.245628][ T5883] usb 7-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x3, skipping
[  927.245668][ T5883] usb 7-1: config 2 interface 103 altsetting 255 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  927.245692][ T5883] usb 7-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  927.245711][ T5883] usb 7-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  927.245730][ T5883] usb 7-1: config 2 interface 103 altsetting 255 has a duplicate endpoint with address 0xC, skipping
[  927.245764][ T5883] usb 7-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  927.245785][ T5883] usb 7-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  927.245811][ T5883] usb 7-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x7, skipping
[  927.245833][ T5883] usb 7-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  927.245858][ T5883] usb 7-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  927.245880][ T5883] usb 7-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x3, skipping
[  927.245901][ T5883] usb 7-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0xC, skipping
[  927.245922][ T5883] usb 7-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[  927.245944][ T5883] usb 7-1: config 2 interface 230 has no altsetting 0
[  927.245961][ T5883] usb 7-1: config 2 interface 103 has no altsetting 0
[  927.245979][ T5883] usb 7-1: config 2 interface 192 has no altsetting 0
[  927.248517][ T5883] usb 7-1: New USB device found, idVendor=0172, idProduct=cbd5, bcdDevice=dc.a8
[  927.248541][ T5883] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  927.248560][ T5883] usb 7-1: Product: syz
[  927.248574][ T5883] usb 7-1: Manufacturer: Љ
[  927.248588][ T5883] usb 7-1: SerialNumber: syz
[  927.270574][T15282] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  927.379404][ T9528] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  927.529406][ T9528] usb 4-1: Using ep0 maxpacket: 8
[  927.601379][ T9528] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  927.601407][ T9528] usb 4-1: config 0 has no interfaces?
[  927.604504][ T9528] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  927.604530][ T9528] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  927.604550][ T9528] usb 4-1: Product: syz
[  927.604563][ T9528] usb 4-1: Manufacturer: syz
[  927.604577][ T9528] usb 4-1: SerialNumber: syz
[  927.675848][ T9528] usb 4-1: config 0 descriptor??
[  927.808997][ T5883] usb 7-1: USB disconnect, device number 23
[  928.159452][ T9528] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[  928.181378][T15331] FAULT_INJECTION: forcing a failure.
[  928.181378][T15331] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  928.181409][T15331] CPU: 0 UID: 0 PID: 15331 Comm: syz.2.3156 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  928.181429][T15331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  928.181447][T15331] Call Trace:
[  928.181454][T15331]  <TASK>
[  928.181461][T15331]  dump_stack_lvl+0x189/0x250
[  928.181489][T15331]  ? __pfx____ratelimit+0x10/0x10
[  928.181512][T15331]  ? __pfx_dump_stack_lvl+0x10/0x10
[  928.181535][T15331]  ? __pfx__printk+0x10/0x10
[  928.181572][T15331]  should_fail_ex+0x46c/0x600
[  928.181601][T15331]  _copy_to_user+0x31/0xb0
[  928.181623][T15331]  simple_read_from_buffer+0xe1/0x170
[  928.181652][T15331]  proc_fail_nth_read+0x1b6/0x220
[  928.181675][T15331]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  928.181697][T15331]  ? rw_verify_area+0x2ac/0x4e0
[  928.181717][T15331]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  928.181738][T15331]  vfs_read+0x206/0xa30
[  928.181768][T15331]  ? __pfx_vfs_read+0x10/0x10
[  928.181785][T15331]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  928.181813][T15331]  ? mutex_lock_nested+0x154/0x1d0
[  928.181830][T15331]  ? fdget_pos+0x253/0x320
[  928.181862][T15331]  ksys_read+0x14b/0x260
[  928.181884][T15331]  ? __pfx_ksys_read+0x10/0x10
[  928.181908][T15331]  ? do_syscall_64+0xbe/0xfa0
[  928.181934][T15331]  do_syscall_64+0xfa/0xfa0
[  928.181954][T15331]  ? lockdep_hardirqs_on+0x9c/0x150
[  928.181975][T15331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  928.181993][T15331]  ? clear_bhb_loop+0x60/0xb0
[  928.182015][T15331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  928.182032][T15331] RIP: 0033:0x7f269cf4d9dc
[  928.182047][T15331] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  928.182062][T15331] RSP: 002b:00007f269b1b6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  928.182081][T15331] RAX: ffffffffffffffda RBX: 00007f269d1a5fa0 RCX: 00007f269cf4d9dc
[  928.182094][T15331] RDX: 000000000000000f RSI: 00007f269b1b60a0 RDI: 0000000000000004
[  928.182106][T15331] RBP: 00007f269b1b6090 R08: 0000000000000000 R09: 0000000000000000
[  928.182117][T15331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  928.182127][T15331] R13: 00007f269d1a6038 R14: 00007f269d1a5fa0 R15: 00007fffa25ad718
[  928.182161][T15331]  </TASK>
[  928.219540][   T10] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  928.429596][ T9528] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  928.454115][ T9528] usb 2-1: New USB device found, idVendor=1bc7, idProduct=1040, bcdDevice=b5.b1
[  928.454145][ T9528] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  928.454160][ T9528] usb 2-1: Product: syz
[  928.454168][ T9528] usb 2-1: Manufacturer: syz
[  928.454175][ T9528] usb 2-1: SerialNumber: syz
[  928.457221][ T9528] usb 2-1: config 0 descriptor??
[  928.495441][ T9528] option 2-1:0.0: GSM modem (1-port) converter detected
[  928.529422][   T10] usb 6-1: Using ep0 maxpacket: 32
[  928.533157][   T10] usb 6-1: config 2 has an invalid interface number: 230 but max is 2
[  928.533184][   T10] usb 6-1: config 2 has an invalid interface number: 103 but max is 2
[  928.533206][   T10] usb 6-1: config 2 has an invalid interface number: 192 but max is 2
[  928.533228][   T10] usb 6-1: config 2 has no interface number 0
[  928.533244][   T10] usb 6-1: config 2 has no interface number 1
[  928.533260][   T10] usb 6-1: config 2 has no interface number 2
[  928.533338][   T10] usb 6-1: config 2 interface 230 altsetting 51 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  928.533365][   T10] usb 6-1: config 2 interface 230 altsetting 51 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  928.533390][   T10] usb 6-1: config 2 interface 230 altsetting 51 endpoint 0x9 has invalid maxpacket 304, setting to 64
[  928.533422][   T10] usb 6-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x9, skipping
[  928.533445][   T10] usb 6-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0xC, skipping
[  928.533470][   T10] usb 6-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x3, skipping
[  928.533511][   T10] usb 6-1: config 2 interface 103 altsetting 255 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  928.533535][   T10] usb 6-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  928.533554][   T10] usb 6-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  928.533575][   T10] usb 6-1: config 2 interface 103 altsetting 255 has a duplicate endpoint with address 0xC, skipping
[  928.533611][   T10] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  928.533633][   T10] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  928.533654][   T10] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x7, skipping
[  928.533675][   T10] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  928.533696][   T10] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  928.533716][   T10] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x3, skipping
[  928.533737][   T10] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0xC, skipping
[  928.533758][   T10] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[  928.533778][   T10] usb 6-1: config 2 interface 230 has no altsetting 0
[  928.533795][   T10] usb 6-1: config 2 interface 103 has no altsetting 0
[  928.533813][   T10] usb 6-1: config 2 interface 192 has no altsetting 0
[  928.536857][   T10] usb 6-1: New USB device found, idVendor=0172, idProduct=cbd5, bcdDevice=dc.a8
[  928.536884][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  928.536907][   T10] usb 6-1: Product: syz
[  928.536921][   T10] usb 6-1: Manufacturer: Љ
[  928.536935][   T10] usb 6-1: SerialNumber: syz
[  928.860243][T15319] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  929.124944][   T10] usb 6-1: USB disconnect, device number 27
[  929.387670][T15361] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3167'.
[  929.387707][T15361] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  929.877837][T15387] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3180'.
[  929.877874][T15387] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3180'.
[  929.877890][T15387] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3180'.
[  931.130108][ T9528] usb 2-1: USB disconnect, device number 35
[  931.132435][ T9528] option 2-1:0.0: device disconnected
[  931.238702][   T44] usb 4-1: USB disconnect, device number 33
[  931.492551][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  931.492624][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  932.422265][T15411] orangefs_mount: mount request failed with -4
[  933.280682][T15436] blktrace: Concurrent blktraces are not allowed on loop1
[  933.689341][T15439] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3202'.
[  933.689388][T15439] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  934.779754][T15470] CIFS mount error: No usable UNC path provided in device string!
[  934.779754][T15470] 
[  934.779777][T15470] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  934.993646][T15474] blktrace: Concurrent blktraces are not allowed on loop1
[  936.619420][ T5869] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  936.699382][   T44] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  936.769492][ T5869] usb 2-1: Using ep0 maxpacket: 32
[  936.772793][ T5869] usb 2-1: config 2 has an invalid interface number: 230 but max is 2
[  936.772817][ T5869] usb 2-1: config 2 has an invalid interface number: 103 but max is 2
[  936.772833][ T5869] usb 2-1: config 2 has an invalid interface number: 192 but max is 2
[  936.772851][ T5869] usb 2-1: config 2 has no interface number 0
[  936.772865][ T5869] usb 2-1: config 2 has no interface number 1
[  936.772879][ T5869] usb 2-1: config 2 has no interface number 2
[  936.772939][ T5869] usb 2-1: config 2 interface 230 altsetting 51 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  936.772963][ T5869] usb 2-1: config 2 interface 230 altsetting 51 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  936.772985][ T5869] usb 2-1: config 2 interface 230 altsetting 51 endpoint 0x9 has invalid maxpacket 304, setting to 64
[  936.773008][ T5869] usb 2-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x9, skipping
[  936.773028][ T5869] usb 2-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0xC, skipping
[  936.773049][ T5869] usb 2-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x3, skipping
[  936.773100][ T5869] usb 2-1: config 2 interface 103 altsetting 255 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  936.773122][ T5869] usb 2-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  936.773140][ T5869] usb 2-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  936.773158][ T5869] usb 2-1: config 2 interface 103 altsetting 255 has a duplicate endpoint with address 0xC, skipping
[  936.773186][ T5869] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  936.773214][ T5869] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  936.773231][ T5869] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x7, skipping
[  936.773249][ T5869] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  936.773266][ T5869] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  936.773283][ T5869] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x3, skipping
[  936.773300][ T5869] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0xC, skipping
[  936.773316][ T5869] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[  936.773333][ T5869] usb 2-1: config 2 interface 230 has no altsetting 0
[  936.773346][ T5869] usb 2-1: config 2 interface 103 has no altsetting 0
[  936.773360][ T5869] usb 2-1: config 2 interface 192 has no altsetting 0
[  936.775877][ T5869] usb 2-1: New USB device found, idVendor=0172, idProduct=cbd5, bcdDevice=dc.a8
[  936.775903][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  936.775922][ T5869] usb 2-1: Product: syz
[  936.775936][ T5869] usb 2-1: Manufacturer: Љ
[  936.775950][ T5869] usb 2-1: SerialNumber: syz
[  936.793551][T15501] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  936.849341][   T44] usb 7-1: Using ep0 maxpacket: 32
[  936.911798][   T44] usb 7-1: unable to get BOS descriptor or descriptor too short
[  936.911873][   T44] usb 7-1: too many configurations: 255, using maximum allowed: 8
[  937.003027][   T44] usb 7-1: unable to read config index 0 descriptor/start: -61
[  937.003067][   T44] usb 7-1: can't read configurations, error -61
[  937.123647][T15526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3238'.
[  937.136332][ T5869] usb 2-1: USB disconnect, device number 36
[  937.249447][   T44] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  937.399506][   T44] usb 7-1: Using ep0 maxpacket: 32
[  937.401814][   T44] usb 7-1: unable to get BOS descriptor or descriptor too short
[  937.401896][   T44] usb 7-1: too many configurations: 255, using maximum allowed: 8
[  937.403753][   T44] usb 7-1: unable to read config index 0 descriptor/start: -61
[  937.403786][   T44] usb 7-1: can't read configurations, error -61
[  937.404192][   T44] usb usb7-port1: attempt power cycle
[  937.749404][   T44] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  938.027290][   T44] usb 7-1: Using ep0 maxpacket: 32
[  938.030072][   T44] usb 7-1: unable to get BOS descriptor or descriptor too short
[  938.030165][   T44] usb 7-1: too many configurations: 255, using maximum allowed: 8
[  938.032370][   T44] usb 7-1: unable to read config index 0 descriptor/start: -61
[  938.032403][   T44] usb 7-1: can't read configurations, error -61
[  938.246270][T15557] CIFS mount error: No usable UNC path provided in device string!
[  938.246270][T15557] 
[  938.246316][T15557] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  939.245157][   T44] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  939.268440][   T44] usb 7-1: Using ep0 maxpacket: 32
[  939.275913][   T44] usb 7-1: unable to get BOS descriptor or descriptor too short
[  939.276001][   T44] usb 7-1: too many configurations: 255, using maximum allowed: 8
[  939.278223][   T44] usb 7-1: unable to read config index 0 descriptor/start: -61
[  939.278256][   T44] usb 7-1: can't read configurations, error -61
[  939.279337][   T44] usb usb7-port1: unable to enumerate USB device
[  939.319371][ T8861] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  939.449392][ T8861] usb 6-1: device descriptor read/64, error -71
[  939.848594][T15581] FAULT_INJECTION: forcing a failure.
[  939.848594][T15581] name failslab, interval 1, probability 0, space 0, times 0
[  939.848624][T15581] CPU: 1 UID: 0 PID: 15581 Comm: syz.3.3262 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  939.848637][T15581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  939.848644][T15581] Call Trace:
[  939.848648][T15581]  <TASK>
[  939.848653][T15581]  dump_stack_lvl+0x189/0x250
[  939.848672][T15581]  ? __pfx____ratelimit+0x10/0x10
[  939.848685][T15581]  ? __pfx_dump_stack_lvl+0x10/0x10
[  939.848699][T15581]  ? __pfx__printk+0x10/0x10
[  939.848714][T15581]  ? __pfx___might_resched+0x10/0x10
[  939.848728][T15581]  should_fail_ex+0x46c/0x600
[  939.848745][T15581]  should_failslab+0xa8/0x100
[  939.848760][T15581]  __kvmalloc_node_noprof+0x169/0x920
[  939.848774][T15581]  ? alloc_fdtable+0x101/0x2c0
[  939.848790][T15581]  alloc_fdtable+0x101/0x2c0
[  939.848801][T15581]  ? dup_fd+0x88e/0xb90
[  939.848815][T15581]  dup_fd+0x896/0xb90
[  939.848833][T15581]  copy_files+0xc9/0x120
[  939.848846][T15581]  ? copy_process+0x979/0x3ae0
[  939.848858][T15581]  copy_process+0x15b0/0x3ae0
[  939.848878][T15581]  ? copy_process+0x979/0x3ae0
[  939.848897][T15581]  ? __pfx_copy_process+0x10/0x10
[  939.848915][T15581]  kernel_clone+0x224/0x7c0
[  939.848930][T15581]  ? __pfx_kernel_clone+0x10/0x10
[  939.848941][T15581]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  939.848965][T15581]  __x64_sys_clone+0x18b/0x1e0
[  939.848980][T15581]  ? __pfx___x64_sys_clone+0x10/0x10
[  939.849001][T15581]  ? __pfx_ksys_write+0x10/0x10
[  939.849016][T15581]  ? do_syscall_64+0xbe/0xfa0
[  939.849030][T15581]  do_syscall_64+0xfa/0xfa0
[  939.849041][T15581]  ? lockdep_hardirqs_on+0x9c/0x150
[  939.849053][T15581]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  939.849063][T15581]  ? clear_bhb_loop+0x60/0xb0
[  939.849075][T15581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  939.849084][T15581] RIP: 0033:0x7f845381efc9
[  939.849094][T15581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  939.849103][T15581] RSP: 002b:00007f8451a64fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  939.849114][T15581] RAX: ffffffffffffffda RBX: 00007f8453a76090 RCX: 00007f845381efc9
[  939.849127][T15581] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000008014a000
[  939.849134][T15581] RBP: 00007f8451a65090 R08: 0000000000000000 R09: 0000000000000000
[  939.849140][T15581] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  939.849146][T15581] R13: 00007f8453a76128 R14: 00007f8453a76090 R15: 00007fffe3500f18
[  939.849164][T15581]  </TASK>
[  939.979903][ T8861] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  940.129360][ T8861] usb 6-1: device descriptor read/64, error -71
[  940.143279][T15589] wireguard0: entered allmulticast mode
[  940.143442][T15589] team0: Device wireguard0 is of different type
[  940.419414][ T8861] usb usb6-port1: attempt power cycle
[  940.561013][T15607] blktrace: Concurrent blktraces are not allowed on loop1
[  940.803672][ T8861] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  941.205088][ T8861] usb 6-1: device descriptor read/8, error -71
[  942.106282][T15608] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  942.876789][ T5883] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  943.019685][ T5883] usb 7-1: Using ep0 maxpacket: 16
[  943.026019][ T5883] usb 7-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  943.026043][ T5883] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  943.026063][ T5883] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  943.030902][ T5883] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  943.030929][ T5883] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.030951][ T5883] usb 7-1: Product: syz
[  943.030965][ T5883] usb 7-1: Manufacturer: syz
[  943.030980][ T5883] usb 7-1: SerialNumber: syz
[  943.325932][T15625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  943.326358][T15625] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  943.349713][ T9528] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  943.499924][ T9528] usb 2-1: Using ep0 maxpacket: 8
[  943.503715][ T9528] usb 2-1: no configurations
[  943.503733][ T9528] usb 2-1: can't read configurations, error -22
[  943.561649][T15625] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3279'.
[  943.592157][T15625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  943.592771][T15625] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  943.594314][T15625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  943.594739][T15625] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  943.641895][ T9528] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  943.664340][ T5883] usb 7-1: 0:2 : does not exist
[  943.700199][ T5883] usb 7-1: USB disconnect, device number 28
[  943.792112][ T9528] usb 2-1: Using ep0 maxpacket: 8
[  943.793072][ T9528] usb 2-1: no configurations
[  943.793088][ T9528] usb 2-1: can't read configurations, error -22
[  943.793590][ T9528] usb usb2-port1: attempt power cycle
[  944.132129][ T9528] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  944.150227][ T9528] usb 2-1: Using ep0 maxpacket: 8
[  944.151149][ T9528] usb 2-1: no configurations
[  944.151166][ T9528] usb 2-1: can't read configurations, error -22
[  944.279476][ T9528] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  944.300163][ T9528] usb 2-1: Using ep0 maxpacket: 8
[  944.300983][ T9528] usb 2-1: no configurations
[  944.300999][ T9528] usb 2-1: can't read configurations, error -22
[  944.301376][ T9528] usb usb2-port1: unable to enumerate USB device
[  945.995297][   T37] audit: type=1326 audit(1761566790.310:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15707 comm="syz.6.3318" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7261a4efc9 code=0x0
[  946.060096][T15713] FAULT_INJECTION: forcing a failure.
[  946.060096][T15713] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  946.060128][T15713] CPU: 1 UID: 0 PID: 15713 Comm: syz.5.3319 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  946.060150][T15713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  946.060161][T15713] Call Trace:
[  946.060169][T15713]  <TASK>
[  946.060234][T15713]  dump_stack_lvl+0x189/0x250
[  946.060264][T15713]  ? __pfx____ratelimit+0x10/0x10
[  946.060286][T15713]  ? __pfx_dump_stack_lvl+0x10/0x10
[  946.060310][T15713]  ? __pfx__printk+0x10/0x10
[  946.060332][T15713]  ? __might_fault+0xb0/0x130
[  946.060367][T15713]  should_fail_ex+0x46c/0x600
[  946.060397][T15713]  _copy_from_user+0x2d/0xb0
[  946.060417][T15713]  __sys_bpf+0x1e3/0x860
[  946.060441][T15713]  ? __pfx___sys_bpf+0x10/0x10
[  946.060461][T15713]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  946.060497][T15713]  ? ksys_write+0x230/0x260
[  946.060522][T15713]  ? __pfx_ksys_write+0x10/0x10
[  946.060550][T15713]  __x64_sys_bpf+0x7c/0x90
[  946.060579][T15713]  do_syscall_64+0xfa/0xfa0
[  946.060600][T15713]  ? lockdep_hardirqs_on+0x9c/0x150
[  946.060620][T15713]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  946.060638][T15713]  ? clear_bhb_loop+0x60/0xb0
[  946.060661][T15713]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  946.060678][T15713] RIP: 0033:0x7f8caaa7efc9
[  946.060695][T15713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  946.060710][T15713] RSP: 002b:00007f8ca8cde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  946.060730][T15713] RAX: ffffffffffffffda RBX: 00007f8caacd5fa0 RCX: 00007f8caaa7efc9
[  946.060744][T15713] RDX: 0000000000000050 RSI: 0000200000000280 RDI: 000000000000000a
[  946.060757][T15713] RBP: 00007f8ca8cde090 R08: 0000000000000000 R09: 0000000000000000
[  946.060768][T15713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  946.060777][T15713] R13: 00007f8caacd6038 R14: 00007f8caacd5fa0 R15: 00007ffc2ff37d28
[  946.060803][T15713]  </TASK>
[  947.028764][T15748] FAULT_INJECTION: forcing a failure.
[  947.028764][T15748] name failslab, interval 1, probability 0, space 0, times 0
[  947.028798][T15748] CPU: 0 UID: 0 PID: 15748 Comm: syz.2.3335 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  947.028820][T15748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  947.028831][T15748] Call Trace:
[  947.028839][T15748]  <TASK>
[  947.028848][T15748]  dump_stack_lvl+0x189/0x250
[  947.028879][T15748]  ? __pfx____ratelimit+0x10/0x10
[  947.028902][T15748]  ? __pfx_dump_stack_lvl+0x10/0x10
[  947.028927][T15748]  ? __pfx__printk+0x10/0x10
[  947.028956][T15748]  ? __pfx___might_resched+0x10/0x10
[  947.028975][T15748]  ? fs_reclaim_acquire+0x7d/0x100
[  947.029004][T15748]  should_fail_ex+0x46c/0x600
[  947.029032][T15748]  ? __alloc_skb+0x112/0x2d0
[  947.029049][T15748]  should_failslab+0xa8/0x100
[  947.029074][T15748]  ? __alloc_skb+0x112/0x2d0
[  947.029089][T15748]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  947.029122][T15748]  __alloc_skb+0x112/0x2d0
[  947.029145][T15748]  _sctp_make_chunk+0x5e/0x430
[  947.029174][T15748]  sctp_make_datafrag_empty+0x122/0x230
[  947.029200][T15748]  ? __pfx_sctp_make_datafrag_empty+0x10/0x10
[  947.029222][T15748]  ? __kmalloc_cache_noprof+0x1ef/0x6c0
[  947.029248][T15748]  ? __lock_acquire+0xab9/0xd20
[  947.029268][T15748]  ? sctp_auth_send_cid+0x69/0x250
[  947.029294][T15748]  sctp_datamsg_from_user+0x729/0xef0
[  947.029329][T15748]  ? __genradix_ptr+0x1e1/0x220
[  947.029359][T15748]  sctp_sendmsg_to_asoc+0xffe/0x1810
[  947.029413][T15748]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  947.029443][T15748]  ? rt_spin_unlock+0x161/0x200
[  947.029462][T15748]  ? sctp_sendmsg_check_sflags+0x18d/0x2e0
[  947.029492][T15748]  sctp_sendmsg+0x174f/0x2590
[  947.029529][T15748]  ? __pfx_sctp_sendmsg+0x10/0x10
[  947.029558][T15748]  ? __might_fault+0xb0/0x130
[  947.029596][T15748]  ? sock_rps_record_flow+0x19/0x410
[  947.029624][T15748]  ? inet_sendmsg+0x2f4/0x370
[  947.029645][T15748]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  947.029673][T15748]  __sock_sendmsg+0x19c/0x270
[  947.029700][T15748]  sock_write_iter+0x27f/0x370
[  947.029726][T15748]  ? __pfx_sock_write_iter+0x10/0x10
[  947.029774][T15748]  vfs_write+0x5d5/0xb40
[  947.029801][T15748]  ? __pfx_sock_write_iter+0x10/0x10
[  947.029825][T15748]  ? __pfx_vfs_write+0x10/0x10
[  947.029857][T15748]  ? __fget_files+0x2a/0x420
[  947.029891][T15748]  ksys_write+0x14b/0x260
[  947.029916][T15748]  ? __pfx_ksys_write+0x10/0x10
[  947.029941][T15748]  ? do_syscall_64+0xbe/0xfa0
[  947.029967][T15748]  do_syscall_64+0xfa/0xfa0
[  947.029988][T15748]  ? lockdep_hardirqs_on+0x9c/0x150
[  947.030009][T15748]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  947.030027][T15748]  ? clear_bhb_loop+0x60/0xb0
[  947.030050][T15748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  947.030067][T15748] RIP: 0033:0x7f269cf4efc9
[  947.030084][T15748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  947.030099][T15748] RSP: 002b:00007f269b1b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  947.030119][T15748] RAX: ffffffffffffffda RBX: 00007f269d1a5fa0 RCX: 00007f269cf4efc9
[  947.030133][T15748] RDX: 0000000000029fdf RSI: 0000200000000180 RDI: 0000000000000004
[  947.030146][T15748] RBP: 00007f269b1b6090 R08: 0000000000000000 R09: 0000000000000000
[  947.030158][T15748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  947.030169][T15748] R13: 00007f269d1a6038 R14: 00007f269d1a5fa0 R15: 00007fffa25ad718
[  947.030204][T15748]  </TASK>
[  947.110896][    C1] vkms_vblank_simulate: vblank timer overrun
[  947.639536][T15754] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3333'.
[  947.715372][    C1] vkms_vblank_simulate: vblank timer overrun
[  947.789651][    C1] vkms_vblank_simulate: vblank timer overrun
[  947.831529][   T44] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  948.149582][    C1] vkms_vblank_simulate: vblank timer overrun
[  948.173279][T15756] tty tty2: ldisc open failed (-12), clearing slot 1
[  948.179356][   T44] usb 6-1: Using ep0 maxpacket: 8
[  948.183942][   T44] usb 6-1: no configurations
[  948.183959][   T44] usb 6-1: can't read configurations, error -22
[  948.309379][   T44] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  948.479478][   T44] usb 6-1: Using ep0 maxpacket: 8
[  948.480169][   T44] usb 6-1: no configurations
[  948.480184][   T44] usb 6-1: can't read configurations, error -22
[  948.480526][   T44] usb usb6-port1: attempt power cycle
[  948.498263][T15785] FAULT_INJECTION: forcing a failure.
[  948.498263][T15785] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  948.498294][T15785] CPU: 0 UID: 0 PID: 15785 Comm: syz.2.3348 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  948.498315][T15785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  948.498327][T15785] Call Trace:
[  948.498335][T15785]  <TASK>
[  948.498342][T15785]  dump_stack_lvl+0x189/0x250
[  948.498371][T15785]  ? __pfx____ratelimit+0x10/0x10
[  948.498393][T15785]  ? __pfx_dump_stack_lvl+0x10/0x10
[  948.498417][T15785]  ? __pfx__printk+0x10/0x10
[  948.498455][T15785]  should_fail_ex+0x46c/0x600
[  948.498489][T15785]  _copy_to_user+0x31/0xb0
[  948.498511][T15785]  simple_read_from_buffer+0xe1/0x170
[  948.498539][T15785]  proc_fail_nth_read+0x1b6/0x220
[  948.498561][T15785]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  948.498584][T15785]  ? rw_verify_area+0x2ac/0x4e0
[  948.498604][T15785]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  948.498625][T15785]  vfs_read+0x206/0xa30
[  948.498654][T15785]  ? __pfx_vfs_read+0x10/0x10
[  948.498671][T15785]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  948.498700][T15785]  ? mutex_lock_nested+0x154/0x1d0
[  948.498716][T15785]  ? fdget_pos+0x253/0x320
[  948.498749][T15785]  ksys_read+0x14b/0x260
[  948.498772][T15785]  ? __pfx_ksys_read+0x10/0x10
[  948.498797][T15785]  ? do_syscall_64+0xbe/0xfa0
[  948.498823][T15785]  do_syscall_64+0xfa/0xfa0
[  948.498841][T15785]  ? lockdep_hardirqs_on+0x9c/0x150
[  948.498862][T15785]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  948.498879][T15785]  ? clear_bhb_loop+0x60/0xb0
[  948.498901][T15785]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  948.498918][T15785] RIP: 0033:0x7f269cf4d9dc
[  948.498933][T15785] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  948.498947][T15785] RSP: 002b:00007f269b1b6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  948.498966][T15785] RAX: ffffffffffffffda RBX: 00007f269d1a5fa0 RCX: 00007f269cf4d9dc
[  948.498979][T15785] RDX: 000000000000000f RSI: 00007f269b1b60a0 RDI: 0000000000000003
[  948.498991][T15785] RBP: 00007f269b1b6090 R08: 0000000000000000 R09: 0000000000000000
[  948.499002][T15785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  948.499013][T15785] R13: 00007f269d1a6038 R14: 00007f269d1a5fa0 R15: 00007fffa25ad718
[  948.499045][T15785]  </TASK>
[  949.019391][   T44] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  949.040180][   T44] usb 6-1: Using ep0 maxpacket: 8
[  949.040993][   T44] usb 6-1: no configurations
[  949.041009][   T44] usb 6-1: can't read configurations, error -22
[  949.179519][   T44] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  949.333174][    C1] vkms_vblank_simulate: vblank timer overrun
[  949.347967][   T44] usb 6-1: Using ep0 maxpacket: 8
[  949.356773][   T44] usb 6-1: no configurations
[  949.356791][   T44] usb 6-1: can't read configurations, error -22
[  949.357189][   T44] usb usb6-port1: unable to enumerate USB device
[  949.475989][T15819] blktrace: Concurrent blktraces are not allowed on loop1
[  949.480661][    C1] vkms_vblank_simulate: vblank timer overrun
[  950.100061][    C1] vkms_vblank_simulate: vblank timer overrun
[  950.617151][    C1] vkms_vblank_simulate: vblank timer overrun
[  950.778922][    C1] vkms_vblank_simulate: vblank timer overrun
[  950.786163][   T44] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  950.879394][    C1] vkms_vblank_simulate: vblank timer overrun
[  951.305594][T15850] blktrace: Concurrent blktraces are not allowed on loop1
[  951.305621][T15850] FAULT_INJECTION: forcing a failure.
[  951.305621][T15850] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  951.305646][T15850] CPU: 1 UID: 0 PID: 15850 Comm: syz.6.3377 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  951.305667][T15850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  951.305678][T15850] Call Trace:
[  951.305686][T15850]  <TASK>
[  951.305695][T15850]  dump_stack_lvl+0x189/0x250
[  951.305723][T15850]  ? __pfx____ratelimit+0x10/0x10
[  951.305746][T15850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  951.305770][T15850]  ? __pfx__printk+0x10/0x10
[  951.305808][T15850]  should_fail_ex+0x46c/0x600
[  951.305838][T15850]  _copy_to_user+0x31/0xb0
[  951.305860][T15850]  simple_read_from_buffer+0xe1/0x170
[  951.305897][T15850]  proc_fail_nth_read+0x1b6/0x220
[  951.305920][T15850]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  951.305943][T15850]  ? rw_verify_area+0x2ac/0x4e0
[  951.305964][T15850]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  951.305986][T15850]  vfs_read+0x206/0xa30
[  951.306015][T15850]  ? __pfx_vfs_read+0x10/0x10
[  951.306033][T15850]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  951.306062][T15850]  ? mutex_lock_nested+0x154/0x1d0
[  951.306079][T15850]  ? fdget_pos+0x253/0x320
[  951.306111][T15850]  ksys_read+0x14b/0x260
[  951.306131][T15850]  ? __fget_files+0x2a/0x420
[  951.306154][T15850]  ? __pfx_ksys_read+0x10/0x10
[  951.306180][T15850]  ? do_syscall_64+0xbe/0xfa0
[  951.306206][T15850]  do_syscall_64+0xfa/0xfa0
[  951.306225][T15850]  ? lockdep_hardirqs_on+0x9c/0x150
[  951.306247][T15850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  951.306265][T15850]  ? clear_bhb_loop+0x60/0xb0
[  951.306288][T15850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  951.306306][T15850] RIP: 0033:0x7f7261a4d9dc
[  951.306323][T15850] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  951.306339][T15850] RSP: 002b:00007f725fc6c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  951.306359][T15850] RAX: ffffffffffffffda RBX: 00007f7261ca6180 RCX: 00007f7261a4d9dc
[  951.306373][T15850] RDX: 000000000000000f RSI: 00007f725fc6c0a0 RDI: 0000000000000006
[  951.306385][T15850] RBP: 00007f725fc6c090 R08: 0000000000000000 R09: 0000000000000000
[  951.306397][T15850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  951.306408][T15850] R13: 00007f7261ca6218 R14: 00007f7261ca6180 R15: 00007ffe9c5d8af8
[  951.306442][T15850]  </TASK>
[  951.341403][    C1] vkms_vblank_simulate: vblank timer overrun
[  953.054678][    C1] vkms_vblank_simulate: vblank timer overrun
[  953.249393][   T44] usb 6-1: Using ep0 maxpacket: 8
[  953.251838][   T44] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7
[  953.254865][   T44] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  953.254893][   T44] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  953.254913][   T44] usb 6-1: Product: syz
[  953.254929][   T44] usb 6-1: Manufacturer: syz
[  953.254943][   T44] usb 6-1: SerialNumber: syz
[  953.489383][ T5855] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  953.527903][   T44] usb 6-1: palm_os_3_probe - error -71 getting connection information
[  953.528005][   T44] visor 6-1:1.0: probe with driver visor failed with error -71
[  953.575495][   T44] usb 6-1: USB disconnect, device number 36
[  953.609383][ T9528] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  953.649381][ T5855] usb 7-1: Using ep0 maxpacket: 8
[  953.650245][ T5855] usb 7-1: no configurations
[  953.650261][ T5855] usb 7-1: can't read configurations, error -22
[  953.759389][ T9528] usb 2-1: Using ep0 maxpacket: 32
[  953.772572][ T9528] usb 2-1: config 2 has an invalid interface number: 230 but max is 2
[  953.772599][ T9528] usb 2-1: config 2 has an invalid interface number: 103 but max is 2
[  953.772619][ T9528] usb 2-1: config 2 has an invalid interface number: 192 but max is 2
[  953.772646][ T9528] usb 2-1: config 2 has no interface number 0
[  953.772661][ T9528] usb 2-1: config 2 has no interface number 1
[  953.772677][ T9528] usb 2-1: config 2 has no interface number 2
[  953.772754][ T9528] usb 2-1: config 2 interface 230 altsetting 51 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  953.772781][ T9528] usb 2-1: config 2 interface 230 altsetting 51 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  953.772806][ T9528] usb 2-1: config 2 interface 230 altsetting 51 endpoint 0x9 has invalid maxpacket 304, setting to 64
[  953.772831][ T9528] usb 2-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x9, skipping
[  953.772854][ T9528] usb 2-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0xC, skipping
[  953.772878][ T9528] usb 2-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x3, skipping
[  953.772920][ T9528] usb 2-1: config 2 interface 103 altsetting 255 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  953.772944][ T9528] usb 2-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  953.772965][ T9528] usb 2-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  953.772985][ T9528] usb 2-1: config 2 interface 103 altsetting 255 has a duplicate endpoint with address 0xC, skipping
[  953.773020][ T9528] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  953.773041][ T9528] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  953.773063][ T9528] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x7, skipping
[  953.773085][ T9528] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  953.773107][ T9528] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  953.773127][ T9528] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x3, skipping
[  953.773148][ T9528] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0xC, skipping
[  953.773169][ T9528] usb 2-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[  953.773191][ T9528] usb 2-1: config 2 interface 230 has no altsetting 0
[  953.773208][ T9528] usb 2-1: config 2 interface 103 has no altsetting 0
[  953.773224][ T9528] usb 2-1: config 2 interface 192 has no altsetting 0
[  953.782033][ T9528] usb 2-1: New USB device found, idVendor=0172, idProduct=cbd5, bcdDevice=dc.a8
[  953.782061][ T9528] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  953.782081][ T9528] usb 2-1: Product: syz
[  953.782095][ T9528] usb 2-1: Manufacturer: Љ
[  953.782108][ T9528] usb 2-1: SerialNumber: syz
[  953.805813][T15843] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  953.852484][ T5855] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  954.039339][ T5855] usb 7-1: Using ep0 maxpacket: 8
[  954.040169][ T5855] usb 7-1: no configurations
[  954.040185][ T5855] usb 7-1: can't read configurations, error -22
[  954.040580][ T5855] usb usb7-port1: attempt power cycle
[  954.103757][T15879] FAULT_INJECTION: forcing a failure.
[  954.103757][T15879] name failslab, interval 1, probability 0, space 0, times 0
[  954.103789][T15879] CPU: 0 UID: 0 PID: 15879 Comm: syz.2.3391 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  954.103810][T15879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  954.103821][T15879] Call Trace:
[  954.103828][T15879]  <TASK>
[  954.103836][T15879]  dump_stack_lvl+0x189/0x250
[  954.103865][T15879]  ? __pfx____ratelimit+0x10/0x10
[  954.103888][T15879]  ? __pfx_dump_stack_lvl+0x10/0x10
[  954.103911][T15879]  ? __pfx__printk+0x10/0x10
[  954.103938][T15879]  ? __pfx___might_resched+0x10/0x10
[  954.103961][T15879]  should_fail_ex+0x46c/0x600
[  954.103990][T15879]  should_failslab+0xa8/0x100
[  954.104015][T15879]  __kmalloc_noprof+0xcc/0x7d0
[  954.104037][T15879]  ? kfree+0x51/0x950
[  954.104053][T15879]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  954.104081][T15879]  tomoyo_realpath_from_path+0xe3/0x5d0
[  954.104102][T15879]  ? tomoyo_domain+0xda/0x130
[  954.104128][T15879]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  954.104154][T15879]  tomoyo_path_number_perm+0x1e8/0x5a0
[  954.104182][T15879]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  954.104211][T15879]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  954.104233][T15879]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.104285][T15879]  ? __fget_files+0x2a/0x420
[  954.104310][T15879]  ? __fget_files+0x3a6/0x420
[  954.104330][T15879]  ? __fget_files+0x2a/0x420
[  954.104356][T15879]  security_file_ioctl+0xcb/0x2d0
[  954.104377][T15879]  __se_sys_ioctl+0x47/0x170
[  954.104400][T15879]  do_syscall_64+0xfa/0xfa0
[  954.104419][T15879]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.104439][T15879]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.104456][T15879]  ? clear_bhb_loop+0x60/0xb0
[  954.104478][T15879]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.104494][T15879] RIP: 0033:0x7f269cf4efc9
[  954.104510][T15879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  954.104525][T15879] RSP: 002b:00007f269b1b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  954.104543][T15879] RAX: ffffffffffffffda RBX: 00007f269d1a5fa0 RCX: 00007f269cf4efc9
[  954.104563][T15879] RDX: 0000200000000040 RSI: 00000000c02c564a RDI: 0000000000000003
[  954.104575][T15879] RBP: 00007f269b1b6090 R08: 0000000000000000 R09: 0000000000000000
[  954.104586][T15879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  954.104598][T15879] R13: 00007f269d1a6038 R14: 00007f269d1a5fa0 R15: 00007fffa25ad718
[  954.104630][T15879]  </TASK>
[  954.104638][T15879] ERROR: Out of memory at tomoyo_realpath_from_path.
[  954.181147][ T9528] usb 2-1: USB disconnect, device number 41
[  954.523618][T15885] CIFS mount error: No usable UNC path provided in device string!
[  954.523618][T15885] 
[  954.523641][T15885] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  954.569460][ T5855] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  954.592531][ T5855] usb 7-1: Using ep0 maxpacket: 8
[  954.593194][ T5855] usb 7-1: no configurations
[  954.593209][ T5855] usb 7-1: can't read configurations, error -22
[  954.729478][ T5855] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  954.750178][ T5855] usb 7-1: Using ep0 maxpacket: 8
[  954.750841][ T5855] usb 7-1: no configurations
[  954.750857][ T5855] usb 7-1: can't read configurations, error -22
[  954.751345][ T5855] usb usb7-port1: unable to enumerate USB device
[  954.779707][T15901] warning: `syz.3.3398' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  954.973525][T15909] FAULT_INJECTION: forcing a failure.
[  954.973525][T15909] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  954.974061][T15909] CPU: 1 UID: 0 PID: 15909 Comm: syz.2.3402 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  954.974084][T15909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  954.974095][T15909] Call Trace:
[  954.974103][T15909]  <TASK>
[  954.974112][T15909]  dump_stack_lvl+0x189/0x250
[  954.974142][T15909]  ? __pfx____ratelimit+0x10/0x10
[  954.974165][T15909]  ? __pfx_dump_stack_lvl+0x10/0x10
[  954.974189][T15909]  ? __pfx__printk+0x10/0x10
[  954.974224][T15909]  should_fail_ex+0x46c/0x600
[  954.974254][T15909]  _copy_to_user+0x31/0xb0
[  954.974275][T15909]  simple_read_from_buffer+0xe1/0x170
[  954.974303][T15909]  proc_fail_nth_read+0x1b6/0x220
[  954.974327][T15909]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  954.974350][T15909]  ? rw_verify_area+0x2ac/0x4e0
[  954.974370][T15909]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  954.974392][T15909]  vfs_read+0x206/0xa30
[  954.974421][T15909]  ? __pfx_vfs_read+0x10/0x10
[  954.974439][T15909]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  954.974492][T15909]  ? mutex_lock_nested+0x154/0x1d0
[  954.974509][T15909]  ? fdget_pos+0x253/0x320
[  954.974541][T15909]  ksys_read+0x14b/0x260
[  954.974561][T15909]  ? __fget_files+0x2a/0x420
[  954.974584][T15909]  ? __pfx_ksys_read+0x10/0x10
[  954.974612][T15909]  ? do_syscall_64+0xbe/0xfa0
[  954.974638][T15909]  do_syscall_64+0xfa/0xfa0
[  954.974658][T15909]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.974680][T15909]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.974698][T15909]  ? clear_bhb_loop+0x60/0xb0
[  954.974720][T15909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.974738][T15909] RIP: 0033:0x7f269cf4d9dc
[  954.974754][T15909] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  954.974769][T15909] RSP: 002b:00007f269b195030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  954.974790][T15909] RAX: ffffffffffffffda RBX: 00007f269d1a6090 RCX: 00007f269cf4d9dc
[  954.974804][T15909] RDX: 000000000000000f RSI: 00007f269b1950a0 RDI: 0000000000000004
[  954.974816][T15909] RBP: 00007f269b195090 R08: 0000000000000000 R09: 0000000000000000
[  954.974828][T15909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  954.974839][T15909] R13: 00007f269d1a6128 R14: 00007f269d1a6090 R15: 00007fffa25ad718
[  954.974872][T15909]  </TASK>
[  955.445854][T15916] ALSA: seq fatal error: cannot create timer (-19)
[  956.156586][T15959] CIFS mount error: No usable UNC path provided in device string!
[  956.156586][T15959] 
[  956.156606][T15959] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  956.229487][T14579] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  956.388605][T14579] usb 4-1: New USB device found, idVendor=0547, idProduct=6801, bcdDevice=43.6f
[  956.388636][T14579] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  956.388650][T14579] usb 4-1: Product: syz
[  956.388658][T14579] usb 4-1: Manufacturer: syz
[  956.388666][T14579] usb 4-1: SerialNumber: syz
[  956.408008][T14579] usb 4-1: config 0 descriptor??
[  956.424635][T14579] gspca_main: touptek-2.14.0 probing 0547:6801
[  956.479383][   T44] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  957.554296][   T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  957.554327][   T44] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  957.554351][   T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 57532, setting to 1024
[  957.554378][   T44] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 1024
[  957.554415][   T44] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  957.554436][   T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  957.587489][T15991] bond1: entered promiscuous mode
[  957.590126][T15991] 8021q: adding VLAN 0 to HW filter on device bond1
[  957.593435][T15991] bond0: (slave bond1): Enslaving as an active interface with an up link
[  957.680690][   T44] usb 2-1: config 0 descriptor??
[  957.681434][T15965] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  957.884591][   T44] hdpvr 2-1:0.0: firmware version 0x0 dated 
[  957.884612][   T44] hdpvr 2-1:0.0: untested firmware, the driver might not work.
[  958.088489][   T44] hdpvr 2-1:0.0: device init failed
[  958.088580][   T44] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -12
[  958.103359][   T44] usb 2-1: USB disconnect, device number 42
[  958.237699][T16021] FAULT_INJECTION: forcing a failure.
[  958.237699][T16021] name failslab, interval 1, probability 0, space 0, times 0
[  958.237721][T16021] CPU: 0 UID: 0 PID: 16021 Comm: syz.2.3451 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  958.237733][T16021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  958.237740][T16021] Call Trace:
[  958.237745][T16021]  <TASK>
[  958.237750][T16021]  dump_stack_lvl+0x189/0x250
[  958.237769][T16021]  ? __pfx____ratelimit+0x10/0x10
[  958.237782][T16021]  ? __pfx_dump_stack_lvl+0x10/0x10
[  958.237797][T16021]  ? __pfx__printk+0x10/0x10
[  958.237812][T16021]  ? __pfx___might_resched+0x10/0x10
[  958.237823][T16021]  ? fs_reclaim_acquire+0x7d/0x100
[  958.237840][T16021]  should_fail_ex+0x46c/0x600
[  958.237857][T16021]  should_failslab+0xa8/0x100
[  958.237872][T16021]  __kmalloc_cache_noprof+0x6f/0x6c0
[  958.237887][T16021]  ? do_signalfd4+0x138/0x370
[  958.237900][T16021]  do_signalfd4+0x138/0x370
[  958.237913][T16021]  __x64_sys_signalfd+0x12b/0x170
[  958.237924][T16021]  ? __pfx___x64_sys_signalfd+0x10/0x10
[  958.237933][T16021]  ? __secure_computing+0xe2/0x2a0
[  958.237957][T16021]  do_syscall_64+0xfa/0xfa0
[  958.237969][T16021]  ? lockdep_hardirqs_on+0x9c/0x150
[  958.237982][T16021]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.237992][T16021]  ? clear_bhb_loop+0x60/0xb0
[  958.238004][T16021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.238014][T16021] RIP: 0033:0x7f269cf4efc9
[  958.238024][T16021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  958.238033][T16021] RSP: 002b:00007f269b1b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000011a
[  958.238044][T16021] RAX: ffffffffffffffda RBX: 00007f269d1a5fa0 RCX: 00007f269cf4efc9
[  958.238052][T16021] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: ffffffffffffffff
[  958.238059][T16021] RBP: 00007f269b1b6090 R08: 0000000000000000 R09: 0000000000000000
[  958.238065][T16021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  958.238071][T16021] R13: 00007f269d1a6038 R14: 00007f269d1a5fa0 R15: 00007fffa25ad718
[  958.238088][T16021]  </TASK>
[  958.269398][T14579] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[  958.529383][T14579] usb 7-1: Using ep0 maxpacket: 8
[  958.534990][T14579] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  958.535015][T14579] usb 7-1: config 0 has no interfaces?
[  958.537530][T14579] usb 7-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  958.537555][T14579] usb 7-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  958.537575][T14579] usb 7-1: Product: syz
[  958.537589][T14579] usb 7-1: Manufacturer: syz
[  958.537604][T14579] usb 7-1: SerialNumber: syz
[  958.601390][T14579] usb 7-1: config 0 descriptor??
[  958.938635][   T44] usb 4-1: USB disconnect, device number 34
[  959.150057][ T5883] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[  959.296076][T16054] geneve2: entered promiscuous mode
[  959.296105][T16054] geneve2: entered allmulticast mode
[  959.301770][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  959.301801][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  959.301845][ T5883] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  959.301868][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  959.314655][ T5883] usb 2-1: config 0 descriptor??
[  959.352766][ T1017] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  959.359517][ T1017] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  959.359562][ T1017] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  959.359612][ T1017] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  959.483339][T16064] FAULT_INJECTION: forcing a failure.
[  959.483339][T16064] name failslab, interval 1, probability 0, space 0, times 0
[  959.483372][T16064] CPU: 0 UID: 0 PID: 16064 Comm: syz.3.3470 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  959.483393][T16064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  959.483405][T16064] Call Trace:
[  959.483412][T16064]  <TASK>
[  959.483421][T16064]  dump_stack_lvl+0x189/0x250
[  959.483449][T16064]  ? __pfx____ratelimit+0x10/0x10
[  959.483471][T16064]  ? __pfx_dump_stack_lvl+0x10/0x10
[  959.483496][T16064]  ? __pfx__printk+0x10/0x10
[  959.483522][T16064]  ? __pfx___might_resched+0x10/0x10
[  959.483547][T16064]  should_fail_ex+0x46c/0x600
[  959.483576][T16064]  should_failslab+0xa8/0x100
[  959.483602][T16064]  __kmalloc_noprof+0xcc/0x7d0
[  959.483624][T16064]  ? kfree+0x51/0x950
[  959.483641][T16064]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  959.483668][T16064]  tomoyo_realpath_from_path+0xe3/0x5d0
[  959.483691][T16064]  ? tomoyo_domain+0xda/0x130
[  959.483718][T16064]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  959.483752][T16064]  tomoyo_path_number_perm+0x1e8/0x5a0
[  959.483780][T16064]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  959.483809][T16064]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  959.483832][T16064]  ? lockdep_hardirqs_on+0x9c/0x150
[  959.483885][T16064]  ? __fget_files+0x2a/0x420
[  959.483912][T16064]  ? __fget_files+0x3a6/0x420
[  959.483932][T16064]  ? __fget_files+0x2a/0x420
[  959.483957][T16064]  security_file_ioctl+0xcb/0x2d0
[  959.483977][T16064]  __se_sys_ioctl+0x47/0x170
[  959.483999][T16064]  do_syscall_64+0xfa/0xfa0
[  959.484020][T16064]  ? lockdep_hardirqs_on+0x9c/0x150
[  959.484040][T16064]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  959.484058][T16064]  ? clear_bhb_loop+0x60/0xb0
[  959.484080][T16064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  959.484097][T16064] RIP: 0033:0x7f845381efc9
[  959.484114][T16064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  959.484130][T16064] RSP: 002b:00007f8451a86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  959.484149][T16064] RAX: ffffffffffffffda RBX: 00007f8453a75fa0 RCX: 00007f845381efc9
[  959.484163][T16064] RDX: 0000000000000002 RSI: 000000000000540a RDI: 0000000000000003
[  959.484174][T16064] RBP: 00007f8451a86090 R08: 0000000000000000 R09: 0000000000000000
[  959.484185][T16064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  959.484196][T16064] R13: 00007f8453a76038 R14: 00007f8453a75fa0 R15: 00007fffe3500f18
[  959.484229][T16064]  </TASK>
[  959.484237][T16064] ERROR: Out of memory at tomoyo_realpath_from_path.
[  959.509417][T14579] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  959.659385][T14579] usb 6-1: Using ep0 maxpacket: 16
[  959.661732][T14579] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  959.661753][T14579] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  959.661771][T14579] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  959.679404][T14579] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  959.679432][T14579] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  959.679451][T14579] usb 6-1: Product: syz
[  959.679465][T14579] usb 6-1: Manufacturer: syz
[  959.679479][T14579] usb 6-1: SerialNumber: syz
[  959.764913][ T5883] lua 0003:1E7D:2C2E.0014: item fetching failed at offset 0/5
[  959.765658][ T5883] lua 0003:1E7D:2C2E.0014: parse failed
[  959.766935][ T5883] lua 0003:1E7D:2C2E.0014: probe with driver lua failed with error -22
[  959.976257][ T9528] usb 2-1: USB disconnect, device number 43
[  960.217924][T16052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  960.218346][T16052] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  960.342926][T16086] blktrace: Concurrent blktraces are not allowed on loop1
[  960.584509][T16052] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3466'.
[  960.910609][T16089] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  960.911051][T16089] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  960.913826][T16089] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  960.914259][T16089] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  961.079443][ T5883] usb 7-1: USB disconnect, device number 33
[  961.213154][T14579] usb 6-1: 0:2 : does not exist
[  961.237391][T14579] usb 6-1: USB disconnect, device number 37
[  962.365934][T16138] CIFS mount error: No usable UNC path provided in device string!
[  962.365934][T16138] 
[  962.365957][T16138] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  963.626406][T16143] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3501'.
[  964.268687][T16145] FAULT_INJECTION: forcing a failure.
[  964.268687][T16145] name failslab, interval 1, probability 0, space 0, times 0
[  964.268722][T16145] CPU: 0 UID: 0 PID: 16145 Comm: syz.6.3504 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  964.268744][T16145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  964.268756][T16145] Call Trace:
[  964.268764][T16145]  <TASK>
[  964.268773][T16145]  dump_stack_lvl+0x189/0x250
[  964.268802][T16145]  ? __pfx____ratelimit+0x10/0x10
[  964.268824][T16145]  ? __pfx_dump_stack_lvl+0x10/0x10
[  964.268849][T16145]  ? __pfx__printk+0x10/0x10
[  964.268877][T16145]  ? __pfx___might_resched+0x10/0x10
[  964.268902][T16145]  should_fail_ex+0x46c/0x600
[  964.268933][T16145]  should_failslab+0xa8/0x100
[  964.268958][T16145]  __kvmalloc_node_noprof+0x169/0x920
[  964.268982][T16145]  ? alloc_fdtable+0x169/0x2c0
[  964.269009][T16145]  alloc_fdtable+0x169/0x2c0
[  964.269034][T16145]  dup_fd+0x896/0xb90
[  964.269070][T16145]  copy_files+0xc9/0x120
[  964.269093][T16145]  ? copy_process+0x979/0x3ae0
[  964.269114][T16145]  copy_process+0x15b0/0x3ae0
[  964.269148][T16145]  ? copy_process+0x979/0x3ae0
[  964.269183][T16145]  ? __pfx_copy_process+0x10/0x10
[  964.269209][T16145]  ? kernel_clone+0x116/0x7c0
[  964.269247][T16145]  kernel_clone+0x224/0x7c0
[  964.269270][T16145]  ? __pfx_kernel_clone+0x10/0x10
[  964.269318][T16145]  __x64_sys_clone+0x18b/0x1e0
[  964.269345][T16145]  ? __pfx___x64_sys_clone+0x10/0x10
[  964.269382][T16145]  ? irqentry_exit+0x74/0x90
[  964.269404][T16145]  ? lockdep_hardirqs_on+0x9c/0x150
[  964.269432][T16145]  ? do_syscall_64+0xbe/0xfa0
[  964.269458][T16145]  do_syscall_64+0xfa/0xfa0
[  964.269480][T16145]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  964.269498][T16145]  ? asm_sysvec_call_function_single+0x1a/0x20
[  964.269516][T16145]  ? clear_bhb_loop+0x60/0xb0
[  964.269538][T16145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  964.269556][T16145] RIP: 0033:0x7f7261a4efc9
[  964.269573][T16145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  964.269589][T16145] RSP: 002b:00007f725fc8cfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  964.269609][T16145] RAX: ffffffffffffffda RBX: 00007f7261ca6090 RCX: 00007f7261a4efc9
[  964.269623][T16145] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000008014a000
[  964.269635][T16145] RBP: 00007f725fc8d090 R08: 0000000000000000 R09: 0000000000000000
[  964.269647][T16145] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  964.269659][T16145] R13: 00007f7261ca6128 R14: 00007f7261ca6090 R15: 00007ffe9c5d8af8
[  964.269691][T16145]  </TASK>
[  964.637659][T16148] FAULT_INJECTION: forcing a failure.
[  964.637659][T16148] name failslab, interval 1, probability 0, space 0, times 0
[  964.637691][T16148] CPU: 1 UID: 0 PID: 16148 Comm: syz.5.3505 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  964.637713][T16148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  964.637724][T16148] Call Trace:
[  964.637732][T16148]  <TASK>
[  964.637740][T16148]  dump_stack_lvl+0x189/0x250
[  964.637769][T16148]  ? __pfx____ratelimit+0x10/0x10
[  964.637791][T16148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  964.637816][T16148]  ? __pfx__printk+0x10/0x10
[  964.637843][T16148]  ? __pfx___might_resched+0x10/0x10
[  964.637861][T16148]  ? fs_reclaim_acquire+0x7d/0x100
[  964.637890][T16148]  should_fail_ex+0x46c/0x600
[  964.637917][T16148]  ? prepare_creds+0x31/0x6c0
[  964.637939][T16148]  should_failslab+0xa8/0x100
[  964.637964][T16148]  ? prepare_creds+0x31/0x6c0
[  964.637986][T16148]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  964.638016][T16148]  prepare_creds+0x31/0x6c0
[  964.638045][T16148]  copy_creds+0x106/0xa10
[  964.638078][T16148]  copy_process+0x95e/0x3ae0
[  964.638114][T16148]  ? __might_fault+0xb0/0x130
[  964.638150][T16148]  ? __pfx_copy_process+0x10/0x10
[  964.638175][T16148]  ? __asan_memset+0x22/0x50
[  964.638201][T16148]  kernel_clone+0x224/0x7c0
[  964.638227][T16148]  ? __pfx_kernel_clone+0x10/0x10
[  964.638271][T16148]  __se_sys_clone3+0x256/0x2d0
[  964.638294][T16148]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  964.638318][T16148]  ? __pfx___se_sys_clone3+0x10/0x10
[  964.638376][T16148]  ? __pfx_ksys_write+0x10/0x10
[  964.638402][T16148]  ? do_syscall_64+0xbe/0xfa0
[  964.638433][T16148]  do_syscall_64+0xfa/0xfa0
[  964.638453][T16148]  ? lockdep_hardirqs_on+0x9c/0x150
[  964.638474][T16148]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  964.638492][T16148]  ? clear_bhb_loop+0x60/0xb0
[  964.638514][T16148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  964.638532][T16148] RIP: 0033:0x7f8caaa7efc9
[  964.638549][T16148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  964.638564][T16148] RSP: 002b:00007f8ca8cddf08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  964.638584][T16148] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f8caaa7efc9
[  964.638598][T16148] RDX: 00007f8ca8cddf20 RSI: 0000000000000058 RDI: 00007f8ca8cddf20
[  964.638611][T16148] RBP: 00007f8ca8cde090 R08: 0000000000000000 R09: 0000000000000058
[  964.638624][T16148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  964.638635][T16148] R13: 00007f8caacd6038 R14: 00007f8caacd5fa0 R15: 00007ffc2ff37d28
[  964.638669][T16148]  </TASK>
[  965.229719][T16172] FAULT_INJECTION: forcing a failure.
[  965.229719][T16172] name failslab, interval 1, probability 0, space 0, times 0
[  965.229751][T16172] CPU: 0 UID: 0 PID: 16172 Comm: syz.2.3517 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  965.229772][T16172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  965.229784][T16172] Call Trace:
[  965.229792][T16172]  <TASK>
[  965.229801][T16172]  dump_stack_lvl+0x189/0x250
[  965.229830][T16172]  ? __pfx____ratelimit+0x10/0x10
[  965.229851][T16172]  ? __pfx_dump_stack_lvl+0x10/0x10
[  965.229874][T16172]  ? __pfx__printk+0x10/0x10
[  965.229900][T16172]  ? __pfx___might_resched+0x10/0x10
[  965.229924][T16172]  should_fail_ex+0x46c/0x600
[  965.229951][T16172]  should_failslab+0xa8/0x100
[  965.229994][T16172]  __kmalloc_cache_noprof+0x6f/0x6c0
[  965.230017][T16172]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  965.230034][T16172]  ? genl_family_rcv_msg_attrs_parse+0x13b/0x2a0
[  965.230057][T16172]  ? genl_start+0x1c9/0x6c0
[  965.230083][T16172]  genl_start+0x1c9/0x6c0
[  965.230114][T16172]  __netlink_dump_start+0x469/0x7e0
[  965.230150][T16172]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  965.230177][T16172]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  965.230212][T16172]  ? rcu_is_watching+0x15/0xb0
[  965.230230][T16172]  ? __pfx_genl_start+0x10/0x10
[  965.230249][T16172]  ? __pfx_genl_dumpit+0x10/0x10
[  965.230268][T16172]  ? __pfx_genl_done+0x10/0x10
[  965.230294][T16172]  ? bpf_lsm_capable+0x9/0x20
[  965.230313][T16172]  ? security_capable+0x7e/0x2e0
[  965.230341][T16172]  genl_rcv_msg+0x5da/0x790
[  965.230371][T16172]  ? __pfx_genl_rcv_msg+0x10/0x10
[  965.230393][T16172]  ? __pfx_batadv_tt_local_dump+0x10/0x10
[  965.230417][T16172]  ? __lock_acquire+0xab9/0xd20
[  965.230450][T16172]  netlink_rcv_skb+0x208/0x470
[  965.230470][T16172]  ? __pfx_genl_rcv_msg+0x10/0x10
[  965.230494][T16172]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  965.230530][T16172]  ? netlink_deliver_tap+0x2e/0x1b0
[  965.230548][T16172]  ? netlink_deliver_tap+0x2e/0x1b0
[  965.230572][T16172]  genl_rcv+0x28/0x40
[  965.230595][T16172]  netlink_unicast+0x846/0xa10
[  965.230630][T16172]  ? __pfx_netlink_unicast+0x10/0x10
[  965.230656][T16172]  ? netlink_sendmsg+0x642/0xb30
[  965.230673][T16172]  ? skb_put+0x11b/0x210
[  965.230697][T16172]  netlink_sendmsg+0x805/0xb30
[  965.230714][T16172]  ? is_bpf_text_address+0x26/0x2b0
[  965.230749][T16172]  ? __pfx_netlink_sendmsg+0x10/0x10
[  965.230777][T16172]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  965.230800][T16172]  ? __pfx_netlink_sendmsg+0x10/0x10
[  965.230820][T16172]  __sock_sendmsg+0x21c/0x270
[  965.230848][T16172]  ____sys_sendmsg+0x508/0x820
[  965.230875][T16172]  ? __pfx_____sys_sendmsg+0x10/0x10
[  965.230907][T16172]  ? import_iovec+0x74/0xa0
[  965.230932][T16172]  ___sys_sendmsg+0x21f/0x2a0
[  965.230955][T16172]  ? __pfx____sys_sendmsg+0x10/0x10
[  965.231018][T16172]  ? __fget_files+0x2a/0x420
[  965.231040][T16172]  ? __fget_files+0x3a6/0x420
[  965.231075][T16172]  __x64_sys_sendmsg+0x1a1/0x260
[  965.231099][T16172]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  965.231131][T16172]  ? __pfx_ksys_write+0x10/0x10
[  965.231157][T16172]  ? do_syscall_64+0xbe/0xfa0
[  965.231183][T16172]  do_syscall_64+0xfa/0xfa0
[  965.231209][T16172]  ? lockdep_hardirqs_on+0x9c/0x150
[  965.231230][T16172]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  965.231248][T16172]  ? clear_bhb_loop+0x60/0xb0
[  965.231271][T16172]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  965.231288][T16172] RIP: 0033:0x7f269cf4efc9
[  965.231305][T16172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  965.231320][T16172] RSP: 002b:00007f269b1b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  965.231340][T16172] RAX: ffffffffffffffda RBX: 00007f269d1a5fa0 RCX: 00007f269cf4efc9
[  965.231354][T16172] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  965.231367][T16172] RBP: 00007f269b1b6090 R08: 0000000000000000 R09: 0000000000000000
[  965.231379][T16172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  965.231391][T16172] R13: 00007f269d1a6038 R14: 00007f269d1a5fa0 R15: 00007fffa25ad718
[  965.231426][T16172]  </TASK>
[  965.725125][T16181] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3516'.
[  966.149491][   T37] audit: type=1326 audit(1761566810.430:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16175 comm="syz.3.3518" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f845381efc9 code=0x0
[  966.639404][ T5855] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  966.799429][   T44] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  966.817055][ T5855] usb 6-1: Using ep0 maxpacket: 32
[  966.826289][ T5855] usb 6-1: config 2 has an invalid interface number: 230 but max is 2
[  966.826319][ T5855] usb 6-1: config 2 has an invalid interface number: 103 but max is 2
[  966.826401][ T5855] usb 6-1: config 2 has an invalid interface number: 192 but max is 2
[  966.826424][ T5855] usb 6-1: config 2 has no interface number 0
[  966.826441][ T5855] usb 6-1: config 2 has no interface number 1
[  966.826458][ T5855] usb 6-1: config 2 has no interface number 2
[  966.826534][ T5855] usb 6-1: config 2 interface 230 altsetting 51 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  966.826562][ T5855] usb 6-1: config 2 interface 230 altsetting 51 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  966.826590][ T5855] usb 6-1: config 2 interface 230 altsetting 51 endpoint 0x9 has invalid maxpacket 304, setting to 64
[  966.826616][ T5855] usb 6-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x9, skipping
[  966.826640][ T5855] usb 6-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0xC, skipping
[  966.826664][ T5855] usb 6-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x3, skipping
[  966.826705][ T5855] usb 6-1: config 2 interface 103 altsetting 255 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  966.826731][ T5855] usb 6-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  966.826751][ T5855] usb 6-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  966.826772][ T5855] usb 6-1: config 2 interface 103 altsetting 255 has a duplicate endpoint with address 0xC, skipping
[  966.826807][ T5855] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  966.826829][ T5855] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  966.826851][ T5855] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x7, skipping
[  966.826874][ T5855] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  966.826895][ T5855] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  966.826916][ T5855] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x3, skipping
[  966.826937][ T5855] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0xC, skipping
[  966.826957][ T5855] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[  966.826978][ T5855] usb 6-1: config 2 interface 230 has no altsetting 0
[  966.826995][ T5855] usb 6-1: config 2 interface 103 has no altsetting 0
[  966.827013][ T5855] usb 6-1: config 2 interface 192 has no altsetting 0
[  967.066483][ T5855] usb 6-1: New USB device found, idVendor=0172, idProduct=cbd5, bcdDevice=dc.a8
[  967.066512][ T5855] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  967.066532][ T5855] usb 6-1: Product: syz
[  967.066547][ T5855] usb 6-1: Manufacturer: Љ
[  967.066562][ T5855] usb 6-1: SerialNumber: syz
[  967.132117][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  967.132151][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  967.132198][   T44] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  967.132221][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  967.140551][T16194] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  967.184855][   T44] usb 4-1: config 0 descriptor??
[  967.460184][ T5855] usb 6-1: USB disconnect, device number 38
[  967.612286][   T44] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0
[  967.612324][   T44] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0
[  967.612353][   T44] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0
[  967.612381][   T44] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0
[  967.612408][   T44] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0
[  967.658210][   T44] cm6533_jd 0003:0D8C:0022.0015: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  967.834980][ T9528] usb 4-1: USB disconnect, device number 35
[  968.429420][   T44] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  968.592692][   T44] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  968.600971][   T44] usb 2-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  968.601000][   T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  968.601020][   T44] usb 2-1: Product: syz
[  968.601035][   T44] usb 2-1: Manufacturer: syz
[  968.601049][   T44] usb 2-1: SerialNumber: syz
[  968.644331][   T44] usb 2-1: config 0 descriptor??
[  968.647504][   T44] powermate 2-1:0.0: probe with driver powermate failed with error -22
[  968.852822][T16253] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3550'.
[  971.360328][   T44] usb 2-1: USB disconnect, device number 44
[  971.774641][    C1] vkms_vblank_simulate: vblank timer overrun
[  972.911186][   T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  972.924697][   T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  972.926123][   T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  972.944659][   T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  972.945507][   T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  973.013717][    C1] vkms_vblank_simulate: vblank timer overrun
[  973.114384][    C1] vkms_vblank_simulate: vblank timer overrun
[  973.819578][    C1] vkms_vblank_simulate: vblank timer overrun
[  973.855935][   T68] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  974.128020][   T68] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  974.175121][T16321] chnl_net:caif_netlink_parms(): no params data found
[  974.311430][   T68] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  974.581602][   T68] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  974.782628][T16321] bridge0: port 1(bridge_slave_0) entered blocking state
[  974.782854][T16321] bridge0: port 1(bridge_slave_0) entered disabled state
[  974.783113][T16321] bridge_slave_0: entered allmulticast mode
[  974.786165][T16321] bridge_slave_0: entered promiscuous mode
[  974.789707][T16321] bridge0: port 2(bridge_slave_1) entered blocking state
[  974.789898][T16321] bridge0: port 2(bridge_slave_1) entered disabled state
[  974.790081][T16321] bridge_slave_1: entered allmulticast mode
[  974.793430][T16321] bridge_slave_1: entered promiscuous mode
[  974.935638][T16321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  974.959123][T16321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  974.989625][   T61] Bluetooth: hci0: command tx timeout
[  975.168209][T16321] team0: Port device team_slave_0 added
[  975.181673][T16321] team0: Port device team_slave_1 added
[  975.372586][T16321] batman_adv: batadv0: Adding interface: batadv_slave_0
[  975.372599][T16321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  975.372614][T16321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  975.374054][T16321] batman_adv: batadv0: Adding interface: batadv_slave_1
[  975.374067][T16321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  975.374083][T16321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  975.471036][   T68] bridge_slave_1: left allmulticast mode
[  975.471067][   T68] bridge_slave_1: left promiscuous mode
[  975.471241][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[  975.530433][   T68] bridge_slave_0: left allmulticast mode
[  975.530453][   T68] bridge_slave_0: left promiscuous mode
[  975.530627][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[  976.680675][    C1] vkms_vblank_simulate: vblank timer overrun
[  977.069485][   T61] Bluetooth: hci0: command tx timeout
[  977.370756][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  977.430401][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  977.451822][   T68] bond0 (unregistering): Released all slaves
[  977.930398][T16321] hsr_slave_0: entered promiscuous mode
[  977.931315][T16321] hsr_slave_1: entered promiscuous mode
[  977.931943][T16321] debugfs: 'hsr0' already exists in 'hsr'
[  977.931964][T16321] Cannot create hsr debugfs directory
[  978.969556][   T68] hsr_slave_0: left promiscuous mode
[  978.999557][   T68] hsr_slave_1: left promiscuous mode
[  979.001664][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  979.001695][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[  979.060255][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  979.060283][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[  979.134483][   T68] veth1_macvtap: left promiscuous mode
[  979.134550][   T68] veth0_macvtap: left promiscuous mode
[  979.134709][   T68] veth1_vlan: left promiscuous mode
[  979.134809][   T68] veth0_vlan: left promiscuous mode
[  979.159398][   T61] Bluetooth: hci0: command tx timeout
[  981.229610][   T61] Bluetooth: hci0: command tx timeout
[  981.500850][   T68] team0 (unregistering): Port device team_slave_1 removed
[  981.720009][   T68] team0 (unregistering): Port device team_slave_0 removed
[  985.137513][T16321] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  985.174713][T16321] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  985.259606][T16321] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  985.303154][T16321] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  985.406196][T16321] 8021q: adding VLAN 0 to HW filter on device bond0
[  985.422094][T16321] 8021q: adding VLAN 0 to HW filter on device team0
[  985.427391][ T8863] bridge0: port 1(bridge_slave_0) entered blocking state
[  985.427515][ T8863] bridge0: port 1(bridge_slave_0) entered forwarding state
[  985.446845][ T8863] bridge0: port 2(bridge_slave_1) entered blocking state
[  985.447061][ T8863] bridge0: port 2(bridge_slave_1) entered forwarding state
[  985.637361][T16321] 8021q: adding VLAN 0 to HW filter on device batadv0
[  985.682516][T16321] veth0_vlan: entered promiscuous mode
[  985.687998][T16321] veth1_vlan: entered promiscuous mode
[  985.719238][T16321] veth0_macvtap: entered promiscuous mode
[  985.724986][T16321] veth1_macvtap: entered promiscuous mode
[  985.748700][T16321] batman_adv: batadv0: Interface activated: batadv_slave_0
[  985.764012][T16321] batman_adv: batadv0: Interface activated: batadv_slave_1
[  985.778240][ T8863] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  985.778765][ T8863] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  985.778803][ T8863] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  985.778837][ T8863] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  985.997536][ T8863] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  985.997558][ T8863] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  986.036842][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  986.036868][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  988.529597][   T10] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  988.679766][   T10] usb 6-1: Using ep0 maxpacket: 8
[  988.688386][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  988.688412][   T10] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 7
[  988.751826][   T10] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  988.751857][   T10] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  988.751886][   T10] usb 6-1: Product: syz
[  988.751901][   T10] usb 6-1: Manufacturer: syz
[  988.751915][   T10] usb 6-1: SerialNumber: syz
[  988.985763][T16359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  989.355257][ T5811] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  989.371164][ T5811] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  989.375168][ T5811] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  989.378012][ T5811] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  989.400308][ T5811] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  990.082896][T16380] program syz.2.3592 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  990.539452][ T5883] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  990.692775][ T5883] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  990.692802][ T5883] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  990.694346][ T5883] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  990.694373][ T5883] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  990.694393][ T5883] usb 3-1: SerialNumber: syz
[  990.989631][ T9528] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  991.013671][ T5883] usb 3-1: 0:2 : does not exist
[  991.013759][ T5883] usb 3-1: unit 5 not found!
[  991.048310][ T5883] usb 3-1: USB disconnect, device number 10
[  991.144764][T16370] chnl_net:caif_netlink_parms(): no params data found
[  991.151418][ T9528] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  991.151443][ T9528] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  991.153011][ T9528] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  991.153037][ T9528] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  991.153056][ T9528] usb 4-1: SerialNumber: syz
[  991.299628][ T5883] usb 6-1: USB disconnect, device number 39
[  991.376907][ T9528] usb 4-1: 0:2 : does not exist
[  991.376958][ T9528] usb 4-1: unit 5 not found!
[  991.404812][ T9528] usb 4-1: USB disconnect, device number 36
[  991.549550][ T5811] Bluetooth: hci1: command tx timeout
[  991.599389][   T31] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[  991.680743][T16370] bridge0: port 1(bridge_slave_0) entered blocking state
[  991.680937][T16370] bridge0: port 1(bridge_slave_0) entered disabled state
[  991.681461][T16370] bridge_slave_0: entered allmulticast mode
[  991.684136][T16370] bridge_slave_0: entered promiscuous mode
[  991.688277][T16370] bridge0: port 2(bridge_slave_1) entered blocking state
[  991.688427][T16370] bridge0: port 2(bridge_slave_1) entered disabled state
[  991.688598][T16370] bridge_slave_1: entered allmulticast mode
[  991.706529][T16370] bridge_slave_1: entered promiscuous mode
[  991.769390][   T31] usb 7-1: Using ep0 maxpacket: 8
[  991.771718][   T31] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 7
[  991.774490][   T31] usb 7-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  991.774520][   T31] usb 7-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  991.774540][   T31] usb 7-1: Product: syz
[  991.774554][   T31] usb 7-1: Manufacturer: syz
[  991.774567][   T31] usb 7-1: SerialNumber: syz
[  991.802397][ T5883] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  991.873486][   T68] bridge_slave_1: left allmulticast mode
[  991.873566][   T68] bridge_slave_1: left promiscuous mode
[  991.874017][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[  991.974214][   T68] bridge_slave_0: left allmulticast mode
[  991.974243][   T68] bridge_slave_0: left promiscuous mode
[  991.974686][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[  992.009384][ T5883] usb 6-1: Using ep0 maxpacket: 32
[  992.014568][ T5883] usb 6-1: config 2 has an invalid interface number: 230 but max is 2
[  992.014596][ T5883] usb 6-1: config 2 has an invalid interface number: 103 but max is 2
[  992.014617][ T5883] usb 6-1: config 2 has an invalid interface number: 192 but max is 2
[  992.014690][ T5883] usb 6-1: config 2 has no interface number 0
[  992.014707][ T5883] usb 6-1: config 2 has no interface number 1
[  992.014723][ T5883] usb 6-1: config 2 has no interface number 2
[  992.014853][ T5883] usb 6-1: config 2 interface 230 altsetting 51 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  992.014881][ T5883] usb 6-1: config 2 interface 230 altsetting 51 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  992.014909][ T5883] usb 6-1: config 2 interface 230 altsetting 51 endpoint 0x9 has invalid maxpacket 304, setting to 64
[  992.014935][ T5883] usb 6-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x9, skipping
[  992.015008][ T5883] usb 6-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0xC, skipping
[  992.015034][ T5883] usb 6-1: config 2 interface 230 altsetting 51 has a duplicate endpoint with address 0x3, skipping
[  992.015075][ T5883] usb 6-1: config 2 interface 103 altsetting 255 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  992.015100][ T5883] usb 6-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  992.015169][ T5883] usb 6-1: config 2 interface 103 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  992.015190][ T5883] usb 6-1: config 2 interface 103 altsetting 255 has a duplicate endpoint with address 0xC, skipping
[  992.015226][ T5883] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  992.015249][ T5883] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  992.015270][ T5883] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x7, skipping
[  992.015342][ T5883] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  992.015364][ T5883] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x2, skipping
[  992.015385][ T5883] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x3, skipping
[  992.015407][ T5883] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0xC, skipping
[  992.015429][ T5883] usb 6-1: config 2 interface 192 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[  992.015506][ T5883] usb 6-1: config 2 interface 230 has no altsetting 0
[  992.015525][ T5883] usb 6-1: config 2 interface 103 has no altsetting 0
[  992.015543][ T5883] usb 6-1: config 2 interface 192 has no altsetting 0
[  992.018196][ T5883] usb 6-1: New USB device found, idVendor=0172, idProduct=cbd5, bcdDevice=dc.a8
[  992.018275][ T5883] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  992.018296][ T5883] usb 6-1: Product: syz
[  992.018311][ T5883] usb 6-1: Manufacturer: Љ
[  992.018325][ T5883] usb 6-1: SerialNumber: syz
[  992.046744][   T31] usb 7-1: Invalid connection information received from device
[  992.335547][T16409] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  992.575967][ T5883] usb 6-1: USB disconnect, device number 40
[  992.916101][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  992.916179][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  993.510539][T16430] blktrace: Concurrent blktraces are not allowed on loop1
[  993.631899][ T5811] Bluetooth: hci1: command tx timeout
[  994.407003][ T5883] usb 7-1: USB disconnect, device number 34
[  994.879455][ T5883] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[  995.061618][ T5883] usb 7-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  995.061645][ T5883] usb 7-1: config 6 has 1 interface, different from the descriptor's value: 3
[  995.064366][ T5883] usb 7-1: New USB device found, idVendor=082d, idProduct=0300, bcdDevice=b5.17
[  995.064400][ T5883] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  995.064413][ T5883] usb 7-1: Product: syz
[  995.064421][ T5883] usb 7-1: Manufacturer: syz
[  995.064428][ T5883] usb 7-1: SerialNumber: syz
[  995.278886][T16438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  995.279607][T16438] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  995.350208][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  995.430724][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  995.451194][   T68] bond0 (unregistering): Released all slaves
[  995.726645][ T5811] Bluetooth: hci1: command tx timeout
[  996.607936][   T68] bond1 (unregistering): Released all slaves
[  996.835836][ T5883] usb 7-1: active config #6 != 1 ??
[  996.837117][T16370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  996.884428][ T5883] usb 7-1: USB disconnect, device number 35
[  996.891881][T16370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  997.332461][T16370] team0: Port device team_slave_0 added
[  997.379555][ T5855] usb 6-1: new full-speed USB device number 41 using dummy_hcd
[  997.447378][T16370] team0: Port device team_slave_1 added
[  997.535663][T16458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  997.541649][ T5855] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  997.559854][ T5855] usb 6-1: New USB device found, idVendor=1bc7, idProduct=1040, bcdDevice=b5.b1
[  997.559883][ T5855] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  997.559907][ T5855] usb 6-1: Product: syz
[  997.559919][ T5855] usb 6-1: Manufacturer: syz
[  997.559931][ T5855] usb 6-1: SerialNumber: syz
[  997.571196][ T5855] usb 6-1: config 0 descriptor??
[  997.585352][ T5855] option 6-1:0.0: GSM modem (1-port) converter detected
[  997.802306][ T5811] Bluetooth: hci1: command tx timeout
[  998.526619][T16470] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3626'.
[  999.334057][ T9528] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  999.390342][T16370] batman_adv: batadv0: Adding interface: batadv_slave_0
[  999.390358][T16370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  999.390382][T16370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  999.402249][T16370] batman_adv: batadv0: Adding interface: batadv_slave_1
[  999.402265][T16370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  999.402288][T16370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  999.509530][ T9528] usb 4-1: Using ep0 maxpacket: 8
[  999.511885][ T9528] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  999.511909][ T9528] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 7
[  999.514982][ T9528] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  999.515084][ T9528] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  999.515106][ T9528] usb 4-1: Product: syz
[  999.515120][ T9528] usb 4-1: Manufacturer: syz
[  999.515134][ T9528] usb 4-1: SerialNumber: syz
[  999.669546][   T68] hsr_slave_0: left promiscuous mode
[  999.690337][   T68] hsr_slave_1: left promiscuous mode
[  999.691261][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[  999.730348][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1000.206788][T14579] usb 6-1: USB disconnect, device number 41
[ 1000.209082][T14579] option 6-1:0.0: device disconnected
[ 1002.168698][T16491] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3632'.
[ 1003.252672][ T5855] usb 4-1: USB disconnect, device number 37
[ 1004.518570][T16510] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3638'.
[ 1006.159870][   T68] team0 (unregistering): Port device team_slave_1 removed
[ 1006.410093][   T68] team0 (unregistering): Port device team_slave_0 removed
[ 1009.180683][T16518] pim6reg1: entered promiscuous mode
[ 1009.180710][T16518] pim6reg1: entered allmulticast mode
[ 1009.195740][T16370] hsr_slave_0: entered promiscuous mode
[ 1009.197217][T16370] hsr_slave_1: entered promiscuous mode
[ 1009.198141][T16370] debugfs: 'hsr0' already exists in 'hsr'
[ 1009.198163][T16370] Cannot create hsr debugfs directory
[ 1009.254509][T16530] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3643'.
[ 1011.014681][T16566] netlink: 'syz.3.3658': attribute type 46 has an invalid length.
[ 1011.014706][T16566] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3658'.
[ 1011.507324][T16562] pim6reg1: entered promiscuous mode
[ 1011.507349][T16562] pim6reg1: entered allmulticast mode
[ 1011.879529][ T5855] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[ 1012.032921][ T5855] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[ 1012.032939][ T5855] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1012.032949][ T5855] usb 3-1: config 0 has no interface number 0
[ 1012.032978][ T5855] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 1012.032990][ T5855] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1012.034798][ T5855] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[ 1012.034813][ T5855] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1012.034824][ T5855] usb 3-1: Product: syz
[ 1012.034831][ T5855] usb 3-1: Manufacturer: syz
[ 1012.034839][ T5855] usb 3-1: SerialNumber: syz
[ 1012.118465][ T5855] usb 3-1: config 0 descriptor??
[ 1012.249443][T14579] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[ 1012.403770][T14579] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1012.403790][T14579] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1012.403802][T14579] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1012.403826][T14579] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1012.403839][T14579] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.407778][T14579] usb 6-1: config 0 descriptor??
[ 1012.792526][ T9528] usb 3-1: USB disconnect, device number 11
[ 1012.837795][T14579] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1012.837832][T14579] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1012.837861][T14579] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1012.837888][T14579] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1012.837915][T14579] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1012.837943][T14579] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1012.927316][T14579] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1013.058930][T16370] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1013.180897][T16610] Bluetooth: MGMT ver 1.23
[ 1013.200795][T16370] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1013.222648][ T9528] usb 6-1: USB disconnect, device number 42
[ 1013.883659][T16370] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1014.054615][T16370] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1014.179058][T16620] Bluetooth: hci0: invalid length 0, exp 2 for type 9
[ 1014.224061][T16630] nfs: Deprecated parameter 'nointr'
[ 1014.224120][T16630] nfs: Unknown parameter 'fscontext'
[ 1014.301848][T16370] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1014.332576][T16370] 8021q: adding VLAN 0 to HW filter on device team0
[ 1014.347201][ T1351] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1014.347464][ T1351] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1014.379849][ T1351] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1014.380057][ T1351] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1014.501151][T16633] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3684'.
[ 1015.379527][T16370] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1015.480707][T16370] veth0_vlan: entered promiscuous mode
[ 1015.532017][T16370] veth1_vlan: entered promiscuous mode
[ 1015.759418][ T5855] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[ 1015.803315][T16370] veth0_macvtap: entered promiscuous mode
[ 1015.833231][T16370] veth1_macvtap: entered promiscuous mode
[ 1015.900943][T16370] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1015.916985][ T5855] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1015.917010][ T5855] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1015.918221][ T5855] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1015.918248][ T5855] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1015.918266][ T5855] usb 6-1: SerialNumber: syz
[ 1015.967959][T16370] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1015.999042][ T3783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1015.999092][ T3783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1015.999126][ T3783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1015.999159][ T3783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1016.183625][ T5855] usb 6-1: 0:2 : does not exist
[ 1016.314633][ T5855] usb 6-1: USB disconnect, device number 43
[ 1016.402206][ T8863] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1016.402227][ T8863] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1016.508414][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1016.508435][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1016.565769][T16696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3707'.
[ 1017.789062][T16714] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3711'.
[ 1018.251166][T16721] loop7: detected capacity change from 0 to 7
[ 1018.259601][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1018.259758][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1018.292358][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1018.292405][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1018.413826][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1018.413852][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1018.440582][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1018.440617][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1018.452862][T16727] syz.6.3715 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1018.505708][T16722] support for the xor transformation has been removed.
[ 1018.671857][   T61] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1018.677803][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1018.677837][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1018.709024][   T61] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1018.710785][   T61] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1018.711980][   T61] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1018.712716][   T61] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1018.961430][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1018.961466][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1018.973973][T16721] ldm_validate_partition_table(): Disk read failed.
[ 1018.997194][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1018.997232][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1019.034285][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1019.034321][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1019.150448][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1019.150487][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1019.161726][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1019.161765][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1019.162055][T16721] Dev loop7: unable to read RDB block 0
[ 1019.212404][T16721]  loop7: unable to read partition table
[ 1019.212647][T16721] loop7: partition table beyond EOD, truncated
[ 1019.212668][T16721] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 1020.849529][   T61] Bluetooth: hci3: command tx timeout
[ 1020.983348][T16735] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3718'.
[ 1021.504414][T16746] bridge: RTM_NEWNEIGH with invalid ether address
[ 1021.688703][   T68] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[ 1021.725560][T16759] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3725'.
[ 1022.062463][   T68] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[ 1022.174582][T16729] chnl_net:caif_netlink_parms(): no params data found
[ 1022.530344][   T68] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[ 1022.661348][T16774] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1022.909863][   T61] Bluetooth: hci3: command tx timeout
[ 1023.135214][   T68] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[ 1024.989523][   T61] Bluetooth: hci3: command tx timeout
[ 1026.176982][T16729] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1026.177210][T16729] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1026.177438][T16729] bridge_slave_0: entered allmulticast mode
[ 1026.180246][T16729] bridge_slave_0: entered promiscuous mode
[ 1026.203723][T16729] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1026.203890][T16729] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1026.204143][T16729] bridge_slave_1: entered allmulticast mode
[ 1026.206850][T16729] bridge_slave_1: entered promiscuous mode
[ 1027.427462][   T61] Bluetooth: hci3: command tx timeout
[ 1027.679874][T16811] bridge0: entered allmulticast mode
[ 1027.815766][T16729] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1027.872657][T16729] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1028.177433][T16729] team0: Port device team_slave_0 added
[ 1028.181876][T16729] team0: Port device team_slave_1 added
[ 1028.333881][   T68] bridge_slave_1: left allmulticast mode
[ 1028.333909][   T68] bridge_slave_1: left promiscuous mode
[ 1028.334160][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1029.770847][   T68] bridge_slave_0: left allmulticast mode
[ 1029.770876][   T68] bridge_slave_0: left promiscuous mode
[ 1029.771117][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1034.660111][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1034.699900][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1034.740904][   T68] bond0 (unregistering): Released all slaves
[ 1035.097331][T16729] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1035.097348][T16729] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1035.097374][T16729] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1035.142008][T16729] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1035.142036][T16729] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1035.142066][T16729] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1035.229409][ T5883] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[ 1036.434714][ T5883] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1036.434750][ T5883] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1036.434793][ T5883] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1036.434815][ T5883] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1036.503937][T16887] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1036.709452][ T5918] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[ 1036.839623][T14579] usb 6-1: new low-speed USB device number 44 using dummy_hcd
[ 1036.883411][ T5918] usb 3-1: too many endpoints for config 0 interface 0 altsetting 8: 129, using maximum allowed: 30
[ 1036.883460][ T5918] usb 3-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1036.883488][ T5918] usb 3-1: config 0 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[ 1036.883515][ T5918] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1036.883545][ T5918] usb 3-1: New USB device found, idVendor=04b3, idProduct=3109, bcdDevice= 0.00
[ 1036.883558][ T5918] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1036.892847][ T5918] usb 3-1: config 0 descriptor??
[ 1036.991378][T14579] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1036.991411][T14579] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1036.999189][T14579] usb 6-1: config 0 descriptor??
[ 1037.337219][ T5918] lenovo 0003:04B3:3109.0017: item fetching failed at offset 5/7
[ 1037.337978][ T5918] lenovo 0003:04B3:3109.0017: hid_parse failed
[ 1037.338104][ T5918] lenovo 0003:04B3:3109.0017: probe with driver lenovo failed with error -22
[ 1037.365757][ T5883] aiptek 7-1:17.0: Aiptek using 400 ms programming speed
[ 1037.368385][T16729] hsr_slave_0: entered promiscuous mode
[ 1037.385197][ T5883] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input15
[ 1037.420825][T16729] hsr_slave_1: entered promiscuous mode
[ 1037.422969][T16729] debugfs: 'hsr0' already exists in 'hsr'
[ 1037.423108][T16729] Cannot create hsr debugfs directory
[ 1037.605158][ T5869] usb 3-1: USB disconnect, device number 12
[ 1037.691857][ T5883] usb 7-1: USB disconnect, device number 36
[ 1037.691964][    C1] aiptek 7-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[ 1037.781329][T16915] bridge: RTM_NEWNEIGH with invalid ether address
acpid: input device has been disconnected, fd 10
[ 1038.069680][   T68] hsr_slave_0: left promiscuous mode
[ 1038.109477][   T68] hsr_slave_1: left promiscuous mode
[ 1038.111514][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1038.152115][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1038.172018][   T68] batman_adv: batadv0: Interface deactivated: macvlan2
[ 1038.172045][   T68] batman_adv: batadv0: Removing interface: macvlan2
[ 1038.263645][   T68] veth1_vlan: left allmulticast mode
[ 1039.019642][   T44] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[ 1039.364527][   T44] usb 3-1: Using ep0 maxpacket: 32
[ 1040.022222][   T44] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1040.022256][   T44] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1040.022288][   T44] usb 3-1: New USB device found, idVendor=046d, idProduct=c225, bcdDevice= 0.00
[ 1040.022307][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1040.119443][   T44] usb 3-1: config 0 descriptor??
[ 1041.197207][   T44] lg-g15 0003:046D:C225.0018: item fetching failed at offset 5/6
[ 1041.198041][   T44] lg-g15 0003:046D:C225.0018: probe with driver lg-g15 failed with error -22
[ 1041.320233][   T68] team0 (unregistering): Port device macvlan1 removed
[ 1041.376118][T14579] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1041.376147][T14579] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[ 1041.376426][T14579] asix 6-1:0.0: probe with driver asix failed with error -71
[ 1041.410026][T14579] usb 6-1: USB disconnect, device number 44
[ 1041.428861][   T44] usb 3-1: USB disconnect, device number 13
[ 1042.489422][ T5918] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[ 1042.653367][ T5918] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1042.653401][ T5918] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1042.653422][ T5918] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1042.653468][ T5918] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1042.653491][ T5918] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1042.718948][ T5918] usb 3-1: config 0 descriptor??
[ 1043.030022][   T68] team0 (unregistering): Port device team_slave_1 removed
[ 1043.135414][ T5918] plantronics 0003:047F:FFFF.0019: reserved main item tag 0xe
[ 1043.135450][ T5918] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[ 1043.143498][ T5918] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1043.230343][   T68] team0 (unregistering): Port device team_slave_0 removed
[ 1043.901785][T16948] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3782'.
[ 1045.319872][   T44] usb 3-1: reset high-speed USB device number 14 using dummy_hcd
[ 1048.262515][ T5883] usb 3-1: USB disconnect, device number 14
[ 1048.944909][T16969] netlink: 'syz.5.3789': attribute type 15 has an invalid length.
[ 1051.377841][T16983] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1051.880795][ T5918] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[ 1052.084260][ T5918] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1052.084345][ T5918] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1052.084366][ T5918] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1052.084405][ T5918] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1052.084480][ T5918] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1052.240755][ T5918] usb 7-1: config 0 descriptor??
[ 1052.563329][T16999] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3800'.
[ 1052.666325][ T5918] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 1052.850222][ T5811] Bluetooth: hci2: sending frame failed (-49)
[ 1052.852702][   T61] Bluetooth: hci2: Opcode 0x1003 failed: -49
[ 1052.945714][ T8861] usb 7-1: USB disconnect, device number 37
[ 1054.355305][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.355375][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.555980][T16729] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1054.663593][T16729] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1054.733239][T16729] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1054.771690][T16729] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1054.963769][T16729] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1054.969385][   T44] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[ 1054.979472][ T5869] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[ 1055.011186][T16729] 8021q: adding VLAN 0 to HW filter on device team0
[ 1055.024886][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1055.025118][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1055.044988][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1055.045283][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1055.049495][ T9528] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[ 1055.121829][   T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1055.121877][   T44] usb 6-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00
[ 1055.121908][   T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1055.131511][ T5869] usb 3-1: Using ep0 maxpacket: 16
[ 1055.150026][ T5869] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[ 1055.150055][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1055.150075][ T5869] usb 3-1: Product: syz
[ 1055.150089][ T5869] usb 3-1: Manufacturer: syz
[ 1055.150104][ T5869] usb 3-1: SerialNumber: syz
[ 1055.164743][ T5869] usb 3-1: config 0 descriptor??
[ 1055.168514][ T5869] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[ 1055.174845][ T5869] usb 3-1: Detected FT232H
[ 1055.202931][ T9528] usb 7-1: config 0 has an invalid interface number: 64 but max is 0
[ 1055.202958][ T9528] usb 7-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[ 1055.202977][ T9528] usb 7-1: config 0 has no interface number 0
[ 1055.207161][ T9528] usb 7-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[ 1055.207189][ T9528] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1055.207261][ T9528] usb 7-1: Product: syz
[ 1055.207275][ T9528] usb 7-1: Manufacturer: syz
[ 1055.207289][ T9528] usb 7-1: SerialNumber: syz
[ 1055.234257][ T9528] usb 7-1: config 0 descriptor??
[ 1055.272204][   T44] usb 6-1: config 0 descriptor??
[ 1055.423736][ T5869] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[ 1055.712263][ T9528] uvcvideo 7-1:0.64: Found UVC 0.00 device syz (046d:0823)
[ 1055.712916][ T9528] uvcvideo 7-1:0.64: No valid video chain found.
[ 1055.733678][   T44] zeroplus 0003:0C12:0005.001B: hidraw0: USB HID v0.02 Device [HID 0c12:0005] on usb-dummy_hcd.5-1/input0
[ 1055.733711][   T44] zeroplus 0003:0C12:0005.001B: no inputs found
[ 1055.817084][T16729] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1055.876607][ T5869] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71
[ 1055.884600][ T5869] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1055.887913][ T5869] usb 3-1: USB disconnect, device number 15
[ 1055.904947][ T5869] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1055.905422][ T5869] ftdi_sio 3-1:0.0: device disconnected
[ 1055.935047][T16729] veth0_vlan: entered promiscuous mode
[ 1055.943055][ T9528] usb 7-1: USB disconnect, device number 38
[ 1055.956412][T14579] usb 6-1: USB disconnect, device number 45
[ 1055.956612][T16729] veth1_vlan: entered promiscuous mode
[ 1056.005409][T16729] veth0_macvtap: entered promiscuous mode
[ 1056.023864][T16729] veth1_macvtap: entered promiscuous mode
[ 1056.059200][T16729] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1056.073984][T16729] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1056.296648][T16865] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1056.298258][T16865] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1056.300193][T16865] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1056.300235][T16865] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1058.650422][ T1351] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1058.650443][ T1351] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1059.014057][ T5923] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1059.014078][ T5923] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1059.499962][ T5855] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[ 1060.134838][ T5855] usb 3-1: Using ep0 maxpacket: 8
[ 1060.432754][ T5855] usb 3-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30
[ 1060.432803][ T5855] usb 3-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1060.432830][ T5855] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1060.432863][ T5855] usb 3-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[ 1060.432886][ T5855] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1060.438868][ T5855] usb 3-1: config 0 descriptor??
[ 1060.691918][  T149] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1060.939548][T14579] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[ 1060.975846][ T5855] gt683r_led 0003:1770:FF00.001C: unknown main item tag 0x1
[ 1060.975886][ T5855] gt683r_led 0003:1770:FF00.001C: item fetching failed at offset 3/5
[ 1060.976683][ T5855] gt683r_led 0003:1770:FF00.001C: hid parsing failed
[ 1060.976819][ T5855] gt683r_led 0003:1770:FF00.001C: probe with driver gt683r_led failed with error -22
[ 1061.093537][T14579] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1061.093571][T14579] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1061.095128][T14579] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1061.095156][T14579] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 1061.095177][T14579] usb 2-1: Manufacturer: syz
[ 1061.102304][T14579] usb 2-1: config 0 descriptor??
[ 1061.184811][   T10] usb 3-1: USB disconnect, device number 16
[ 1061.279419][ T5869] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[ 1061.443789][ T5869] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1061.443875][ T5869] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1061.443899][ T5869] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1061.443961][ T5869] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1061.444041][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1061.460982][ T5869] usb 4-1: config 0 descriptor??
[ 1061.950771][T14579] uclogic 0003:256C:006D.001D: failed retrieving string descriptor #100: -71
[ 1061.950851][T14579] uclogic 0003:256C:006D.001D: failed retrieving pen parameters: -71
[ 1061.950958][T14579] uclogic 0003:256C:006D.001D: failed probing pen v1 parameters: -71
[ 1061.951111][T14579] uclogic 0003:256C:006D.001D: failed probing parameters: -71
[ 1061.951247][T14579] uclogic 0003:256C:006D.001D: probe with driver uclogic failed with error -71
[ 1061.964840][ T5869] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0
[ 1061.964880][ T5869] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0
[ 1061.964916][ T5869] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0
[ 1061.964944][ T5869] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0
[ 1061.964972][ T5869] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0
[ 1061.965001][ T5869] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0
[ 1061.965030][ T5869] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0
[ 1061.965058][ T5869] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0
[ 1061.965085][ T5869] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0
[ 1061.977342][T14579] usb 2-1: USB disconnect, device number 45
[ 1062.034513][ T5869] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1062.241324][ T5869] usb 4-1: USB disconnect, device number 38
[ 1063.522194][   T61] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 1065.017296][ T5883] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[ 1065.189486][ T5883] usb 6-1: Using ep0 maxpacket: 8
[ 1065.193829][ T5883] usb 6-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30
[ 1065.193878][ T5883] usb 6-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1065.193905][ T5883] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1065.193938][ T5883] usb 6-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[ 1065.193959][ T5883] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1065.199002][ T5883] usb 6-1: config 0 descriptor??
[ 1065.740838][T14579] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1065.759021][ T5883] gt683r_led 0003:1770:FF00.001F: item fetching failed at offset 3/5
[ 1065.768010][ T5883] gt683r_led 0003:1770:FF00.001F: hid parsing failed
[ 1065.768078][ T5883] gt683r_led 0003:1770:FF00.001F: probe with driver gt683r_led failed with error -22
[ 1065.891608][T14579] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1065.891644][T14579] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1065.891679][T14579] usb 4-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[ 1065.891691][T14579] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1065.904454][T14579] usb 4-1: config 0 descriptor??
[ 1065.956251][   T10] usb 6-1: USB disconnect, device number 46
[ 1066.400318][T14579] steelseries 0003:1038:1410.0020: missing HID_OUTPUT_REPORT 0
[ 1066.644052][ T8861] usb 4-1: USB disconnect, device number 39
[ 1067.550112][   T23] ==================================================================
[ 1067.550129][   T23] BUG: KASAN: vmalloc-out-of-bounds in run_irq_workd+0x116/0x190
[ 1067.550160][   T23] Read of size 8 at addr ffffc90005695090 by task irq_work/0/23
[ 1067.550176][   T23] 
[ 1067.550189][   T23] CPU: 0 UID: 0 PID: 23 Comm: irq_work/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1067.550210][   T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1067.550223][   T23] Call Trace:
[ 1067.550232][   T23]  <TASK>
[ 1067.550242][   T23]  dump_stack_lvl+0x189/0x250
[ 1067.550289][   T23]  ? run_irq_workd+0x116/0x190
[ 1067.550313][   T23]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1067.550336][   T23]  ? __pfx__printk+0x10/0x10
[ 1067.550360][   T23]  ? __virt_addr_valid+0xdc/0x5c0
[ 1067.550383][   T23]  ? __virt_addr_valid+0xdc/0x5c0
[ 1067.550408][   T23]  print_report+0xca/0x240
[ 1067.550430][   T23]  ? run_irq_workd+0x116/0x190
[ 1067.550451][   T23]  kasan_report+0x118/0x150
[ 1067.550476][   T23]  ? run_irq_workd+0x116/0x190
[ 1067.550502][   T23]  run_irq_workd+0x116/0x190
[ 1067.550525][   T23]  ? __pfx_run_irq_workd+0x10/0x10
[ 1067.550546][   T23]  ? schedule+0x91/0x360
[ 1067.550569][   T23]  ? smpboot_thread_fn+0x4d/0xa60
[ 1067.550590][   T23]  ? smpboot_thread_fn+0x4d/0xa60
[ 1067.550610][   T23]  smpboot_thread_fn+0x542/0xa60
[ 1067.550632][   T23]  ? smpboot_thread_fn+0x4d/0xa60
[ 1067.550656][   T23]  kthread+0x711/0x8a0
[ 1067.550682][   T23]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1067.550703][   T23]  ? __pfx_kthread+0x10/0x10
[ 1067.550724][   T23]  ? rt_spin_unlock+0x150/0x200
[ 1067.550745][   T23]  ? rt_spin_unlock+0x161/0x200
[ 1067.550761][   T23]  ? __pfx_kthread+0x10/0x10
[ 1067.550784][   T23]  ret_from_fork+0x4bc/0x870
[ 1067.550806][   T23]  ? __pfx_ret_from_fork+0x10/0x10
[ 1067.550830][   T23]  ? __switch_to_asm+0x39/0x70
[ 1067.550847][   T23]  ? __switch_to_asm+0x33/0x70
[ 1067.550864][   T23]  ? __pfx_kthread+0x10/0x10
[ 1067.550887][   T23]  ret_from_fork_asm+0x1a/0x30
[ 1067.550914][   T23]  </TASK>
[ 1067.550921][   T23] 
[ 1067.550927][   T23] The buggy address belongs to a vmalloc virtual mapping
[ 1067.550945][   T23] Memory state around the buggy address:
[ 1067.550956][   T23]  ffffc90005694f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1067.550968][   T23]  ffffc90005695000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1067.550981][   T23] >ffffc90005695080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1067.550995][   T23]                          ^
[ 1067.551006][   T23]  ffffc90005695100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1067.551015][   T23]  ffffc90005695180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1067.551023][   T23] ==================================================================
[ 1067.551043][   T23] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1067.551057][   T23] CPU: 0 UID: 0 PID: 23 Comm: irq_work/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1067.551078][   T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1067.551089][   T23] Call Trace:
[ 1067.551096][   T23]  <TASK>
[ 1067.551104][   T23]  dump_stack_lvl+0x99/0x250
[ 1067.551127][   T23]  ? __asan_memcpy+0x40/0x70
[ 1067.551147][   T23]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1067.551170][   T23]  ? __pfx__printk+0x10/0x10
[ 1067.551196][   T23]  vpanic+0x237/0x6d0
[ 1067.551213][   T23]  ? __pfx_vpanic+0x10/0x10
[ 1067.551235][   T23]  panic+0xb9/0xc0
[ 1067.551251][   T23]  ? __pfx_panic+0x10/0x10
[ 1067.551272][   T23]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1067.551295][   T23]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1067.551320][   T23]  ? run_irq_workd+0x116/0x190
[ 1067.551341][   T23]  check_panic_on_warn+0x89/0xb0
[ 1067.551359][   T23]  ? run_irq_workd+0x116/0x190
[ 1067.551381][   T23]  end_report+0x78/0x160
[ 1067.551402][   T23]  kasan_report+0x129/0x150
[ 1067.551425][   T23]  ? run_irq_workd+0x116/0x190
[ 1067.551451][   T23]  run_irq_workd+0x116/0x190
[ 1067.551473][   T23]  ? __pfx_run_irq_workd+0x10/0x10
[ 1067.551494][   T23]  ? schedule+0x91/0x360
[ 1067.551514][   T23]  ? smpboot_thread_fn+0x4d/0xa60
[ 1067.551535][   T23]  ? smpboot_thread_fn+0x4d/0xa60
[ 1067.551555][   T23]  smpboot_thread_fn+0x542/0xa60
[ 1067.551576][   T23]  ? smpboot_thread_fn+0x4d/0xa60
[ 1067.551601][   T23]  kthread+0x711/0x8a0
[ 1067.551625][   T23]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1067.551646][   T23]  ? __pfx_kthread+0x10/0x10
[ 1067.551667][   T23]  ? rt_spin_unlock+0x150/0x200
[ 1067.551687][   T23]  ? rt_spin_unlock+0x161/0x200
[ 1067.551704][   T23]  ? __pfx_kthread+0x10/0x10
[ 1067.551727][   T23]  ret_from_fork+0x4bc/0x870
[ 1067.551748][   T23]  ? __pfx_ret_from_fork+0x10/0x10
[ 1067.551771][   T23]  ? __switch_to_asm+0x39/0x70
[ 1067.551788][   T23]  ? __switch_to_asm+0x33/0x70
[ 1067.551804][   T23]  ? __pfx_kthread+0x10/0x10
[ 1067.551827][   T23]  ret_from_fork_asm+0x1a/0x30
[ 1067.551852][   T23]  </TASK>
[ 1067.552168][   T23] Kernel Offset: disabled