last executing test programs:

24.139712782s ago: executing program 4 (id=283):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x400}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000180)=0x8)
r4 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r5 = fanotify_init(0xf00, 0x0)
fanotify_mark(r5, 0x105, 0x40009975, r4, 0x0)
timer_create(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)

22.399698205s ago: executing program 2 (id=287):
r0 = syz_open_dev$swradio(&(0x7f0000000300), 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x49, 0x0, &(0x7f0000000680)="755bb05395201ad875a81f08fbf73c46403cbcf9922ed5e124d4576314b9d703e2270ea77e8be9b7d6a78d90f5cd95c2293b2397fd6fbb743e63ffe5e2e2d924e7f40180f4b1704f0f", 0x0}, 0x50)
socket$rxrpc(0x21, 0x2, 0xa)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000300)={0x4, "a9780d4dc37a1d5c99c42eafb2723b49e4ed00a0172578e35bde00010000ff00", <r6=>0xffffffffffffffff})
read$FUSE(0xffffffffffffffff, &(0x7f0000001200)={0x2020}, 0x2020)
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000040)={"bab0f85254d4c7f4ad5e8ba99afbd30a1fcfd9e5205901c46fef939368b7fa4e"}) (fail_nth: 1)
mount$fuseblk(&(0x7f0000000140), 0x0, &(0x7f00000001c0), 0x20030, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e20, 0x0, @empty}, {0xa, 0x0, 0xb, @private1={0xfc, 0x1, '\x00', 0x1}}}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}, {0xa, 0xfffc, 0x3, @local}}}, 0x48)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/84, 0x9000}], 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x2})

22.395435189s ago: executing program 4 (id=288):
syz_usb_connect$uac1(0x3, 0xa2, &(0x7f0000000100)=ANY=[@ANYBLOB="12011001000000406b1d01014000010203010902900003010380000904000000010100000a24010f00050201020c2402060602040c0032a304f0ffffff0001020000090401010101020000072401200404000c2402010201400f290c89c009e900090000f7090707250183020c00090402000001020000090402020101020000072401018105000b2402010f04b4018c703c0905820940"], 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00')
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x0)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0x7000000)
r7 = socket(0x10, 0x3, 0x6)
r8 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000040))
socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(0x0, r8)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x2, {[@local=@item_012={0x0, 0x2, 0x9}, @global=@item_012={0x0, 0x1, 0x1}]}}, 0x0}, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000a80)={0x20, 0x1, 0x1, '\"'}, 0x0})
getdents64(r1, &(0x7f00000041c0)=""/4111, 0x100f)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})

21.643946226s ago: executing program 2 (id=290):
process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{0x0}], 0x1, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYRES16=r0], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r5)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r7 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040))
madvise(&(0x7f0000cc8000/0x3000)=nil, 0x3000, 0x17)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x7fffffff, &(0x7f0000000340)=[{0x400, 0x6, 0xffffffffffffeffc}, {0xeb, 0x4, 0x8}], 0x2, 0x201, 0x29, 0x2})
sendmsg$NL80211_CMD_SET_REG(r5, &(0x7f0000000080)={0xfffffffffffffffe, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x20, r6, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4082)

19.620269566s ago: executing program 2 (id=292):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = io_uring_setup(0x2d58, 0x0)
r3 = socket(0x1e, 0x1, 0x4)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000200)=@req3={0x393, 0x100, 0xd, 0xcc8, 0xb0, 0x8, 0x81}, 0x1c)
socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0)
r4 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
setns(r4, 0x4000000)
sched_setscheduler(0x0, 0x5, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$usbmon(&(0x7f0000000000), 0xf4, 0x8800)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="008de96f9ea6b127c400"/28], 0x48)
close_range(r2, 0xffffffffffffffff, 0x0)
listen(0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
splice(0xffffffffffffffff, 0x0, r6, 0x0, 0x7ffff000, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSLCKTRMIOS(r1, 0x5457, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r7 = dup(r0)
write$FUSE_BMAP(r7, &(0x7f0000000000)={0x18}, 0x18)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r8)
sendmsg$GTP_CMD_NEWPDP(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x1, 0x0, 0x0, {0x3}, [@GTPA_VERSION={0x8}, @GTPA_LINK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x805}, 0x0)

19.23270355s ago: executing program 4 (id=295):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
setsockopt$rose(r2, 0x104, 0x3, &(0x7f0000000280)=0xffff8000, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x220c)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000180)=0xffff, 0x4)
bind$inet6(r8, &(0x7f0000000140)={0xa, 0x4e22, 0x3, @empty, 0x3}, 0x1c)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r9, 0x0)
listen(r0, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r10, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0637bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00', @ANYRES16=r12, @ANYBLOB="91d62dbd70261c7df5254400000008000300", @ANYRES32=r13, @ANYBLOB="1c00238005000500100000000500060004000000060004005e000000"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8020)
socket$nl_sock_diag(0x10, 0x3, 0x4)

17.484119387s ago: executing program 4 (id=299):
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r0, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x4}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time={0xffff, 0xa5}, {}, {0x2}, @connect={{0x2, 0x3}, {0x3}}}, {0x0, 0x0, 0x0, 0x0, @time={0x2, 0x2}, {0x0, 0x8}, {}, @control}, {0x0, 0x0, 0x1, 0x0, @time, {}, {}, @connect={{}, {0x0, 0x5}}}], 0x68) (fail_nth: 1)

16.800145346s ago: executing program 4 (id=302):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x123f41, 0x0)
r0 = socket$kcm(0xf, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="020a000302000000e4a17c45c8d260c9", 0x10}], 0x1}, 0x0)
syz_open_dev$video4linux(&(0x7f0000000280), 0x2, 0x101000)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$sock(r1, &(0x7f0000000cc0)=[{{&(0x7f0000000100)=@l2tp={0x2, 0x0, @broadcast, 0x3}, 0x80, 0x0}}, {{&(0x7f0000000700)=@in6={0xa, 0x4e23, 0x7, @dev={0xfe, 0x80, '\x00', 0x18}, 0x60}, 0x80, 0x0}}], 0x2, 0x48094)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$cgroup_int(r2, &(0x7f0000000000), 0xffffff6a)
sendfile(r1, r2, 0x0, 0xffffffff000)
socket$kcm(0x21, 0x2, 0x2)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x10, 0x2, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r5 = userfaultfd(0x1)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))

14.616882786s ago: executing program 3 (id=304):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000000), 0x1)
connect$bt_rfcomm(r0, &(0x7f0000000040)={0x1f, @none, 0x2}, 0xa)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0xc)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000980)={0x0, 0x0, 0x10, 0xffff, 0xfdfe, 0x92})
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000f21bf73a33ebce6e98cb4c81f487999c0000000000000000000000000085000000bb000000180100002020702500000000000000207f1a0000000007010000f8ffffffb702000008000000b70300007500000085000000310000009500000000c57a00000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @cgroup_sock_addr=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xcc84, @void, @value}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0b0000001f0000000204004d1504"], 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syslog(0x4, &(0x7f0000002000)=""/245, 0xf5)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fsopen(&(0x7f0000000280)='ceph\x00', 0x1)
r8 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_TRIM(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3f6, 0x200, 0x70bd25, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x20040040}, 0x44000)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

10.839663811s ago: executing program 3 (id=307):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = eventfd2(0x8, 0x80800)
r3 = eventfd(0x1)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2, 0xffff, 0x2, r3})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x7, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xd, 0x3, 0x4, 0x1, 0x0, r4, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r5}, &(0x7f0000000840), &(0x7f0000000880)=r4}, 0x20)

10.787924618s ago: executing program 4 (id=309):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
fallocate(r0, 0x8, 0x7, 0x17)
geteuid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall() (fail_nth: 1)

10.653271444s ago: executing program 1 (id=310):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001c40)=""/4096, 0x1000}], 0x1}, 0x7}, {{0x0, 0x0, 0x0}, 0x20000005}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000002c40)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/176, 0xb0}, {&(0x7f0000000640)=""/214, 0xd6}, {&(0x7f0000005c80)=""/4109, 0x100d}, {&(0x7f0000000240)=""/95, 0x5f}, {&(0x7f00000018c0)=""/147, 0x93}], 0x6}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x4000007}], 0x5, 0x4000a162, 0x0)

10.552463764s ago: executing program 1 (id=311):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000003000000610200000200000000000000", @ANYRES32=<r3=>0xffffffffffffffff, @ANYBLOB="00000000000000809bc296b4d8f228917bc375fa", @ANYRES32=r1], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r2, &(0x7f0000000340)="9b", &(0x7f0000000080)=@udp}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r4, &(0x7f0000000300), 0x0}, 0x20)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000006c0), r5)
sendmsg$NLBL_UNLABEL_C_STATICADD(r5, &(0x7f0000000d80)={0x0, 0xfffffffffffffcc2, &(0x7f0000000d40)={&(0x7f0000000240)=ANY=[@ANYBLOB="6c10fdff", @ANYRES16=r6, @ANYBLOB="01002cbd7000ffdbdf25030000002600070073797374656d5f753a6f626a6563745f723a73797374656d5f6d61705f743a733000000014000200fe880000000000000000000000000001140006006970766c616e310000000000000000000800040064010102", @ANYRESHEX=r3], 0x6c}, 0x1, 0x0, 0x0, 0x4000014}, 0x20000010)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
ioctl$UI_END_FF_ERASE(r7, 0x400c55cb, &(0x7f0000000000)={0x200010, 0x3, 0x3bc})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x4e3a81, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x900, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
read$msr(0xffffffffffffffff, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r10 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000440)='user\x00', &(0x7f0000000600))
write$binfmt_script(r11, &(0x7f0000000100)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r11, 0x0)
preadv(r10, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/60, 0x3c}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x12, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000002000000000000000000730106000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000976000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$PPPIOCBRIDGECHAN(r11, 0x40047435, &(0x7f0000000180)=0x6)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c8c4}, 0x20008850)

10.413233272s ago: executing program 3 (id=312):
syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0)
r2 = mq_open(0x0, 0x42, 0x40, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$hiddev(0xffffffffffffffff, &(0x7f00000017c0)=""/185, 0xb9)
read$hiddev(0xffffffffffffffff, &(0x7f0000001a40)=""/203, 0xcb)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000840)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x3)
mq_unlink(&(0x7f0000000000)='eth0\x00')
close(r2)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, 0x0)
syz_open_dev$video(0x0, 0x8002, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2) (fail_nth: 1)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
socket$inet(0x2b, 0x801, 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)

9.368082245s ago: executing program 1 (id=314):
process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{0x0}], 0x1, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYRES16=r0], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
socket$inet(0x2, 0x2, 0x0)
openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040))
madvise(&(0x7f0000cc8000/0x3000)=nil, 0x3000, 0x17)
ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x7fffffff, &(0x7f0000000340)=[{0x400, 0x6, 0xffffffffffffeffc}, {0xeb, 0x4, 0x8}], 0x2, 0x201, 0x29, 0x2})
sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000080)={0xfffffffffffffffe, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x20, r5, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4082)

7.806072588s ago: executing program 1 (id=316):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000003c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_usb_connect(0x3, 0x40, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xc3, 0x38, 0xe4, 0x20, 0x41e, 0x3f02, 0xd71, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2e, 0x1, 0x0, 0x40, 0x10, 0x0, [{{0x9, 0x4, 0xf, 0x0, 0x0, 0xff, 0xfa, 0xa8, 0x0, [@cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x7, 0x4df2, 0x10}, [@call_mgmt={0x5, 0x24, 0x1, 0x0, 0xcb}]}]}}]}}]}}, 0x0)
ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, &(0x7f0000000180)={0x1, 0x1, 0x0, 0x6, 0x0, 0x0, "5debca561a5fbf61048955f6f876b2ff"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x24, r2, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x24}}, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r4 = socket$inet6(0xa, 0x806, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={0x54, r6, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x38, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "e44fe5ba9e63eaee"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="e8d7d96ffdbf8179e4035c95b2a86438"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="76348de01c181ef3e260c24cb0df6001"}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x4)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3})
r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x54c, 0x5c4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r8, 0x0, 0x0)
syz_usb_control_io$hid(r8, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x4, "7738e21f"}]}}, 0x0}, 0x0)
syz_usb_control_io$hid(r8, 0x0, &(0x7f0000000e80)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="20011000000012"], 0x0})
syz_usb_control_io(r8, 0x0, 0x0)
syz_usb_control_io(r8, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="0015250000000202794b2f606a3570"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60)
ioctl$KVM_CREATE_PIT2(r10, 0x4040ae77, &(0x7f0000000140))

7.376678858s ago: executing program 3 (id=317):
syz_usb_connect$uac1(0x3, 0xa2, &(0x7f0000000100)=ANY=[@ANYBLOB="12011001000000406b1d01014000010203010902900003010380000904000000010100000a24010f00050201020c2402060602040c0032a304f0ffffff0001020000090401010101020000072401200404000c2402010201400f290c89c009e900090000f7090707250183020c00090402000001020000090402020101020000072401018105000b2402010f04b4018c703c0905820940"], 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00')
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x0)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0x7000000)
socket(0x10, 0x3, 0x6)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x20000000)
socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(0x0, r7)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x2, {[@local=@item_012={0x0, 0x2, 0x9}, @global=@item_012={0x0, 0x1, 0x1}]}}, 0x0}, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000a80)={0x20, 0x1, 0x1, '\"'}, 0x0})
getdents64(r1, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})

5.177784627s ago: executing program 0 (id=320):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8=0x0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
r6 = userfaultfd(0x801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r6, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000023c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58)
r8 = accept4(r7, 0x0, 0x0, 0x0)
sendto$inet6(r8, &(0x7f0000847fff)="03", 0x1, 0x20000002, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000000)=0x2)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
accept(r2, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000001600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a48000000180a05000000000000000000020000001c0003801800038014000100776732000000ff637a03285c8d7d00000900020073797a30000000000900010073797a30", @ANYRESHEX=r3], 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x552e5e7be43d3c7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000015c0)='rxrpc_conn\x00', r0, 0x0, 0x2}, 0x18)
prlimit64(0x0, 0x3, &(0x7f0000000140)={0x3, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)

4.708606558s ago: executing program 2 (id=321):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x9, 0x8, &(0x7f0000003900)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000100)=@framed={{0x18, 0x5}, [@printk={@li, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5, 0x1, 0xb, 0x1, 0x5}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x19}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1b}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r6, 0x29, 0x1b, 0x0, 0x0)
setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
close_range(r6, r6, 0x0)
ioctl$PIO_SCRNMAP(r5, 0x4b41, &(0x7f00000002c0)="101acba099")
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff05"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r7 = socket$inet(0x2, 0x2, 0x0)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010)
sendmsg$inet(r7, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027efb000100000000001c000000000000000000000008"], 0x40}, 0x20000000)
fsmount(0xffffffffffffffff, 0x0, 0x82)

3.822601211s ago: executing program 0 (id=322):
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2c, &(0x7f0000000080), &(0x7f0000000140)=0x4)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x4c, 0x0, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x8, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
lseek(r2, 0x1000000, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x35, 0x1, 0x8, 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r3, 0x200000002, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local})
open(0x0, 0x0, 0x100)

3.471606757s ago: executing program 0 (id=323):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x9, 0x8, &(0x7f0000003900)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000100)=@framed={{0x18, 0x5}, [@printk={@li, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5, 0x1, 0xb, 0x1, 0x5}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x19}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1b}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, 0x0, 0x0)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
close_range(r5, r5, 0x0)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, &(0x7f00000002c0)="101acba099")
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff05"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r6 = socket$inet(0x2, 0x2, 0x0)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010)
sendmsg$inet(r6, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027efb000100000000001c000000000000000000000008"], 0x40}, 0x20000000)

3.470703485s ago: executing program 3 (id=324):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
syz_io_uring_setup(0xd2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x2a, 0x0, 0x0)
r4 = fanotify_init(0x40, 0x0)
write$binfmt_aout(r4, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x31}}, 0x20)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x9b5, 0x0, 0x8e}]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.284193038s ago: executing program 2 (id=325):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x9, 0x8, &(0x7f0000003900)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000100)=@framed={{0x18, 0x5}, [@printk={@li, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5, 0x1, 0xb, 0x1, 0x5}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x19}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x1b}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, 0x0, 0x0)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
close_range(r5, r5, 0x0)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, &(0x7f00000002c0)="101acba099")
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff05"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r6 = socket$inet(0x2, 0x2, 0x0)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010)
sendmsg$inet(r6, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027efb000100000000001c000000000000000000000008"], 0x40}, 0x20000000)
fsmount(0xffffffffffffffff, 0x0, 0x82)

3.229026213s ago: executing program 1 (id=326):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f00000001c0)={0xfffffffc, [[0x1, 0xfffffffc, 0x0, 0x0, 0x0, 0x80000000], [0x1, 0xfffffffb], [0x91, 0x5f7]], '\x00', [{0xfffffffc, 0xfffffffe}, {0x0, 0xfffffffd}], '\x00', 0x300})
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xa7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x40000006)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000900), r6)
sendmsg$IEEE802154_ASSOCIATE_RESP(r6, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000580)=ANY=[@ANYBLOB="1478577e0aae924197934d0d16482d7d3b73fd17cc96a37e44d1880b2004e46a18ae8cc4ba0720a741f428a8d71656b380f353cedaea800f916952eece91abd463e4eeda10b34bb51edc48c049f99ced0f09a9ca68c1883b1caa0fc5499d16bc01a769ff125dd70ea53c07c4811e2ab1796b974bacba28180b2b6e0cae56fc3b69a3f220aa3105d87356b273b1d8f240709c524c61401d3abd4d9a04824971529f2a058aa9b82571377e67582d7c47845b12351e6e3823b77db27a25ae6f7d7c9cdb4363eeeed4", @ANYRES16=r7], 0x14}, 0x1, 0x0, 0x0, 0x200000d0}, 0x4)
socket$key(0xf, 0x3, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$kcm(0x29, 0x2, 0x0)
timer_create(0x2, &(0x7f0000000300)={0x0, 0x27, 0x4}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05400000000000000000010000000900010073797a300000000040000000030a01010000000000000000010000000900030073797a300000000014000480080002400000000008000140000000000900010073797a30000000004c000000060a01040000000000000000010000002400048020000180080001006f736600140002800500020000000000080001400000001408000b40000000000900010073797a300000000014000000110001"], 0xd4}}, 0x0)

1.504414194s ago: executing program 0 (id=327):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x18, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x4}]}, 0x18}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088f747e0ffff200000002021000aac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x17, 0x8, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x66}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x16a3a1bd78309ab5, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
r5 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205647, &(0x7f0000000200)={0xf010000, 0x1, 0xfffffffe, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)={0x98f909, 0x7fff, '\x00', @value64=0x2}})
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'lo\x00', <r7=>0x0})
r8 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r8, &(0x7f0000000180)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @broadcast}, 0x14)
connect$bt_l2cap(r4, &(0x7f00000004c0)={0x1f, 0x401, @none, 0x2, 0x2}, 0xe)
sendmsg$nl_route_sched(r4, &(0x7f0000000480)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f0000000740)=@newqdisc={0x5b0, 0x24, 0x400, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x2, 0x1}, {0xa, 0xf}, {0xc, 0xfff3}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x10001}, @TCA_STAB={0x34, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7, 0x6, 0x100, 0xffffffff, 0x1, 0x6bbf, 0xd, 0x7}}, {0x12, 0x2, [0x9, 0x8, 0x80, 0x7f, 0x6, 0x3, 0x7]}}]}, @qdisc_kind_options=@q_drr={0x8}, @qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0xffffffff, 0x10000, 0x4, 0x7979, 0x9, 0x6, 0xa125, 0x8000, 0x4, 0x0, 0x10000, 0x0, 0xfffff801, 0x4, 0x2, 0x8, 0x9, 0x38ab, 0x9, 0x8, 0x0, 0x10001, 0x8, 0x2, 0x3, 0x7fff, 0x10001, 0x54, 0x7, 0x214, 0x8, 0x7, 0x4, 0x4, 0x6, 0x6, 0xfffffffc, 0xb, 0x4, 0x1, 0x10000, 0x0, 0x200, 0x2, 0x0, 0x42, 0x0, 0x30, 0x6, 0x8000, 0xff, 0x8, 0x0, 0x401, 0x80, 0xd5f, 0x3b, 0x8, 0x4, 0x3, 0x200, 0x6, 0xffff, 0xfffffffa, 0xa, 0x2000000, 0x60, 0x7, 0x1, 0x1, 0x3, 0xc, 0x3, 0x1000, 0x9, 0x4, 0x7, 0x9, 0x4, 0x3, 0xfbf, 0x9, 0x5, 0x8, 0xfffffffe, 0xf, 0x8, 0x7, 0x7, 0x4, 0x6, 0x2, 0x9, 0x4, 0x6, 0x4, 0x10000, 0x1, 0x7, 0x45, 0x4, 0x0, 0x4, 0x7, 0xffffffff, 0x8, 0x7, 0x7, 0x2e, 0xc53, 0x9, 0x5, 0x4d, 0x715, 0x200, 0x6, 0x1, 0x8, 0x5, 0x8, 0x6, 0x5, 0x7, 0x2, 0x0, 0x4, 0xfff, 0x4, 0x4, 0x4, 0x3ff, 0x80000000, 0xff, 0xc, 0x6, 0xffff, 0x1, 0x9, 0xfffffff9, 0x1, 0x4, 0x2, 0x1, 0x9, 0x800, 0x8324, 0x1000, 0x7, 0x7, 0xfffffffe, 0xa, 0x7fff, 0x8000, 0xe8, 0x1, 0xfffffff8, 0x100, 0x529, 0x4, 0xffff88ea, 0x10000, 0xd22, 0x3, 0x8, 0x1, 0x54, 0xfffffff5, 0xb42d, 0x10, 0xfff, 0x5, 0xc0, 0x9d, 0x9, 0x6, 0xffffffd9, 0xfffffffa, 0x8, 0x7, 0x56, 0x7, 0x81, 0x3, 0xdd, 0xffff6beb, 0x7c74, 0xa5, 0x7, 0x7, 0x4, 0x1, 0x7, 0x4, 0x6, 0x4, 0xdfba, 0x0, 0xfff, 0x9, 0x1, 0xdc3d, 0x3, 0x40, 0xcf11, 0x2, 0x5b537012, 0x68, 0x4, 0x9, 0x3, 0x4, 0x6, 0x7, 0xd, 0x3a, 0x3, 0x4, 0x3, 0x3, 0x4, 0xfffff315, 0x7, 0xa, 0x4, 0xd7, 0x9, 0xec5, 0x6, 0xffff4f98, 0x81, 0x3ff, 0x3, 0x85, 0x2, 0x1, 0x0, 0x3d7, 0x3a823247, 0xbf21, 0x8, 0x8, 0x0, 0x0, 0x7f, 0x2, 0x9, 0x4, 0x100, 0xfb, 0xf0, 0x7, 0x40, 0x4, 0x0, 0xef, 0x1]}]}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x1ccf}, @TCA_STAB={0x58, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x0, 0x4, 0xe, 0x2, 0x80, 0x1000, 0x3}}, {0xa, 0x2, [0x3, 0x101, 0x546]}}, {{0x1c, 0x1, {0xe9, 0x0, 0x4, 0x1, 0x0, 0x64f5e40, 0xffff, 0x6}}, {0x10, 0x2, [0x4, 0x401, 0xad, 0x3, 0x6, 0x1]}}]}, @TCA_STAB={0xa4, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x9, 0x0, 0x76a1ecef, 0x0, 0xfe, 0x9, 0x4}}, {0xc, 0x2, [0x5, 0x6, 0x400, 0x3ff]}}, {{0x1c, 0x1, {0xc0, 0xb5, 0x85, 0xffff, 0x2, 0x2, 0x3, 0x6}}, {0x10, 0x2, [0x2, 0x2, 0x8, 0xd931, 0x0, 0x0]}}, {{0x1c, 0x1, {0x6, 0xd, 0x7f, 0x6, 0x2, 0xa, 0x0, 0x4}}, {0xc, 0x2, [0xd6, 0x7, 0x8, 0x7]}}, {{0x1c, 0x1, {0x4, 0x0, 0x3ff, 0x100, 0x1, 0xfffffff8, 0x3, 0x1}}, {0x6, 0x2, [0x4]}}]}, @qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8, "8a880fab63911a28bbd6758d2193b393"}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7fffffff}]}, 0x5b0}, 0x1, 0x0, 0x0, 0x14004}, 0x8000)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x300, 0xed}, [], {0x95, 0x0, 0xed}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @tracing, r9, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200)={0x0, 0xfff9}, 0x92f5e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d)
socket$inet6_udp(0xa, 0x2, 0x0)
r10 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x13, r10, 0xbafb8000)

913.148407ms ago: executing program 2 (id=328):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r1 = socket(0x1, 0x2, 0x0)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r2, &(0x7f0000000080)=@other={'decodes', ' ', 'none'}, 0xd)
sendmmsg$unix(r1, &(0x7f00000010c0)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x193bc0d8627a41f8)
r3 = socket(0x10, 0x2, 0x0)
dup(r3)
write(r3, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r5}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r6}, 0x18)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r7, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
recvmmsg(r3, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000000)={{0x2, 0x4e24, @empty}, {0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, 0x0, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'lo\x00'})

279.376177ms ago: executing program 1 (id=329):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000500)=[{0x0}, {&(0x7f0000001c40)=""/4096, 0x1000}], 0x2}, 0x7}, {{0x0, 0x0, 0x0}, 0x20000005}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000002c40)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/176, 0xb0}, {&(0x7f0000000640)=""/214, 0xd6}, {&(0x7f0000005c80)=""/4109, 0x100d}, {&(0x7f0000000240)=""/95, 0x5f}, {&(0x7f00000018c0)=""/147, 0x93}], 0x6}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x4000007}], 0x5, 0x4000a162, 0x0)

144.900943ms ago: executing program 3 (id=330):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000791228000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (fail_nth: 1)

8.730967ms ago: executing program 0 (id=331):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000500)=[{0x0}, {&(0x7f0000001c40)=""/4096, 0x1000}], 0x2}, 0x7}, {{0x0, 0x0, 0x0}, 0x20000005}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000002c40)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/176, 0xb0}, {&(0x7f0000000640)=""/214, 0xd6}, {&(0x7f0000005c80)=""/4109, 0x100d}, {&(0x7f0000000240)=""/95, 0x5f}, {&(0x7f00000018c0)=""/147, 0x93}], 0x6}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x4000007}], 0x5, 0x4000a162, 0x0)

0s ago: executing program 0 (id=332):
syz_usb_connect$uac1(0x3, 0xa2, &(0x7f0000000100)=ANY=[@ANYBLOB="12011001000000406b1d01014000010203010902900003010380000904000000010100000a24010f00050201020c2402060602040c0032a304f0ffffff0001020000090401010101020000072401200404000c2402010201400f290c89c009e900090000f7090707250183020c00090402000001020000090402020101020000072401018105000b2402010f04b4018c703c0905820940"], 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00')
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x0)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0x7000000)
r7 = socket(0x10, 0x3, 0x6)
r8 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000040))
socket$can_raw(0x1d, 0x3, 0x1)
syz_genetlink_get_family_id$batadv(0x0, r8)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x2, {[@local=@item_012={0x0, 0x2, 0x9}, @global=@item_012={0x0, 0x1, 0x1}]}}, 0x0}, 0x0)
getdents64(r1, &(0x7f00000041c0)=""/4111, 0x100f)
getdents64(r1, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})

kernel console output (not intermixed with test programs):

adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.104267][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.114584][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.127482][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.139105][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.176374][ T3505] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.192257][ T3505] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.205408][ T5828] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.219784][ T5828] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.235477][ T5828] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.250151][ T5828] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.290572][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   80.415176][ T5841] Bluetooth: hci1: command tx timeout
[   80.420732][ T5836] Bluetooth: hci0: command tx timeout
[   80.426196][ T5836] Bluetooth: hci4: command tx timeout
[   80.431803][ T5837] Bluetooth: hci3: command tx timeout
[   80.437258][ T5837] Bluetooth: hci2: command tx timeout
[   80.481265][ T5916] tun0: tun_chr_ioctl cmd 2148553947
[   80.488190][   T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.760299][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   80.870276][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   81.538402][ T5830] veth0_macvtap: entered promiscuous mode
[   81.550421][   T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.663606][ T5830] veth1_macvtap: entered promiscuous mode
[   81.699028][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   81.729174][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.740841][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   81.751992][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.762015][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   81.772896][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.782906][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   81.793817][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.806912][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.818188][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   81.833669][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.844191][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   81.859843][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.874156][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   81.885173][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.899921][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   81.910886][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.921995][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.958113][ T5830] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.977927][ T5830] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.987269][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   82.004164][ T5830] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.025185][ T5830] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.115213][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.171174][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.201317][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   82.395465][ T3666] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.461411][ T5836] Bluetooth: hci2: command tx timeout
[   82.466467][ T3666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.467010][ T5837] Bluetooth: hci1: command tx timeout
[   82.480367][ T5841] Bluetooth: hci3: command tx timeout
[   82.486646][   T55] Bluetooth: hci0: command tx timeout
[   82.494085][ T5138] Bluetooth: hci4: command tx timeout
[   83.056477][ T5875] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   83.178500][   T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.225850][   T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.250095][ T5875] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   84.010458][ T5875] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   84.026068][   T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.067135][   T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.092089][ T5875] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   84.110451][ T5947] tun0: tun_chr_ioctl cmd 2148553947
[   85.271050][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   85.471735][ T5875] usb 1-1: config 1 has no interface number 1
[   85.498556][ T5875] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   85.579602][ T5875] usb 1-1: config 1 interface 2 has no altsetting 1
[   85.596591][    C0] raw-gadget.0 gadget.0: ignoring, device is not running
[   85.605454][    C0] raw-gadget.0 gadget.0: ignoring, device is not running
[   85.750716][   T47] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   85.760560][ T5875] usb 1-1: string descriptor 0 read error: -71
[   85.766917][ T5875] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   85.841008][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.852787][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.888887][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   85.943001][ T5875] usb 1-1: can't set config #1, error -71
[   86.081207][   T47] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   86.089939][   T47] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   86.124522][   T47] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   86.128507][ T5875] usb 1-1: USB disconnect, device number 2
[   86.145276][   T47] usb 5-1: config 1 has no interface number 1
[   86.344336][   T47] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   86.358813][   T47] usb 5-1: config 1 interface 2 has no altsetting 1
[   86.370905][   T47] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   86.381634][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.389702][   T47] usb 5-1: Product: syz
[   86.394919][   T47] usb 5-1: Manufacturer: syz
[   86.400548][   T47] usb 5-1: SerialNumber: syz
[   87.002164][  T975] cfg80211: failed to load regulatory.db
[   87.190791][ T5875] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   87.246648][ T5969] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14'.
[   87.373112][   T47] usb 5-1: 2:2 : no or invalid class specific endpoint descriptor
[   87.402652][ T5875] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   87.441443][ T5875] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   87.637111][   T47] usb 5-1: USB disconnect, device number 2
[   87.658513][ T5875] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   87.690433][ T5924] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   87.705612][ T5875] usb 1-1: config 1 has no interface number 1
[   88.610773][ T5875] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   88.669762][ T5875] usb 1-1: config 1 interface 2 has no altsetting 1
[   88.780555][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   88.882532][ T5924] usb 4-1: Using ep0 maxpacket: 32
[   88.910886][ T5924] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[   88.925960][ T5924] usb 4-1: config 0 has no interface number 0
[   88.966314][ T5924] usb 4-1: config 0 interface 12 has no altsetting 0
[   89.022427][ T5924] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[   89.059230][ T5924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.080874][ T5875] usb 1-1: string descriptor 0 read error: -71
[   89.120480][ T5875] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   89.129589][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.146628][ T5924] usb 4-1: Product: syz
[   89.166939][ T5924] usb 4-1: Manufacturer: syz
[   89.177122][ T5924] usb 4-1: SerialNumber: syz
[   89.219792][ T5924] usb 4-1: config 0 descriptor??
[   89.225910][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   89.227064][ T5875] usb 1-1: can't set config #1, error -71
[   89.526291][ T5875] usb 1-1: USB disconnect, device number 3
[   90.668099][ T5826] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   90.855406][ T5826] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   90.864884][ T5826] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   90.875327][ T5826] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   90.884416][ T5826] usb 3-1: config 1 has no interface number 1
[   90.890777][ T5875] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   90.898405][ T5826] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   90.911235][ T5826] usb 3-1: config 1 interface 2 has no altsetting 1
[   90.929796][ T5826] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   90.941942][ T5924] f81534 4-1:0.12: f81534_set_register: reg: 1003 data: 78 failed: -71
[   90.950498][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.958567][ T5826] usb 3-1: Product: syz
[   90.962929][ T5924] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[   90.971601][ T5924] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[   90.979311][ T5924] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[   90.987517][ T5826] usb 3-1: Manufacturer: syz
[   90.993157][ T5826] usb 3-1: SerialNumber: syz
[   91.007050][ T5924] usb 4-1: USB disconnect, device number 2
[   91.060433][   T47] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   91.070384][ T5875] usb 1-1: Using ep0 maxpacket: 8
[   91.082872][ T5875] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[   91.095719][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[   91.107327][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   91.130359][ T5875] usb 1-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[   91.139531][ T5875] usb 1-1: New USB device strings: Mfr=129, Product=2, SerialNumber=3
[   91.148953][ T5875] usb 1-1: Product: syz
[   91.153626][ T5875] usb 1-1: Manufacturer: syz
[   91.158342][ T5875] usb 1-1: SerialNumber: syz
[   91.165729][ T5875] usb 1-1: config 0 descriptor??
[   91.188083][ T5875] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5
[   91.325631][   T47] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   91.445854][   T47] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   91.546792][   T47] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   91.703537][   T47] usb 2-1: config 1 has no interface number 1
[   91.835274][   T47] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   91.896599][   T47] usb 2-1: config 1 interface 2 has no altsetting 1
[   91.945350][   T47] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   91.980748][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.988124][ T5875] usb 1-1: USB disconnect, device number 4
[   92.001780][   T47] usb 2-1: Product: syz
[   92.015960][   T47] usb 2-1: Manufacturer: syz
[   92.023813][   T47] usb 2-1: SerialNumber: syz
[   92.057488][ T6003] netlink: 8 bytes leftover after parsing attributes in process `syz.3.24'.
[   92.075787][ T6003] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   92.098534][ T6003] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[   92.126267][ T5826] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor
[   92.230019][ T5826] usb 3-1: USB disconnect, device number 2
[   92.494278][ T5980] udevd[5980]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   92.956846][   T47] usb 2-1: 2:2 : no or invalid class specific endpoint descriptor
[   93.171025][   T47] usb 2-1: USB disconnect, device number 2
[   93.260145][ T5874] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   93.440338][ T5874] usb 3-1: Using ep0 maxpacket: 32
[   93.474710][ T5874] usb 3-1: config 0 interface 0 altsetting 142 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   93.524380][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0
[   93.540349][ T5874] usb 3-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.00
[   93.549912][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.441397][ T5874] usb 3-1: config 0 descriptor??
[   94.510294][ T5875] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   94.554575][ T6006] netlink: 'syz.4.25': attribute type 10 has an invalid length.
[   94.563703][ T6006] netlink: 'syz.4.25': attribute type 10 has an invalid length.
[   94.601271][ T5980] udevd[5980]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   94.738507][ T5875] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   94.756928][ T5875] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   94.781957][ T5875] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   94.819564][ T5875] usb 4-1: config 1 has no interface number 1
[   94.827283][ T5875] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   94.859829][ T5875] usb 4-1: config 1 interface 2 has no altsetting 1
[   94.887752][ T5875] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   94.901233][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.926539][ T5875] usb 4-1: Product: syz
[   94.940429][ T5875] usb 4-1: Manufacturer: syz
[   94.950703][ T5875] usb 4-1: SerialNumber: syz
[   95.163365][ T5874] ntrig 0003:1B96:000F.0001: unknown main item tag 0x0
[   95.185082][ T5874] ntrig 0003:1B96:000F.0001: unknown main item tag 0x0
[   95.223210][ T5874] ntrig 0003:1B96:000F.0001: unknown main item tag 0x0
[   95.244214][ T5874] ntrig 0003:1B96:000F.0001: unknown main item tag 0x0
[   95.459388][ T5874] ntrig 0003:1B96:000F.0001: unknown main item tag 0x0
[   95.865429][ T5874] ntrig 0003:1B96:000F.0001: hidraw0: USB HID v0.05 Device [HID 1b96:000f] on usb-dummy_hcd.2-1/input0
[   96.053639][ T5875] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor
[   96.056323][ T5874] usb 3-1: USB disconnect, device number 3
[   96.216433][ T5875] usb 4-1: USB disconnect, device number 3
[   97.090088][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   97.148688][ T6024] netlink: 'syz.0.29': attribute type 10 has an invalid length.
[   97.526060][ T6052] netlink: 28 bytes leftover after parsing attributes in process `syz.3.35'.
[   97.709620][ T5875] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   98.740625][ T5875] usb 3-1: Using ep0 maxpacket: 32
[   98.758712][ T5875] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[   98.956500][ T5875] usb 3-1: config 0 has no interface number 0
[   98.973447][ T5875] usb 3-1: config 0 interface 12 has no altsetting 0
[   98.992928][ T6062] tun0: tun_chr_ioctl cmd 2148553947
[   99.023492][ T5875] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[   99.044391][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.115932][ T5875] usb 3-1: Product: syz
[  100.120155][ T5875] usb 3-1: Manufacturer: syz
[  100.125975][ T5875] usb 3-1: SerialNumber: syz
[  100.536725][ T5875] usb 3-1: config 0 descriptor??
[  100.778502][ T5875] usb 3-1: can't set config #0, error -71
[  100.784941][ T5837] Bluetooth: hci4: command 0x0405 tx timeout
[  100.799396][ T5875] usb 3-1: USB disconnect, device number 4
[  102.702243][   T47] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  103.179256][   T47] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  103.229325][   T47] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  103.284060][   T47] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  103.306578][   T47] usb 4-1: config 1 has no interface number 1
[  103.315041][   T47] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  103.326605][   T47] usb 4-1: config 1 interface 2 has no altsetting 1
[  103.336096][   T47] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  103.371244][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.418511][   T47] usb 4-1: Product: syz
[  103.428934][   T47] usb 4-1: Manufacturer: syz
[  103.434679][   T47] usb 4-1: SerialNumber: syz
[  103.470430][ T5875] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  103.500425][ T5936] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  103.652275][ T5875] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  104.052655][ T5936] usb 3-1: unable to get BOS descriptor or descriptor too short
[  104.135931][ T5936] usb 3-1: not running at top speed; connect to a high speed hub
[  104.144851][ T5875] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  104.150336][ T5936] usb 3-1: config 129 has an invalid interface number: 145 but max is 0
[  104.173963][ T5875] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  104.191657][ T5936] usb 3-1: config 129 has no interface number 0
[  104.207951][ T5936] usb 3-1: config 129 interface 145 has no altsetting 0
[  104.216166][ T5875] usb 5-1: config 1 has no interface number 1
[  104.240728][ T5875] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  104.257939][ T5936] usb 3-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice= d.2f
[  104.298386][ T5936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.311957][ T5875] usb 5-1: config 1 interface 2 has no altsetting 1
[  104.355496][ T5936] usb 3-1: Product: syz
[  104.359738][ T5936] usb 3-1: Manufacturer: syz
[  104.365017][ T5936] usb 3-1: SerialNumber: syz
[  104.374955][ T5875] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  104.392462][ T5875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.406395][ T5875] usb 5-1: Product: syz
[  104.434044][ T5875] usb 5-1: Manufacturer: syz
[  104.438741][ T5875] usb 5-1: SerialNumber: syz
[  104.465490][   T47] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor
[  104.497753][ T6102] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  104.535981][   T47] usb 4-1: USB disconnect, device number 4
[  104.652652][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  104.910483][ T2154] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  105.201836][ T2154] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  105.222677][ T2154] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  105.254352][ T2154] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  105.257356][ T5875] usb 5-1: 2:2 : no or invalid class specific endpoint descriptor
[  105.275453][ T2154] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  105.455020][ T2154] usb 1-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[  105.465394][ T2154] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  105.477492][ T2154] usb 1-1: config 0 descriptor??
[  106.282718][ T5875] usb 5-1: USB disconnect, device number 3
[  106.600521][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  106.631261][ T5936] usb 3-1: USB disconnect, device number 5
[  106.666950][ T2154] usbhid 1-1:0.0: can't add hid device: -71
[  106.678085][ T2154] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  106.690323][ T5924] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  106.692309][ T2154] usb 1-1: USB disconnect, device number 5
[  106.886375][ T5924] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  106.895380][ T5924] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  106.905535][ T5924] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  106.914766][ T5924] usb 2-1: config 1 has no interface number 1
[  106.921196][ T5924] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  106.933302][ T5924] usb 2-1: config 1 interface 2 has no altsetting 1
[  106.943469][ T5924] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  106.950460][   T47] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  106.960263][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.968298][ T5924] usb 2-1: Product: syz
[  106.972678][ T5924] usb 2-1: Manufacturer: syz
[  106.977305][ T5924] usb 2-1: SerialNumber: syz
[  106.990405][   T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  107.070429][ T5936] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  107.110434][   T47] usb 4-1: Using ep0 maxpacket: 32
[  107.117491][   T47] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  107.126053][   T47] usb 4-1: config 0 has no interface number 0
[  107.132601][   T47] usb 4-1: config 0 interface 12 has no altsetting 0
[  107.148407][   T47] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  107.157995][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.166434][   T47] usb 4-1: Product: syz
[  107.171022][   T47] usb 4-1: Manufacturer: syz
[  107.175892][   T47] usb 4-1: SerialNumber: syz
[  107.181308][   T24] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  107.192216][   T47] usb 4-1: config 0 descriptor??
[  107.197957][   T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  107.221338][   T24] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  107.230606][   T24] usb 5-1: config 1 has no interface number 1
[  107.237070][   T24] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  107.243529][ T5936] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  107.248360][   T24] usb 5-1: config 1 interface 2 has no altsetting 1
[  107.290016][   T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  107.313285][ T5936] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  107.323577][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.323609][   T24] usb 5-1: Product: syz
[  107.323714][   T24] usb 5-1: Manufacturer: syz
[  107.440321][ T5936] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  107.457744][ T5936] usb 3-1: config 1 has no interface number 1
[  107.469719][ T5936] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  107.471702][   T24] usb 5-1: SerialNumber: syz
[  107.482575][ T5936] usb 3-1: config 1 interface 2 has no altsetting 1
[  107.521563][ T5936] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  107.549000][ T5936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.588178][ T5936] usb 3-1: Product: syz
[  107.645948][ T5936] usb 3-1: Manufacturer: syz
[  107.667519][ T5936] usb 3-1: SerialNumber: syz
[  108.656733][ T5924] usb 2-1: 2:2 : no or invalid class specific endpoint descriptor
[  108.935027][ T5924] usb 2-1: USB disconnect, device number 3
[  109.111544][   T24] usb 5-1: 2:2 : no or invalid class specific endpoint descriptor
[  109.219798][   T24] usb 5-1: USB disconnect, device number 4
[  109.277704][ T5936] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor
[  109.411911][ T5936] usb 3-1: USB disconnect, device number 6
[  110.204780][   T47] f81534 4-1:0.12: f81534_set_register: reg: 1003 data: 78 failed: -71
[  110.239626][   T47] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  110.257945][   T47] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  110.279810][   T47] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  110.356038][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  110.469881][ T6148] FAULT_INJECTION: forcing a failure.
[  110.469881][ T6148] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  110.478292][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card5/controlC5/../uevent} for writing: No such file or directory
[  110.485995][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  110.503705][   T47] usb 4-1: USB disconnect, device number 5
[  110.561879][ T6148] CPU: 1 UID: 0 PID: 6148 Comm: syz.1.64 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  110.561907][ T6148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  110.561922][ T6148] Call Trace:
[  110.561929][ T6148]  <TASK>
[  110.561936][ T6148]  dump_stack_lvl+0x241/0x360
[  110.561972][ T6148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.561993][ T6148]  ? __pfx__printk+0x10/0x10
[  110.562021][ T6148]  should_fail_ex+0x424/0x570
[  110.562048][ T6148]  _copy_from_user+0x2d/0xb0
[  110.562076][ T6148]  move_addr_to_kernel+0x8c/0x170
[  110.562095][ T6148]  __sys_connect+0xb8/0x2d0
[  110.562115][ T6148]  ? __fget_files+0x2a/0x420
[  110.562134][ T6148]  ? __pfx___sys_connect+0x10/0x10
[  110.562167][ T6148]  __x64_sys_connect+0x7a/0x90
[  110.562188][ T6148]  do_syscall_64+0xf3/0x230
[  110.562207][ T6148]  ? clear_bhb_loop+0x45/0xa0
[  110.562227][ T6148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.562247][ T6148] RIP: 0033:0x7f54b838d169
[  110.562266][ T6148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.562281][ T6148] RSP: 002b:00007f54b914b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  110.562300][ T6148] RAX: ffffffffffffffda RBX: 00007f54b85a5fa0 RCX: 00007f54b838d169
[  110.562313][ T6148] RDX: 0000000000000024 RSI: 0000200000000000 RDI: 0000000000000003
[  110.562324][ T6148] RBP: 00007f54b914b090 R08: 0000000000000000 R09: 0000000000000000
[  110.562334][ T6148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  110.562344][ T6148] R13: 0000000000000000 R14: 00007f54b85a5fa0 R15: 00007fffaa419a68
[  110.562366][ T6148]  </TASK>
[  111.891239][ T6167] netlink: 8 bytes leftover after parsing attributes in process `syz.3.70'.
[  111.956451][ T6169] netlink: 8 bytes leftover after parsing attributes in process `syz.1.71'.
[  111.994140][ T6167] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  112.180357][ T6167] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  113.320806][ T5924] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  113.780034][ T6192] netlink: 28 bytes leftover after parsing attributes in process `syz.0.77'.
[  113.807417][ T5924] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  114.114989][ T5924] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  114.132120][ T5924] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  114.141389][ T5924] usb 5-1: config 1 has no interface number 1
[  114.152728][ T5924] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  114.164160][ T5924] usb 5-1: config 1 interface 2 has no altsetting 1
[  114.206995][ T6187] netlink: 16 bytes leftover after parsing attributes in process `syz.3.76'.
[  114.226599][ T5924] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  114.242829][ T5924] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.320041][ T5924] usb 5-1: Product: syz
[  114.472725][ T5924] usb 5-1: Manufacturer: syz
[  114.477607][ T5924] usb 5-1: SerialNumber: syz
[  114.521999][ T5924] usb 5-1: can't set config #1, error -71
[  114.548991][ T5924] usb 5-1: USB disconnect, device number 5
[  114.604155][ T5936] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  114.951036][ T5936] usb 2-1: Using ep0 maxpacket: 8
[  114.963886][ T5936] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  114.977624][ T5936] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  115.844674][ T5936] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  115.853017][ T6213] tun0: tun_chr_ioctl cmd 2148553947
[  115.888314][ T5924] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  116.060155][ T5936] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  116.082553][ T5936] usb 2-1: New USB device strings: Mfr=129, Product=2, SerialNumber=3
[  116.091359][ T5936] usb 2-1: Product: syz
[  116.095585][ T5936] usb 2-1: Manufacturer: syz
[  116.101917][ T5936] usb 2-1: SerialNumber: syz
[  116.108978][ T5936] usb 2-1: config 0 descriptor??
[  116.146995][ T5936] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input7
[  116.200340][ T5924] usb 5-1: Using ep0 maxpacket: 32
[  116.207722][ T5924] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  116.224393][ T5924] usb 5-1: config 0 has no interface number 0
[  116.240332][ T5924] usb 5-1: config 0 interface 12 has no altsetting 0
[  116.262312][ T5924] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  116.308429][ T5924] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.318306][ T5876] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  116.463182][ T5924] usb 5-1: Product: syz
[  116.523060][ T5924] usb 5-1: Manufacturer: syz
[  116.589447][ T5924] usb 5-1: SerialNumber: syz
[  116.605934][ T5876] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  116.696646][ T5924] usb 5-1: config 0 descriptor??
[  116.723767][ T5876] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  116.886792][ T5876] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  116.931986][ T5936] usb 2-1: USB disconnect, device number 4
[  116.945227][ T5876] usb 1-1: config 1 has no interface number 1
[  116.970794][ T5876] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  116.984315][ T5876] usb 1-1: config 1 interface 2 has no altsetting 1
[  116.996415][ T5876] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  117.118405][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.160333][ T5876] usb 1-1: Product: syz
[  117.219951][ T6232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.92'.
[  117.228508][ T5876] usb 1-1: Manufacturer: syz
[  117.232181][ T6232] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  117.241290][ T5876] usb 1-1: SerialNumber: syz
[  117.244064][ T6232] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  118.954721][ T5876] usb 1-1: 2:2 : no or invalid class specific endpoint descriptor
[  119.620561][ T5876] usb 1-1: USB disconnect, device number 6
[  120.620584][ T5924] f81534 5-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -32
[  120.628858][ T5924] f81534 5-1:0.12: f81534_find_config_idx: read failed: -32
[  120.657477][ T5924] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -32
[  121.624989][ T5924] f81534 5-1:0.12: probe with driver f81534 failed with error -32
[  122.242001][   T47] usb 5-1: USB disconnect, device number 6
[  122.687503][ T5989] udevd[5989]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  122.766754][ T6264] tun0: tun_chr_ioctl cmd 2148553947
[  123.280861][ T5936] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  123.338851][ T6273] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  124.334848][ T5936] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  124.916750][   T30] audit: type=1800 audit(1743124585.264:2): pid=6280 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.105" name="file0" dev="overlay" ino=106 res=0 errno=0
[  124.940668][ T5936] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  124.970021][ T5936] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  125.012303][ T5936] usb 3-1: config 1 has no interface number 1
[  125.204672][ T5936] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  125.227411][ T6286] netlink: 8 bytes leftover after parsing attributes in process `syz.4.107'.
[  125.237604][ T5936] usb 3-1: config 1 interface 2 has no altsetting 1
[  125.240707][ T6286] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  125.255567][ T6286] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  125.420860][   T47] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  125.596152][   T47] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  125.658807][   T47] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  125.738710][   T47] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  125.841855][   T47] usb 1-1: config 1 has no interface number 1
[  126.020294][   T47] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  126.032943][   T47] usb 1-1: config 1 interface 2 has no altsetting 1
[  126.096071][   T47] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  126.140687][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.194202][   T47] usb 1-1: Product: syz
[  126.198435][   T47] usb 1-1: Manufacturer: syz
[  126.226763][   T47] usb 1-1: SerialNumber: syz
[  126.256440][ T5936] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  126.265759][ T5936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.561455][ T5874] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  127.440698][ T5936] usb 3-1: can't set config #1, error -71
[  127.447809][ T5936] usb 3-1: USB disconnect, device number 7
[  127.538268][ T5874] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  127.606779][ T5874] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  127.658408][   T47] usb 1-1: 2:2 : no or invalid class specific endpoint descriptor
[  127.669489][ T5874] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  127.691918][ T5874] usb 4-1: config 1 has no interface number 1
[  127.698279][ T5874] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  127.717950][ T5874] usb 4-1: config 1 interface 2 has no altsetting 1
[  127.727075][ T5874] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  128.724506][   T47] usb 1-1: USB disconnect, device number 7
[  128.734078][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.782288][ T5874] usb 4-1: Product: syz
[  128.797288][ T5874] usb 4-1: Manufacturer: syz
[  128.811207][ T5874] usb 4-1: SerialNumber: syz
[  129.352249][ T2154] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  129.382004][ T5874] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor
[  130.065203][ T5874] usb 4-1: USB disconnect, device number 6
[  130.082968][   T47] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  130.100088][ T2154] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  130.158058][ T2154] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  130.235385][ T2154] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  130.266072][ T2154] usb 5-1: config 1 has no interface number 1
[  130.289679][ T2154] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  130.312923][   T47] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  130.352607][   T47] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  130.365146][ T2154] usb 5-1: config 1 interface 2 has no altsetting 1
[  130.414321][   T47] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  130.426152][   T47] usb 1-1: config 1 has no interface number 1
[  130.434040][ T2154] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  130.578511][ T2154] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.586711][   T47] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  130.597792][ T2154] usb 5-1: Product: syz
[  130.602093][   T47] usb 1-1: config 1 interface 2 has no altsetting 1
[  130.609344][ T2154] usb 5-1: Manufacturer: syz
[  130.614371][ T2154] usb 5-1: SerialNumber: syz
[  130.626506][   T47] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  130.756424][ T6333] netlink: 'syz.3.121': attribute type 10 has an invalid length.
[  130.980595][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.989133][   T47] usb 1-1: Product: syz
[  130.993977][   T47] usb 1-1: Manufacturer: syz
[  130.999530][   T47] usb 1-1: SerialNumber: syz
[  132.192895][   T47] usb 1-1: can't set config #1, error -71
[  132.242086][ T6339] netlink: 8 bytes leftover after parsing attributes in process `syz.2.123'.
[  132.242302][   T47] usb 1-1: USB disconnect, device number 8
[  132.307149][ T6339] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  132.459552][ T2154] usb 5-1: 2:2 : no or invalid class specific endpoint descriptor
[  132.476250][ T6339] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  132.511588][ T2154] usb 5-1: USB disconnect, device number 7
[  132.531946][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  133.222528][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  133.228907][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  133.315704][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  133.571117][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  134.025160][   T47] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  134.480792][ T6366] overlayfs: missing 'workdir'
[  135.016348][ T2154] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  135.554122][   T47] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  135.570745][   T47] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  135.602247][   T47] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  135.613147][   T47] usb 2-1: config 1 has no interface number 1
[  135.619498][ T2154] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  135.629017][   T47] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  135.641420][ T2154] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  135.651995][ T5957] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  135.660789][   T47] usb 2-1: config 1 interface 2 has no altsetting 1
[  135.667678][ T2154] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  135.677974][ T2154] usb 4-1: config 1 has no interface number 1
[  135.686039][ T2154] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  135.698187][   T47] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  135.708028][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.716217][ T2154] usb 4-1: config 1 interface 2 has no altsetting 1
[  135.723493][   T47] usb 2-1: Product: syz
[  135.727968][   T47] usb 2-1: Manufacturer: syz
[  135.735640][   T47] usb 2-1: SerialNumber: syz
[  135.741086][ T2154] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  135.750351][ T2154] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.759081][ T2154] usb 4-1: Product: syz
[  135.764204][ T2154] usb 4-1: Manufacturer: syz
[  135.769768][ T2154] usb 4-1: SerialNumber: syz
[  135.790408][ T5957] usb 5-1: device descriptor read/64, error -71
[  135.832142][ T5936] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  135.972509][ T5875] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  136.047728][ T5957] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  136.556045][ T5875] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  136.565313][ T5936] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  136.574676][ T5875] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  136.585672][ T5936] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  136.597495][ T5936] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  136.608396][ T5875] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  136.617750][ T5936] usb 1-1: config 1 has no interface number 1
[  136.624217][ T5875] usb 3-1: config 1 has no interface number 1
[  136.639790][ T5936] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  136.643223][ T2154] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor
[  136.651012][ T5875] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  136.670862][ T5936] usb 1-1: config 1 interface 2 has no altsetting 1
[  136.684856][ T5957] usb 5-1: device descriptor read/64, error -71
[  136.687283][ T5875] usb 3-1: config 1 interface 2 has no altsetting 1
[  136.703412][ T5875] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  136.713099][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.724612][ T5875] usb 3-1: Product: syz
[  136.734198][ T5875] usb 3-1: Manufacturer: syz
[  136.737613][   T47] usb 2-1: 2:2 : no or invalid class specific endpoint descriptor
[  136.739086][ T5875] usb 3-1: SerialNumber: syz
[  136.751720][ T5936] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  136.754629][ T2154] usb 4-1: USB disconnect, device number 7
[  136.777638][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.794714][ T5936] usb 1-1: Product: syz
[  136.801483][ T5957] usb usb5-port1: attempt power cycle
[  136.816126][ T5936] usb 1-1: Manufacturer: syz
[  136.819551][   T47] usb 2-1: USB disconnect, device number 5
[  136.847926][ T5936] usb 1-1: SerialNumber: syz
[  137.061275][ T5980] udevd[5980]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  137.075228][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  137.160508][ T5957] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  137.684438][ T5957] usb 5-1: device descriptor read/8, error -71
[  138.592305][ T5957] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  138.879880][ T5957] usb 5-1: device not accepting address 11, error -71
[  139.811106][ T5957] usb usb5-port1: unable to enumerate USB device
[  139.830039][ T6396] netlink: 8 bytes leftover after parsing attributes in process `syz.4.139'.
[  139.851617][ T5936] usb 1-1: 2:2 : no or invalid class specific endpoint descriptor
[  139.894345][ T6396] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  139.981115][ T5875] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor
[  140.010835][ T5936] usb 1-1: USB disconnect, device number 9
[  140.059699][ T6396] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  140.213305][ T5875] usb 3-1: USB disconnect, device number 8
[  140.942699][ T5989] udevd[5989]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  141.034453][ T5980] udevd[5980]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  141.712759][ T6412] Zero length message leads to an empty skb
[  141.741143][ T6412] FAULT_INJECTION: forcing a failure.
[  141.741143][ T6412] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.812015][ T6412] CPU: 0 UID: 0 PID: 6412 Comm: syz.0.143 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  141.812046][ T6412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  141.812059][ T6412] Call Trace:
[  141.812066][ T6412]  <TASK>
[  141.812075][ T6412]  dump_stack_lvl+0x241/0x360
[  141.812119][ T6412]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.812144][ T6412]  ? __pfx__printk+0x10/0x10
[  141.812176][ T6412]  should_fail_ex+0x424/0x570
[  141.812210][ T6412]  _copy_from_user+0x2d/0xb0
[  141.812236][ T6412]  get_timespec64+0x9a/0x290
[  141.812265][ T6412]  ? __pfx_get_timespec64+0x10/0x10
[  141.812289][ T6412]  ? __fget_files+0x2a/0x420
[  141.812317][ T6412]  __se_sys_clock_nanosleep+0x1a4/0x3c0
[  141.812345][ T6412]  ? __pfx___se_sys_clock_nanosleep+0x10/0x10
[  141.812376][ T6412]  ? do_syscall_64+0xb6/0x230
[  141.812399][ T6412]  do_syscall_64+0xf3/0x230
[  141.812420][ T6412]  ? clear_bhb_loop+0x45/0xa0
[  141.812443][ T6412]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.812462][ T6412] RIP: 0033:0x7faa7c58d169
[  141.812485][ T6412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.812502][ T6412] RSP: 002b:00007faa7d3dc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6
[  141.812527][ T6412] RAX: ffffffffffffffda RBX: 00007faa7c7a6160 RCX: 00007faa7c58d169
[  141.812541][ T6412] RDX: 0000200000000040 RSI: 0000000000000000 RDI: ffffffffffffffff
[  141.812555][ T6412] RBP: 00007faa7d3dc090 R08: 0000000000000000 R09: 0000000000000000
[  141.812567][ T6412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.812579][ T6412] R13: 0000000000000000 R14: 00007faa7c7a6160 R15: 00007ffe81e927d8
[  141.812611][ T6412]  </TASK>
[  142.890414][ T5876] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  143.060330][ T5876] usb 5-1: Using ep0 maxpacket: 32
[  143.077912][ T5876] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  143.100350][ T5876] usb 5-1: config 0 has no interface number 0
[  143.108216][ T5876] usb 5-1: config 0 interface 12 has no altsetting 0
[  143.125239][ T5876] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  143.145223][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.160275][ T5876] usb 5-1: Product: syz
[  143.170545][ T5876] usb 5-1: Manufacturer: syz
[  143.180384][ T5876] usb 5-1: SerialNumber: syz
[  143.191885][ T5876] usb 5-1: config 0 descriptor??
[  143.209038][ T5876] f81534 5-1:0.12: required endpoints missing
[  143.220369][ T5957] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  143.370442][ T2154] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  143.397168][ T5957] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  143.410333][ T5957] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  143.430575][ T5957] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  143.450652][ T5957] usb 4-1: config 1 has no interface number 1
[  143.456827][ T5957] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  143.488193][ T5957] usb 4-1: config 1 interface 2 has no altsetting 1
[  143.497870][ T5957] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  143.508399][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.517999][ T5957] usb 4-1: Product: syz
[  143.522610][ T5957] usb 4-1: Manufacturer: syz
[  143.527257][ T5957] usb 4-1: SerialNumber: syz
[  143.532148][ T2154] usb 2-1: device descriptor read/64, error -71
[  143.794660][ T6433] tun0: tun_chr_ioctl cmd 2148553947
[  143.956275][ T2154] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  144.172248][ T2154] usb 2-1: device descriptor read/64, error -71
[  145.442870][ T2154] usb usb2-port1: attempt power cycle
[  145.558436][ T5837] Bluetooth: hci4: command 0x0405 tx timeout
[  145.699683][ T5957] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor
[  145.717716][ T5876] usb 5-1: USB disconnect, device number 12
[  145.770586][ T5957] usb 4-1: USB disconnect, device number 8
[  146.053116][ T2154] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  146.710485][ T5876] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  146.891225][ T5989] udevd[5989]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  146.907996][ T2154] usb 2-1: device descriptor read/8, error -71
[  148.190293][ T5876] usb 5-1: Using ep0 maxpacket: 8
[  148.202205][ T5876] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  148.279764][ T5876] usb 5-1: config 179 has no interface number 0
[  148.288303][ T5876] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  148.306743][ T5876] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  148.576567][ T5876] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  148.610308][ T5876] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  148.648928][ T5876] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  148.680547][ T5876] usb 5-1: config 179 interface 65 has no altsetting 0
[  148.697728][ T5876] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  148.719067][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.743718][ T5876] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input8
[  148.782917][ T6465] tun0: tun_chr_ioctl cmd 2148553947
[  149.300580][ T2154] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  149.412157][ T2154] usb 2-1: Using ep0 maxpacket: 32
[  149.424323][ T5876] usb 5-1: USB disconnect, device number 13
[  149.424396][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  149.431654][ T2154] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  149.458270][ T5876] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  149.489323][ T6468] netlink: 8 bytes leftover after parsing attributes in process `syz.0.158'.
[  149.561158][ T2154] usb 2-1: config 0 has no interface number 0
[  149.567328][ T2154] usb 2-1: config 0 interface 12 has no altsetting 0
[  149.816771][ T2154] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  149.834400][ T2154] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.842839][ T2154] usb 2-1: Product: syz
[  149.847147][ T2154] usb 2-1: Manufacturer: syz
[  150.191023][ T5876] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  150.416273][ T5876] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  150.840270][ T5876] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  150.870613][ T5876] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  150.871486][ T2154] usb 2-1: SerialNumber: syz
[  150.879620][ T5876] usb 5-1: config 1 has no interface number 1
[  150.879679][ T5876] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  150.912420][ T2154] usb 2-1: config 0 descriptor??
[  150.976017][ T5876] usb 5-1: config 1 interface 2 has no altsetting 1
[  151.007110][ T5876] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  151.035490][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.070225][ T5876] usb 5-1: Product: syz
[  151.074941][ T5876] usb 5-1: Manufacturer: syz
[  151.079565][ T5876] usb 5-1: SerialNumber: syz
[  151.259482][ T6482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.165'.
[  151.274549][ T6482] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  151.286637][ T6482] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  151.315285][ T5957] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  151.450464][ T5957] usb 4-1: device descriptor read/64, error -71
[  151.800556][ T5957] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  151.994716][ T5957] usb 4-1: device descriptor read/64, error -71
[  152.050078][ T5876] usb 5-1: 2:2 : no or invalid class specific endpoint descriptor
[  152.205800][ T5957] usb usb4-port1: attempt power cycle
[  152.258335][ T5876] usb 5-1: USB disconnect, device number 14
[  152.550915][ T5957] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  152.614468][ T5957] usb 4-1: device descriptor read/8, error -71
[  153.247265][ T6492] tun0: tun_chr_ioctl cmd 2148553947
[  153.330295][ T5957] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  153.412333][ T5957] usb 4-1: device descriptor read/8, error -71
[  153.464278][ T2154] f81534 2-1:0.12: f81534_set_register: reg: 1003 data: 78 failed: -71
[  153.536894][ T5957] usb usb4-port1: unable to enumerate USB device
[  153.573037][ T2154] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  153.670038][ T2154] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  153.767651][ T2154] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[  153.873098][ T2154] usb 2-1: USB disconnect, device number 9
[  154.094743][ T6499] netlink: 8 bytes leftover after parsing attributes in process `syz.1.170'.
[  154.300328][ T5957] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  154.986701][ T6499] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  155.020467][ T5957] usb 5-1: Using ep0 maxpacket: 8
[  155.041179][ T5957] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  155.068722][ T5957] usb 5-1: config 179 has no interface number 0
[  155.264624][ T5957] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  155.270982][ T6499] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  155.582882][ T5957] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  155.622715][ T5957] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  155.763922][ T5957] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  155.774963][ T5957] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  155.788755][ T5957] usb 5-1: config 179 interface 65 has no altsetting 0
[  155.796059][ T5957] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  155.824684][ T5957] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.864044][ T6512] netlink: 12 bytes leftover after parsing attributes in process `syz.0.172'.
[  155.891644][ T5957] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input9
[  155.935674][ T6120] udevd[6120]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  157.102869][ T5826] usb 5-1: USB disconnect, device number 15
[  157.102933][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  157.161297][ T5826] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  157.219879][ T6528] FAULT_INJECTION: forcing a failure.
[  157.219879][ T6528] name failslab, interval 1, probability 0, space 0, times 1
[  157.256665][ T6528] CPU: 0 UID: 0 PID: 6528 Comm: syz.0.175 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  157.256697][ T6528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  157.256710][ T6528] Call Trace:
[  157.256718][ T6528]  <TASK>
[  157.256726][ T6528]  dump_stack_lvl+0x241/0x360
[  157.256760][ T6528]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.256786][ T6528]  ? __pfx__printk+0x10/0x10
[  157.256812][ T6528]  ? __pfx___might_resched+0x10/0x10
[  157.256846][ T6528]  should_fail_ex+0x424/0x570
[  157.256879][ T6528]  should_failslab+0xac/0x100
[  157.256913][ T6528]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  157.256934][ T6528]  ? __alloc_skb+0x1c2/0x480
[  157.256963][ T6528]  __alloc_skb+0x1c2/0x480
[  157.256992][ T6528]  ? __pfx___alloc_skb+0x10/0x10
[  157.257018][ T6528]  ? netlink_autobind+0xd6/0x2f0
[  157.257042][ T6528]  ? netlink_autobind+0x2b0/0x2f0
[  157.257068][ T6528]  netlink_sendmsg+0x65c/0xce0
[  157.257099][ T6528]  ? __pfx_netlink_sendmsg+0x10/0x10
[  157.257131][ T6528]  ? __pfx_netlink_sendmsg+0x10/0x10
[  157.257152][ T6528]  __sock_sendmsg+0x221/0x270
[  157.257175][ T6528]  sock_write_iter+0x2d9/0x3f0
[  157.257201][ T6528]  ? __pfx_sock_write_iter+0x10/0x10
[  157.257228][ T6528]  ? bpf_lsm_file_permission+0x9/0x10
[  157.257260][ T6528]  vfs_write+0x70f/0xd10
[  157.257291][ T6528]  ? __pfx_sock_write_iter+0x10/0x10
[  157.257312][ T6528]  ? __pfx_vfs_write+0x10/0x10
[  157.257340][ T6528]  ? __fget_files+0x2a/0x420
[  157.257365][ T6528]  ? __fget_files+0x2a/0x420
[  157.257393][ T6528]  ksys_write+0x19d/0x2d0
[  157.257420][ T6528]  ? __pfx_ksys_write+0x10/0x10
[  157.257450][ T6528]  ? do_syscall_64+0xb6/0x230
[  157.257480][ T6528]  do_syscall_64+0xf3/0x230
[  157.257501][ T6528]  ? clear_bhb_loop+0x45/0xa0
[  157.257525][ T6528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.257545][ T6528] RIP: 0033:0x7faa7c58d169
[  157.257564][ T6528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.257580][ T6528] RSP: 002b:00007faa7d41e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  157.257603][ T6528] RAX: ffffffffffffffda RBX: 00007faa7c7a5fa0 RCX: 00007faa7c58d169
[  157.257618][ T6528] RDX: 0000000000000014 RSI: 0000200000000100 RDI: 0000000000000003
[  157.257631][ T6528] RBP: 00007faa7d41e090 R08: 0000000000000000 R09: 0000000000000000
[  157.257643][ T6528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.257655][ T6528] R13: 0000000000000000 R14: 00007faa7c7a5fa0 R15: 00007ffe81e927d8
[  157.257680][ T6528]  </TASK>
[  157.648100][ T6532] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  157.675501][   T47] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  157.685632][ T5957] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  157.906143][   T47] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  157.923236][ T5957] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  157.984724][   T47] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  158.034052][ T5957] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  158.200328][   T47] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  158.213803][ T5957] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  158.243257][   T47] usb 4-1: config 1 has no interface number 1
[  158.249577][ T5957] usb 2-1: config 1 has no interface number 1
[  158.269306][   T47] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  158.288370][ T5957] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  158.434666][   T47] usb 4-1: config 1 interface 2 has no altsetting 1
[  158.441444][ T5957] usb 2-1: config 1 interface 2 has no altsetting 1
[  158.451866][   T47] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  158.461546][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.469650][   T47] usb 4-1: Product: syz
[  158.482652][ T5957] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  158.500453][   T47] usb 4-1: Manufacturer: syz
[  158.505190][   T47] usb 4-1: SerialNumber: syz
[  158.527062][ T5957] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.535402][ T5957] usb 2-1: Product: syz
[  158.539701][ T5957] usb 2-1: Manufacturer: syz
[  158.546112][ T5957] usb 2-1: SerialNumber: syz
[  162.904685][ T5957] usb 2-1: 2:2 : no or invalid class specific endpoint descriptor
[  162.926648][   T47] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor
[  162.936842][ T5957] usb 2-1: USB disconnect, device number 10
[  163.190650][ T5875] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  163.194670][   T47] usb 4-1: USB disconnect, device number 13
[  164.145611][ T5875] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  164.260734][ T6557] tun0: tun_chr_ioctl cmd 2148553947
[  164.464672][ T5875] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  164.603370][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  164.811914][ T5875] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  164.831958][ T6563] FAULT_INJECTION: forcing a failure.
[  164.831958][ T6563] name failslab, interval 1, probability 0, space 0, times 0
[  164.857163][ T5875] usb 1-1: config 1 has no interface number 1
[  164.875445][ T5875] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  164.891028][ T6563] CPU: 0 UID: 0 PID: 6563 Comm: syz.1.186 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  164.891058][ T6563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  164.891070][ T6563] Call Trace:
[  164.891078][ T6563]  <TASK>
[  164.891086][ T6563]  dump_stack_lvl+0x241/0x360
[  164.891118][ T6563]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.891142][ T6563]  ? __pfx__printk+0x10/0x10
[  164.891168][ T6563]  ? __pfx___might_resched+0x10/0x10
[  164.891202][ T6563]  should_fail_ex+0x424/0x570
[  164.891234][ T6563]  should_failslab+0xac/0x100
[  164.891266][ T6563]  __kmalloc_noprof+0xdf/0x4d0
[  164.891284][ T6563]  ? tomoyo_realpath_from_path+0xc2/0x5e0
[  164.891304][ T6563]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  164.891328][ T6563]  tomoyo_realpath_from_path+0xcf/0x5e0
[  164.891356][ T6563]  tomoyo_path_number_perm+0x245/0x790
[  164.891386][ T6563]  ? tomoyo_path_number_perm+0x215/0x790
[  164.891415][ T6563]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  164.891447][ T6563]  ? ksys_write+0x24e/0x2d0
[  164.891479][ T6563]  ? __lock_acquire+0xad5/0xd80
[  164.891517][ T6563]  ? __fget_files+0x2a/0x420
[  164.891539][ T6563]  ? __fget_files+0x2a/0x420
[  164.891562][ T6563]  ? __fget_files+0x2a/0x420
[  164.891586][ T6563]  security_file_ioctl+0xc6/0x2a0
[  164.891616][ T6563]  __se_sys_ioctl+0x46/0x160
[  164.891645][ T6563]  do_syscall_64+0xf3/0x230
[  164.891668][ T6563]  ? clear_bhb_loop+0x45/0xa0
[  164.891691][ T6563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.891711][ T6563] RIP: 0033:0x7f54b838d169
[  164.891729][ T6563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.891745][ T6563] RSP: 002b:00007f54b914b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  164.891768][ T6563] RAX: ffffffffffffffda RBX: 00007f54b85a5fa0 RCX: 00007f54b838d169
[  164.891782][ T6563] RDX: 0000200000000080 RSI: 0000000040bc5311 RDI: 0000000000000003
[  164.891795][ T6563] RBP: 00007f54b914b090 R08: 0000000000000000 R09: 0000000000000000
[  164.891806][ T6563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.891818][ T6563] R13: 0000000000000000 R14: 00007f54b85a5fa0 R15: 00007fffaa419a68
[  164.891842][ T6563]  </TASK>
[  164.893919][ T6563] ERROR: Out of memory at tomoyo_realpath_from_path.
[  165.129050][ T6567] overlayfs: failed to resolve './file1': -2
[  165.136481][ T5875] usb 1-1: config 1 interface 2 has no altsetting 1
[  165.144452][ T5875] usb 1-1: string descriptor 0 read error: -71
[  165.152007][ T5875] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  165.161209][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.193057][ T5875] usb 1-1: can't set config #1, error -71
[  165.209757][ T5875] usb 1-1: USB disconnect, device number 10
[  165.302218][   T47] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  165.492427][   T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  165.504622][   T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  165.515044][   T47] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00
[  165.967695][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.982163][   T47] usb 4-1: config 0 descriptor??
[  166.110444][ T5936] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  166.231359][   T47] usbhid 4-1:0.0: can't add hid device: -71
[  166.241655][   T47] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  166.253704][   T47] usb 4-1: USB disconnect, device number 14
[  166.336307][ T5936] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  166.346229][ T5936] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  166.348014][ T5957] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  166.402819][ T5936] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  166.422152][ T5936] usb 2-1: config 1 has no interface number 1
[  166.428476][ T5936] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  166.441701][ T5936] usb 2-1: config 1 interface 2 has no altsetting 1
[  166.781652][ T6595] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  167.671176][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  168.253765][ T5936] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  168.280260][ T5936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.310070][ T5936] usb 2-1: Product: syz
[  168.315557][ T5936] usb 2-1: Manufacturer: syz
[  168.350346][ T5936] usb 2-1: SerialNumber: syz
[  168.360702][ T6598] netlink: 'syz.3.194': attribute type 10 has an invalid length.
[  168.400512][ T5936] usb 2-1: can't set config #1, error -71
[  168.419403][ T5936] usb 2-1: USB disconnect, device number 11
[  168.540752][ T5957] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  168.549512][ T5957] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  168.561608][ T5957] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  168.571227][ T5957] usb 1-1: config 1 has no interface number 1
[  168.577524][ T5957] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  168.587918][ T6598] team0: Port device netdevsim0 added
[  168.593103][ T5957] usb 1-1: config 1 interface 2 has no altsetting 1
[  168.603013][ T5957] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  168.620246][ T5957] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.628926][ T5957] usb 1-1: Product: syz
[  168.633673][ T5957] usb 1-1: Manufacturer: syz
[  168.638537][ T5957] usb 1-1: SerialNumber: syz
[  168.828589][ T6610] netlink: 'syz.3.194': attribute type 10 has an invalid length.
[  168.960573][   T47] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  169.734862][ T6610] team0: Port device netdevsim0 removed
[  169.756550][ T6610] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  169.850281][   T47] usb 3-1: Using ep0 maxpacket: 8
[  169.877198][   T47] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  169.890527][   T47] usb 3-1: New USB device found, idVendor=05a9, idProduct=2630, bcdDevice=55.12
[  169.900411][ T5957] usb 1-1: 2:2 : no or invalid class specific endpoint descriptor
[  169.909797][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.959506][   T47] usb 3-1: config 0 descriptor??
[  169.979456][   T47] usb 3-1: Found UVC 0.00 device <unnamed> (05a9:2630)
[  169.987267][ T5957] usb 1-1: USB disconnect, device number 11
[  170.013678][   T47] usb 3-1: No valid video chain found.
[  170.167606][ T6621] overlayfs: failed to resolve './file1': -2
[  170.191701][ T5874] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  170.276108][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  170.340523][ T5957] usb 3-1: USB disconnect, device number 9
[  170.352280][ T5874] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  170.556547][ T5874] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  170.567577][ T5874] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  170.578921][ T5874] usb 5-1: config 1 has no interface number 1
[  170.585184][ T5874] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  170.672368][ T6625] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  171.347893][ T5874] usb 5-1: config 1 interface 2 has no altsetting 1
[  171.387283][ T5874] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  171.409389][ T5874] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.426670][ T5874] usb 5-1: Product: syz
[  171.432714][ T5874] usb 5-1: Manufacturer: syz
[  171.437360][ T5874] usb 5-1: SerialNumber: syz
[  173.203119][ T5874] usb 5-1: 2:2 : no or invalid class specific endpoint descriptor
[  173.268256][ T6644] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  174.659986][ T5874] usb 5-1: USB disconnect, device number 16
[  174.920704][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  174.980851][ T6657] overlayfs: failed to resolve './file1': -2
[  176.557555][ T6667] netlink: 'syz.2.212': attribute type 10 has an invalid length.
[  176.681030][ T6667] team0: Port device netdevsim0 added
[  176.863861][ T6662] netlink: 'syz.2.212': attribute type 10 has an invalid length.
[  177.879410][ T6662] team0: Port device netdevsim0 removed
[  178.933905][ T6662] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  179.445042][ T6694] netlink: 8 bytes leftover after parsing attributes in process `syz.4.221'.
[  179.454739][ T6694] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  179.464568][ T6694] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  179.647431][ T6699] netlink: 8 bytes leftover after parsing attributes in process `syz.0.222'.
[  180.185080][ T6709] tmpfs: Bad value for 'nr_inodes'
[  180.335492][ T6710] netlink: 124 bytes leftover after parsing attributes in process `syz.2.225'.
[  180.495414][ T5875] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  180.917903][ T5875] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  180.939992][ T5875] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  180.966883][ T5875] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  180.999982][ T5875] usb 2-1: config 1 has no interface number 1
[  181.015653][ T5875] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  181.062362][ T5875] usb 2-1: config 1 interface 2 has no altsetting 1
[  181.071535][ T5875] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  181.100697][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.126504][ T5875] usb 2-1: Product: syz
[  181.137446][ T5875] usb 2-1: Manufacturer: syz
[  181.148774][ T5875] usb 2-1: SerialNumber: syz
[  181.230421][ T2154] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  181.470581][ T5876] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  181.733782][ T5876] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  182.253930][ T5876] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  182.275320][ T2154] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  182.337547][ T5876] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  182.361147][ T2154] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  182.370297][ T5876] usb 5-1: config 1 has no interface number 1
[  182.382843][ T5876] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  182.396666][ T5876] usb 5-1: config 1 interface 2 has no altsetting 1
[  182.406114][ T5876] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  182.408113][ T2154] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  182.419783][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.437131][ T5876] usb 5-1: Product: syz
[  182.448895][ T2154] usb 3-1: config 1 has no interface number 1
[  182.450519][ T5876] usb 5-1: Manufacturer: syz
[  182.463919][ T2154] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  182.477926][ T5876] usb 5-1: SerialNumber: syz
[  182.495411][ T5875] usb 2-1: 2:2 : no or invalid class specific endpoint descriptor
[  182.496386][ T2154] usb 3-1: config 1 interface 2 has no altsetting 1
[  182.512927][ T2154] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  182.524045][ T2154] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.544422][ T2154] usb 3-1: Product: syz
[  182.548661][ T2154] usb 3-1: Manufacturer: syz
[  182.560295][ T2154] usb 3-1: SerialNumber: syz
[  182.583233][ T5875] usb 2-1: USB disconnect, device number 12
[  182.609455][ T6729] tmpfs: Bad value for 'nr_inodes'
[  182.688189][ T6730] netlink: 124 bytes leftover after parsing attributes in process `syz.3.232'.
[  182.904473][ T5936] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  183.256200][ T5936] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  183.920600][ T5936] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  183.931362][ T5936] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  183.940443][ T5936] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  183.952132][ T5936] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  183.981727][ T5936] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  184.000293][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  184.017690][ T5936] usb 1-1: Product: syz
[  184.022750][ T5936] usb 1-1: Manufacturer: syz
[  184.041944][ T5936] cdc_wdm 1-1:1.0: skipping garbage
[  184.053324][ T5936] cdc_wdm 1-1:1.0: skipping garbage
[  184.086599][ T5936] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  184.099410][ T5936] cdc_wdm 1-1:1.0: Unknown control protocol
[  184.134248][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  184.206837][ T5876] usb 5-1: 2:2 : no or invalid class specific endpoint descriptor
[  184.273413][ T5876] usb 5-1: USB disconnect, device number 17
[  184.290554][ T2154] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor
[  184.345150][ T6739] netlink: 'syz.1.233': attribute type 10 has an invalid length.
[  184.376422][ T2154] usb 3-1: USB disconnect, device number 10
[  184.429777][ T6739] team0: Port device netdevsim0 added
[  184.539514][    C0] cdc_wdm 1-1:1.0: Unexpected error -71
[  184.539934][   T24] usb 1-1: USB disconnect, device number 12
[  184.546630][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  184.558414][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  184.564527][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  184.574722][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  184.591001][ T5874] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  184.632945][ T5989] udevd[5989]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  184.686897][ T6744] netlink: 'syz.1.233': attribute type 10 has an invalid length.
[  184.700504][ T6744] team0: Port device netdevsim0 removed
[  184.711657][ T6744] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  184.760330][ T5874] usb 4-1: Using ep0 maxpacket: 32
[  184.823453][ T5874] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  184.852299][ T5874] usb 4-1: config 0 has no interface number 0
[  184.858476][ T5874] usb 4-1: config 0 interface 12 has no altsetting 0
[  184.902025][ T5874] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  184.914075][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.924784][ T5874] usb 4-1: Product: syz
[  184.928937][ T6746] netlink: 'syz.2.235': attribute type 1 has an invalid length.
[  184.936915][ T5874] usb 4-1: Manufacturer: syz
[  184.936938][ T5874] usb 4-1: SerialNumber: syz
[  184.938870][ T5874] usb 4-1: config 0 descriptor??
[  185.002588][ T6746] 8021q: adding VLAN 0 to HW filter on device bond1
[  185.029714][ T6752] bond1: (slave gretap1): making interface the new active one
[  185.039102][ T6752] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  185.200441][   T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  185.406487][   T24] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  185.491909][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  185.826637][   T24] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  185.837127][   T24] usb 2-1: config 1 has no interface number 1
[  185.844378][   T24] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  185.856850][   T24] usb 2-1: config 1 interface 2 has no altsetting 1
[  185.869789][ T6760] tun0: tun_chr_ioctl cmd 2148553947
[  185.876935][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  185.911504][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.503289][   T24] usb 2-1: Product: syz
[  186.507590][   T24] usb 2-1: Manufacturer: syz
[  186.524866][   T24] usb 2-1: SerialNumber: syz
[  186.685098][ T6770] tmpfs: Bad value for 'nr_inodes'
[  186.744686][ T6771] netlink: 124 bytes leftover after parsing attributes in process `syz.4.244'.
[  186.815534][ T5875] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  187.471621][ T2154] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  187.566827][   T24] usb 2-1: 2:2 : no or invalid class specific endpoint descriptor
[  187.568410][ T5875] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  187.639533][ T5875] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  187.650645][   T24] usb 2-1: USB disconnect, device number 13
[  187.651171][ T5875] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  187.703032][ T5875] usb 3-1: config 1 has no interface number 1
[  187.709205][ T5875] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  187.739534][ T5875] usb 3-1: config 1 interface 2 has no altsetting 1
[  187.753743][ T5875] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  187.763575][ T2154] usb 1-1: Using ep0 maxpacket: 8
[  187.766097][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.779466][ T2154] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  187.788369][ T2154] usb 1-1: config 179 has no interface number 0
[  187.797400][ T2154] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  187.800726][ T5875] usb 3-1: Product: syz
[  187.813868][ T5875] usb 3-1: Manufacturer: syz
[  187.820077][ T2154] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  187.821609][ T5875] usb 3-1: SerialNumber: syz
[  187.836570][ T2154] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  187.848142][ T2154] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  187.859540][ T2154] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  187.873210][ T2154] usb 1-1: config 179 interface 65 has no altsetting 0
[  187.885086][ T2154] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  187.895017][ T2154] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.895432][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  187.957498][ T2154] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input10
[  188.063736][ T5876] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  188.226993][ T5874] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  188.240876][ T5876] usb 5-1: Using ep0 maxpacket: 16
[  188.259844][ T5874] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  188.275351][ T5874] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  188.278330][ T5876] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  188.290829][ T5874] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  188.352514][    C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  188.354861][ T5876] usb 5-1: config 1 has no interface number 1
[  188.361167][   T24] usb 1-1: USB disconnect, device number 13
[  188.365284][   T24] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  188.379678][ T5876] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  188.479350][ T5874] usb 4-1: USB disconnect, device number 15
[  188.680055][ T5876] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  188.695178][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.726114][ T5876] usb 5-1: Product: syz
[  188.735871][ T5876] usb 5-1: Manufacturer: syz
[  188.755971][ T5876] usb 5-1: SerialNumber: syz
[  188.781743][ T5875] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor
[  188.822448][ T5875] usb 3-1: USB disconnect, device number 11
[  189.021060][ T5876] usb 5-1: 2:1 : invalid UAC_AS_GENERAL desc
[  189.087231][ T5876] usb 5-1: USB disconnect, device number 18
[  189.108545][ T6782] netlink: 'syz.1.247': attribute type 10 has an invalid length.
[  189.212233][ T6782] netlink: 'syz.1.247': attribute type 10 has an invalid length.
[  189.273910][ T6791] FAULT_INJECTION: forcing a failure.
[  189.273910][ T6791] name failslab, interval 1, probability 0, space 0, times 0
[  189.286840][ T6791] CPU: 1 UID: 0 PID: 6791 Comm: syz.3.249 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  189.286869][ T6791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  189.286883][ T6791] Call Trace:
[  189.286890][ T6791]  <TASK>
[  189.286899][ T6791]  dump_stack_lvl+0x241/0x360
[  189.286931][ T6791]  ? __pfx_dump_stack_lvl+0x10/0x10
[  189.286957][ T6791]  ? __pfx__printk+0x10/0x10
[  189.286987][ T6791]  should_fail_ex+0x424/0x570
[  189.287020][ T6791]  should_failslab+0xac/0x100
[  189.287062][ T6791]  kmem_cache_alloc_noprof+0x78/0x390
[  189.287094][ T6791]  ? __send_signal_locked+0x228/0xe90
[  189.287116][ T6791]  ? sig_get_ucounts+0x3d4/0x450
[  189.287143][ T6791]  __send_signal_locked+0x228/0xe90
[  189.287170][ T6791]  group_send_sig_info+0x296/0x310
[  189.287195][ T6791]  ? __pfx_group_send_sig_info+0x10/0x10
[  189.287224][ T6791]  ? __task_pid_nr_ns+0x38e/0x460
[  189.287253][ T6791]  do_pidfd_send_signal+0x3ff/0x580
[  189.287283][ T6791]  ? __pfx_do_pidfd_send_signal+0x10/0x10
[  189.287316][ T6791]  ? __fget_files+0x2a/0x420
[  189.287337][ T6791]  ? __fget_files+0x2a/0x420
[  189.287361][ T6791]  ? __fget_files+0x2a/0x420
[  189.287388][ T6791]  __se_sys_pidfd_send_signal+0x2a5/0x320
[  189.287412][ T6791]  do_syscall_64+0xf3/0x230
[  189.287433][ T6791]  ? clear_bhb_loop+0x45/0xa0
[  189.287456][ T6791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.287476][ T6791] RIP: 0033:0x7fd99498d169
[  189.287494][ T6791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.287510][ T6791] RSP: 002b:00007fd995745038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a8
[  189.287531][ T6791] RAX: ffffffffffffffda RBX: 00007fd994ba6160 RCX: 00007fd99498d169
[  189.287546][ T6791] RDX: 0000000000000000 RSI: 0000000000000021 RDI: 0000000000000003
[  189.287558][ T6791] RBP: 00007fd995745090 R08: 0000000000000000 R09: 0000000000000000
[  189.287570][ T6791] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  189.287581][ T6791] R13: 0000000000000001 R14: 00007fd994ba6160 R15: 00007fff13361b98
[  189.287606][ T6791]  </TASK>
[  189.497420][ T5935] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  189.616807][ T5980] udevd[5980]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  189.639096][ T5991] udevd[5991]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  189.692480][ T5935] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  189.716858][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.770839][ T5935] usb 1-1: config 0 descriptor??
[  189.829009][ T5935] gspca_main: cpia1-2.14.0 probing 0813:0001
[  189.979772][ T6810] FAULT_INJECTION: forcing a failure.
[  189.979772][ T6810] name failslab, interval 1, probability 0, space 0, times 0
[  189.993619][ T6810] CPU: 0 UID: 0 PID: 6810 Comm: syz.3.254 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  189.993641][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  189.993654][ T6810] Call Trace:
[  189.993659][ T6810]  <TASK>
[  189.993665][ T6810]  dump_stack_lvl+0x241/0x360
[  189.993689][ T6810]  ? __pfx_dump_stack_lvl+0x10/0x10
[  189.993707][ T6810]  ? __pfx__printk+0x10/0x10
[  189.993725][ T6810]  ? __pfx___might_resched+0x10/0x10
[  189.993749][ T6810]  should_fail_ex+0x424/0x570
[  189.993773][ T6810]  should_failslab+0xac/0x100
[  189.993796][ T6810]  __kmalloc_noprof+0xdf/0x4d0
[  189.993809][ T6810]  ? tomoyo_realpath_from_path+0xc2/0x5e0
[  189.993822][ T6810]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  189.993838][ T6810]  tomoyo_realpath_from_path+0xcf/0x5e0
[  189.993858][ T6810]  tomoyo_path_number_perm+0x245/0x790
[  189.993879][ T6810]  ? tomoyo_path_number_perm+0x215/0x790
[  189.993899][ T6810]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  189.993921][ T6810]  ? ksys_write+0x24e/0x2d0
[  189.993944][ T6810]  ? __lock_acquire+0xad5/0xd80
[  189.993972][ T6810]  ? __fget_files+0x2a/0x420
[  189.993987][ T6810]  ? __fget_files+0x2a/0x420
[  189.994003][ T6810]  ? __fget_files+0x2a/0x420
[  189.994021][ T6810]  security_file_ioctl+0xc6/0x2a0
[  189.994042][ T6810]  __se_sys_ioctl+0x46/0x160
[  189.994063][ T6810]  do_syscall_64+0xf3/0x230
[  189.994079][ T6810]  ? clear_bhb_loop+0x45/0xa0
[  189.994095][ T6810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.994109][ T6810] RIP: 0033:0x7fd99498d169
[  189.994122][ T6810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.994133][ T6810] RSP: 002b:00007fd995787038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  189.994149][ T6810] RAX: ffffffffffffffda RBX: 00007fd994ba5fa0 RCX: 00007fd99498d169
[  189.994160][ T6810] RDX: 0000200000000500 RSI: 00000000c03864bc RDI: 0000000000000003
[  189.994169][ T6810] RBP: 00007fd995787090 R08: 0000000000000000 R09: 0000000000000000
[  189.994185][ T6810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  189.994194][ T6810] R13: 0000000000000000 R14: 00007fd994ba5fa0 R15: 00007fff13361b98
[  189.994211][ T6810]  </TASK>
[  189.994235][ T6810] ERROR: Out of memory at tomoyo_realpath_from_path.
[  190.376205][ T6805] tun0: tun_chr_ioctl cmd 2148553947
[  190.384174][ T5935] gspca_cpia1: usb_control_msg 05, error -71
[  191.397267][ T5935] gspca_cpia1: usb_control_msg 01, error -71
[  191.403501][ T5935] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0)
[  191.422989][ T5935] usb 1-1: USB disconnect, device number 14
[  191.862176][ T5957] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  191.990309][ T5874] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  192.052703][ T5957] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  192.123761][ T5957] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  192.200070][ T5957] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  192.202248][ T5874] usb 4-1: Using ep0 maxpacket: 8
[  192.218609][ T5957] usb 2-1: config 1 has no interface number 1
[  192.261011][ T5957] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  192.294971][ T5874] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  192.335068][ T5874] usb 4-1: config 179 has no interface number 0
[  192.346031][ T5957] usb 2-1: config 1 interface 2 has no altsetting 1
[  192.377346][ T5874] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  192.398493][ T5957] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  192.450621][   T24] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  192.465626][ T5957] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.474706][ T5874] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  192.493270][ T5957] usb 2-1: Product: syz
[  192.497485][ T5957] usb 2-1: Manufacturer: syz
[  192.505217][ T5874] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  192.518408][ T5957] usb 2-1: SerialNumber: syz
[  192.532875][ T5874] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  192.561772][ T5874] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  192.585218][ T5874] usb 4-1: config 179 interface 65 has no altsetting 0
[  192.595892][ T5874] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  192.609479][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.638315][ T5874] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input11
[  192.651713][   T24] usb 5-1: Using ep0 maxpacket: 16
[  192.679235][   T24] usb 5-1: config 0 has an invalid interface number: 145 but max is 0
[  192.783181][   T24] usb 5-1: config 0 has no interface number 0
[  192.948968][   T24] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  192.962884][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.978503][   T24] usb 5-1: Product: syz
[  192.989356][ T5875] usb 4-1: USB disconnect, device number 16
[  192.989493][    C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  193.011098][ T5876] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  193.016953][   T24] usb 5-1: Manufacturer: syz
[  193.029202][ T5875] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  193.074832][   T24] usb 5-1: SerialNumber: syz
[  193.229257][   T24] usb 5-1: config 0 descriptor??
[  193.247249][ T5876] usb 1-1: Using ep0 maxpacket: 16
[  193.247942][   T24] hub 5-1:0.145: bad descriptor, ignoring hub
[  193.268772][   T24] hub 5-1:0.145: probe with driver hub failed with error -5
[  193.286161][ T5876] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  193.289664][   T24] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.145/input/input12
[  193.340854][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.383288][ T5876] usb 1-1: Product: syz
[  193.424373][ T5876] usb 1-1: Manufacturer: syz
[  193.451933][ T5876] usb 1-1: SerialNumber: syz
[  193.537694][ T5876] usb 1-1: config 0 descriptor??
[  193.547763][ T5957] usb 2-1: 2:2 : no or invalid class specific endpoint descriptor
[  193.559993][   T24] usb 5-1: USB disconnect, device number 19
[  193.588789][ T5876] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  193.620130][ T5876] usb 1-1: Detected FT232H
[  193.656677][ T5957] usb 2-1: USB disconnect, device number 14
[  193.940446][ T5875] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  193.944734][ T5912] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  194.916885][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  194.923188][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  194.946386][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  194.982368][ T5912] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  194.997112][ T5875] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  195.006660][ T5912] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  195.017943][ T5912] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  195.028955][ T5912] usb 3-1: config 1 has no interface number 1
[  195.037610][ T5912] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  195.049740][ T5912] usb 3-1: config 1 interface 2 has no altsetting 1
[  195.058995][ T5912] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  195.073669][ T5875] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  195.080288][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.105869][ T5875] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  195.117207][ T5912] usb 3-1: Product: syz
[  195.126904][ T5912] usb 3-1: Manufacturer: syz
[  195.135265][ T5875] usb 4-1: config 1 has no interface number 1
[  195.142089][ T5875] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  195.154563][ T5912] usb 3-1: SerialNumber: syz
[  195.155885][ T5875] usb 4-1: config 1 interface 2 has no altsetting 1
[  195.170368][ T5875] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  195.187568][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.199462][ T5875] usb 4-1: Product: syz
[  195.443171][ T5875] usb 4-1: Manufacturer: syz
[  195.449940][ T5875] usb 4-1: SerialNumber: syz
[  196.182262][ T5876] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  196.192324][ T5876] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  196.201022][ T5876] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71
[  196.209620][ T5876] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  196.487566][ T5912] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor
[  196.796751][ T5876] usb 1-1: USB disconnect, device number 15
[  196.883110][ T5876] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  196.940270][ T5840] Bluetooth: hci3: command 0x0406 tx timeout
[  196.950938][ T5840] Bluetooth: hci4: command 0x0405 tx timeout
[  196.952166][ T5827] Bluetooth: hci1: command 0x0406 tx timeout
[  196.957193][ T5840] Bluetooth: hci2: command 0x0406 tx timeout
[  196.963303][ T5839] Bluetooth: hci0: command 0x0406 tx timeout
[  197.061114][ T5876] ftdi_sio 1-1:0.0: device disconnected
[  197.084048][ T5912] usb 3-1: USB disconnect, device number 12
[  198.596133][ T5991] udevd[5991]: setting mode of /dev/snd/pcmC3D0c to 020660 failed: No such file or directory
[  198.608335][ T6871] netlink: 16 bytes leftover after parsing attributes in process `syz.0.272'.
[  198.633788][ T5991] udevd[5991]: setting owner of /dev/snd/pcmC3D0c to uid=0, gid=29 failed: No such file or directory
[  198.650725][ T5875] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor
[  199.232821][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  199.340356][ T5841] Bluetooth: hci4: command 0x0405 tx timeout
[  199.350820][ T5875] usb 4-1: USB disconnect, device number 17
[  199.370479][ T6872] tun0: tun_chr_ioctl cmd 2148553947
[  200.280411][ T5875] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  200.519019][ T5875] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  200.618700][ T5875] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  200.763245][ T5875] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  201.058470][ T6886] syz.2.277 (6886) used greatest stack depth: 17920 bytes left
[  201.059301][ T5875] usb 4-1: config 1 has no interface number 1
[  201.141697][ T5875] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  201.219433][ T5875] usb 4-1: config 1 interface 2 has no altsetting 1
[  201.266287][ T5875] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  201.289763][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.303828][ T5875] usb 4-1: Product: syz
[  201.456117][ T5875] usb 4-1: Manufacturer: syz
[  201.463979][ T5875] usb 4-1: SerialNumber: syz
[  201.504603][ T6892] tmpfs: Bad value for 'nr_inodes'
[  202.420921][ T6892] netlink: 124 bytes leftover after parsing attributes in process `syz.1.279'.
[  204.424310][ T5875] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor
[  204.448290][ T6926] tun0: tun_chr_ioctl cmd 2148553947
[  204.532928][ T6929] FAULT_INJECTION: forcing a failure.
[  204.532928][ T6929] name failslab, interval 1, probability 0, space 0, times 0
[  204.545927][ T6929] CPU: 0 UID: 0 PID: 6929 Comm: syz.2.287 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  204.545957][ T6929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  204.545970][ T6929] Call Trace:
[  204.545978][ T6929]  <TASK>
[  204.545987][ T6929]  dump_stack_lvl+0x241/0x360
[  204.546020][ T6929]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.546046][ T6929]  ? __pfx__printk+0x10/0x10
[  204.546069][ T6929]  ? __switch_to+0xe97/0x1c30
[  204.546097][ T6929]  ? __pfx___might_resched+0x10/0x10
[  204.546141][ T6929]  should_fail_ex+0x424/0x570
[  204.546174][ T6929]  should_failslab+0xac/0x100
[  204.546208][ T6929]  __kmalloc_noprof+0xdf/0x4d0
[  204.546227][ T6929]  ? tomoyo_realpath_from_path+0xc2/0x5e0
[  204.546247][ T6929]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  204.546271][ T6929]  tomoyo_realpath_from_path+0xcf/0x5e0
[  204.546301][ T6929]  tomoyo_path_number_perm+0x245/0x790
[  204.546331][ T6929]  ? tomoyo_path_number_perm+0x215/0x790
[  204.546361][ T6929]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  204.546388][ T6929]  ? __schedule+0x1acb/0x5090
[  204.546432][ T6929]  ? __lock_acquire+0xad5/0xd80
[  204.546473][ T6929]  ? __fget_files+0x2a/0x420
[  204.546494][ T6929]  ? __fget_files+0x2a/0x420
[  204.546518][ T6929]  ? __fget_files+0x2a/0x420
[  204.546544][ T6929]  security_file_ioctl+0xc6/0x2a0
[  204.546574][ T6929]  __se_sys_ioctl+0x46/0x160
[  204.546604][ T6929]  do_syscall_64+0xf3/0x230
[  204.546626][ T6929]  ? clear_bhb_loop+0x45/0xa0
[  204.546650][ T6929]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.546670][ T6929] RIP: 0033:0x7f3a8f98d169
[  204.546688][ T6929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.546706][ T6929] RSP: 002b:00007f3a907bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  204.546729][ T6929] RAX: ffffffffffffffda RBX: 00007f3a8fba6160 RCX: 00007f3a8f98d169
[  204.546744][ T6929] RDX: 0000200000000040 RSI: 00000000c0303e03 RDI: 000000000000000a
[  204.546759][ T6929] RBP: 00007f3a907bf090 R08: 0000000000000000 R09: 0000000000000000
[  204.546771][ T6929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  204.546784][ T6929] R13: 0000000000000000 R14: 00007f3a8fba6160 R15: 00007ffcad5fd658
[  204.546812][ T6929]  </TASK>
[  204.546844][ T6929] ERROR: Out of memory at tomoyo_realpath_from_path.
[  204.798153][ T5935] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  205.308659][ T5875] usb 4-1: USB disconnect, device number 18
[  206.534388][ T5935] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  206.543465][ T5935] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  206.567328][ T5935] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  206.989896][ T6943] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  207.028137][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  207.149875][ T5935] usb 5-1: config 1 has no interface number 1
[  207.156534][ T5935] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  207.168882][ T5935] usb 5-1: config 1 interface 2 has no altsetting 1
[  207.186854][ T5935] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  207.208302][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.222652][ T5935] usb 5-1: Product: syz
[  207.252649][ T5935] usb 5-1: Manufacturer: syz
[  207.257324][ T5935] usb 5-1: SerialNumber: syz
[  207.296499][ T5935] usb 5-1: can't set config #1, error -71
[  207.316749][ T5935] usb 5-1: USB disconnect, device number 20
[  207.363162][ T5989] udevd[5989]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  207.521053][ T5875] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  207.682102][ T5875] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  207.835627][ T5875] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  207.849241][ T5875] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  207.862173][ T5875] usb 2-1: config 1 has no interface number 1
[  207.869406][ T5875] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  207.884719][ T5875] usb 2-1: config 1 interface 2 has no altsetting 1
[  207.916333][ T5875] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  208.915542][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.924292][ T5875] usb 2-1: Product: syz
[  208.928502][ T5875] usb 2-1: Manufacturer: syz
[  208.933865][ T5875] usb 2-1: SerialNumber: syz
[  209.157600][ T6961] openvswitch: netlink: EtherType 50a is less than min 600
[  209.806154][ T5875] usb 2-1: 2:2 : no or invalid class specific endpoint descriptor
[  209.920989][ T5875] usb 2-1: USB disconnect, device number 15
[  210.136387][   T24] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  211.141398][ T6979] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  212.867525][ T5989] udevd[5989]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  214.253267][   T24] usb 1-1: unable to read config index 0 descriptor/start: -71
[  215.522707][   T24] usb 1-1: can't read configurations, error -71
[  216.524914][ T7007] FAULT_INJECTION: forcing a failure.
[  216.524914][ T7007] name failslab, interval 1, probability 0, space 0, times 0
[  216.537781][ T7007] CPU: 0 UID: 0 PID: 7007 Comm: syz.3.312 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  216.537812][ T7007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  216.537824][ T7007] Call Trace:
[  216.537830][ T7007]  <TASK>
[  216.537837][ T7007]  dump_stack_lvl+0x241/0x360
[  216.537861][ T7007]  ? __pfx_dump_stack_lvl+0x10/0x10
[  216.537879][ T7007]  ? __pfx__printk+0x10/0x10
[  216.537897][ T7007]  ? __pfx___might_resched+0x10/0x10
[  216.537923][ T7007]  should_fail_ex+0x424/0x570
[  216.537947][ T7007]  should_failslab+0xac/0x100
[  216.537971][ T7007]  kmem_cache_alloc_lru_noprof+0x7d/0x390
[  216.537986][ T7007]  ? sock_alloc_inode+0x28/0xc0
[  216.538004][ T7007]  sock_alloc_inode+0x28/0xc0
[  216.538018][ T7007]  ? __pfx_sock_alloc_inode+0x10/0x10
[  216.538034][ T7007]  alloc_inode+0x69/0x1b0
[  216.538049][ T7007]  __sock_create+0x127/0xa30
[  216.538069][ T7007]  __sys_socket+0x14d/0x3c0
[  216.538086][ T7007]  ? __pfx___sys_socket+0x10/0x10
[  216.538107][ T7007]  __x64_sys_socket+0x7a/0x90
[  216.538123][ T7007]  do_syscall_64+0xf3/0x230
[  216.538139][ T7007]  ? clear_bhb_loop+0x45/0xa0
[  216.538156][ T7007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.538170][ T7007] RIP: 0033:0x7fd99498d169
[  216.538184][ T7007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.538196][ T7007] RSP: 002b:00007fd995766038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  216.538212][ T7007] RAX: ffffffffffffffda RBX: 00007fd994ba6080 RCX: 00007fd99498d169
[  216.538223][ T7007] RDX: 0000000000000002 RSI: 0000000000000005 RDI: 0000000000000023
[  216.538231][ T7007] RBP: 00007fd995766090 R08: 0000000000000000 R09: 0000000000000000
[  216.538241][ T7007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.538250][ T7007] R13: 0000000000000000 R14: 00007fd994ba6080 R15: 00007fff13361b98
[  216.538267][ T7007]  </TASK>
[  216.538303][ T7007] socket: no more sockets
[  218.781895][ T7018] FAULT_INJECTION: forcing a failure.
[  218.781895][ T7018] name failslab, interval 1, probability 0, space 0, times 0
[  218.844276][ T7018] CPU: 1 UID: 0 PID: 7018 Comm: syz.4.309 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  218.844308][ T7018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  218.844322][ T7018] Call Trace:
[  218.844329][ T7018]  <TASK>
[  218.844338][ T7018]  dump_stack_lvl+0x241/0x360
[  218.844369][ T7018]  ? __pfx_dump_stack_lvl+0x10/0x10
[  218.844387][ T7018]  ? __pfx__printk+0x10/0x10
[  218.844406][ T7018]  ? __pfx___might_resched+0x10/0x10
[  218.844431][ T7018]  should_fail_ex+0x424/0x570
[  218.844455][ T7018]  should_failslab+0xac/0x100
[  218.844480][ T7018]  kmem_cache_alloc_noprof+0x78/0x390
[  218.844503][ T7018]  ? mas_alloc_nodes+0x25b/0x7e0
[  218.844520][ T7018]  mas_alloc_nodes+0x25b/0x7e0
[  218.844538][ T7018]  mas_preallocate+0x5ea/0x950
[  218.844563][ T7018]  ? __pfx_mas_preallocate+0x10/0x10
[  218.844588][ T7018]  ? __lock_acquire+0xad5/0xd80
[  218.844609][ T7018]  ? __mas_set_range+0x133/0x3c0
[  218.844625][ T7018]  commit_merge+0x467/0x800
[  218.844650][ T7018]  ? __pfx_commit_merge+0x10/0x10
[  218.844673][ T7018]  ? dup_anon_vma+0x76/0x2b0
[  218.844696][ T7018]  vma_merge_existing_range+0x1431/0x1770
[  218.844712][ T7018]  ? vma_merge_existing_range+0x771/0x1770
[  218.844727][ T7018]  ? vma_merge_existing_range+0x771/0x1770
[  218.844746][ T7018]  ? __pfx_vma_merge_existing_range+0x10/0x10
[  218.844770][ T7018]  vma_modify+0x76/0x390
[  218.844792][ T7018]  vma_modify_flags+0x3a7/0x430
[  218.844816][ T7018]  ? __pfx_vma_modify_flags+0x10/0x10
[  218.844848][ T7018]  mlock_fixup+0x21d/0x350
[  218.844865][ T7018]  apply_mlockall_flags+0x309/0x410
[  218.844881][ T7018]  ? __pfx_apply_mlockall_flags+0x10/0x10
[  218.844898][ T7018]  ? __do_sys_munlockall+0x5a/0x220
[  218.844935][ T7018]  __do_sys_munlockall+0x10a/0x220
[  218.844959][ T7018]  do_syscall_64+0xf3/0x230
[  218.844975][ T7018]  ? clear_bhb_loop+0x45/0xa0
[  218.844991][ T7018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.845006][ T7018] RIP: 0033:0x7fdc8338d169
[  218.845019][ T7018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  218.845031][ T7018] RSP: 002b:00007fdc831b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098
[  218.845048][ T7018] RAX: ffffffffffffffda RBX: 00007fdc835a6160 RCX: 00007fdc8338d169
[  218.845059][ T7018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  218.845067][ T7018] RBP: 00007fdc831b5090 R08: 0000000000000000 R09: 0000000000000000
[  218.845077][ T7018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  218.845085][ T7018] R13: 0000000000000001 R14: 00007fdc835a6160 R15: 00007ffe63c18e48
[  218.845104][ T7018]  </TASK>
[  218.845412][ T7018] vmg ffffc90003c47c40 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start)
[  219.147781][ T7020] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  219.195906][ T7018] vmg ffffc90003c47c40 state: mm ffff88802c5de180 pgoff 200000000
[  219.195906][ T7018] vmi ffffc90003c47de0 [200000000000,200000800000)
[  219.195906][ T7018] prev ffff88803254a6c8 next 0000000000000000 vma ffff88803254a6c8
[  219.195906][ T7018] start 200000000000 end 200000800000 flags 8100077
[  219.195906][ T7018] file 0000000000000000 anon_vma ffff88803432faa0 policy 0000000000000000
[  219.195906][ T7018] uffd_ctx 0000000000000000
[  219.195906][ T7018] anon_name 0000000000000000
[  219.195906][ T7018] merge_flags 0 state 0
[  219.267614][ T7018] vmg ffffc90003c47c40 mm:
[  219.278447][ T7018] mm ffff88802c5de180 task_size 140737488351232
[  219.278447][ T7018] mmap_base 140585085042688 mmap_legacy_base 47047710126080
[  219.278447][ T7018] pgd ffff88801eb9e000 mm_users 4 mm_count 1 pgtables_bytes 131072 map_count 36
[  219.278447][ T7018] hiwater_rss 14c9 hiwater_vm 5f85 total_vm 5fe8 locked_vm 800
[  219.278447][ T7018] pinned_vm 0 data_vm 23fb exec_vm 1a4 stack_vm 21
[  219.278447][ T7018] start_code 7fdc83248000 end_code 7fdc833e9529 start_data 7fdc83580000 end_data 7fdc83580000
[  219.278447][ T7018] start_brk 55556e112000 brk 55556e146000 start_stack 7ffe63c196b0
[  219.278447][ T7018] arg_start 7ffe63c1af6d arg_end 7ffe63c1af81 env_start 7ffe63c1af81 env_end 7ffe63c1afe9
[  219.278447][ T7018] binfmt ffffffff8ecaa2a0 flags 800007fd
[  219.278447][ T7018] ioctx_table 0000000000000000
[  219.278447][ T7018] owner ffff88802faa3c00 exe_file ffff888029d6a700
[  219.278447][ T7018] notifier_subscriptions 0000000000000000
[  219.278447][ T7018] numa_next_scan 4294958812 numa_scan_offset 0 numa_scan_seq 0
[  219.278447][ T7018] tlb_flush_pending 0
[  219.278447][ T7018] def_flags: 0x0()
[  219.396572][ T7018] vmg ffffc90003c47c40 vma:
[  219.841626][ T7018] vma ffff88803254a6c8 start 0000200000000000 end 0000200000800000 mm ffff88802c5de180
[  219.841626][ T7018] prot 25 anon_vma ffff88803432faa0 vm_ops 0000000000000000
[  219.841626][ T7018] pgoff 200000000 file 0000000000000000 private_data 0000000000000000
[  219.841626][ T7018] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty)
[  219.876116][ T5875] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  219.900344][ T7018] vmg ffffc90003c47c40 prev:
[  219.904989][ T7018] vma ffff88803254a6c8 start 0000200000000000 end 0000200000800000 mm ffff88802c5de180
[  219.904989][ T7018] prot 25 anon_vma ffff88803432faa0 vm_ops 0000000000000000
[  219.904989][ T7018] pgoff 200000000 file 0000000000000000 private_data 0000000000000000
[  219.904989][ T7018] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty)
[  219.970981][ T7018] vmg ffffc90003c47c40 next: (NULL)
[  219.986617][ T7018] vmg ffffc90003c47c40 vmi:
[  220.054687][ T5875] usb 2-1: Using ep0 maxpacket: 32
[  220.061788][ T5875] usb 2-1: config 0 has an invalid interface number: 15 but max is 0
[  220.069944][ T5875] usb 2-1: config 0 has no interface number 0
[  220.140446][ T5876] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  220.155447][ T7018] MAS: tree=ffff88802c5de1c0 enode=ffff88801caa960c 
[  220.155470][ T7018] (ma_active)
[  220.166796][ T7018] Store Type: 
[  220.170120][ T7018] node_store
[  220.179888][ T5875] usb 2-1: New USB device found, idVendor=041e, idProduct=3f02, bcdDevice= d.71
[  220.191894][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.201389][ T7018] [6/10] index=200000000000 last=2000007fffff
[  220.205287][ T5875] usb 2-1: Product: syz
[  220.893677][ T5875] usb 2-1: Manufacturer: syz
[  220.898372][ T5875] usb 2-1: SerialNumber: syz
[  220.915699][ T5875] usb 2-1: config 0 descriptor??
[  220.918145][ T7018]      min=0 max=55556e133fff alloc=0000000000000000, depth=1, flags=0
[  220.930685][ T7018] maple_tree(ffff88802c5de1c0) flags 30B, height 2 root ffff88801caa8c1e
[  220.939380][ T7018] 0-ffffffffffffffff: node ffff88801caa8c00 depth 0 type 3 parent ffff88802c5de1c1 contents: 35556d111000 2a8712eb1000 195000 ffff80019c3e5000 0 0 0 0 0 0 | 03 03| ffff88801caa960c 55556E133FFF ffff888024a86e0c 7FDC82FFFFFF ffff88803382b00c 7FDC833E9FFF ffff88801caa980c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  221.060434][ T7018]   0-55556e133fff: node ffff88801caa9600 depth 1 type 1 parent ffff88801caa8c06 contents: 0000000000000000 110C22FFFF ffff88803254ad90 110E22FFFF 0000000000000000 1B2F71FFFF ffff88803254ae88 1B2F75FFFF 0000000000000000 1FFFFFFFEFFF ffff88803254a5d0 1FFFFFFFFFFF ffff88803254a6c8 2000007FFFFF ffff8880337900f8 200000FFFFFF ffff88803254a7c0 200001000FFF 0000000000000000 55556E111FFF ffff88803254a8b8 55556E133FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a
[  221.110047][ T5876] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  221.124036][ T5876] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  221.153180][ T7018]     0-110c22ffff: 0000000000000000
[  221.175352][ T7018]     110c230000-110e22ffff: ffff88803254ad90
[  221.210571][ T5876] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  221.259286][ T7018]     110e230000-1b2f71ffff: 0000000000000000
[  221.302125][ T5876] usb 4-1: config 1 has no interface number 1
[  221.319311][ T7018]     1b2f720000-1b2f75ffff: ffff88803254ae88
[  221.331816][ T5876] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  221.334485][ T7018]     1b2f760000-1fffffffefff: 
[  221.349310][ T7022] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  221.355628][ T5876] usb 4-1: config 1 interface 2 has no altsetting 1
[  221.363876][ T7022] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.382294][ T7018] 0000000000000000
[  221.390953][ T7018]     1ffffffff000-1fffffffffff: ffff88803254a5d0
[  221.406689][ T5876] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  221.427114][ T7018]     200000000000-2000007fffff: ffff88803254a6c8
[  221.434597][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.451236][ T7018]     200000800000-200000ffffff: ffff8880337900f8
[  221.460657][ T5876] usb 4-1: Product: syz
[  221.464858][ T5876] usb 4-1: Manufacturer: syz
[  221.480970][ T7018]     200001000000-200001000fff: ffff88803254a7c0
[  221.490627][ T5876] usb 4-1: SerialNumber: syz
[  221.502914][ T7018]     200001001000-55556e111fff: 0000000000000000
[  221.680448][ T7018]     55556e112000-55556e133fff: ffff88803254a8b8
[  221.697445][ T7018]   55556e134000-7fdc82ffffff: node ffff888024a86e00 depth 1 type 1 parent ffff88801caa8c0e contents: ffff88803254a9b0 55556E145FFF 0000000000000000 7FDC80FF6FFF ffff88803254aaa8 7FDC80FF7FFF ffff88807e8b3ba0 7FDC817F7FFF ffff88807e8b3000 7FDC817F8FFF ffff88807e8b30f8 7FDC81FF8FFF ffff88807e8b34d8 7FDC81FFAFFF ffff88807e8b3e88 7FDC823FAFFF ffff888027df96c8 7FDC823FCFFF ffff888027df95d0 7FDC827FCFFF ffff888055b74ba0 7FDC827FEFFF ffff888055b749b0 7FDC82BFEFFF ffff888055b74c98 7FDC82BFFFFF ffff888055b74000 7FDC82FFFFFF 0000000000000000 0 000000000000000d
[  221.870364][ T7018]     55556e134000-55556e145fff: ffff88803254a9b0
[  222.330327][ T7018]     55556e146000-7fdc80ff6fff: 0000000000000000
[  222.336827][ T7018]     7fdc80ff7000-7fdc80ff7fff: ffff88803254aaa8
[  222.374863][ T7018]     7fdc80ff8000-7fdc817f7fff: ffff88807e8b3ba0
[  222.389138][ T7018]     7fdc817f8000-7fdc817f8fff: ffff88807e8b3000
[  222.594227][ T7018]     7fdc817f9000-7fdc81ff8fff: ffff88807e8b30f8
[  222.603307][ T5875] usb 2-1: unknown interface protocol 0xa8, assuming v1
[  222.605179][ T7018]     7fdc81ff9000-7fdc81ffafff: 
[  222.610798][ T5875] usb 2-1: cannot find UAC_HEADER
[  222.611462][ T7018] ffff88807e8b34d8
[  222.634908][ T7018]     7fdc81ffb000-7fdc823fafff: ffff88807e8b3e88
[  222.636392][ T5875] snd-usb-audio 2-1:0.15: probe with driver snd-usb-audio failed with error -22
[  222.652337][ T5876] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor
[  222.670643][ T7018]     7fdc823fb000-7fdc823fcfff: ffff888027df96c8
[  222.685915][ T5875] usb 2-1: USB disconnect, device number 16
[  222.763540][ T7018]     7fdc823fd000-7fdc827fcfff: ffff888027df95d0
[  222.782294][ T5991] udevd[5991]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.15/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  222.787570][ T5876] usb 4-1: USB disconnect, device number 19
[  222.808464][ T7018]     7fdc827fd000-7fdc827fefff: ffff888055b74ba0
[  222.841030][ T7018]     7fdc827ff000-7fdc82bfefff: ffff888055b749b0
[  222.853605][ T7018]     7fdc82bff000-7fdc82bfffff: ffff888055b74c98
[  223.120125][ T7018]     7fdc82c00000-7fdc82ffffff: ffff888055b74000
[  223.144813][ T7018]   7fdc83000000-7fdc833e9fff: node ffff88803382b000 depth 1 type 1 parent ffff88801caa8c16 contents: 0000000000000000 7FDC83194FFF ffff88805d3ca2e8 7FDC83195FFF ffff8880337906c8 7FDC831B5FFF ffff88807debc0f8 7FDC831B6FFF ffff888030b2b000 7FDC831D6FFF ffff888033790e88 7FDC831D7FFF ffff888030b2b6c8 7FDC831F7FFF ffff888055b740f8 7FDC831FBFFF ffff888055b741f0 7FDC831FDFFF ffff888055b742e8 7FDC831FFFFF ffff888055b743e0 7FDC83247FFF ffff888055b746c8 7FDC833E9FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000b
[  223.194349][ T7018]     7fdc83000000-7fdc83194fff: 0000000000000000
[  223.302050][ T7018]     7fdc83195000-7fdc83195fff: ffff88805d3ca2e8
[  223.357086][ T7018]     7fdc83196000-7fdc831b5fff: ffff8880337906c8
[  223.386184][ T6132] udevd[6132]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  223.546382][ T7018]     7fdc831b6000-7fdc831b6fff: ffff88807debc0f8
[  223.588088][ T7018]     7fdc831b7000-7fdc831d6fff: ffff888030b2b000
[  225.089722][ T7018]     7fdc831d7000-7fdc831d7fff: ffff888033790e88
[  225.606523][ T7018]     7fdc831d8000-7fdc831f7fff: ffff888030b2b6c8
[  226.303064][ T7018]     7fdc831f8000-7fdc831fbfff: ffff888055b740f8
[  226.318068][ T7018]     7fdc831fc000-7fdc831fdfff: ffff888055b741f0
[  226.338177][ T7018]     7fdc831fe000-7fdc831fffff: ffff888055b742e8
[  226.373875][ T7018]     7fdc83200000-7fdc83247fff: ffff888055b743e0
[  226.384460][ T7064] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  226.401310][ T7018]     7fdc83248000-7fdc833e9fff: ffff888055b746c8
[  226.437959][ T7018]   7fdc833ea000-ffffffffffffffff: node ffff88801caa9800 depth 1 type 1 parent ffff88801caa8c1e contents: ffff8880331241f0 7FDC83495FFF ffff8880331242e8 7FDC83575FFF ffff8880331243e0 7FDC8357EFFF 0000000000000000 7FDC8357FFFF ffff8880331244d8 7FDC840DDFFF 0000000000000000 7FFE63BF9FFF ffff8880331245d0 7FFE63C1AFFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000007
[  226.521199][ T7018]     7fdc833ea000-7fdc83495fff: ffff8880331241f0
[  226.553396][ T7018]     7fdc83496000-7fdc83575fff: ffff8880331242e8
[  226.597113][ T7018]     7fdc83576000-7fdc8357efff: ffff8880331243e0
[  226.604366][ T7071] FAULT_INJECTION: forcing a failure.
[  226.604366][ T7071] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  226.630824][ T7018]     7fdc8357f000-7fdc8357ffff: 0000000000000000
[  226.637336][ T7018]     7fdc83580000-7fdc840ddfff: ffff8880331244d8
[  226.644506][ T7018]     7fdc840de000-7ffe63bf9fff: 0000000000000000
[  226.652511][ T7018]     7ffe63bfa000-7ffe63c1afff: ffff8880331245d0
[  226.659235][ T7018]     7ffe63c1b000-ffffffffffffffff: 0000000000000000
[  226.667524][ T7018] ------------[ cut here ]------------
[  226.673122][ T7018] WARNING: CPU: 0 PID: 7018 at mm/vma.c:734 vma_merge_existing_range+0x11ca/0x1770
[  226.682512][ T7018] Modules linked in:
[  226.686516][ T7018] CPU: 0 UID: 0 PID: 7018 Comm: syz.4.309 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  226.698886][ T7018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  226.709843][ T7018] RIP: 0010:vma_merge_existing_range+0x11ca/0x1770
[  226.716634][ T7018] Code: 48 c7 c6 c0 11 36 8c e8 d4 8e f2 ff 90 0f 0b 90 e9 fd f0 ff ff e8 16 69 a9 ff 4c 89 f7 48 c7 c6 40 12 36 8c e8 b7 8e f2 ff 90 <0f> 0b 90 e9 61 f1 ff ff e8 f9 68 a9 ff e9 7b f2 ff ff e8 ef 68 a9
[  226.725940][ T7071] CPU: 1 UID: 0 PID: 7071 Comm: syz.3.330 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  226.725977][ T7071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  226.725991][ T7071] Call Trace:
[  226.726000][ T7071]  <TASK>
[  226.726009][ T7071]  dump_stack_lvl+0x241/0x360
[  226.726045][ T7071]  ? __pfx_dump_stack_lvl+0x10/0x10
[  226.726073][ T7071]  ? __pfx__printk+0x10/0x10
[  226.726115][ T7071]  should_fail_ex+0x424/0x570
[  226.726151][ T7071]  _copy_from_user+0x2d/0xb0
[  226.726179][ T7071]  __sys_bpf+0x1cb/0x850
[  226.726209][ T7071]  ? __pfx___sys_bpf+0x10/0x10
[  226.726246][ T7071]  ? ksys_write+0x275/0x2d0
[  226.726285][ T7071]  __x64_sys_bpf+0x7c/0x90
[  226.726309][ T7071]  do_syscall_64+0xf3/0x230
[  226.726333][ T7071]  ? clear_bhb_loop+0x45/0xa0
[  226.726359][ T7071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.726381][ T7071] RIP: 0033:0x7fd99498d169
[  226.726400][ T7071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.726419][ T7071] RSP: 002b:00007fd995787038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  226.726443][ T7071] RAX: ffffffffffffffda RBX: 00007fd994ba5fa0 RCX: 00007fd99498d169
[  226.726461][ T7071] RDX: 0000000000000094 RSI: 00002000000001c0 RDI: 0000000000000005
[  226.726477][ T7071] RBP: 00007fd995787090 R08: 0000000000000000 R09: 0000000000000000
[  226.726491][ T7071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  226.726505][ T7071] R13: 0000000000000001 R14: 00007fd994ba5fa0 R15: 00007fff13361b98
[  226.726534][ T7071]  </TASK>
[  226.870361][ T2154] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  226.874812][ T7018] RSP: 0018:ffffc90003c47a40 EFLAGS: 00010282
[  226.917223][ T7018] RAX: ffffffff8c10ada5 RBX: 0000200000000000 RCX: ffff888027e88000
[  226.925306][ T7018] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff
[  226.933365][ T7018] RBP: ffffc90003c47b90 R08: ffffffff8c10aca0 R09: 1ffff92000788eb0
[  226.941465][ T7018] R10: dffffc0000000000 R11: fffff52000788eb1 R12: 0000200000800000
[  226.949476][ T7018] R13: 0000200000000000 R14: ffffc90003c47c40 R15: ffff88803254a6c8
[  226.957541][ T7018] FS:  00007fdc831b56c0(0000) GS:ffff888125243000(0000) knlGS:0000000000000000
[  226.966537][ T7018] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  226.973233][ T7018] CR2: 00007fd994ba7bac CR3: 000000001eb9e000 CR4: 00000000003526f0
[  226.981285][ T7018] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  226.989285][ T7018] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  226.997989][ T7018] Call Trace:
[  227.002085][ T7018]  <TASK>
[  227.005062][ T7018]  ? __warn+0x165/0x4d0
[  227.009258][ T7018]  ? vma_merge_existing_range+0x11ca/0x1770
[  227.015256][ T7018]  ? report_bug+0x2b3/0x500
[  227.019797][ T7018]  ? vma_merge_existing_range+0x11ca/0x1770
[  227.025775][ T7018]  ? vma_merge_existing_range+0x11ca/0x1770
[  227.031743][ T7018]  ? vma_merge_existing_range+0x11cc/0x1770
[  227.038034][ T7018]  ? handle_bug+0x89/0x170
[  227.042564][ T7018]  ? exc_invalid_op+0x1a/0x50
[  227.043797][ T2154] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  227.047264][ T7018]  ? asm_exc_invalid_op+0x1a/0x20
[  227.060741][ T2154] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  227.061143][ T7018]  ? mt_dump_node+0x1860/0x2290
[  227.074941][ T2154] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  227.075978][ T7018]  ? mt_dump_node+0x1965/0x2290
[  227.076012][ T7018]  ? vma_merge_existing_range+0x11ca/0x1770
[  227.086599][ T2154] usb 1-1: config 1 has no interface number 1
[  227.089849][ T7018]  ? trace_irq_disable+0x3b/0x120
[  227.103323][ T2154] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  227.107715][ T7018]  ? __pfx_vma_merge_existing_range+0x10/0x10
[  227.107757][ T7018]  vma_modify+0x76/0x390
[  227.126107][ T2154] usb 1-1: config 1 interface 2 has no altsetting 1
[  227.129764][ T7018]  vma_modify_flags+0x3a7/0x430
[  227.129811][ T7018]  ? __pfx_vma_modify_flags+0x10/0x10
[  227.146989][ T7018]  mlock_fixup+0x21d/0x350
[  227.151512][ T7018]  apply_mlockall_flags+0x309/0x410
[  227.156762][ T7018]  ? __pfx_apply_mlockall_flags+0x10/0x10
[  227.162589][ T7018]  ? __do_sys_munlockall+0x5a/0x220
[  227.163490][ T2154] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  227.167913][ T7018]  __do_sys_munlockall+0x10a/0x220
[  227.167956][ T7018]  do_syscall_64+0xf3/0x230
[  227.182906][ T2154] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.186791][ T7018]  ? clear_bhb_loop+0x45/0xa0
[  227.186825][ T7018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.186849][ T7018] RIP: 0033:0x7fdc8338d169
[  227.198201][ T2154] usb 1-1: Product: syz
[  227.199565][ T7018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.199591][ T7018] RSP: 002b:00007fdc831b5038 EFLAGS: 00000246
[  227.209059][ T2154] usb 1-1: Manufacturer: syz
[  227.211182][ T7018]  ORIG_RAX: 0000000000000098
[  227.219086][ T2154] usb 1-1: SerialNumber: syz
[  227.234544][ T7018] RAX: ffffffffffffffda RBX: 00007fdc835a6160 RCX: 00007fdc8338d169
[  227.234573][ T7018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  227.234587][ T7018] RBP: 00007fdc831b5090 R08: 0000000000000000 R09: 0000000000000000
[  227.234601][ T7018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  227.234614][ T7018] R13: 0000000000000001 R14: 00007fdc835a6160 R15: 00007ffe63c18e48
[  227.234641][ T7018]  </TASK>
[  227.234665][ T7018] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  227.234684][ T7018] CPU: 0 UID: 0 PID: 7018 Comm: syz.4.309 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) 
[  227.234713][ T7018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  227.234729][ T7018] Call Trace:
[  227.234739][ T7018]  <TASK>
[  227.234749][ T7018]  dump_stack_lvl+0x241/0x360
[  227.234786][ T7018]  ? __pfx_dump_stack_lvl+0x10/0x10
[  227.234814][ T7018]  ? __pfx__printk+0x10/0x10
[  227.234844][ T7018]  ? vscnprintf+0x5d/0x90
[  227.234878][ T7018]  panic+0x349/0x880
[  227.234903][ T7018]  ? __warn+0x174/0x4d0
[  227.234930][ T7018]  ? __pfx_panic+0x10/0x10
[  227.234968][ T7018]  __warn+0x344/0x4d0
[  227.234991][ T7018]  ? vma_merge_existing_range+0x11ca/0x1770
[  227.235019][ T7018]  report_bug+0x2b3/0x500
[  227.235040][ T7018]  ? vma_merge_existing_range+0x11ca/0x1770
[  227.235064][ T7018]  ? vma_merge_existing_range+0x11ca/0x1770
[  227.235088][ T7018]  ? vma_merge_existing_range+0x11cc/0x1770
[  227.235110][ T7018]  handle_bug+0x89/0x170
[  227.235137][ T7018]  exc_invalid_op+0x1a/0x50
[  227.235163][ T7018]  asm_exc_invalid_op+0x1a/0x20
[  227.235184][ T7018] RIP: 0010:vma_merge_existing_range+0x11ca/0x1770
[  227.235211][ T7018] Code: 48 c7 c6 c0 11 36 8c e8 d4 8e f2 ff 90 0f 0b 90 e9 fd f0 ff ff e8 16 69 a9 ff 4c 89 f7 48 c7 c6 40 12 36 8c e8 b7 8e f2 ff 90 <0f> 0b 90 e9 61 f1 ff ff e8 f9 68 a9 ff e9 7b f2 ff ff e8 ef 68 a9
[  227.235231][ T7018] RSP: 0018:ffffc90003c47a40 EFLAGS: 00010282
[  227.235253][ T7018] RAX: ffffffff8c10ada5 RBX: 0000200000000000 RCX: ffff888027e88000
[  227.235270][ T7018] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff
[  227.235287][ T7018] RBP: ffffc90003c47b90 R08: ffffffff8c10aca0 R09: 1ffff92000788eb0
[  227.235304][ T7018] R10: dffffc0000000000 R11: fffff52000788eb1 R12: 0000200000800000
[  227.235322][ T7018] R13: 0000200000000000 R14: ffffc90003c47c40 R15: ffff88803254a6c8
[  227.235345][ T7018]  ? mt_dump_node+0x1860/0x2290
[  227.235369][ T7018]  ? mt_dump_node+0x1965/0x2290
[  227.235409][ T7018]  ? trace_irq_disable+0x3b/0x120
[  227.235439][ T7018]  ? __pfx_vma_merge_existing_range+0x10/0x10
[  227.235470][ T7018]  vma_modify+0x76/0x390
[  227.235505][ T7018]  vma_modify_flags+0x3a7/0x430
[  227.235550][ T7018]  ? __pfx_vma_modify_flags+0x10/0x10
[  227.235600][ T7018]  mlock_fixup+0x21d/0x350
[  227.235626][ T7018]  apply_mlockall_flags+0x309/0x410
[  227.235651][ T7018]  ? __pfx_apply_mlockall_flags+0x10/0x10
[  227.235680][ T7018]  ? __do_sys_munlockall+0x5a/0x220
[  227.235724][ T7018]  __do_sys_munlockall+0x10a/0x220
[  227.235760][ T7018]  do_syscall_64+0xf3/0x230
[  227.235784][ T7018]  ? clear_bhb_loop+0x45/0xa0
[  227.235811][ T7018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.235834][ T7018] RIP: 0033:0x7fdc8338d169
[  227.235854][ T7018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.235873][ T7018] RSP: 002b:00007fdc831b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098
[  227.235897][ T7018] RAX: ffffffffffffffda RBX: 00007fdc835a6160 RCX: 00007fdc8338d169
[  227.235915][ T7018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  227.235929][ T7018] RBP: 00007fdc831b5090 R08: 0000000000000000 R09: 0000000000000000
[  227.235944][ T7018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  227.235959][ T7018] R13: 0000000000000001 R14: 00007fdc835a6160 R15: 00007ffe63c18e48
[  227.235988][ T7018]  </TASK>
[  227.241082][ T7018] Kernel Offset: disabled