last executing test programs:

8.646865861s ago: executing program 3 (id=4301):
socket$can_raw(0x1d, 0x3, 0x1)
r0 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d240f0100000000000000000006241a0000000c241b4800050000050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
syz_io_uring_setup(0x4de8, &(0x7f00000000c0)={0x0, 0x1ff, 0x10, 0x2, 0x217}, &(0x7f0000000000), &(0x7f00000001c0))
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x45, &(0x7f0000000040), 0x3b)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r2 = syz_usb_connect$rtl8150(0x1, 0x3f, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$rtl8150(r2, &(0x7f0000000240)={0xc, &(0x7f0000000580)={0x0, 0xf, 0xd7, {0xd7, 0x22, "ee55aded8c6dd8f4e6229538450e127b699e839708ab560463f43353d5d336b5e337c9b3269b7ec36d6669b72df2064f02aab1385b892a11ace35d4594d57313e387ed517fafe5af889031f12092f4eba91028e616667d5876f7aaf707792fb5085f6d43af04c6fc6df7652fa9440a815d9f71e8532f816bad5cdf68020e081a3fbc19adffc59673354c2c3e981844b8729b5d29c4f2f89a5129cb12cd7411f4e7f788045595f8930b9196706f204ce4e52bffb2a013c693524e580b25acbe254bd5bfabffbfac5da46222fa66887694d1519842b9"}}, &(0x7f00000004c0)={0x0, 0x3, 0x70, @string={0x70, 0x3, "4ad0647be6278e2cf945aedd2d56a216b3d7a8a018d94a52bd82749c647834448e9adc4d53c044c0bb6688469456517d60c62084ed8a202cd4f8230451600e555c0e5bd7225c73da924d86619f4c71a5198478edc5986ba310199c9a1c4327cec8ebe44611cd3487d3e1dc480c82"}}}, &(0x7f0000000800)={0x18, &(0x7f0000000680)={0x0, 0x18, 0xd8, "8b5b3b55991505d549eb4c8382eb5edd97c2d8ba3f6b6ce82e4257a5ea345a2c217271b08a2e2f3a59b510c5de10b03370b51eaf3af393dcd55367c25c3375ff2402994296138b16a6136c3fe2323870d5df63f525fda2e83722dc53176906b3de799a9b64afdb9d8ddc55b7ad0ef31b48827487d08d0de21dcda7aca8f84b718546feadb3a8f383214dac8d8c9d6e18c6cceba9dc915ab1f74164a6a9a61e425e38e91b21ce09615defbffc72df14dfb7a6afac89af7fa3ba9d4c359323e4cf8a24258f811294b72e1ffaa4f3c8431f0ea8de4872edbfea"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000780)={0xc0, 0x5, 0x2, "9516"}, &(0x7f00000007c0)={0x40, 0x5, 0x4, "c38a0d64"}})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = socket(0x10, 0x803, 0x0)
socket(0x10, 0x803, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000008c0)={'ip6tnl0\x00', &(0x7f0000000840)={'syztnl2\x00', 0x0, 0x4, 0x5, 0x6, 0x8, 0x4e, @loopback, @ipv4={'\x00', '\xff\xff', @remote}, 0x700, 0x8000, 0x7, 0xa3}})
getsockname$packet(r3, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)

6.085792577s ago: executing program 3 (id=4310):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0xb4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x400}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xb4}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x18) (async)
getsockopt$sock_buf(r0, 0x1, 0x1f, 0x0, &(0x7f0000000200)) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1d, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff85000000b800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) (async)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) (async)
ioctl$BLKTRACESETUP(r4, 0xc0401273, &(0x7f0000000140)={'\x00', 0x1, 0x7ff, 0x6, 0x7, 0x7f}) (async)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r4, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000001980)={0x14, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000004}, 0x40) (async)
connect$l2tp6(r4, &(0x7f0000000000)={0xa, 0x0, 0xb, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8, 0x1}, 0x20)

5.987953492s ago: executing program 3 (id=4311):
ptrace(0x10, 0x1)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000380), 0x1ff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x15)
writev(r4, &(0x7f0000000280)=[{&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22", 0x21}], 0x1)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r5, 0x110, 0x1, &(0x7f0000000300)='GPL\x00', 0x4)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800", @ANYRESDEC], 0x74}}, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg$sock(r7, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r7, 0x1)
bind$rxrpc(r5, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x71, 0x0, 0x0, 0x8000004009917, 0x400000000000fffd, 0x0, 0x80000, 0x40}, 0x0)
ioctl$KDADDIO(r0, 0x4b34, 0x2)

4.704646244s ago: executing program 3 (id=4317):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x3e, 0x229, 0x0, 0xfffffffd, {0xa}}, 0x14}, 0x1, 0x6000000}, 0x0)
socket$netlink(0x10, 0x3, 0x15)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x2148000, &(0x7f00000003c0)=ANY=[@ANYBLOB="4fd8e8bb9395cf0a6e2ac2db3d5627a4cc31b73f0ac42a8f601ca8e3914eec09107f6d90152016dfcd2ae52b6acc45aa71027c993867e1e0f931d43b4cd991cc92c8c52fab4b17aed1726264b822d8f79227a19315c0d25a2ef9fbb8ef27b071", @ANYRES8=r5, @ANYBLOB="2c726f6f74931f0983e6653d3030303035cbd3d4def3", @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
read$FUSE(r6, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
write$FUSE_INIT(r6, &(0x7f0000000480)={0x50, 0x0, 0x0, {0x7, 0x1f, 0xfdffffff, 0x805040a, 0x8, 0x0, 0x0, 0x6, 0x0, 0x0, 0x10}}, 0x50)

4.70415204s ago: executing program 2 (id=4318):
socket$can_raw(0x1d, 0x3, 0x1)
r0 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d240f0100000000000000000006241a0000000c241b4800050000050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
syz_io_uring_setup(0x4de8, &(0x7f00000000c0)={0x0, 0x1ff, 0x10, 0x2, 0x217}, &(0x7f0000000000), &(0x7f00000001c0))
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x45, &(0x7f0000000040), 0x3b)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r2 = syz_usb_connect$rtl8150(0x1, 0x3f, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$rtl8150(r2, &(0x7f0000000240)={0xc, &(0x7f0000000580)={0x0, 0xf, 0xd7, {0xd7, 0x22, "ee55aded8c6dd8f4e6229538450e127b699e839708ab560463f43353d5d336b5e337c9b3269b7ec36d6669b72df2064f02aab1385b892a11ace35d4594d57313e387ed517fafe5af889031f12092f4eba91028e616667d5876f7aaf707792fb5085f6d43af04c6fc6df7652fa9440a815d9f71e8532f816bad5cdf68020e081a3fbc19adffc59673354c2c3e981844b8729b5d29c4f2f89a5129cb12cd7411f4e7f788045595f8930b9196706f204ce4e52bffb2a013c693524e580b25acbe254bd5bfabffbfac5da46222fa66887694d1519842b9"}}, &(0x7f00000004c0)={0x0, 0x3, 0x70, @string={0x70, 0x3, "4ad0647be6278e2cf945aedd2d56a216b3d7a8a018d94a52bd82749c647834448e9adc4d53c044c0bb6688469456517d60c62084ed8a202cd4f8230451600e555c0e5bd7225c73da924d86619f4c71a5198478edc5986ba310199c9a1c4327cec8ebe44611cd3487d3e1dc480c82"}}}, &(0x7f0000000800)={0x18, &(0x7f0000000680)={0x0, 0x18, 0xd8, "8b5b3b55991505d549eb4c8382eb5edd97c2d8ba3f6b6ce82e4257a5ea345a2c217271b08a2e2f3a59b510c5de10b03370b51eaf3af393dcd55367c25c3375ff2402994296138b16a6136c3fe2323870d5df63f525fda2e83722dc53176906b3de799a9b64afdb9d8ddc55b7ad0ef31b48827487d08d0de21dcda7aca8f84b718546feadb3a8f383214dac8d8c9d6e18c6cceba9dc915ab1f74164a6a9a61e425e38e91b21ce09615defbffc72df14dfb7a6afac89af7fa3ba9d4c359323e4cf8a24258f811294b72e1ffaa4f3c8431f0ea8de4872edbfea"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000780)={0xc0, 0x5, 0x2, "9516"}, &(0x7f00000007c0)={0x40, 0x5, 0x4, "c38a0d64"}})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = socket(0x10, 0x803, 0x0)
socket(0x10, 0x803, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000008c0)={'ip6tnl0\x00', &(0x7f0000000840)={'syztnl2\x00', 0x0, 0x4, 0x5, 0x6, 0x8, 0x4e, @loopback, @ipv4={'\x00', '\xff\xff', @remote}, 0x700, 0x8000, 0x7, 0xa3}})
getsockname$packet(r3, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)

3.84844544s ago: executing program 3 (id=4324):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d240f0100000000000000000006241a0000000c241b4800050000050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
syz_io_uring_setup(0x4de8, &(0x7f00000000c0)={0x0, 0x1ff, 0x10, 0x2, 0x217}, &(0x7f0000000000), &(0x7f00000001c0))
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x45, &(0x7f0000000040), 0x3b)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r3 = syz_usb_connect$rtl8150(0x1, 0x3f, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$rtl8150(r3, &(0x7f0000000240)={0xc, &(0x7f0000000580)={0x0, 0xf, 0xd7, {0xd7, 0x22, "ee55aded8c6dd8f4e6229538450e127b699e839708ab560463f43353d5d336b5e337c9b3269b7ec36d6669b72df2064f02aab1385b892a11ace35d4594d57313e387ed517fafe5af889031f12092f4eba91028e616667d5876f7aaf707792fb5085f6d43af04c6fc6df7652fa9440a815d9f71e8532f816bad5cdf68020e081a3fbc19adffc59673354c2c3e981844b8729b5d29c4f2f89a5129cb12cd7411f4e7f788045595f8930b9196706f204ce4e52bffb2a013c693524e580b25acbe254bd5bfabffbfac5da46222fa66887694d1519842b9"}}, &(0x7f00000004c0)={0x0, 0x3, 0x70, @string={0x70, 0x3, "4ad0647be6278e2cf945aedd2d56a216b3d7a8a018d94a52bd82749c647834448e9adc4d53c044c0bb6688469456517d60c62084ed8a202cd4f8230451600e555c0e5bd7225c73da924d86619f4c71a5198478edc5986ba310199c9a1c4327cec8ebe44611cd3487d3e1dc480c82"}}}, &(0x7f0000000800)={0x18, &(0x7f0000000680)={0x0, 0x18, 0xd8, "8b5b3b55991505d549eb4c8382eb5edd97c2d8ba3f6b6ce82e4257a5ea345a2c217271b08a2e2f3a59b510c5de10b03370b51eaf3af393dcd55367c25c3375ff2402994296138b16a6136c3fe2323870d5df63f525fda2e83722dc53176906b3de799a9b64afdb9d8ddc55b7ad0ef31b48827487d08d0de21dcda7aca8f84b718546feadb3a8f383214dac8d8c9d6e18c6cceba9dc915ab1f74164a6a9a61e425e38e91b21ce09615defbffc72df14dfb7a6afac89af7fa3ba9d4c359323e4cf8a24258f811294b72e1ffaa4f3c8431f0ea8de4872edbfea"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000780)={0xc0, 0x5, 0x2, "9516"}, &(0x7f00000007c0)={0x40, 0x5, 0x4, "c38a0d64"}})
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = socket(0x10, 0x803, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000008c0)={'ip6tnl0\x00', &(0x7f0000000840)={'syztnl2\x00', <r5=>0x0, 0x4, 0x5, 0x6, 0x8, 0x4e, @loopback, @ipv4={'\x00', '\xff\xff', @remote}, 0x700, 0x8000, 0x7, 0xa3}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000, {0x0, 0x0, 0x0, r5, {0xffed}, {0xb}, {0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x400)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000400)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x48, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, r6}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}]}}}]}, 0x48}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.266318217s ago: executing program 1 (id=4326):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x200, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xc, &(0x7f0000000300))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', &(0x7f00000004c0), 0x8002, &(0x7f0000000700)=ANY=[@ANYBLOB="56c78e3c733d76697274676f2c6e6f65bc33dbde548d51f5638173733d616e792c63616368653d66736361636865"])
chdir(&(0x7f0000000300)='./file0\x00')
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x54)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
pipe2$9p(&(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x0)
r5 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
splice(r4, 0x0, r5, 0x0, 0x10000000000016, 0x0)
open(&(0x7f0000000300)='./bus\x00', 0x14103e, 0x18a)

2.66091475s ago: executing program 0 (id=4328):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x800, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x7, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000600))
socket$packet(0x11, 0x2, 0x300)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
recvmmsg(r3, &(0x7f0000001800)=[{{&(0x7f0000000340)=@l2tp={0x2, 0x0, @multicast2}, 0x80, 0x0, 0x0, &(0x7f0000001700)=""/241, 0xf1}, 0x1}], 0x1, 0x400000a2, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x39}, 0x0, 0x1, 0x0, 0x4}, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, &(0x7f0000000100))
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r6, &(0x7f0000003100)=[{{&(0x7f0000000000), 0x6e, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1, 0x0, 0x28}}], 0x1, 0x0, 0x0)
sendmmsg(r6, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x1}], 0x1}}], 0x1, 0x9200000000000000)

2.351993017s ago: executing program 2 (id=4329):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
recvmmsg(r1, &(0x7f0000000840), 0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a3000000000c0000000090a010400000000000000000100000008000a40000000005c0011800900010068617368000000004c0002800800064000000008080006400000000608000340000000b10800024000000011080001400000001908000540000000270800074000004b152d40b026ae612c2b1af41558a5a80000080004400c00000008000240000000170900010073797a30000000000800054000000025"], 0x108}, 0x1, 0x0, 0x0, 0x40c0}, 0xc4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRES64, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='affs\x00', 0xa08410, 0x0)
io_uring_setup(0x3eb1, &(0x7f0000000080)={0x0, 0x8003fde, 0xc00, 0x10, 0x398, 0x0, r3})
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000500)={'pcl812\x00', [0x5, 0x5, 0xfffe, 0x4, 0x8, 0xcc7, 0x8, 0x35b, 0xa, 0x100, 0x2, 0x1, 0x4000001, 0x6, 0x6, 0x101, 0xfffffffc, 0x1a449, 0x3, 0x40040003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe6b, 0x3c, 0x8, 0x6, 0x0, 0xfffffff8]})
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7f)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
r9 = socket(0x28, 0x1, 0x0)
r10 = openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$CDROMPLAYBLK(r10, 0x5317, &(0x7f0000000100)={0xfffffffc, 0x7})
connect$packet(r9, &(0x7f0000000000)={0x28, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)

2.237815696s ago: executing program 1 (id=4330):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, 0x0, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0x4, 0x0, &(0x7f00000000c0))

1.847565061s ago: executing program 1 (id=4331):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000feffffff18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000ffffff7f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0x6, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0xb8}, [@ldst={0x5}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x46}, 0x25)

1.8473805s ago: executing program 1 (id=4332):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x3e, 0x229, 0x0, 0xfffffffd, {0xa}}, 0x14}, 0x1, 0x6000000}, 0x0)
socket$netlink(0x10, 0x3, 0x15)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x2148000, &(0x7f00000003c0)=ANY=[@ANYBLOB="4fd8e8bb9395cf0a6e2ac2db3d5627a4cc31b73f0ac42a8f601ca8e3914eec09107f6d90152016dfcd2ae52b6acc45aa71027c993867e1e0f931d43b4cd991cc92c8c52fab4b17aed1726264b822d8f79227a19315c0d25a2ef9fbb8ef27b071", @ANYRES8=r5, @ANYBLOB="2c726f6f74931f0983e6653d3030303035cbd3d4def3", @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
read$FUSE(r6, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
write$FUSE_INIT(r6, &(0x7f0000000480)={0x50, 0x0, 0x0, {0x7, 0x1f, 0xfdffffff, 0x805040a, 0x8, 0x0, 0x0, 0x6, 0x0, 0x0, 0x10}}, 0x50)

1.724169134s ago: executing program 2 (id=4333):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="5f00003c8042cc", @ANYRESHEX=r0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYRESHEX=0x0])
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2, 0x6e}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x104)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x4e22, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
getsockopt$inet6_buf(r2, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000010c0), 0x802, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r6, 0x560a, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000080)={'syz1\x00', {}, 0x49, [0x0, 0x3, 0x403, 0x100000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x3, 0x3, 0xffffffd, 0x8, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x1000000a, 0x0, 0x0, 0x80000007, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0xffffffff], [0x0, 0xa82, 0x0, 0x0, 0x2, 0x733, 0x1, 0xedc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, 0x8, 0x0, 0x2000000, 0x0, 0x0, 0x9, 0x0, 0xfffffff8, 0x0, 0x0, 0x79, 0xfffffffd, 0x0, 0x0, 0x0, 0x2, 0x47, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x7fff0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x28220be6, 0x401, 0x0, 0x2, 0xfffffffc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x20], [0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x2, 0x89, 0x0, 0x800, 0x0, 0xfffffffb, 0x4000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80008003, 0x0, 0xfffffffe, 0xfffffffc, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x351e, 0x0, 0xd, 0x0, 0x0, 0x6492, 0x8], [0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xd2a, 0x200000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x804, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x2, 0xfffffffc, 0x4, 0x0, 0xfd32, 0x6, 0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x3ff, 0x200000, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x0, 0x8000006, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8000008, 0x4, 0x1, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x5)
socket(0x1d, 0xa, 0x2)
ioctl$UI_SET_SWBIT(r5, 0x4004556d, 0x3)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r7, 0x40505330, &(0x7f00000001c0)={0xff, 0xfffffffb, 0x2, 0x6, 0x1101, 0x1})
ioctl$UI_DEV_CREATE(r5, 0x5501)
close(r5)
connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='l%\x86\xce6\xdb\f\xcf\x19|\xc9O\x7f\xce\x8f\x7f\x1c\xeay\x06\x00\x00\x00\a0\r\x13\xaa\x84r\xd7^\xe82\x0f\x1a\xf1\x02\x00\x1e&{\xee2\x95I\xca\xbevl\x12\xb6 \xd4')
syz_open_procfs(0x0, &(0x7f00000001c0)='map_files\x00')
sendmsg$can_bcm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r1, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001b80)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000005c0)="263a4e371907b073da658783afa2bafc9f9514498fd298e5e35e851ea1daff94d066aa89408a5e7c127cce432127c9f8cf6ad054bc007a0c7e4cc0350fdbcde23142a48be1", 0x45}], 0x1}}], 0x1, 0x20000000)
sendmsg$can_bcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2}, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
timerfd_create(0x7, 0x800)
socket$pppl2tp(0x18, 0x1, 0x1)

1.689457341s ago: executing program 0 (id=4334):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x40000000, 0x0, 0x6}, {0x40000001, 0x0, 0x7}]}) (fail_nth: 2)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000480)={0x28, r4, 0xc09, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40488c0)

1.680600458s ago: executing program 2 (id=4335):
ptrace(0x10, 0x1)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000380), 0x1ff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
syz_open_procfs(0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x15)
writev(r4, &(0x7f0000000280)=[{&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22", 0x21}], 0x1)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r5, 0x110, 0x1, &(0x7f0000000300)='GPL\x00', 0x4)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800", @ANYRESDEC], 0x74}}, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg$sock(r7, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r7, 0x1)
bind$rxrpc(r5, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x71, 0x0, 0x0, 0x8000004009917, 0x400000000000fffd, 0x0, 0x80000, 0x40}, 0x0)
ioctl$KDADDIO(r0, 0x4b34, 0x2)

1.428900259s ago: executing program 0 (id=4336):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f0000000400)=<r3=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r3])
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

1.422261476s ago: executing program 3 (id=4337):
socket$can_raw(0x1d, 0x3, 0x1)
r0 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d240f0100000000000000000006241a0000000c241b4800050000050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
syz_io_uring_setup(0x4de8, &(0x7f00000000c0)={0x0, 0x1ff, 0x10, 0x2, 0x217}, &(0x7f0000000000), &(0x7f00000001c0))
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x45, &(0x7f0000000040), 0x3b)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r2 = syz_usb_connect$rtl8150(0x1, 0x3f, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$rtl8150(r2, &(0x7f0000000240)={0xc, &(0x7f0000000580)={0x0, 0xf, 0xd7, {0xd7, 0x22, "ee55aded8c6dd8f4e6229538450e127b699e839708ab560463f43353d5d336b5e337c9b3269b7ec36d6669b72df2064f02aab1385b892a11ace35d4594d57313e387ed517fafe5af889031f12092f4eba91028e616667d5876f7aaf707792fb5085f6d43af04c6fc6df7652fa9440a815d9f71e8532f816bad5cdf68020e081a3fbc19adffc59673354c2c3e981844b8729b5d29c4f2f89a5129cb12cd7411f4e7f788045595f8930b9196706f204ce4e52bffb2a013c693524e580b25acbe254bd5bfabffbfac5da46222fa66887694d1519842b9"}}, &(0x7f00000004c0)={0x0, 0x3, 0x70, @string={0x70, 0x3, "4ad0647be6278e2cf945aedd2d56a216b3d7a8a018d94a52bd82749c647834448e9adc4d53c044c0bb6688469456517d60c62084ed8a202cd4f8230451600e555c0e5bd7225c73da924d86619f4c71a5198478edc5986ba310199c9a1c4327cec8ebe44611cd3487d3e1dc480c82"}}}, &(0x7f0000000800)={0x18, &(0x7f0000000680)={0x0, 0x18, 0xd8, "8b5b3b55991505d549eb4c8382eb5edd97c2d8ba3f6b6ce82e4257a5ea345a2c217271b08a2e2f3a59b510c5de10b03370b51eaf3af393dcd55367c25c3375ff2402994296138b16a6136c3fe2323870d5df63f525fda2e83722dc53176906b3de799a9b64afdb9d8ddc55b7ad0ef31b48827487d08d0de21dcda7aca8f84b718546feadb3a8f383214dac8d8c9d6e18c6cceba9dc915ab1f74164a6a9a61e425e38e91b21ce09615defbffc72df14dfb7a6afac89af7fa3ba9d4c359323e4cf8a24258f811294b72e1ffaa4f3c8431f0ea8de4872edbfea"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000780)={0xc0, 0x5, 0x2, "9516"}, &(0x7f00000007c0)={0x40, 0x5, 0x4, "c38a0d64"}})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = socket(0x10, 0x803, 0x0)
socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, {0xffed}, {0xb}, {0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x400)
getsockname$packet(r3, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)

1.409119017s ago: executing program 0 (id=4338):
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = openat$fb0(0xffffff9c, &(0x7f0000000080), 0x80000, 0x0)
r2 = openat$ndctl0(0xffffff9c, &(0x7f0000002f80), 0x400041, 0x0)
ioctl$MEDIA_IOC_DEVICE_INFO(r2, 0xc1007c00, 0x0)
sync_file_range(r0, 0x0, 0x2, 0x5)
ioctl$FBIOPUTCMAP(r1, 0x4605, &(0x7f00000001c0)={0x7, 0x5, &(0x7f00000000c0)=[0x81, 0x4, 0x5, 0xf, 0x400], &(0x7f0000000100), &(0x7f0000000140), 0x0})
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000040)=0x80000000)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})
r3 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042)
ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f0000000000)=0x8000)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc53, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000300)={&(0x7f00000001c0)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000003c0)={r6, <r7=>0x0, <r8=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000200)={r6, r7, r8, 0x0, 0xc0000001, 0x80000003, 0x0, 0x0, 0x5, 0xe, 0x3c, 0x4b})
set_mempolicy(0x8000, 0x0, 0x6)
sched_setscheduler(r5, 0x2, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="58000000020601010000000000000000000000000500010007000004090002007379e1b5000000000c00078008001240fffffffe11000300686173683a69702c6d61726b00000000050008cdd2a700000500040000000000"], 0x58}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)

1.017741361s ago: executing program 0 (id=4339):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x4, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0x4, 0x0, 0x0)

942.893679ms ago: executing program 1 (id=4340):
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000001001000001"], 0x10}, 0x8000)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x2, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = accept4$x25(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000340)=0x12, 0x80000)
connect$x25(r3, &(0x7f0000000380), 0x12)
sched_setaffinity(r0, 0x8, &(0x7f0000000480)=0xffffffffffffffff)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ptrace$cont(0x1f, 0xffffffffffffffff, 0x4, 0x60d)
ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000440)=0x1f)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TCGETS2(r5, 0x802c542a, &(0x7f00000000c0))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000280)='rxrpc_local\x00', r4, 0x0, 0x5}, 0xfffffe2e)
kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x8000}], 0x320000)
r6 = socket$inet6(0xa, 0x80002, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80882, 0x0)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
mount$overlay(0x0, &(0x7f0000000180)='\x00', &(0x7f0000000300), 0x202482, &(0x7f00000004c0)={[{@uuid_on}, {@redirect_dir_off}, {@xino_on}, {@xino_on}, {@workdir={'workdir', 0x3d, './file0'}}, {@redirect_dir_nofollow}], [{@dont_measure}, {@fsname={'fsname', 0x3d, '#'}}]})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

780.897529ms ago: executing program 2 (id=4341):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x18)
open(&(0x7f0000000380)='./file0\x00', 0x14927e, 0x0)
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
socket$kcm(0x21, 0x2, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f00000002c0)={{0xa, 0x4e23, 0x1184, @empty, 0x2}, {0xa, 0x4e24, 0x3, @mcast2, 0x37a}, 0xffffffffffffffff, {[0x4, 0x1, 0x7, 0x9788, 0x80, 0x7, 0xffffffff]}}, 0x5c)
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000001c0)=0x20000005)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x11)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz1\x00'})
ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x3)
ioctl$UI_DEV_CREATE(r3, 0x5501)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="201120000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$UI_DEV_DESTROY(r3, 0x5502)
syz_io_uring_setup(0xec1, &(0x7f0000000380)={0x0, 0xd385, 0x4, 0x3, 0xf1, 0x0, r2}, &(0x7f0000000180)=<r5=>0x0, &(0x7f0000000600))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x114, &(0x7f0000000640)=0x6, 0x0, 0x4)
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000280))

199.98169ms ago: executing program 0 (id=4342):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x3e, 0x229, 0x0, 0xfffffffd, {0xa}}, 0x14}, 0x1, 0x6000000}, 0x0)
socket$netlink(0x10, 0x3, 0x15)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
creat(&(0x7f0000000100)='./file0\x00', 0x104)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x2148000, &(0x7f00000003c0)=ANY=[@ANYBLOB="4fd8e8bb9395cf0a6e2ac2db3d5627a4cc31b73f0ac42a8f601ca8e3914eec09107f6d90152016dfcd2ae52b6acc45aa71027c993867e1e0f931d43b4cd991cc92c8c52fab4b17aed1726264b822d8f79227a19315c0d25a2ef9fbb8ef27b071", @ANYRES8=r6, @ANYBLOB="2c726f6f74931f0983e6653d3030303035cbd3d4def3", @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r8, 0x401c5820, &(0x7f0000000240)={0x800, 0x8001, 0xbb9, 0x7, 0xb7})
read$FUSE(r7, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
write$FUSE_INIT(r7, &(0x7f0000000480)={0x50, 0x0, 0x0, {0x7, 0x1f, 0xfdffffff, 0x805040a, 0x8, 0x0, 0x0, 0x6, 0x0, 0x0, 0x10}}, 0x50)

75.330646ms ago: executing program 1 (id=4343):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x800, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x7, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000600))
socket$packet(0x11, 0x2, 0x300)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
recvmmsg(r3, &(0x7f0000001800)=[{{&(0x7f0000000340)=@l2tp={0x2, 0x0, @multicast2}, 0x80, 0x0, 0x0, &(0x7f0000001700)=""/241, 0xf1}, 0x1}], 0x1, 0x400000a2, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x39}, 0x0, 0x1, 0x0, 0x4}, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, &(0x7f0000000100))
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r6, &(0x7f0000003100)=[{{&(0x7f0000000000), 0x6e, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1, 0x0, 0x28}}], 0x1, 0x0, 0x0)
sendmmsg(r6, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x1}], 0x1}}], 0x1, 0x9200000000000000)

0s ago: executing program 2 (id=4344):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d240f0100000000000000000006241a0000000c241b4800050000050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
syz_io_uring_setup(0x4de8, &(0x7f00000000c0)={0x0, 0x1ff, 0x10, 0x2, 0x217}, &(0x7f0000000000), &(0x7f00000001c0))
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x45, &(0x7f0000000040), 0x3b)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r3 = syz_usb_connect$rtl8150(0x1, 0x3f, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$rtl8150(r3, &(0x7f0000000240)={0xc, &(0x7f0000000580)={0x0, 0xf, 0xd7, {0xd7, 0x22, "ee55aded8c6dd8f4e6229538450e127b699e839708ab560463f43353d5d336b5e337c9b3269b7ec36d6669b72df2064f02aab1385b892a11ace35d4594d57313e387ed517fafe5af889031f12092f4eba91028e616667d5876f7aaf707792fb5085f6d43af04c6fc6df7652fa9440a815d9f71e8532f816bad5cdf68020e081a3fbc19adffc59673354c2c3e981844b8729b5d29c4f2f89a5129cb12cd7411f4e7f788045595f8930b9196706f204ce4e52bffb2a013c693524e580b25acbe254bd5bfabffbfac5da46222fa66887694d1519842b9"}}, &(0x7f00000004c0)={0x0, 0x3, 0x70, @string={0x70, 0x3, "4ad0647be6278e2cf945aedd2d56a216b3d7a8a018d94a52bd82749c647834448e9adc4d53c044c0bb6688469456517d60c62084ed8a202cd4f8230451600e555c0e5bd7225c73da924d86619f4c71a5198478edc5986ba310199c9a1c4327cec8ebe44611cd3487d3e1dc480c82"}}}, &(0x7f0000000800)={0x18, &(0x7f0000000680)={0x0, 0x18, 0xd8, "8b5b3b55991505d549eb4c8382eb5edd97c2d8ba3f6b6ce82e4257a5ea345a2c217271b08a2e2f3a59b510c5de10b03370b51eaf3af393dcd55367c25c3375ff2402994296138b16a6136c3fe2323870d5df63f525fda2e83722dc53176906b3de799a9b64afdb9d8ddc55b7ad0ef31b48827487d08d0de21dcda7aca8f84b718546feadb3a8f383214dac8d8c9d6e18c6cceba9dc915ab1f74164a6a9a61e425e38e91b21ce09615defbffc72df14dfb7a6afac89af7fa3ba9d4c359323e4cf8a24258f811294b72e1ffaa4f3c8431f0ea8de4872edbfea"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000780)={0xc0, 0x5, 0x2, "9516"}, &(0x7f00000007c0)={0x40, 0x5, 0x4, "c38a0d64"}})
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, {0xffed}, {0xb}, {0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x400)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

1757907233.940:5097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14034 comm="syz.1.4042" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  745.486612][   T40] audit: type=1326 audit(1757907233.940:5098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14034 comm="syz.1.4042" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  745.496338][   T40] audit: type=1326 audit(1757907233.940:5099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14034 comm="syz.1.4042" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  745.505215][   T40] audit: type=1326 audit(1757907233.940:5100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14034 comm="syz.1.4042" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  745.514627][   T40] audit: type=1326 audit(1757907233.940:5101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14034 comm="syz.1.4042" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  745.529697][   T40] audit: type=1326 audit(1757907233.940:5102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14034 comm="syz.1.4042" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  745.835627][T14049] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4047'.
[  745.835736][T14049] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4047'.
[  745.912698][ T5980] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  746.064928][ T5980] usb 5-1: Using ep0 maxpacket: 16
[  746.069682][ T5980] usb 5-1: config 0 has no interfaces?
[  746.072917][ T5980] usb 5-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  746.076102][ T5980] usb 5-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  746.078831][ T5980] usb 5-1: Product: syz
[  746.080163][ T5980] usb 5-1: Manufacturer: syz
[  746.081840][ T5980] usb 5-1: SerialNumber: syz
[  746.088934][ T5980] usb 5-1: config 0 descriptor??
[  746.288035][ T5980] usb 5-1: USB disconnect, device number 13
[  746.334782][T14055] syz.2.4048 (14055): drop_caches: 2
[  746.411061][T14057] FAULT_INJECTION: forcing a failure.
[  746.411061][T14057] name failslab, interval 1, probability 0, space 0, times 0
[  746.415455][T14057] CPU: 2 UID: 0 PID: 14057 Comm: syz.3.4049 Not tainted syzkaller #0 PREEMPT(full) 
[  746.415470][T14057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  746.415477][T14057] Call Trace:
[  746.415481][T14057]  <TASK>
[  746.415486][T14057]  dump_stack_lvl+0x16c/0x1f0
[  746.415507][T14057]  should_fail_ex+0x512/0x640
[  746.415524][T14057]  ? fs_reclaim_acquire+0xae/0x150
[  746.415542][T14057]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  746.415558][T14057]  should_failslab+0xc2/0x120
[  746.415573][T14057]  __kmalloc_noprof+0xd2/0x510
[  746.415594][T14057]  tomoyo_realpath_from_path+0xc2/0x6e0
[  746.415611][T14057]  ? tomoyo_profile+0x47/0x60
[  746.415622][T14057]  tomoyo_path_perm+0x274/0x460
[  746.415634][T14057]  ? tomoyo_path_perm+0x260/0x460
[  746.415648][T14057]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  746.415661][T14057]  ? stack_depot_save_flags+0x29/0x9c0
[  746.415683][T14057]  ? __ia32_sys_umount+0x109/0x190
[  746.415696][T14057]  ? __do_fast_syscall_32+0x7c/0x300
[  746.415712][T14057]  ? do_fast_syscall_32+0x32/0x80
[  746.415721][T14057]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  746.415745][T14057]  ? rcu_is_watching+0x12/0xc0
[  746.415758][T14057]  tomoyo_sb_umount+0x8c/0xd0
[  746.415775][T14057]  ? __pfx_tomoyo_sb_umount+0x10/0x10
[  746.415794][T14057]  security_sb_umount+0x8e/0x210
[  746.415807][T14057]  path_umount+0x329/0x1220
[  746.415822][T14057]  ? __pfx_path_umount+0x10/0x10
[  746.415835][T14057]  ? putname+0x154/0x1a0
[  746.415851][T14057]  __ia32_sys_umount+0x169/0x190
[  746.415864][T14057]  ? __pfx___ia32_sys_umount+0x10/0x10
[  746.415877][T14057]  ? rcu_is_watching+0x12/0xc0
[  746.415888][T14057]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  746.415907][T14057]  __do_fast_syscall_32+0x7c/0x300
[  746.415925][T14057]  do_fast_syscall_32+0x32/0x80
[  746.415934][T14057]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  746.415947][T14057] RIP: 0023:0xf7fe5579
[  746.415956][T14057] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  746.415967][T14057] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000034
[  746.415978][T14057] RAX: ffffffffffffffda RBX: 0000000080000440 RCX: 0000000000000008
[  746.415985][T14057] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  746.415991][T14057] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  746.415997][T14057] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  746.416003][T14057] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  746.416017][T14057]  </TASK>
[  746.416021][T14057] ERROR: Out of memory at tomoyo_realpath_from_path.
[  746.826962][ T6089] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  746.978997][ T1336] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  747.123071][ T6089] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  747.126515][ T6089] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  747.129838][ T6089] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  747.669940][ T6089] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  747.673069][ T6089] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  747.677275][ T6089] usb 8-1: config 0 descriptor??
[  747.828463][ T1336] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  747.831900][ T1336] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  747.835036][ T1336] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  747.839283][ T1336] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  747.842235][ T1336] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  747.846674][ T1336] usb 6-1: config 0 descriptor??
[  748.076532][ T6089] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  748.243372][ T1336] plantronics 0003:047F:FFFF.0007: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  748.525946][T14290] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  748.529709][T14290] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  748.642300][T14292] gtp0: entered promiscuous mode
[  748.648434][T14292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4058'.
[  748.790779][T14298] binder: 14297:14298 unknown command 0
[  748.792657][T14298] binder: 14297:14298 ioctl c0306201 80000080 returned -22
[  749.326320][    C3] plantronics 0003:047F:FFFF.0006: usb_submit_urb(ctrl) failed: -1
[  749.335922][T12864] usb 6-1: USB disconnect, device number 10
[  749.734922][T14307] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  750.114222][ T1336] usb 8-1: reset high-speed USB device number 13 using dummy_hcd
[  750.259500][ T1336] usb 8-1: device firmware changed
[  750.265165][ T6130] usb 8-1: USB disconnect, device number 13
[  750.457994][ T6130] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  750.628569][ T6130] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  750.632094][ T6130] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  750.638234][ T6130] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  750.641259][ T6130] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  750.643881][ T6130] usb 8-1: Product: syz
[  750.645751][ T6130] usb 8-1: Manufacturer: syz
[  750.648029][ T6130] usb 8-1: SerialNumber: syz
[  750.655990][   T10] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  750.872359][T14310] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  750.875386][   T10] usb 5-1: Using ep0 maxpacket: 8
[  750.879565][   T10] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  750.882508][   T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  750.885774][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  750.889009][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  750.892079][   T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  750.896133][   T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  750.898951][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  751.099619][   T10] usb 5-1: usb_control_msg returned -32
[  751.101615][   T10] usbtmc 5-1:16.0: can't read capabilities
[  751.376528][T14324] gtp0: entered promiscuous mode
[  751.382080][T14324] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4068'.
[  751.452189][T14310] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  751.602978][T14333] syz.2.4071 (14333): drop_caches: 2
[  751.650824][T14310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  751.656686][T14310] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  751.663321][ T6130] cdc_mbim 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[  751.666430][ T6130] cdc_mbim 8-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  751.669502][ T6130] cdc_mbim 8-1:1.0: setting rx_max = 2048
[  751.872482][ T6130] cdc_mbim 8-1:1.0: setting tx_max = 184
[  751.875845][ T6130] cdc_mbim 8-1:1.0: cdc-wdm1: USB WDM device
[  751.880488][ T6130] wwan wwan0: port wwan0mbim0 attached
[  751.895131][ T6130] cdc_mbim 8-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 42:42:42:42:42:42
[  752.074868][ T1336] usb 8-1: USB disconnect, device number 14
[  752.077343][ T1336] cdc_mbim 8-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[  752.213761][ T1336] wwan wwan0: port wwan0mbim0 disconnected
[  752.538700][T14345] @: renamed from vlan0
[  753.789495][T14474] gtp0: entered promiscuous mode
[  753.797410][T14474] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4080'.
[  753.996060][   T10] usb 5-1: USB disconnect, device number 14
[  754.072801][T14477] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  754.925911][T14486] futex_wake_op: syz.0.4082 tries to shift op by -1; fix this program
[  755.498892][T14499] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4087'.
[  755.502304][T14499] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4087'.
[  756.338971][T14511] netlink: 'syz.3.4089': attribute type 8 has an invalid length.
[  757.191407][T14525] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  757.193494][T14525] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  757.196281][T14525] vhci_hcd vhci_hcd.0: Device attached
[  757.374755][   T40] kauditd_printk_skb: 134 callbacks suppressed
[  757.374766][   T40] audit: type=1326 audit(1757907246.443:5237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14517 comm="syz.1.4091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  757.410757][   T40] audit: type=1326 audit(1757907246.443:5238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14517 comm="syz.1.4091" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  757.420988][   T40] audit: type=1326 audit(1757907246.443:5239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14517 comm="syz.1.4091" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  757.428408][   T40] audit: type=1326 audit(1757907246.443:5240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14517 comm="syz.1.4091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  757.446497][   T40] audit: type=1326 audit(1757907246.443:5241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14517 comm="syz.1.4091" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  757.477282][   T40] audit: type=1326 audit(1757907246.443:5242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14517 comm="syz.1.4091" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  757.485871][   T40] audit: type=1326 audit(1757907246.443:5243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14517 comm="syz.1.4091" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  757.492600][   T40] audit: type=1326 audit(1757907246.443:5244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14517 comm="syz.1.4091" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  757.514411][   T40] audit: type=1326 audit(1757907246.443:5245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14517 comm="syz.1.4091" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  757.521429][   T40] audit: type=1326 audit(1757907246.443:5246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14517 comm="syz.1.4091" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  757.535126][ T6130] usb 38-1: SetAddress Request (65) to port 0
[  757.537262][ T6130] usb 38-1: new SuperSpeed USB device number 65 using vhci_hcd
[  757.978449][T14530] vhci_hcd: connection reset by peer
[  758.017321][ T1181] vhci_hcd: stop threads
[  758.018845][ T1181] vhci_hcd: release socket
[  758.026481][ T1181] vhci_hcd: disconnect device
[  758.258986][T14545] ptrace attach of "/syz-executor exec"[12841] was attempted by "/syz-executor exec"[14545]
[  758.524697][T10592] Bluetooth: hci2: link tx timeout
[  758.528308][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.533168][T10592] Bluetooth: hci2: link tx timeout
[  758.534929][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.538082][T10592] Bluetooth: hci2: link tx timeout
[  758.539759][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.542172][T10592] Bluetooth: hci2: link tx timeout
[  758.544227][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.547430][T10592] Bluetooth: hci2: link tx timeout
[  758.549154][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.551580][T10592] Bluetooth: hci2: link tx timeout
[  758.553359][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.556015][T10592] Bluetooth: hci2: link tx timeout
[  758.557754][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.560348][T10592] Bluetooth: hci2: link tx timeout
[  758.562054][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.564988][T10592] Bluetooth: hci2: link tx timeout
[  758.566672][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.569130][T10592] Bluetooth: hci2: link tx timeout
[  758.570786][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.573437][T10592] Bluetooth: hci2: link tx timeout
[  758.575117][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.577492][T10592] Bluetooth: hci2: link tx timeout
[  758.579136][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.582093][T10592] Bluetooth: hci2: link tx timeout
[  758.583855][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.586907][T10592] Bluetooth: hci2: link tx timeout
[  758.588943][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.591731][T10592] Bluetooth: hci2: link tx timeout
[  758.593290][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.595678][T10592] Bluetooth: hci2: link tx timeout
[  758.597511][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.600236][T10592] Bluetooth: hci2: link tx timeout
[  758.602060][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.604719][T10592] Bluetooth: hci2: link tx timeout
[  758.606868][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.610147][T10592] Bluetooth: hci2: link tx timeout
[  758.611801][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.614406][T10592] Bluetooth: hci2: link tx timeout
[  758.616184][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.619449][T10592] Bluetooth: hci2: link tx timeout
[  758.621125][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.623479][T10592] Bluetooth: hci2: link tx timeout
[  758.625584][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.630630][T10592] Bluetooth: hci2: link tx timeout
[  758.632413][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.634861][T10592] Bluetooth: hci2: link tx timeout
[  758.636484][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.641653][T10592] Bluetooth: hci2: link tx timeout
[  758.643321][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.646115][T10592] Bluetooth: hci2: link tx timeout
[  758.647773][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.651656][T10592] Bluetooth: hci2: link tx timeout
[  758.653295][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.655988][T10592] Bluetooth: hci2: link tx timeout
[  758.657689][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.660306][T10592] Bluetooth: hci2: link tx timeout
[  758.661957][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.664570][T10592] Bluetooth: hci2: link tx timeout
[  758.666428][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.670513][T10592] Bluetooth: hci2: link tx timeout
[  758.672174][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.674612][T10592] Bluetooth: hci2: link tx timeout
[  758.676243][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.681429][T10592] Bluetooth: hci2: link tx timeout
[  758.683096][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.685886][T10592] Bluetooth: hci2: link tx timeout
[  758.687618][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.690357][T10592] Bluetooth: hci2: link tx timeout
[  758.692015][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.694762][T10592] Bluetooth: hci2: link tx timeout
[  758.697221][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.700424][T10592] Bluetooth: hci2: link tx timeout
[  758.702093][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.704520][T10592] Bluetooth: hci2: link tx timeout
[  758.706255][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.709051][T10592] Bluetooth: hci2: link tx timeout
[  758.710718][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.713104][T10592] Bluetooth: hci2: link tx timeout
[  758.715017][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.717908][T10592] Bluetooth: hci2: link tx timeout
[  758.719576][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.721993][T10592] Bluetooth: hci2: link tx timeout
[  758.723655][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.727688][T10592] Bluetooth: hci2: link tx timeout
[  758.729326][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.731717][T10592] Bluetooth: hci2: link tx timeout
[  758.733356][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.746058][T10592] Bluetooth: hci2: link tx timeout
[  758.747789][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.750481][T10592] Bluetooth: hci2: link tx timeout
[  758.752295][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.757634][T10592] Bluetooth: hci2: link tx timeout
[  758.759490][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.762095][T10592] Bluetooth: hci2: link tx timeout
[  758.764191][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.767029][T10592] Bluetooth: hci2: link tx timeout
[  758.769017][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.772296][T10592] Bluetooth: hci2: link tx timeout
[  758.774162][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.777855][T10592] Bluetooth: hci2: link tx timeout
[  758.779748][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.782414][T10592] Bluetooth: hci2: link tx timeout
[  758.784140][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.788370][T10592] Bluetooth: hci2: link tx timeout
[  758.789977][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.792776][T10592] Bluetooth: hci2: link tx timeout
[  758.795805][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  758.798999][T10592] Bluetooth: hci2: link tx timeout
[  758.801680][T10592] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  758.813667][T10592] Bluetooth: hci2: link tx timeout
[  758.815807][T10592] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  759.254814][T14557] block device autoloading is deprecated and will be removed.
[  760.474152][T14577] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4106'.
[  760.487213][T10592] Bluetooth: hci2: command 0x0406 tx timeout
[  760.787577][T14583] gtp0: entered promiscuous mode
[  760.797824][T14583] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4108'.
[  761.129059][T14591] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  761.131383][T14591] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  761.133990][T14591] vhci_hcd vhci_hcd.0: Device attached
[  761.223558][T14597] input: syz1 as /devices/virtual/input/input60
[  761.288263][T14595] gtp0: entered promiscuous mode
[  761.299313][T14595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4111'.
[  761.429491][   T29] usb 42-1: SetAddress Request (77) to port 0
[  761.433128][   T29] usb 42-1: new SuperSpeed USB device number 77 using vhci_hcd
[  761.461332][T14592] vhci_hcd: connection closed
[  761.461700][   T46] vhci_hcd: stop threads
[  761.464672][   T46] vhci_hcd: release socket
[  761.469186][   T46] vhci_hcd: disconnect device
[  761.542780][T14604] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4112'.
[  761.546877][T14604] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4112'.
[  761.980642][T14612] FAULT_INJECTION: forcing a failure.
[  761.980642][T14612] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  761.984801][T14612] CPU: 1 UID: 0 PID: 14612 Comm: syz.3.4113 Not tainted syzkaller #0 PREEMPT(full) 
[  761.984816][T14612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  761.984823][T14612] Call Trace:
[  761.984827][T14612]  <TASK>
[  761.984831][T14612]  dump_stack_lvl+0x16c/0x1f0
[  761.984852][T14612]  should_fail_ex+0x512/0x640
[  761.984871][T14612]  _copy_to_user+0x32/0xd0
[  761.984884][T14612]  simple_read_from_buffer+0xcb/0x170
[  761.984897][T14612]  proc_fail_nth_read+0x197/0x240
[  761.984910][T14612]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  761.984922][T14612]  ? rw_verify_area+0xcf/0x6c0
[  761.984933][T14612]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  761.984945][T14612]  vfs_read+0x1e4/0xcf0
[  761.984960][T14612]  ? __pfx_vfs_read+0x10/0x10
[  761.984970][T14612]  ? find_held_lock+0x2b/0x80
[  761.984985][T14612]  ? __fget_files+0x20e/0x3c0
[  761.985001][T14612]  ksys_read+0x12a/0x250
[  761.985013][T14612]  ? __pfx_ksys_read+0x10/0x10
[  761.985027][T14612]  ? rcu_is_watching+0x12/0xc0
[  761.985040][T14612]  __do_fast_syscall_32+0x7c/0x300
[  761.985058][T14612]  do_fast_syscall_32+0x32/0x80
[  761.985068][T14612]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  761.985081][T14612] RIP: 0023:0xf7fe5579
[  761.985090][T14612] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  761.985101][T14612] RSP: 002b:00000000f54a4590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  761.985112][T14612] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000f54a4620
[  761.985118][T14612] RDX: 000000000000000f RSI: 00000000f7474ff4 RDI: 0000000000000000
[  761.985125][T14612] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  761.985131][T14612] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  761.985137][T14612] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  761.985150][T14612]  </TASK>
[  762.145641][   T40] kauditd_printk_skb: 970 callbacks suppressed
[  762.145653][   T40] audit: type=1326 audit(1757907251.482:6215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.1.4114" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  762.156624][   T40] audit: type=1326 audit(1757907251.482:6216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.1.4114" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  762.167934][   T40] audit: type=1326 audit(1757907251.482:6217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.1.4114" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  762.176892][   T40] audit: type=1326 audit(1757907251.482:6218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.1.4114" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  762.202771][   T40] audit: type=1326 audit(1757907251.482:6219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.1.4114" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  762.209553][   T40] audit: type=1326 audit(1757907251.482:6220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.1.4114" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  762.216860][   T40] audit: type=1326 audit(1757907251.482:6221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.1.4114" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  762.223988][   T40] audit: type=1326 audit(1757907251.482:6222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.1.4114" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  762.230789][   T40] audit: type=1326 audit(1757907251.482:6223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.1.4114" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  762.237356][   T40] audit: type=1326 audit(1757907251.482:6224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.1.4114" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  762.382202][ T6130] usb 38-1: device descriptor read/8, error -110
[  762.438972][T14620] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4117'.
[  762.448774][T13284] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  762.458553][T10592] Bluetooth: hci2: command 0x0406 tx timeout
[  762.603594][T13284] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  762.607466][T13284] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  762.619259][T14716] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4118'.
[  762.623243][T14716] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4118'.
[  762.623468][T13284] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  762.630261][T13284] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.732637][T13284] usb 8-1: Product: syz
[  762.734647][T13284] usb 8-1: Manufacturer: syz
[  762.744559][T13284] usb 8-1: SerialNumber: syz
[  762.764916][ T6130] usb usb38-port1: attempt power cycle
[  762.981320][T14616] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  763.354401][ T6130] usb usb38-port1: unable to enumerate USB device
[  763.491923][T14744] netlink: 'syz.2.4121': attribute type 8 has an invalid length.
[  763.559562][T14749] syz.0.4122 (14749): drop_caches: 2
[  763.561882][T14616] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  763.762574][T14616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  763.768324][T14616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  763.829168][T13284] cdc_mbim 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[  763.831508][T13284] cdc_mbim 8-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  763.833894][T13284] cdc_mbim 8-1:1.0: setting rx_max = 2048
[  763.955880][T14774] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4125'.
[  763.976123][T14774] macvlan2: entered allmulticast mode
[  763.977897][T14774] veth1_vlan: entered allmulticast mode
[  763.983497][T14774] veth1_vlan: left allmulticast mode
[  763.994664][T13284] cdc_mbim 8-1:1.0: setting tx_max = 184
[  764.053411][T13284] cdc_mbim 8-1:1.0: cdc-wdm0: USB WDM device
[  764.067071][T13284] wwan wwan0: port wwan0mbim0 attached
[  764.094713][T13284] cdc_mbim 8-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 42:42:42:42:42:42
[  764.125587][ T6130] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  764.174046][    C3] wdm_int_callback: 80 callbacks suppressed
[  764.174066][    C3] cdc_mbim 8-1:1.0: nonzero urb status received: -71
[  764.178059][    C3] wdm_int_callback: 80 callbacks suppressed
[  764.178069][    C3] cdc_mbim 8-1:1.0: wdm_int_callback - 0 bytes
[  764.182015][    C3] cdc_mbim 8-1:1.0: nonzero urb status received: -71
[  764.184198][    C3] cdc_mbim 8-1:1.0: wdm_int_callback - 0 bytes
[  764.186460][    C3] cdc_mbim 8-1:1.0: nonzero urb status received: -71
[  764.188526][    C3] cdc_mbim 8-1:1.0: wdm_int_callback - 0 bytes
[  764.190484][    C3] cdc_mbim 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  764.194410][ T5980] usb 8-1: USB disconnect, device number 15
[  764.197814][ T5980] cdc_mbim 8-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[  764.224679][T14792] ptrace attach of "/syz-executor exec"[13757] was attempted by "/syz-executor exec"[14792]
[  764.261594][ T5980] wwan wwan0: port wwan0mbim0 disconnected
[  764.336589][ T6130] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  764.345062][ T6130] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  764.353245][ T6130] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  764.359337][ T6130] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  764.364012][ T6130] usb 5-1: Product: syz
[  764.367979][ T6130] usb 5-1: Manufacturer: syz
[  764.370412][ T6130] usb 5-1: SerialNumber: syz
[  764.611122][T14769] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  764.851979][T14902] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4128'.
[  765.069215][T14906] IPVS: set_ctl: invalid protocol: 0 172.30.0.3:20000
[  765.188576][T14769] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  765.383421][T14769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  765.386805][T14769] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  765.393912][ T6130] cdc_mbim 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  765.396627][ T6130] cdc_mbim 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  765.399593][ T6130] cdc_mbim 5-1:1.0: setting rx_max = 2048
[  765.504539][T14909] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4131'.
[  765.508624][T14909] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4131'.
[  765.585142][ T6130] cdc_mbim 5-1:1.0: setting tx_max = 184
[  765.592546][ T6130] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device
[  765.595635][ T6130] wwan wwan0: port wwan0mbim0 attached
[  765.601306][ T6130] cdc_mbim 5-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 42:42:42:42:42:42
[  765.776320][    C3] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  765.778654][    C3] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  765.780673][    C3] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  765.782779][    C3] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  765.784970][    C3] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  765.787371][    C3] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  765.789941][    C3] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  765.792157][    C3] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  765.794959][    C3] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  765.797529][    C3] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  765.798555][ T5692] 8021q: adding VLAN 0 to HW filter on device wwan0
[  765.800554][    C3] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  765.804282][    C3] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  765.807332][    C3] cdc_mbim 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  765.814628][ T1336] usb 5-1: USB disconnect, device number 15
[  765.818722][ T1336] cdc_mbim 5-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM
[  765.909054][ T1336] wwan wwan0: port wwan0mbim0 disconnected
[  765.913669][T14924] ptrace attach of "/syz-executor exec"[13757] was attempted by "/syz-executor exec"[14924]
[  766.126027][T14934] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4134'.
[  766.129702][T14934] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4134'.
[  766.146144][T14934] geneve2: entered promiscuous mode
[  766.148340][T14934] geneve2: entered allmulticast mode
[  766.165264][   T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  766.168806][   T60] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  766.171851][   T60] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  766.174945][   T60] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  766.210528][T14932] gtp0: entered promiscuous mode
[  766.217396][T14932] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4135'.
[  766.268416][   T29] usb 42-1: device descriptor read/8, error -110
[  766.650813][   T29] usb usb42-port1: attempt power cycle
[  766.760776][T15057] netlink: 'syz.2.4138': attribute type 4 has an invalid length.
[  766.767612][T15057] netlink: 'syz.2.4138': attribute type 4 has an invalid length.
[  767.127253][T15063] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4139'.
[  767.250375][T15065] netlink: 'syz.3.4140': attribute type 8 has an invalid length.
[  767.280878][   T29] usb usb42-port1: unable to enumerate USB device
[  768.375202][T15079] netlink: 7 bytes leftover after parsing attributes in process `syz.0.4144'.
[  768.378887][T15078] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4143'.
[  768.380496][T15079] netlink: 7 bytes leftover after parsing attributes in process `syz.0.4144'.
[  768.382413][T15078] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4143'.
[  768.725928][T12864] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  768.783810][   T10] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  769.128291][   T10] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  769.131849][   T10] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  769.137074][   T10] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  769.139963][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  769.142589][   T10] usb 8-1: Product: syz
[  769.143945][   T10] usb 8-1: Manufacturer: syz
[  769.146408][   T10] usb 8-1: SerialNumber: syz
[  769.271954][T15206] overlayfs: missing 'lowerdir'
[  769.300509][   T40] kauditd_printk_skb: 980 callbacks suppressed
[  769.300519][   T40] audit: type=1326 audit(1757907258.989:7205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15210 comm="syz.0.4149" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  769.309295][   T40] audit: type=1326 audit(1757907258.999:7206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15210 comm="syz.0.4149" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  769.310258][T15211] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64
[  769.317038][   T40] audit: type=1326 audit(1757907258.999:7207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15210 comm="syz.0.4149" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  769.321048][T15211] audit: out of memory in audit_log_start
[  769.328323][   T40] audit: type=1326 audit(1757907258.999:7208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15210 comm="syz.0.4149" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  769.337145][   T40] audit: type=1326 audit(1757907258.999:7209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15210 comm="syz.0.4149" exe="/syz-executor" sig=0 arch=40000003 syscall=338 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  769.345974][   T40] audit: type=1326 audit(1757907258.999:7210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15210 comm="syz.0.4149" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  769.354879][   T40] audit: type=1326 audit(1757907258.999:7211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15210 comm="syz.0.4149" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  769.361979][   T40] audit: type=1326 audit(1757907258.999:7212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15210 comm="syz.0.4149" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  769.393598][T15087] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  769.487955][T12864] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  769.491731][T12864] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  769.520559][T12864] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  769.527778][T12864] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  769.532969][T12864] usb 6-1: Product: syz
[  769.535830][T12864] usb 6-1: Manufacturer: syz
[  769.540482][T12864] usb 6-1: SerialNumber: syz
[  769.749355][T15081] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  769.972754][T15087] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  770.168157][T15087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  770.171656][T15087] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  770.178611][   T10] cdc_mbim 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[  770.180783][   T10] cdc_mbim 8-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  770.183220][   T10] cdc_mbim 8-1:1.0: setting rx_max = 2048
[  770.326319][T15081] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  770.520948][T15081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  770.526465][T15081] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  770.530842][T12864] cdc_mbim 6-1:1.0: MAC-Address: 42:42:42:42:42:42
[  770.532908][T12864] cdc_mbim 6-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  770.535351][T12864] cdc_mbim 6-1:1.0: setting rx_max = 2048
[  770.722039][T12864] cdc_mbim 6-1:1.0: setting tx_max = 184
[  770.725206][T12864] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device
[  770.730406][T12864] wwan wwan0: port wwan0mbim0 attached
[  770.741245][T12864] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 42:42:42:42:42:42
[  770.815418][   T10] cdc_mbim 8-1:1.0: setting tx_max = 184
[  770.908948][   T10] cdc_mbim 8-1:1.0: cdc-wdm1: USB WDM device
[  770.913107][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  770.915177][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  770.917428][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  770.919440][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  770.921440][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  770.921696][   T10] wwan wwan1: port wwan1mbim0 attached
[  770.923427][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  770.923608][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  770.929100][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  770.931139][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  770.933159][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  770.935109][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  770.938214][   T10] cdc_mbim 8-1:1.0 wwan1: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 42:42:42:42:42:42
[  770.942200][T12864] usb 6-1: USB disconnect, device number 11
[  770.956397][T12864] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM
[  770.969875][   T10] usb 8-1: USB disconnect, device number 16
[  770.972561][   T10] cdc_mbim 8-1:1.0 wwan1: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[  771.025043][T12864] wwan wwan0: port wwan0mbim0 disconnected
[  771.094787][   T10] wwan wwan1: port wwan1mbim0 disconnected
[  771.184182][T15237] FAULT_INJECTION: forcing a failure.
[  771.184182][T15237] name failslab, interval 1, probability 0, space 0, times 0
[  771.188223][T15237] CPU: 3 UID: 0 PID: 15237 Comm: syz.0.4154 Not tainted syzkaller #0 PREEMPT(full) 
[  771.188239][T15237] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  771.188246][T15237] Call Trace:
[  771.188251][T15237]  <TASK>
[  771.188255][T15237]  dump_stack_lvl+0x16c/0x1f0
[  771.188275][T15237]  should_fail_ex+0x512/0x640
[  771.188293][T15237]  ? __kmalloc_noprof+0xbf/0x510
[  771.188307][T15237]  ? hidraw_get_report+0x25a/0x4e0
[  771.188319][T15237]  should_failslab+0xc2/0x120
[  771.188333][T15237]  __kmalloc_noprof+0xd2/0x510
[  771.188348][T15237]  hidraw_get_report+0x25a/0x4e0
[  771.188361][T15237]  ? __pfx_hidraw_get_report+0x10/0x10
[  771.188381][T15237]  hidraw_ioctl+0x7d7/0x9e0
[  771.188393][T15237]  ? __pfx_hidraw_ioctl+0x10/0x10
[  771.188405][T15237]  ? __fget_files+0x20e/0x3c0
[  771.188419][T15237]  ? __pfx_hidraw_ioctl+0x10/0x10
[  771.188430][T15237]  compat_ptr_ioctl+0x6e/0xa0
[  771.188446][T15237]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  771.188462][T15237]  __ia32_compat_sys_ioctl+0x242/0x370
[  771.188481][T15237]  __do_fast_syscall_32+0x7c/0x300
[  771.188499][T15237]  do_fast_syscall_32+0x32/0x80
[  771.188509][T15237]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  771.188522][T15237] RIP: 0023:0xf7f63579
[  771.188532][T15237] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  771.188542][T15237] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  771.188553][T15237] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0404807
[  771.188560][T15237] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  771.188566][T15237] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  771.188572][T15237] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  771.188578][T15237] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  771.188591][T15237]  </TASK>
[  771.252599][    C3] vkms_vblank_simulate: vblank timer overrun
[  771.304346][T15249] ptrace attach of "/syz-executor exec"[15012] was attempted by "/syz-executor exec"[15249]
[  771.394412][T15251] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4153'.
[  771.540204][T15257] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4157'.
[  771.548467][T15256] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4156'.
[  771.551537][T15256] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4156'.
[  772.523021][T15267] netlink: 'syz.1.4161': attribute type 12 has an invalid length.
[  772.777628][T15392] FAULT_INJECTION: forcing a failure.
[  772.777628][T15392] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  772.818721][T15392] CPU: 3 UID: 0 PID: 15392 Comm: syz.0.4164 Not tainted syzkaller #0 PREEMPT(full) 
[  772.818738][T15392] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  772.818745][T15392] Call Trace:
[  772.818749][T15392]  <TASK>
[  772.818754][T15392]  dump_stack_lvl+0x16c/0x1f0
[  772.818788][T15392]  should_fail_ex+0x512/0x640
[  772.818808][T15392]  _copy_to_user+0x32/0xd0
[  772.818821][T15392]  simple_read_from_buffer+0xcb/0x170
[  772.818834][T15392]  proc_fail_nth_read+0x197/0x240
[  772.818846][T15392]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  772.818859][T15392]  ? rw_verify_area+0xcf/0x6c0
[  772.818870][T15392]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  772.818881][T15392]  vfs_read+0x1e4/0xcf0
[  772.818897][T15392]  ? __pfx_vfs_read+0x10/0x10
[  772.818908][T15392]  ? find_held_lock+0x2b/0x80
[  772.818923][T15392]  ? __fget_files+0x20e/0x3c0
[  772.818939][T15392]  ksys_read+0x12a/0x250
[  772.818951][T15392]  ? __pfx_ksys_read+0x10/0x10
[  772.818963][T15392]  ? fput+0x9b/0xd0
[  772.818978][T15392]  ? rcu_is_watching+0x12/0xc0
[  772.818991][T15392]  __do_fast_syscall_32+0x7c/0x300
[  772.819009][T15392]  do_fast_syscall_32+0x32/0x80
[  772.819019][T15392]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  772.819032][T15392] RIP: 0023:0xf7f63579
[  772.819041][T15392] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  772.819052][T15392] RSP: 002b:00000000f5445590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  772.819063][T15392] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5445620
[  772.819069][T15392] RDX: 000000000000000f RSI: 00000000f73f4ff4 RDI: 0000000000000000
[  772.819076][T15392] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  772.819082][T15392] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  772.819088][T15392] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  772.819101][T15392]  </TASK>
[  772.885606][    C3] vkms_vblank_simulate: vblank timer overrun
[  773.193642][T12864] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  773.367746][T12864] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  773.371306][T12864] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  773.378014][T12864] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  773.381731][T12864] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  773.384491][T12864] usb 5-1: Product: syz
[  773.385883][T12864] usb 5-1: Manufacturer: syz
[  773.387368][T12864] usb 5-1: SerialNumber: syz
[  773.598504][T15395] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  774.176590][T15395] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  774.277469][T15415] gtp0: entered promiscuous mode
[  774.371549][T15395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  774.374515][T15395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  774.378820][T12864] cdc_mbim 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  774.381320][T12864] cdc_mbim 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  774.383614][T12864] cdc_mbim 5-1:1.0: setting rx_max = 2048
[  774.420192][T15417] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4172'.
[  774.424489][T15417] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4172'.
[  774.571114][T12864] cdc_mbim 5-1:1.0: setting tx_max = 184
[  774.573836][T12864] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device
[  774.577872][T12864] wwan wwan0: port wwan0mbim0 attached
[  774.584056][T12864] cdc_mbim 5-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 42:42:42:42:42:42
[  774.766122][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  774.769049][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  774.772860][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  774.775485][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  774.778432][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  774.781248][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  774.784219][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  774.787019][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  774.790511][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  774.793197][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  774.799790][T12864] usb 5-1: USB disconnect, device number 16
[  774.804243][T12864] cdc_mbim 5-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM
[  774.816383][ T5692] 8021q: adding VLAN 0 to HW filter on device wwan0
[  774.910265][T12864] wwan wwan0: port wwan0mbim0 disconnected
[  775.066561][T15538] trusted_key: encrypted_key: insufficient parameters specified
[  776.000533][T15569] FAULT_INJECTION: forcing a failure.
[  776.000533][T15569] name failslab, interval 1, probability 0, space 0, times 0
[  776.007160][T15569] CPU: 2 UID: 0 PID: 15569 Comm: syz.1.4177 Not tainted syzkaller #0 PREEMPT(full) 
[  776.007176][T15569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  776.007183][T15569] Call Trace:
[  776.007188][T15569]  <TASK>
[  776.007192][T15569]  dump_stack_lvl+0x16c/0x1f0
[  776.007213][T15569]  should_fail_ex+0x512/0x640
[  776.007230][T15569]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  776.007244][T15569]  should_failslab+0xc2/0x120
[  776.007258][T15569]  __kmalloc_cache_noprof+0x6a/0x3e0
[  776.007270][T15569]  ? vhost_iotlb_alloc+0x47/0x1d0
[  776.007287][T15569]  vhost_iotlb_alloc+0x47/0x1d0
[  776.007315][T15569]  vhost_net_ioctl+0x7a4/0x1840
[  776.007325][T15569]  ? do_vfs_ioctl+0x128/0x14f0
[  776.007343][T15569]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  776.007359][T15569]  ? __pfx_vhost_net_ioctl+0x10/0x10
[  776.007374][T15569]  ? hook_file_ioctl_common+0x145/0x410
[  776.007392][T15569]  ? __fget_files+0x20e/0x3c0
[  776.007405][T15569]  ? __pfx_vhost_net_ioctl+0x10/0x10
[  776.007415][T15569]  compat_ptr_ioctl+0x6e/0xa0
[  776.007431][T15569]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  776.007446][T15569]  __ia32_compat_sys_ioctl+0x242/0x370
[  776.007465][T15569]  __do_fast_syscall_32+0x7c/0x300
[  776.007484][T15569]  do_fast_syscall_32+0x32/0x80
[  776.007494][T15569]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  776.007508][T15569] RIP: 0023:0xf70de579
[  776.007517][T15569] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  776.007528][T15569] RSP: 002b:00000000f54ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  776.007543][T15569] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000af02
[  776.007550][T15569] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  776.007556][T15569] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  776.007562][T15569] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  776.007568][T15569] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  776.007582][T15569]  </TASK>
[  776.090030][    C2] hpet_rtc_timer_reinit: 61 callbacks suppressed
[  776.090041][    C2] hpet: Lost 4 RTC interrupts
[  776.271179][T15574] FAULT_INJECTION: forcing a failure.
[  776.271179][T15574] name failslab, interval 1, probability 0, space 0, times 0
[  776.276324][T15574] CPU: 1 UID: 0 PID: 15574 Comm: syz.1.4178 Not tainted syzkaller #0 PREEMPT(full) 
[  776.276353][T15574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  776.276360][T15574] Call Trace:
[  776.276366][T15574]  <TASK>
[  776.276370][T15574]  dump_stack_lvl+0x16c/0x1f0
[  776.276390][T15574]  should_fail_ex+0x512/0x640
[  776.276410][T15574]  should_failslab+0xc2/0x120
[  776.276425][T15574]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  776.276439][T15574]  ? __alloc_skb+0x2b2/0x380
[  776.276457][T15574]  __alloc_skb+0x2b2/0x380
[  776.276472][T15574]  ? __pfx___alloc_skb+0x10/0x10
[  776.276488][T15574]  ? __pfx_debug_object_assert_init+0x10/0x10
[  776.276502][T15574]  ? __lock_acquire+0xb97/0x1ce0
[  776.276519][T15574]  hci_cmd_sync_alloc+0x39/0x3a0
[  776.276539][T15574]  __hci_cmd_sync_sk+0x157/0xc90
[  776.276557][T15574]  ? __pfx___hci_cmd_sync_sk+0x10/0x10
[  776.276574][T15574]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  776.276602][T15574]  ? hci_sock_dev_event+0xb6/0x610
[  776.276619][T15574]  __hci_cmd_sync_status_sk+0x48/0x190
[  776.276631][T15574]  hci_dev_open_sync+0x11f9/0x2430
[  776.276644][T15574]  ? __pfx_hci_dev_open_sync+0x10/0x10
[  776.276661][T15574]  hci_dev_do_open+0x2a/0x90
[  776.276675][T15574]  hci_dev_open+0x1d2/0x330
[  776.276691][T15574]  hci_sock_ioctl+0x445/0x7d0
[  776.276706][T15574]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  776.276720][T15574]  ? do_vfs_ioctl+0x128/0x14f0
[  776.276740][T15574]  hci_sock_compat_ioctl+0x43/0x80
[  776.276753][T15574]  ? __pfx_hci_sock_compat_ioctl+0x10/0x10
[  776.276768][T15574]  compat_sock_ioctl+0x173/0x730
[  776.276783][T15574]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  776.276795][T15574]  ? hook_file_ioctl_common+0x145/0x410
[  776.276812][T15574]  ? __fget_files+0x20e/0x3c0
[  776.276828][T15574]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  776.276840][T15574]  __ia32_compat_sys_ioctl+0x242/0x370
[  776.276859][T15574]  __do_fast_syscall_32+0x7c/0x300
[  776.276877][T15574]  do_fast_syscall_32+0x32/0x80
[  776.276887][T15574]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  776.276914][T15574] RIP: 0023:0xf70de579
[  776.276923][T15574] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  776.276934][T15574] RSP: 002b:00000000f548c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  776.276945][T15574] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000400448c9
[  776.276952][T15574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  776.276958][T15574] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  776.276964][T15574] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  776.276970][T15574] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  776.276984][T15574]  </TASK>
[  776.277042][T15574] Bluetooth: hci0: no memory for command (opcode 0x0c03)
[  776.390354][T15574] Bluetooth: hci0: Opcode 0x0c03 failed: -12
[  776.966165][ T6089] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  777.104461][T15582] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  777.111012][ T6089] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  777.114421][ T6089] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  777.119386][ T6089] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  777.122323][ T6089] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  777.125448][ T6089] usb 7-1: Product: syz
[  777.126978][ T6089] usb 7-1: Manufacturer: syz
[  777.130080][ T6089] usb 7-1: SerialNumber: syz
[  777.229595][   T40] audit: type=1326 audit(1757907267.313:7274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15593 comm="syz.1.4185" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  777.238778][   T40] audit: type=1326 audit(1757907267.313:7275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15593 comm="syz.1.4185" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  777.249149][   T40] audit: type=1326 audit(1757907267.313:7276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15593 comm="syz.1.4185" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70de579 code=0x7ffc0000
[  777.260941][   T40] audit: type=1326 audit(1757907267.313:7277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15593 comm="syz.1.4185" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  777.271407][   T40] audit: type=1326 audit(1757907267.313:7278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15593 comm="syz.1.4185" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  777.277974][   T40] audit: type=1326 audit(1757907267.313:7279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15593 comm="syz.1.4185" exe="/syz-executor" sig=0 arch=40000003 syscall=338 compat=1 ip=0xf70de579 code=0x7ffc0000
[  777.284684][   T40] audit: type=1326 audit(1757907267.313:7280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15593 comm="syz.1.4185" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  777.291839][   T40] audit: type=1326 audit(1757907267.313:7281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15593 comm="syz.1.4185" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  777.298440][   T40] audit: type=1326 audit(1757907267.313:7282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15593 comm="syz.1.4185" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf70de579 code=0x7ffc0000
[  777.335171][T15584] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  777.913457][T15584] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  778.107657][T15584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  778.111010][T15584] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  778.114447][ T6089] cdc_mbim 7-1:1.0: MAC-Address: 42:42:42:42:42:42
[  778.116544][ T6089] cdc_mbim 7-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  778.136942][ T6089] cdc_mbim 7-1:1.0: setting rx_max = 2048
[  778.140712][ T1336] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  778.299260][ T1336] usb 8-1: Using ep0 maxpacket: 32
[  778.303714][ T1336] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  778.310974][ T1336] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  778.314772][ T1336] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  778.318424][ T6089] cdc_mbim 7-1:1.0: setting tx_max = 184
[  778.323083][ T1336] usb 8-1: Product: syz
[  778.324901][ T1336] usb 8-1: Manufacturer: syz
[  778.326816][ T1336] usb 8-1: SerialNumber: syz
[  778.329061][ T6089] cdc_mbim 7-1:1.0: cdc-wdm0: USB WDM device
[  778.335516][ T6089] wwan wwan0: port wwan0mbim0 attached
[  778.338639][ T1336] usb 8-1: config 0 descriptor??
[  778.343349][T15604] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  778.352371][ T1336] hub 8-1:0.0: bad descriptor, ignoring hub
[  778.360489][ T6089] cdc_mbim 7-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 42:42:42:42:42:42
[  778.366426][ T1336] hub 8-1:0.0: probe with driver hub failed with error -5
[  778.509960][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  778.512049][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  778.514273][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  778.516952][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  778.519743][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  778.522501][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  778.525628][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  778.527959][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  778.530176][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  778.532248][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  778.534515][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  778.537262][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  778.541033][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  778.543182][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  778.545317][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  778.547334][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  778.549359][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  778.551526][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  778.554208][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  778.556393][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  778.576415][T12864] usb 7-1: USB disconnect, device number 14
[  778.576566][    C3] cdc_mbim 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  778.578804][T12864] cdc_mbim 7-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[  778.581538][ T5692] 8021q: adding VLAN 0 to HW filter on device wwan0
[  778.680602][T12864] wwan wwan0: port wwan0mbim0 disconnected
[  778.769253][ T1336] usb 8-1: USB disconnect, device number 17
[  779.030739][T15633] gtp0: entered promiscuous mode
[  779.243984][T15642] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4191'.
[  779.306432][T15644] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20002
[  780.148899][ T5980] e1000 0000:00:06.0 eth0: Reset adapter
[  781.989107][   T40] kauditd_printk_skb: 41 callbacks suppressed
[  781.989118][   T40] audit: type=1326 audit(1757907272.310:7324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15695 comm="syz.1.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  781.998074][   T40] audit: type=1326 audit(1757907272.310:7325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15695 comm="syz.1.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  782.004320][   T40] audit: type=1326 audit(1757907272.310:7326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15695 comm="syz.1.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  782.011416][   T40] audit: type=1326 audit(1757907272.310:7327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15695 comm="syz.1.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  782.018165][   T40] audit: type=1326 audit(1757907272.310:7328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15695 comm="syz.1.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  782.025134][   T40] audit: type=1326 audit(1757907272.310:7329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15695 comm="syz.1.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  782.031268][   T40] audit: type=1326 audit(1757907272.310:7330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15695 comm="syz.1.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  782.038368][   T40] audit: type=1326 audit(1757907272.310:7331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15695 comm="syz.1.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  782.044774][   T40] audit: type=1326 audit(1757907272.310:7332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15695 comm="syz.1.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  782.051077][   T40] audit: type=1326 audit(1757907272.310:7333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15695 comm="syz.1.4201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  782.182610][T15700] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4202'.
[  782.188038][T15700] lo: entered promiscuous mode
[  782.189991][T15700] lo: entered allmulticast mode
[  782.219461][T15700] tunl0: entered promiscuous mode
[  782.221656][T15700] tunl0: entered allmulticast mode
[  782.227661][T15700] gre0: entered promiscuous mode
[  782.229738][T15700] gre0: entered allmulticast mode
[  782.262666][T15700] gretap0: entered promiscuous mode
[  782.264912][T15700] gretap0: entered allmulticast mode
[  782.273339][ T5980] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[  782.276485][T15700] erspan0: entered promiscuous mode
[  782.276594][T15700] erspan0: entered allmulticast mode
[  782.316942][T15700] ip_vti0: entered promiscuous mode
[  782.319219][T15700] ip_vti0: entered allmulticast mode
[  782.336867][T15700] ip6_vti0: entered promiscuous mode
[  782.341949][T15700] ip6_vti0: entered allmulticast mode
[  782.352302][T15700] sit0: entered promiscuous mode
[  782.354413][T15700] sit0: entered allmulticast mode
[  782.385576][T15700] ip6tnl0: entered promiscuous mode
[  782.389505][T15700] ip6tnl0: entered allmulticast mode
[  782.414299][T15700] ip6gre0: entered promiscuous mode
[  782.442591][T15700] ip6gre0: entered allmulticast mode
[  782.461686][T15700] syz_tun: entered promiscuous mode
[  782.464320][T15700] syz_tun: entered allmulticast mode
[  782.472177][T15700] ip6gretap0: entered promiscuous mode
[  782.474134][T15700] ip6gretap0: entered allmulticast mode
[  782.477877][T15700] bridge0: entered promiscuous mode
[  782.479648][T15700] bridge0: entered allmulticast mode
[  782.486191][T15700] vcan0: entered promiscuous mode
[  782.488351][T15700] vcan0: entered allmulticast mode
[  782.502308][T15700] bond0: entered promiscuous mode
[  782.504528][T15700] bond0: entered allmulticast mode
[  782.507156][T15700] 8021q: adding VLAN 0 to HW filter on device bond0
[  782.510370][T15700] team0: entered promiscuous mode
[  782.512658][T15700] team0: entered allmulticast mode
[  782.515249][T15700] 8021q: adding VLAN 0 to HW filter on device team0
[  782.520498][T15700] dummy0: entered promiscuous mode
[  782.534618][T15700] dummy0: entered allmulticast mode
[  782.538385][T15700] nlmon0: entered promiscuous mode
[  782.540289][T15700] nlmon0: entered allmulticast mode
[  782.546861][T15700] caif0: entered promiscuous mode
[  782.554340][T15700] caif0: entered allmulticast mode
[  782.556534][T15700] net_ratelimit: 8 callbacks suppressed
[  782.556550][T15700] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  788.842225][T15721] syz.1.4204 (15721): drop_caches: 2
[  788.979062][T15725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4205'.
[  789.019288][T15731] syz.1.4207 (15731): drop_caches: 2
[  790.702145][T15755] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4212'.
[  790.704843][T15755] lo: entered promiscuous mode
[  790.706314][T15755] lo: entered allmulticast mode
[  790.708182][T15755] tunl0: entered promiscuous mode
[  790.709775][T15755] tunl0: entered allmulticast mode
[  790.727783][T15755] gre0: entered promiscuous mode
[  790.729323][T15755] gre0: entered allmulticast mode
[  790.739125][T15755] gretap0: entered promiscuous mode
[  790.747901][T15755] gretap0: entered allmulticast mode
[  790.755511][T15755] erspan0: entered promiscuous mode
[  790.757184][T15755] erspan0: entered allmulticast mode
[  790.789435][T15755] ip_vti0: entered promiscuous mode
[  790.791333][T15755] ip_vti0: entered allmulticast mode
[  790.801011][T15755] ip6_vti0: entered promiscuous mode
[  790.803035][T15755] ip6_vti0: entered allmulticast mode
[  790.813927][T15755] sit0: entered promiscuous mode
[  790.816130][T15755] sit0: entered allmulticast mode
[  790.838459][T15755] ip6tnl0: entered promiscuous mode
[  790.840469][T15755] ip6tnl0: entered allmulticast mode
[  790.855611][T15755] ip6gre0: entered promiscuous mode
[  790.857923][T15755] ip6gre0: entered allmulticast mode
[  790.867044][T15755] syz_tun: entered promiscuous mode
[  790.869410][T15755] syz_tun: entered allmulticast mode
[  790.881572][T15755] ip6gretap0: entered promiscuous mode
[  790.884175][T15755] ip6gretap0: entered allmulticast mode
[  790.896305][T15755] bridge0: entered promiscuous mode
[  790.898013][T15755] bridge0: entered allmulticast mode
[  790.900419][T15755] vcan0: entered promiscuous mode
[  790.902502][T15755] vcan0: entered allmulticast mode
[  790.904664][T15755] bond0: entered promiscuous mode
[  790.906320][T15755] bond_slave_0: entered promiscuous mode
[  790.908194][T15755] bond_slave_1: entered promiscuous mode
[  790.910093][T15755] bond0: entered allmulticast mode
[  790.912159][T15755] bond_slave_0: entered allmulticast mode
[  790.914062][T15755] bond_slave_1: entered allmulticast mode
[  790.916763][T15755] 8021q: adding VLAN 0 to HW filter on device bond0
[  790.919256][T15755] team0: entered promiscuous mode
[  790.920935][T15755] team_slave_0: entered promiscuous mode
[  790.923390][T15755] team_slave_1: entered promiscuous mode
[  790.925326][T15755] team0: entered allmulticast mode
[  790.927024][T15755] team_slave_0: entered allmulticast mode
[  790.929276][T15755] team_slave_1: entered allmulticast mode
[  790.932341][T15755] 8021q: adding VLAN 0 to HW filter on device team0
[  790.934871][T15755] dummy0: entered promiscuous mode
[  790.936530][T15755] dummy0: entered allmulticast mode
[  790.939223][T15755] nlmon0: entered promiscuous mode
[  790.941558][T15755] nlmon0: entered allmulticast mode
[  790.947507][T15755] caif0: entered promiscuous mode
[  790.949180][T15755] caif0: entered allmulticast mode
[  790.951749][T15755] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  791.021256][   T40] kauditd_printk_skb: 499 callbacks suppressed
[  791.021271][   T40] audit: type=1326 audit(1757907281.790:7833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15863 comm="syz.0.4214" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f63598 code=0x7ffc0000
[  791.033625][   T40] audit: type=1326 audit(1757907281.801:7834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15863 comm="syz.0.4214" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  791.040521][   T40] audit: type=1326 audit(1757907281.801:7835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15863 comm="syz.0.4214" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  791.046984][   T40] audit: type=1326 audit(1757907281.801:7836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15863 comm="syz.0.4214" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  791.053727][   T40] audit: type=1326 audit(1757907281.801:7837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15863 comm="syz.0.4214" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f63598 code=0x7ffc0000
[  791.060167][   T40] audit: type=1326 audit(1757907281.801:7838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15863 comm="syz.0.4214" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  791.066636][   T40] audit: type=1326 audit(1757907281.801:7839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15863 comm="syz.0.4214" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  791.074738][   T40] audit: type=1326 audit(1757907281.801:7840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15863 comm="syz.0.4214" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f63598 code=0x7ffc0000
[  791.082178][   T40] audit: type=1326 audit(1757907281.801:7841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15863 comm="syz.0.4214" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x7ffc0000
[  791.089762][   T40] audit: type=1326 audit(1757907281.801:7842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15863 comm="syz.0.4214" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f63598 code=0x7ffc0000
[  791.229655][T15868] overlayfs: missing 'lowerdir'
[  791.820768][T15878] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4217'.
[  791.948610][T15886] input: syz1 as /devices/virtual/input/input63
[  792.302820][T15895] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10)
[  792.305528][T15895] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  792.308880][T15895] vhci_hcd vhci_hcd.0: Device attached
[  792.361940][T15896] vhci_hcd: connection closed
[  792.362420][   T12] vhci_hcd: stop threads
[  792.365397][   T12] vhci_hcd: release socket
[  792.366932][   T12] vhci_hcd: disconnect device
[  792.895913][T15901] ptrace attach of "/syz-executor exec"[15204] was attempted by "/syz-executor exec"[15901]
[  793.105902][T15903] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4226'.
[  793.197359][T15911] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4225'.
[  793.200907][T15911] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4225'.
[  793.476735][T15921] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4227'.
[  793.479512][T15921] lo: entered promiscuous mode
[  793.483511][T15921] lo: entered allmulticast mode
[  793.488876][T15921] tunl0: entered promiscuous mode
[  793.490842][T15921] tunl0: entered allmulticast mode
[  793.495579][T15921] gre0: entered promiscuous mode
[  793.497267][T15921] gre0: entered allmulticast mode
[  793.508691][T15921] gretap0: entered promiscuous mode
[  793.510582][T15921] gretap0: entered allmulticast mode
[  793.521974][T15921] erspan0: entered promiscuous mode
[  793.524336][T15921] erspan0: entered allmulticast mode
[  793.591348][T15921] ip_vti0: entered promiscuous mode
[  793.598567][T15921] ip_vti0: entered allmulticast mode
[  793.608983][T15921] ip6_vti0: entered promiscuous mode
[  793.614844][T15921] ip6_vti0: entered allmulticast mode
[  793.624946][T15921] sit0: entered promiscuous mode
[  793.629886][T15921] sit0: entered allmulticast mode
[  793.633607][T15921] ip6tnl0: entered promiscuous mode
[  793.635659][T15921] ip6tnl0: entered allmulticast mode
[  793.639372][T15921] ip6gre0: entered promiscuous mode
[  793.641250][T15921] ip6gre0: entered allmulticast mode
[  793.644540][T15921] syz_tun: entered promiscuous mode
[  793.646504][T15921] syz_tun: entered allmulticast mode
[  793.650109][T15921] ip6gretap0: entered promiscuous mode
[  793.652123][T15921] ip6gretap0: entered allmulticast mode
[  793.655992][T15921] bridge0: entered promiscuous mode
[  793.658192][T15921] bridge0: entered allmulticast mode
[  793.662359][T15921] vcan0: entered promiscuous mode
[  793.664211][T15921] vcan0: entered allmulticast mode
[  793.666869][T15921] bond0: entered promiscuous mode
[  793.668607][T15921] bond_slave_0: entered promiscuous mode
[  793.671195][T15921] bond_slave_1: entered promiscuous mode
[  793.673933][T15921] bond0: entered allmulticast mode
[  793.675747][T15921] bond_slave_0: entered allmulticast mode
[  793.678326][T15921] bond_slave_1: entered allmulticast mode
[  793.748099][T15921] team0: entered promiscuous mode
[  793.770037][T15921] team_slave_0: entered promiscuous mode
[  793.789052][T15928] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4229'.
[  793.793607][T15921] team_slave_1: entered promiscuous mode
[  793.827811][T15921] team0: entered allmulticast mode
[  793.844771][T15921] team_slave_0: entered allmulticast mode
[  793.849273][T15921] team_slave_1: entered allmulticast mode
[  793.859317][T15921] dummy0: entered promiscuous mode
[  793.870232][T15921] dummy0: entered allmulticast mode
[  793.898751][T15921] nlmon0: entered promiscuous mode
[  793.915997][T15921] nlmon0: entered allmulticast mode
[  793.986244][T15921] caif0: entered promiscuous mode
[  794.008836][T15921] caif0: entered allmulticast mode
[  794.023709][T15921] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  794.446701][T15940] ptrace attach of "/syz-executor exec"[12841] was attempted by "/syz-executor exec"[15940]
[  794.706855][T15942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4233'.
[  794.709873][T15942] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4233'.
[  795.104191][T15946] virtio-fs: tag </dev/md0> not found
[  795.188410][T16008] ptrace attach of "/syz-executor exec"[15204] was attempted by "/syz-executor exec"[16008]
[  795.255429][T16059] ptrace attach of "/syz-executor exec"[13757] was attempted by "/syz-executor exec"[16059]
[  795.529018][T16063] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4237'.
[  795.532831][T16063] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4237'.
[  795.599228][T16062] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4236'.
[  795.603156][T16062] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4236'.
[  795.712387][T13284] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  795.878432][T13284] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  795.881935][T13284] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  795.895929][T13284] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  795.902865][T13284] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  795.905961][T13284] usb 5-1: Product: syz
[  795.907501][T13284] usb 5-1: Manufacturer: syz
[  795.909060][T13284] usb 5-1: SerialNumber: syz
[  796.174046][T15948] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  796.756809][T15948] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  796.765623][T16174] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4239'.
[  796.955087][T16181] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4241'.
[  796.968132][T15948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  796.972930][T15948] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  796.981920][T13284] cdc_mbim 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  796.983972][T13284] cdc_mbim 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  796.986276][T13284] cdc_mbim 5-1:1.0: setting rx_max = 2048
[  796.988084][T16181] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  797.173378][T16183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4242'.
[  797.179339][T13284] cdc_mbim 5-1:1.0: setting tx_max = 184
[  797.181931][T13284] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device
[  797.185439][T13284] wwan wwan0: port wwan0mbim0 attached
[  797.190685][T13284] cdc_mbim 5-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 42:42:42:42:42:42
[  797.363812][    C2] wdm_int_callback: 6 callbacks suppressed
[  797.363834][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  797.369081][    C2] wdm_int_callback: 6 callbacks suppressed
[  797.369102][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  797.379239][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  797.381303][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  797.384120][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  797.386176][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  797.388307][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  797.390898][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  797.393775][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  797.394878][T16196] input: syz1 as /devices/virtual/input/input64
[  797.396611][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  797.397337][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  797.404585][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  797.407475][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  797.410121][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  797.416372][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  797.419268][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  797.422190][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  797.425071][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  797.428372][    C2] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  797.430416][    C2] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  797.441366][ T1336] usb 5-1: USB disconnect, device number 17
[  797.449455][ T1336] cdc_mbim 5-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM
[  797.524718][ T1336] wwan wwan0: port wwan0mbim0 disconnected
[  797.868501][   T40] kauditd_printk_skb: 436 callbacks suppressed
[  797.868518][   T40] audit: type=1804 audit(1757907288.981:8279): pid=16205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4245" name="/newroot/123/file0/file0" dev="9p" ino=71827711 res=1 errno=0
[  798.360596][   T10] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  798.504729][   T10] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  798.508299][   T10] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  798.513378][   T10] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  798.560222][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  798.563869][   T10] usb 8-1: Product: syz
[  798.566000][   T10] usb 8-1: Manufacturer: syz
[  798.568043][   T10] usb 8-1: SerialNumber: syz
[  798.573259][T16213] ptrace attach of "/syz-executor exec"[13757] was attempted by "/syz-executor exec"[16213]
[  798.783778][T16211] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  798.840812][T16219] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4248'.
[  798.844765][T16219] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4248'.
[  798.850452][T16218] gtp0: entered promiscuous mode
[  798.855770][T16218] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4250'.
[  799.421100][T16211] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  799.615080][T16211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  799.620173][T16211] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  799.760993][   T10] cdc_mbim 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[  799.763807][   T10] cdc_mbim 8-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  799.766950][   T10] cdc_mbim 8-1:1.0: setting rx_max = 2048
[  799.819448][   T10] cdc_mbim 8-1:1.0: setting tx_max = 184
[  799.823036][   T10] cdc_mbim 8-1:1.0: cdc-wdm0: USB WDM device
[  799.826405][   T10] wwan wwan0: port wwan0mbim0 attached
[  799.832875][   T10] cdc_mbim 8-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 42:42:42:42:42:42
[  799.895704][T16237] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4253'.
[  799.898465][T16236] syz.2.4255 (16236): drop_caches: 2
[  799.910520][T16237] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  799.975048][T16238] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  799.977588][T16238] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  799.981977][T16238] vhci_hcd vhci_hcd.0: Device attached
[  800.035449][ T5980] usb 8-1: USB disconnect, device number 18
[  800.043123][ T5980] cdc_mbim 8-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[  800.088289][T16247] syz.2.4256 (16247): drop_caches: 2
[  800.110704][ T5980] wwan wwan0: port wwan0mbim0 disconnected
[  800.248677][ T1336] usb 38-1: SetAddress Request (69) to port 0
[  800.250585][ T1336] usb 38-1: new SuperSpeed USB device number 69 using vhci_hcd
[  800.452155][   T40] audit: type=1804 audit(1757907291.690:8280): pid=16257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4257" name="/newroot/429/file0/file0" dev="9p" ino=71827711 res=1 errno=0
[  800.493712][T16240] vhci_hcd: connection reset by peer
[  800.496267][   T97] vhci_hcd: stop threads
[  800.497946][   T97] vhci_hcd: release socket
[  800.499869][   T97] vhci_hcd: disconnect device
[  800.922674][T13284] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  801.067513][T13284] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  801.077282][T13284] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  801.164079][T13284] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  801.167881][T13284] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  801.171475][T13284] usb 6-1: Product: syz
[  801.173262][T13284] usb 6-1: Manufacturer: syz
[  801.175119][T13284] usb 6-1: SerialNumber: syz
[  801.194650][T16265] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4260'.
[  801.418934][T16273] ptrace attach of "/syz-executor exec"[15204] was attempted by "/syz-executor exec"[16273]
[  801.419521][T16263] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  801.856798][T16278] input: syz1 as /devices/virtual/input/input65
[  801.887924][T16280] syz.2.4264 (16280): drop_caches: 2
[  801.913076][T16281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4263'.
[  801.917157][T16281] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4263'.
[  802.004179][T16263] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  802.202636][T16263] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  802.205483][T16263] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  802.210810][T13284] cdc_mbim 6-1:1.0: MAC-Address: 42:42:42:42:42:42
[  802.212915][T13284] cdc_mbim 6-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  802.215241][T13284] cdc_mbim 6-1:1.0: setting rx_max = 2048
[  802.361046][T12864] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  802.451732][T13284] cdc_mbim 6-1:1.0: setting tx_max = 184
[  802.456758][T13284] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device
[  802.475716][T13284] wwan wwan0: port wwan0mbim0 attached
[  802.483346][T13284] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 42:42:42:42:42:42
[  802.515115][T12864] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  802.518939][T12864] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  802.526585][T12864] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  802.530232][T12864] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  802.533372][T12864] usb 7-1: Product: syz
[  802.534724][T12864] usb 7-1: Manufacturer: syz
[  802.536170][T12864] usb 7-1: SerialNumber: syz
[  802.589373][T16292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4267'.
[  802.594077][    C2] wdm_int_callback: 76 callbacks suppressed
[  802.594091][    C2] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  802.598361][    C2] wdm_int_callback: 76 callbacks suppressed
[  802.598377][    C2] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  802.602961][    C2] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  802.605080][    C2] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  802.605325][    C2] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  802.609579][    C2] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  802.610101][    C2] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  802.611875][T16292] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  802.613773][    C2] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  802.613990][    C2] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  802.624207][    C2] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  802.627828][    C2] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  802.630635][    C2] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  802.633912][    C2] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  802.636216][    C2] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  802.640255][    C2] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  802.642445][    C2] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  802.644675][    C2] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  802.646766][    C2] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  802.651867][ T5980] usb 6-1: USB disconnect, device number 12
[  802.655577][ T5980] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM
[  802.725351][ T5980] wwan wwan0: port wwan0mbim0 disconnected
[  802.756091][T16287] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  803.220098][T16310] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  803.222654][T16310] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  803.225704][T16310] vhci_hcd vhci_hcd.0: Device attached
[  803.339440][T16287] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  803.399498][T16314] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4270'.
[  803.538246][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  803.542054][T16287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  803.542136][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  803.553339][T16287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  803.557844][T12864] cdc_mbim 7-1:1.0: MAC-Address: 42:42:42:42:42:42
[  803.560603][T12864] cdc_mbim 7-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  803.563350][T12864] cdc_mbim 7-1:1.0: setting rx_max = 2048
[  803.669745][T16311] vhci_hcd: connection closed
[  803.672563][   T97] vhci_hcd: stop threads
[  803.676096][   T97] vhci_hcd: release socket
[  803.678634][   T97] vhci_hcd: disconnect device
[  803.749554][T12864] cdc_mbim 7-1:1.0: setting tx_max = 184
[  803.753928][T12864] cdc_mbim 7-1:1.0: cdc-wdm0: USB WDM device
[  803.759082][T12864] wwan wwan0: port wwan0mbim0 attached
[  803.768255][T12864] cdc_mbim 7-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 42:42:42:42:42:42
[  803.799832][ T6089] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  803.944029][    C3] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  803.946905][    C3] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  803.957422][ T6089] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  803.967973][ T6089] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  803.979114][ T6019] usb 7-1: USB disconnect, device number 15
[  803.983143][ T6019] cdc_mbim 7-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[  803.990342][ T6089] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  803.994151][ T6089] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.997579][ T6089] usb 8-1: Product: syz
[  804.001730][ T6089] usb 8-1: Manufacturer: syz
[  804.003803][ T6089] usb 8-1: SerialNumber: syz
[  804.070022][ T6019] wwan wwan0: port wwan0mbim0 disconnected
[  804.222694][T16318] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  804.373177][T16336] syz.1.4273 (16336): drop_caches: 2
[  804.500881][T16341] ptrace attach of "/syz-executor exec"[12841] was attempted by "/syz-executor exec"[16341]
[  804.856625][T16318] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  805.054926][T16318] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  805.063026][T16318] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  805.066231][ T1336] usb 38-1: device descriptor read/8, error -110
[  805.068356][T16347] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4275'.
[  805.071269][T16347] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4275'.
[  805.072116][T16348] input: syz1 as /devices/virtual/input/input66
[  805.090118][ T6089] cdc_mbim 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[  805.096150][ T6089] cdc_mbim 8-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  805.098494][ T6089] cdc_mbim 8-1:1.0: setting rx_max = 2048
[  805.282912][ T6089] cdc_mbim 8-1:1.0: setting tx_max = 184
[  805.287822][ T6089] cdc_mbim 8-1:1.0: cdc-wdm0: USB WDM device
[  805.311711][T16344] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  805.314405][ T6089] wwan wwan0: port wwan0mbim0 attached
[  805.320282][ T6089] cdc_mbim 8-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 42:42:42:42:42:42
[  805.458931][ T1336] usb usb38-port1: attempt power cycle
[  805.478334][   T10] usb 8-1: USB disconnect, device number 19
[  805.480978][   T10] cdc_mbim 8-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[  805.525984][   T10] wwan wwan0: port wwan0mbim0 disconnected
[  805.772160][T16372] gtp0: entered promiscuous mode
[  805.790983][T16372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4279'.
[  806.305899][   T40] audit: type=1326 audit(1757907297.842:8281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16376 comm="syz.3.4281" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe5598 code=0x7ffc0000
[  806.324488][   T40] audit: type=1326 audit(1757907297.842:8282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16376 comm="syz.3.4281" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe5598 code=0x7ffc0000
[  806.331537][   T40] audit: type=1326 audit(1757907297.842:8283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16376 comm="syz.3.4281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7ffc0000
[  806.362270][   T40] audit: type=1326 audit(1757907297.842:8284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16376 comm="syz.3.4281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7ffc0000
[  806.369166][   T40] audit: type=1326 audit(1757907297.842:8285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16376 comm="syz.3.4281" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe5598 code=0x7ffc0000
[  806.394565][T16381] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  806.396730][T16381] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  806.399377][   T40] audit: type=1326 audit(1757907297.842:8286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16376 comm="syz.3.4281" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe5598 code=0x7ffc0000
[  806.419577][T16381] vhci_hcd vhci_hcd.0: Device attached
[  806.431106][   T40] audit: type=1326 audit(1757907297.842:8287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16376 comm="syz.3.4281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7ffc0000
[  806.439764][   T40] audit: type=1326 audit(1757907297.842:8288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16376 comm="syz.3.4281" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe5598 code=0x7ffc0000
[  806.450677][   T40] audit: type=1326 audit(1757907297.842:8289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16376 comm="syz.3.4281" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe5598 code=0x7ffc0000
[  806.460496][   T40] audit: type=1326 audit(1757907297.842:8290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16376 comm="syz.3.4281" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe5598 code=0x7ffc0000
[  806.485966][ T1336] usb 38-1: SetAddress Request (72) to port 0
[  806.487923][ T1336] usb 38-1: new SuperSpeed USB device number 72 using vhci_hcd
[  806.695127][ T6089] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  806.720277][T16382] vhci_hcd: connection reset by peer
[  806.722769][ T1181] vhci_hcd: stop threads
[  806.725300][ T1181] vhci_hcd: release socket
[  806.727811][ T1181] vhci_hcd: disconnect device
[  806.841107][ T6089] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  806.845794][ T6089] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  806.852276][ T6089] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  806.855962][ T6089] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.859657][ T6089] usb 7-1: Product: syz
[  806.863558][ T6089] usb 7-1: Manufacturer: syz
[  806.865520][ T6089] usb 7-1: SerialNumber: syz
[  807.082011][T16386] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  807.400460][T16399] ptrace attach of "/syz-executor exec"[12841] was attempted by "/syz-executor exec"[16399]
[  807.618823][T16406] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4287'.
[  807.626339][T16406] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4287'.
[  807.682128][T16386] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  808.122982][T16393] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  808.125330][T16393] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  808.127380][T16393] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  808.131241][T16386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  808.134468][T16386] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  808.138344][ T6089] cdc_mbim 7-1:1.0: MAC-Address: 42:42:42:42:42:42
[  808.140383][ T6089] cdc_mbim 7-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  808.142986][ T6089] cdc_mbim 7-1:1.0: setting rx_max = 2048
[  808.227812][T16412] input: syz1 as /devices/virtual/input/input67
[  808.343459][ T6089] cdc_mbim 7-1:1.0: setting tx_max = 184
[  808.355591][ T6089] cdc_mbim 7-1:1.0: cdc-wdm0: USB WDM device
[  808.360756][ T6089] wwan wwan0: port wwan0mbim0 attached
[  808.366206][ T6089] cdc_mbim 7-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 42:42:42:42:42:42
[  808.402832][T16417] overlayfs: missing 'lowerdir'
[  808.529148][    C0] wdm_int_callback: 52 callbacks suppressed
[  808.529161][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  808.533360][    C0] wdm_int_callback: 52 callbacks suppressed
[  808.533371][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  808.537625][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  808.539699][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  808.541903][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  808.544112][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  808.546336][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  808.548475][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  808.550737][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  808.552921][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  808.556441][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  808.559232][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  808.562155][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  808.564912][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  808.567606][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  808.570147][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  808.572883][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  808.575453][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  808.578192][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  808.580375][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  808.587602][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  808.591720][ T5980] usb 7-1: USB disconnect, device number 16
[  808.595173][ T5980] cdc_mbim 7-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[  808.660080][ T5980] wwan wwan0: port wwan0mbim0 disconnected
[  808.693619][T16429] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4290'.
[  809.189049][T16442] 8021q: adding VLAN 0 to HW filter on device bond1
[  809.429100][ T5979] Bluetooth: hci1: command 0x0406 tx timeout
[  809.467385][ T6089] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  809.793426][ T6089] usb 6-1: Using ep0 maxpacket: 32
[  809.799073][ T6089] usb 6-1: config 0 has an invalid interface number: 247 but max is 0
[  809.808119][ T6089] usb 6-1: config 0 has no interface number 0
[  809.810073][T16451] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4296'.
[  809.813082][T16451] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4296'.
[  809.814729][ T6089] usb 6-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  809.823522][ T6089] usb 6-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[  809.828943][ T6089] usb 6-1: Product: syz
[  809.833307][ T6089] usb 6-1: Manufacturer: syz
[  809.840146][ T6089] usb 6-1: config 0 descriptor??
[  809.988474][T16447] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  809.991179][T16447] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  809.995248][T16447] vhci_hcd vhci_hcd.0: Device attached
[  810.089839][T16454] vhci_hcd: connection closed
[  810.090197][   T12] vhci_hcd: stop threads
[  810.094399][   T12] vhci_hcd: release socket
[  810.095189][T16442] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  810.096467][ T5979] Bluetooth: hci2: command 0x0406 tx timeout
[  810.096508][ T5979] Bluetooth: hci3: command 0x0406 tx timeout
[  810.096805][   T12] vhci_hcd: disconnect device
[  810.106460][T16442] bond1: (slave macvlan2): Enslaving as a backup interface with an up link
[  810.148443][T16442] bridge_slave_0: left allmulticast mode
[  810.150293][T16442] bridge_slave_0: left promiscuous mode
[  810.152206][T16442] bridge0: port 1(bridge_slave_0) entered disabled state
[  810.156831][T16442] bridge_slave_1: left allmulticast mode
[  810.158643][T16442] bridge_slave_1: left promiscuous mode
[  810.160476][T16442] bridge0: port 2(bridge_slave_1) entered disabled state
[  810.166980][T16442] bond0: (slave bond_slave_0): Releasing backup interface
[  810.170133][T16442] bond_slave_0: left allmulticast mode
[  810.172478][T16442] bond_slave_0: left promiscuous mode
[  810.176450][T16442] bond0: (slave bond_slave_1): Releasing backup interface
[  810.180151][T16442] bond_slave_1: left allmulticast mode
[  810.182354][T16442] bond_slave_1: left promiscuous mode
[  810.185694][T16442] team_slave_0: left promiscuous mode
[  810.187459][T16442] team_slave_0: left allmulticast mode
[  810.191527][T16442] team0: Port device team_slave_0 removed
[  810.194425][T16442] team_slave_1: left promiscuous mode
[  810.196668][T16442] team_slave_1: left allmulticast mode
[  810.202088][T16442] team0: Port device team_slave_1 removed
[  810.204286][T16442] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  810.206604][T16442] batman_adv: batadv0: Removing interface: batadv_slave_0
[  810.210450][T16442] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  810.212959][T16442] batman_adv: batadv0: Removing interface: batadv_slave_1
[  810.221446][T16442] bond1: (slave macvlan2): Removing an active aggregator
[  810.224416][T16442] bond1: (slave macvlan2): Releasing backup interface
[  810.827866][T16465] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4299'.
[  810.903855][T16471] overlayfs: missing 'lowerdir'
[  811.007104][ T6089] usb 6-1: USB disconnect, device number 13
[  811.305636][ T1336] usb 38-1: device descriptor read/8, error -110
[  811.381814][T13284] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  811.411414][ T1336] usb usb38-port1: unable to enumerate USB device
[  811.539393][T13284] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  811.572654][T13284] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  811.583500][T13284] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  811.586532][T13284] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  811.589630][T13284] usb 8-1: Product: syz
[  811.591772][T13284] usb 8-1: Manufacturer: syz
[  811.595583][T13284] usb 8-1: SerialNumber: syz
[  811.845308][T16474] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  812.430894][T16474] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  812.599900][T16489] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4306'.
[  812.602995][T16489] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4306'.
[  812.628771][T16474] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  812.636538][T16474] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  812.696206][T13284] cdc_mbim 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[  812.702026][T13284] cdc_mbim 8-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  812.704626][T13284] cdc_mbim 8-1:1.0: setting rx_max = 2048
[  813.014953][T13284] cdc_mbim 8-1:1.0: setting tx_max = 184
[  813.017773][T13284] cdc_mbim 8-1:1.0: cdc-wdm0: USB WDM device
[  813.022497][T13284] wwan wwan0: port wwan0mbim0 attached
[  813.027332][T13284] cdc_mbim 8-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 42:42:42:42:42:42
[  813.206375][   T10] usb 8-1: USB disconnect, device number 20
[  813.209026][   T10] cdc_mbim 8-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[  813.259306][   T10] wwan wwan0: port wwan0mbim0 disconnected
[  813.489055][T16510] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  813.491234][T16510] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  813.494083][T16510] vhci_hcd vhci_hcd.0: Device attached
[  813.590919][T16516] overlayfs: missing 'lowerdir'
[  813.744103][   T29] usb 42-1: SetAddress Request (81) to port 0
[  813.746184][   T29] usb 42-1: new SuperSpeed USB device number 81 using vhci_hcd
[  813.793961][T16518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  813.801683][T16518] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  813.831384][T16525] ptrace attach of "/syz-executor exec"[15204] was attempted by "/syz-executor exec"[16525]
[  813.840704][   T10] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  813.953342][T16512] vhci_hcd: connection reset by peer
[  813.960207][   T12] vhci_hcd: stop threads
[  813.961601][   T12] vhci_hcd: release socket
[  813.963570][   T12] vhci_hcd: disconnect device
[  813.984849][T16528] FAULT_INJECTION: forcing a failure.
[  813.984849][T16528] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  813.990004][T16528] CPU: 3 UID: 0 PID: 16528 Comm: syz.0.4312 Not tainted syzkaller #0 PREEMPT(full) 
[  813.990022][T16528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  813.990030][T16528] Call Trace:
[  813.990035][T16528]  <TASK>
[  813.990040][T16528]  dump_stack_lvl+0x16c/0x1f0
[  813.990061][T16528]  should_fail_ex+0x512/0x640
[  813.990081][T16528]  _copy_from_user+0x2e/0xd0
[  813.990093][T16528]  copy_from_sockptr_offset+0x15c/0x1b0
[  813.990106][T16528]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[  813.990121][T16528]  do_tcp_getsockopt+0x108d/0x25d0
[  813.990139][T16528]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[  813.990158][T16528]  ? __lock_acquire+0xb97/0x1ce0
[  813.990175][T16528]  ? aa_label_sk_perm+0x195/0x600
[  813.990189][T16528]  ? _kstrtoull+0x145/0x200
[  813.990203][T16528]  ? __pfx__kstrtoull+0x10/0x10
[  813.990218][T16528]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  813.990234][T16528]  ? __lock_acquire+0x62e/0x1ce0
[  813.990257][T16528]  ? __pfx___might_resched+0x10/0x10
[  813.990269][T16528]  ? get_pid_task+0xfc/0x250
[  813.990286][T16528]  ? aa_sk_perm+0x2f4/0xb10
[  813.990302][T16528]  ? __lock_acquire+0x62e/0x1ce0
[  813.990318][T16528]  tcp_getsockopt+0xdf/0x100
[  813.990334][T16528]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  813.990346][T16528]  do_sock_getsockopt+0x34d/0x440
[  813.990358][T16528]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  813.990369][T16528]  ? __fget_files+0x204/0x3c0
[  813.990388][T16528]  __sys_getsockopt+0x123/0x1b0
[  813.990406][T16528]  __ia32_sys_getsockopt+0xbc/0x160
[  813.990421][T16528]  ? lockdep_hardirqs_on+0x7c/0x110
[  813.990437][T16528]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  813.990453][T16528]  __do_fast_syscall_32+0x7c/0x300
[  813.990471][T16528]  do_fast_syscall_32+0x32/0x80
[  813.990481][T16528]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  813.990494][T16528] RIP: 0023:0xf7f63579
[  813.990503][T16528] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  813.990514][T16528] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[  813.990525][T16528] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000006
[  813.990531][T16528] RDX: 0000000000000023 RSI: 0000000080000040 RDI: 0000000080000240
[  813.990538][T16528] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  813.990544][T16528] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  813.990550][T16528] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  813.990562][T16528]  </TASK>
[  814.056354][T16529] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4311'.
[  814.081759][T16529] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4311'.
[  814.276253][T16535] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4313'.
[  814.280324][T16535] lo: entered promiscuous mode
[  814.282240][T16535] lo: entered allmulticast mode
[  814.289921][T16535] tunl0: entered promiscuous mode
[  814.291850][T16535] tunl0: entered allmulticast mode
[  814.299068][T16535] gre0: entered promiscuous mode
[  814.300995][T16535] gre0: entered allmulticast mode
[  814.311949][T16535] gretap0: entered promiscuous mode
[  814.313808][T16535] gretap0: entered allmulticast mode
[  814.320122][T16535] erspan0: entered promiscuous mode
[  814.322134][T16535] erspan0: entered allmulticast mode
[  814.333651][T16535] ip_vti0: entered promiscuous mode
[  814.339679][T16535] ip_vti0: entered allmulticast mode
[  814.356577][T16535] ip6_vti0: entered promiscuous mode
[  814.358696][T16535] ip6_vti0: entered allmulticast mode
[  814.365411][T16535] sit0: entered promiscuous mode
[  814.367205][T16535] sit0: entered allmulticast mode
[  814.388938][T16535] ip6tnl0: entered promiscuous mode
[  814.399728][T16535] ip6tnl0: entered allmulticast mode
[  814.403928][T16542] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4316'.
[  814.407879][T16542] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4316'.
[  814.529155][T16535] ip6gre0: entered promiscuous mode
[  814.548845][T16535] ip6gre0: entered allmulticast mode
[  814.842813][T16535] syz_tun: entered promiscuous mode
[  814.856172][T16535] syz_tun: entered allmulticast mode
[  814.882159][T16535] ip6gretap0: entered promiscuous mode
[  814.884277][T16535] ip6gretap0: entered allmulticast mode
[  814.891007][T16535] bridge0: entered promiscuous mode
[  814.901417][T16535] bridge0: entered allmulticast mode
[  814.929714][T16535] vcan0: entered promiscuous mode
[  814.931717][T16535] vcan0: entered allmulticast mode
[  814.935891][T16535] bond0: entered promiscuous mode
[  814.937850][T16535] bond_slave_0: entered promiscuous mode
[  814.940336][T16535] bond_slave_1: entered promiscuous mode
[  814.942796][T16535] bond0: entered allmulticast mode
[  814.944680][T16535] bond_slave_0: entered allmulticast mode
[  814.946778][T16535] bond_slave_1: entered allmulticast mode
[  814.951933][T16535] 8021q: adding VLAN 0 to HW filter on device bond0
[  814.956376][T16535] team0: entered promiscuous mode
[  814.958341][T16535] team_slave_0: entered promiscuous mode
[  814.960746][T16535] team_slave_1: entered promiscuous mode
[  814.963111][T16535] team0: entered allmulticast mode
[  814.964972][T16535] team_slave_0: entered allmulticast mode
[  814.967150][T16535] team_slave_1: entered allmulticast mode
[  814.971252][T16535] 8021q: adding VLAN 0 to HW filter on device team0
[  814.976114][T16535] dummy0: entered promiscuous mode
[  814.978118][T16535] dummy0: entered allmulticast mode
[  814.982971][T16535] nlmon0: entered promiscuous mode
[  814.985227][T16535] nlmon0: entered allmulticast mode
[  814.994086][T16535] caif0: entered promiscuous mode
[  814.996417][T16535] caif0: entered allmulticast mode
[  814.998593][T16535] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  815.355858][   T40] kauditd_printk_skb: 1186 callbacks suppressed
[  815.355915][   T40] audit: type=1326 audit(1757907307.342:9477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16560 comm="syz.1.4322" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  815.363469][T12864] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  815.368100][   T40] audit: type=1326 audit(1757907307.342:9478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16560 comm="syz.1.4322" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  815.368143][   T40] audit: type=1326 audit(1757907307.342:9479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16560 comm="syz.1.4322" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  815.368181][   T40] audit: type=1326 audit(1757907307.342:9480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16560 comm="syz.1.4322" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  815.368225][   T40] audit: type=1326 audit(1757907307.342:9481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16560 comm="syz.1.4322" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  815.368263][   T40] audit: type=1326 audit(1757907307.342:9482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16560 comm="syz.1.4322" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  815.368300][   T40] audit: type=1326 audit(1757907307.342:9483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16560 comm="syz.1.4322" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  815.368338][   T40] audit: type=1326 audit(1757907307.342:9484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16560 comm="syz.1.4322" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  815.368375][   T40] audit: type=1326 audit(1757907307.342:9485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16560 comm="syz.1.4322" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  815.368412][   T40] audit: type=1326 audit(1757907307.342:9486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16560 comm="syz.1.4322" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  815.536155][T12864] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  815.539943][T12864] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  815.546965][T12864] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  815.549792][T12864] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  815.552684][T12864] usb 7-1: Product: syz
[  815.554007][T12864] usb 7-1: Manufacturer: syz
[  815.556810][T12864] usb 7-1: SerialNumber: syz
[  815.761144][T16552] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  816.128683][T16572] ptrace attach of "/syz-executor exec"[15012] was attempted by "/syz-executor exec"[16572]
[  816.183199][ T1336] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  816.327683][ T1336] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  816.335216][ T1336] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  816.337693][T16552] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  816.337876][T16574] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4325'.
[  816.338032][T16574] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4325'.
[  816.341160][ T1336] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  816.352028][ T1336] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  816.355232][ T1336] usb 8-1: Product: syz
[  816.356953][ T1336] usb 8-1: Manufacturer: syz
[  816.358818][ T1336] usb 8-1: SerialNumber: syz
[  816.546153][T16552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  816.549051][T16552] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  816.552809][T12864] cdc_mbim 7-1:1.0: MAC-Address: 42:42:42:42:42:42
[  816.555033][T12864] cdc_mbim 7-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  816.557636][T12864] cdc_mbim 7-1:1.0: setting rx_max = 2048
[  816.566930][T16570] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  816.745092][T12864] cdc_mbim 7-1:1.0: setting tx_max = 184
[  816.750573][T12864] cdc_mbim 7-1:1.0: cdc-wdm0: USB WDM device
[  816.763865][T12864] wwan wwan0: port wwan0mbim0 attached
[  816.783156][T12864] cdc_mbim 7-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 42:42:42:42:42:42
[  816.814383][T16580] overlay: ./file1 is not a directory
[  816.937996][T12864] usb 7-1: USB disconnect, device number 17
[  816.940573][T12864] cdc_mbim 7-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[  817.003315][T12864] wwan wwan0: port wwan0mbim0 disconnected
[  817.143295][T16570] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  817.341954][T16570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  817.344994][T16570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  817.357147][ T1336] cdc_mbim 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[  817.359169][ T1336] cdc_mbim 8-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  817.361529][ T1336] cdc_mbim 8-1:1.0: setting rx_max = 2048
[  817.377933][T16587] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4328'.
[  817.498112][T16590] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4329'.
[  817.501134][T16590] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4329'.
[  817.552389][T16587] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  817.554554][ T1336] cdc_mbim 8-1:1.0: setting tx_max = 184
[  817.561521][ T1336] cdc_mbim 8-1:1.0: cdc-wdm0: USB WDM device
[  817.564465][ T1336] wwan wwan0: port wwan0mbim0 attached
[  817.910100][ T1336] cdc_mbim 8-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 42:42:42:42:42:42
[  817.918198][ T1336] usb 8-1: USB disconnect, device number 21
[  817.921756][ T1336] cdc_mbim 8-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[  817.979262][ T1336] wwan wwan0: port wwan0mbim0 disconnected
[  818.083248][T16711] input: syz1 as /devices/virtual/input/input68
[  818.156708][T16714] ptrace attach of "/syz-executor exec"[13757] was attempted by "/syz-executor exec"[16714]
[  818.168454][T16715] FAULT_INJECTION: forcing a failure.
[  818.168454][T16715] name failslab, interval 1, probability 0, space 0, times 0
[  818.172406][T16715] CPU: 3 UID: 0 PID: 16715 Comm: syz.0.4334 Not tainted syzkaller #0 PREEMPT(full) 
[  818.172420][T16715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  818.172428][T16715] Call Trace:
[  818.172433][T16715]  <TASK>
[  818.172437][T16715]  dump_stack_lvl+0x16c/0x1f0
[  818.172457][T16715]  should_fail_ex+0x512/0x640
[  818.172475][T16715]  ? fs_reclaim_acquire+0xae/0x150
[  818.172492][T16715]  ? tomoyo_encode2+0x100/0x3e0
[  818.172508][T16715]  should_failslab+0xc2/0x120
[  818.172522][T16715]  __kmalloc_noprof+0xd2/0x510
[  818.172538][T16715]  tomoyo_encode2+0x100/0x3e0
[  818.172555][T16715]  tomoyo_encode+0x29/0x50
[  818.172569][T16715]  tomoyo_realpath_from_path+0x18f/0x6e0
[  818.172586][T16715]  ? tomoyo_profile+0x47/0x60
[  818.172597][T16715]  tomoyo_path_number_perm+0x245/0x580
[  818.172610][T16715]  ? tomoyo_path_number_perm+0x237/0x580
[  818.172624][T16715]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  818.172651][T16715]  ? find_held_lock+0x2b/0x80
[  818.172662][T16715]  ? hook_file_ioctl_common+0x145/0x410
[  818.172680][T16715]  ? __fget_files+0x20e/0x3c0
[  818.172694][T16715]  security_file_ioctl_compat+0x9b/0x240
[  818.172710][T16715]  __ia32_compat_sys_ioctl+0xc3/0x370
[  818.172729][T16715]  __do_fast_syscall_32+0x7c/0x300
[  818.172747][T16715]  do_fast_syscall_32+0x32/0x80
[  818.172757][T16715]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  818.172770][T16715] RIP: 0023:0xf7f63579
[  818.172779][T16715] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  818.172789][T16715] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  818.172800][T16715] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004008ae89
[  818.172807][T16715] RDX: 00000000800003c0 RSI: 0000000000000000 RDI: 0000000000000000
[  818.172813][T16715] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  818.172819][T16715] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  818.172825][T16715] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  818.172838][T16715]  </TASK>
[  818.172848][T16715] ERROR: Out of memory at tomoyo_realpath_from_path.
[  818.309179][T16717] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4335'.
[  818.312050][T16717] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4335'.
[  818.388312][T16721] overlayfs: statfs failed on './file0'
[  818.545002][   T29] usb 42-1: device descriptor read/8, error -110
[  818.649701][ T1336] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  818.803801][ T1336] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  818.807253][ T1336] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  818.812084][ T1336] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  818.815148][ T1336] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  818.817635][ T1336] usb 8-1: Product: syz
[  818.818950][ T1336] usb 8-1: Manufacturer: syz
[  818.820482][ T1336] usb 8-1: SerialNumber: syz
[  818.936031][   T29] usb usb42-port1: attempt power cycle
[  818.991499][T16734] ubi31: attaching mtd0
[  818.994895][T16734] ubi31: scanning is finished
[  818.996482][T16734] ubi31: empty MTD device detected
[  819.025023][T16725] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  819.069062][T16734] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  819.071753][T16734] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  819.076293][T16739] input: syz1 as /devices/virtual/input/input69
[  819.085158][T16734] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  819.091363][T16734] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  819.093935][T16734] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  819.096172][T16734] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  819.107451][T16734] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 78479153
[  819.110815][T16734] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  819.114267][T16738] ubi31: background thread "ubi_bgt31d" started, PID 16738
[  819.481032][   T29] usb usb42-port1: unable to enumerate USB device
[  819.602227][T16725] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  819.806878][T16725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  819.810688][T16725] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  819.814805][ T1336] cdc_mbim 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[  819.816859][ T1336] cdc_mbim 8-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  819.819295][ T1336] cdc_mbim 8-1:1.0: setting rx_max = 2048
[  819.882545][T16750] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  819.885237][T16750] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  819.888997][T16750] vhci_hcd vhci_hcd.0: Device attached
[  819.940499][T16753] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4343'.
[  819.956990][T16753] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  820.010306][ T1336] cdc_mbim 8-1:1.0: setting tx_max = 184
[  820.013004][ T1336] cdc_mbim 8-1:1.0: cdc-wdm0: USB WDM device
[  820.015841][ T1336] wwan wwan0: port wwan0mbim0 attached
[  820.020591][ T1336] cdc_mbim 8-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 42:42:42:42:42:42
[  820.031188][T16325] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  820.069562][ T6089] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  820.072109][ T6089] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  820.078580][    C2] ------------[ cut here ]------------
[  820.080411][    C2] workqueue: cannot queue hci_cmd_timeout on wq hci1
[  820.082545][    C2] WARNING: CPU: 2 PID: 16748 at kernel/workqueue.c:2255 __queue_work+0xd03/0x1160
[  820.085409][    C2] Modules linked in:
[  820.086860][    C2] CPU: 2 UID: 0 PID: 16748 Comm: syz.1.4343 Not tainted syzkaller #0 PREEMPT(full) 
[  820.091184][    C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  820.094474][    C2] RIP: 0010:__queue_work+0xd03/0x1160
[  820.096166][    C2] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4b 04 00 00 48 8b 75 18 4c 89 fa 48 c7 c7 e0 01 ac 8b e8 de 4b f7 ff 90 <0f> 0b 90 90 e9 2f f7 ff ff e8 4f 54 38 00 90 0f 0b 90 e9 b4 f5 ff
[  820.102011][    C2] RSP: 0018:ffffc90000538be8 EFLAGS: 00010082
[  820.103894][    C2] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a02f8
[  820.106392][    C2] RDX: ffff88801d7d0000 RSI: ffffffff817a0305 RDI: 0000000000000001
[  820.108802][    C2] RBP: ffff88806e0c0970 R08: 0000000000000001 R09: 0000000000000000
[  820.111348][    C2] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff920000a718f
[  820.113782][    C2] R13: 0000000000000100 R14: ffffffff8182c6e0 R15: ffff8880254c3978
[  820.116209][    C2] FS:  0000000000000000(0000) GS:ffff8880976ba000(0063) knlGS:00000000f54adb40
[  820.118981][    C2] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  820.121034][    C2] CR2: 000000000c3282a0 CR3: 000000004be13000 CR4: 0000000000352ef0
[  820.123499][    C2] Call Trace:
[  820.124549][    C2]  <IRQ>
[  820.125455][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  820.127319][    C2]  call_timer_fn+0x197/0x620
[  820.128761][    C2]  ? __pfx_call_timer_fn+0x10/0x10
[  820.130355][    C2]  ? __run_timers+0x559/0x960
[  820.131816][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  820.133631][    C2]  __run_timers+0x569/0x960
[  820.135048][    C2]  ? __pfx___run_timers+0x10/0x10
[  820.136617][    C2]  run_timer_base+0x114/0x190
[  820.138090][    C2]  ? __pfx_run_timer_base+0x10/0x10
[  820.139755][    C2]  run_timer_softirq+0x1a/0x40
[  820.141269][    C2]  handle_softirqs+0x216/0x8e0
[  820.142782][    C2]  ? __pfx_handle_softirqs+0x10/0x10
[  820.144444][    C2]  __irq_exit_rcu+0x109/0x170
[  820.145965][    C2]  irq_exit_rcu+0x9/0x30
[  820.147290][    C2]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  820.149035][    C2]  </IRQ>
[  820.149971][    C2]  <TASK>
[  820.150900][    C2]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  820.152750][    C2] RIP: 0010:__sanitizer_cov_trace_pc+0x46/0x70
[  820.154681][    C2] Code: 74 1d f6 c4 01 74 43 a9 00 00 0f 00 75 3c a9 00 00 f0 00 75 35 8b 82 3c 16 00 00 85 c0 74 2b 8b 82 18 16 00 00 83 f8 02 75 20 <48> 8b 8a 20 16 00 00 8b 92 1c 16 00 00 48 8b 01 48 83 c0 01 48 39
[  820.160520][    C2] RSP: 0018:ffffc9000c88f6b8 EFLAGS: 00000246
[  820.162410][    C2] RAX: 0000000000000002 RBX: ffffc9000c88f8f8 RCX: ffffffff89683d43
[  820.164842][    C2] RDX: ffff88801d7d0000 RSI: ffffffff89683e0d RDI: 0000000000000001
[  820.167300][    C2] RBP: 1ffff92001911ed8 R08: 0000000000000001 R09: 0000000000000000
[  820.169982][    C2] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  820.172407][    C2] R13: ffffc9000c88fd58 R14: ffff88806fa50880 R15: ffff888012e1aa18
[  820.173840][   T29] usb 38-1: SetAddress Request (73) to port 0
[  820.174996][    C2]  ? __scm_recv_common.constprop.0+0x333/0x520
[  820.176975][   T29] usb 38-1: new SuperSpeed USB device number 73 using vhci_hcd
[  820.178814][    C2]  ? __scm_recv_common.constprop.0+0x3fd/0x520
[  820.183054][    C2]  ? find_held_lock+0x2b/0x80
[  820.184528][    C2]  __scm_recv_common.constprop.0+0x3fd/0x520
[  820.184980][T16325] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  820.186431][    C2]  ? __pfx___scm_recv_common.constprop.0+0x10/0x10
[  820.189776][T16325] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  820.191854][    C2]  ? mark_held_locks+0x49/0x80
[  820.196817][    C2]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  820.198878][    C2]  ? lockdep_hardirqs_on+0x7c/0x110
[  820.200488][    C2]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  820.202317][    C2]  scm_recv_unix+0x99/0x400
[  820.203739][    C2]  ? __pfx_scm_recv_unix+0x10/0x10
[  820.204887][T16325] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  820.205358][    C2]  ? __pfx___skb_try_recv_datagram+0x10/0x10
[  820.208933][T16325] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  820.210785][    C2]  __unix_dgram_recvmsg+0x769/0xc30
[  820.213453][ T1336] usb 8-1: USB disconnect, device number 22
[  820.214914][    C2]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[  820.217259][ T1336] cdc_mbim 8-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[  820.218480][    C2]  ? __lock_acquire+0xb97/0x1ce0
[  820.221453][T16325] usb 7-1: Product: syz
[  820.222710][    C2]  unix_dgram_recvmsg+0xd0/0x110
[  820.222727][    C2]  ____sys_recvmsg+0x5f9/0x6b0
[  820.222743][    C2]  ? __pfx_____sys_recvmsg+0x10/0x10
[  820.222754][    C2]  ? import_iovec+0x86/0xb0
[  820.224093][T16325] usb 7-1: Manufacturer: syz
[  820.225636][    C2]  ___sys_recvmsg+0x114/0x1a0
[  820.227306][T16325] usb 7-1: SerialNumber: syz
[  820.228927][    C2]  ? __pfx____sys_recvmsg+0x10/0x10
[  820.236267][    C2]  ? __pfx___might_resched+0x10/0x10
[  820.237911][    C2]  ? do_recvmmsg+0x2d8/0x750
[  820.239358][    C2]  do_recvmmsg+0x55d/0x750
[  820.240756][    C2]  ? __pfx_do_recvmmsg+0x10/0x10
[  820.242323][    C2]  ? read_tsc+0x9/0x20
[  820.243610][    C2]  ? find_held_lock+0x2b/0x80
[  820.245077][    C2]  __sys_recvmmsg+0x21c/0x280
[  820.246585][    C2]  ? __pfx___sys_recvmmsg+0x10/0x10
[  820.248198][    C2]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  820.250125][    C2]  ? lockdep_hardirqs_on+0x7c/0x110
[  820.251732][    C2]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  820.253767][    C2]  __do_fast_syscall_32+0x7c/0x300
[  820.255359][    C2]  do_fast_syscall_32+0x32/0x80
[  820.256868][    C2]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  820.258850][    C2] RIP: 0023:0xf70de579
[  820.260158][    C2] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  820.266109][    C2] RSP: 002b:00000000f54ad55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  820.268655][    C2] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0
[  820.271307][    C2] RDX: 0000000000010106 RSI: 0000000000000002 RDI: 0000000000000000
[  820.273741][    C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  820.276170][    C2] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  820.278601][    C2] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  820.281023][    C2]  </TASK>
[  820.282001][    C2] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  820.284245][    C2] CPU: 2 UID: 0 PID: 16748 Comm: syz.1.4343 Not tainted syzkaller #0 PREEMPT(full) 
[  820.287181][    C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  820.290511][    C2] Call Trace:
[  820.291565][    C2]  <IRQ>
[  820.292474][    C2]  dump_stack_lvl+0x3d/0x1f0
[  820.293927][    C2]  vpanic+0x6e8/0x7a0
[  820.295176][    C2]  ? __pfx_vpanic+0x10/0x10
[  820.296581][    C2]  ? __queue_work+0xd03/0x1160
[  820.298090][    C2]  panic+0xca/0xd0
[  820.299270][    C2]  ? __pfx_panic+0x10/0x10
[  820.300653][    C2]  ? check_panic_on_warn+0x1f/0xb0
[  820.302260][    C2]  check_panic_on_warn+0xab/0xb0
[  820.303812][    C2]  __warn+0xf6/0x3c0
[  820.305042][    C2]  ? __queue_work+0xd03/0x1160
[  820.306636][    C2]  report_bug+0x3c3/0x580
[  820.307991][    C2]  ? __queue_work+0xd03/0x1160
[  820.309481][    C2]  handle_bug+0x184/0x210
[  820.310825][    C2]  exc_invalid_op+0x17/0x50
[  820.312247][    C2]  asm_exc_invalid_op+0x1a/0x20
[  820.313778][    C2] RIP: 0010:__queue_work+0xd03/0x1160
[  820.315459][    C2] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4b 04 00 00 48 8b 75 18 4c 89 fa 48 c7 c7 e0 01 ac 8b e8 de 4b f7 ff 90 <0f> 0b 90 90 e9 2f f7 ff ff e8 4f 54 38 00 90 0f 0b 90 e9 b4 f5 ff
[  820.321333][    C2] RSP: 0018:ffffc90000538be8 EFLAGS: 00010082
[  820.323262][    C2] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a02f8
[  820.325733][    C2] RDX: ffff88801d7d0000 RSI: ffffffff817a0305 RDI: 0000000000000001
[  820.328188][    C2] RBP: ffff88806e0c0970 R08: 0000000000000001 R09: 0000000000000000
[  820.330612][    C2] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff920000a718f
[  820.333091][    C2] R13: 0000000000000100 R14: ffffffff8182c6e0 R15: ffff8880254c3978
[  820.335523][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  820.337327][    C2]  ? __warn_printk+0x198/0x350
[  820.338825][    C2]  ? __warn_printk+0x1a5/0x350
[  820.340312][    C2]  ? __queue_work+0xd02/0x1160
[  820.341848][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  820.343662][    C2]  call_timer_fn+0x197/0x620
[  820.345107][    C2]  ? __pfx_call_timer_fn+0x10/0x10
[  820.346746][    C2]  ? __run_timers+0x559/0x960
[  820.348205][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  820.350015][    C2]  __run_timers+0x569/0x960
[  820.351429][    C2]  ? __pfx___run_timers+0x10/0x10
[  820.353005][    C2]  run_timer_base+0x114/0x190
[  820.354503][    C2]  ? __pfx_run_timer_base+0x10/0x10
[  820.356260][    C2]  run_timer_softirq+0x1a/0x40
[  820.358002][    C2]  handle_softirqs+0x216/0x8e0
[  820.359477][    C2]  ? __pfx_handle_softirqs+0x10/0x10
[  820.361106][    C2]  __irq_exit_rcu+0x109/0x170
[  820.362569][    C2]  irq_exit_rcu+0x9/0x30
[  820.363906][    C2]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  820.365654][    C2]  </IRQ>
[  820.366593][    C2]  <TASK>
[  820.367529][    C2]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  820.369368][    C2] RIP: 0010:__sanitizer_cov_trace_pc+0x46/0x70
[  820.371274][    C2] Code: 74 1d f6 c4 01 74 43 a9 00 00 0f 00 75 3c a9 00 00 f0 00 75 35 8b 82 3c 16 00 00 85 c0 74 2b 8b 82 18 16 00 00 83 f8 02 75 20 <48> 8b 8a 20 16 00 00 8b 92 1c 16 00 00 48 8b 01 48 83 c0 01 48 39
[  820.377425][    C2] RSP: 0018:ffffc9000c88f6b8 EFLAGS: 00000246
[  820.379314][    C2] RAX: 0000000000000002 RBX: ffffc9000c88f8f8 RCX: ffffffff89683d43
[  820.381745][    C2] RDX: ffff88801d7d0000 RSI: ffffffff89683e0d RDI: 0000000000000001
[  820.384204][    C2] RBP: 1ffff92001911ed8 R08: 0000000000000001 R09: 0000000000000000
[  820.386743][    C2] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  820.389179][    C2] R13: ffffc9000c88fd58 R14: ffff88806fa50880 R15: ffff888012e1aa18
[  820.391630][    C2]  ? __scm_recv_common.constprop.0+0x333/0x520
[  820.393572][    C2]  ? __scm_recv_common.constprop.0+0x3fd/0x520
[  820.395800][    C2]  ? find_held_lock+0x2b/0x80
[  820.397294][    C2]  __scm_recv_common.constprop.0+0x3fd/0x520
[  820.399155][    C2]  ? __pfx___scm_recv_common.constprop.0+0x10/0x10
[  820.401162][    C2]  ? mark_held_locks+0x49/0x80
[  820.402651][    C2]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  820.404476][    C2]  ? lockdep_hardirqs_on+0x7c/0x110
[  820.406142][    C2]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  820.407942][    C2]  scm_recv_unix+0x99/0x400
[  820.409353][    C2]  ? __pfx_scm_recv_unix+0x10/0x10
[  820.410936][    C2]  ? __pfx___skb_try_recv_datagram+0x10/0x10
[  820.412795][    C2]  __unix_dgram_recvmsg+0x769/0xc30
[  820.414430][    C2]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[  820.416183][    C2]  ? __lock_acquire+0xb97/0x1ce0
[  820.417734][    C2]  unix_dgram_recvmsg+0xd0/0x110
[  820.419272][    C2]  ____sys_recvmsg+0x5f9/0x6b0
[  820.420764][    C2]  ? __pfx_____sys_recvmsg+0x10/0x10
[  820.422426][    C2]  ? import_iovec+0x86/0xb0
[  820.423855][    C2]  ___sys_recvmsg+0x114/0x1a0
[  820.425325][    C2]  ? __pfx____sys_recvmsg+0x10/0x10
[  820.426989][    C2]  ? __pfx___might_resched+0x10/0x10
[  820.428624][    C2]  ? do_recvmmsg+0x2d8/0x750
[  820.430078][    C2]  do_recvmmsg+0x55d/0x750
[  820.431475][    C2]  ? __pfx_do_recvmmsg+0x10/0x10
[  820.433051][    C2]  ? read_tsc+0x9/0x20
[  820.434365][    C2]  ? find_held_lock+0x2b/0x80
[  820.435826][    C2]  __sys_recvmmsg+0x21c/0x280
[  820.437408][    C2]  ? __pfx___sys_recvmmsg+0x10/0x10
[  820.439064][    C2]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  820.441230][    C2]  ? lockdep_hardirqs_on+0x7c/0x110
[  820.442906][    C2]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  820.445006][    C2]  __do_fast_syscall_32+0x7c/0x300
[  820.446665][    C2]  do_fast_syscall_32+0x32/0x80
[  820.448210][    C2]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  820.450190][    C2] RIP: 0023:0xf70de579
[  820.451546][    C2] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  820.457507][    C2] RSP: 002b:00000000f54ad55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  820.460081][    C2] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0
[  820.462546][    C2] RDX: 0000000000010106 RSI: 0000000000000002 RDI: 0000000000000000
[  820.465017][    C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  820.467502][    C2] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  820.469946][    C2] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  820.472430][    C2]  </TASK>
[  820.474114][    C2] Kernel Offset: disabled
[  820.475586][    C2] Rebooting in 86400 seconds..

VM DIAGNOSIS:
03:22:19  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000002 RBX=ffffc900070a7d58 RCX=ffffc9000c8b1000 RDX=ffff888023a20000
RSI=ffffffff8989a330 RDI=ffffc900070a7db0 RBP=0000000000000000 RSP=ffffc900070a7a38
R8 =0000000000000005 R9 =0000000000000400 R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=ffffc900070a7b70 R14=0000000000000000 R15=00000000800d5940
RIP=ffffffff81bb0a21 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880974ba000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000056d3f4c0 CR3=000000006c6aa000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000040000002 RBX=0000000000000000 RCX=ffffffff815cae48 RDX=ffff8880245aa440
RSI=ffffffff815cae52 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffc9000046fbc8
R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=0000000000000063 R14=0000000000000000 R15=000000000000002b
RIP=ffffffff8100184b RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880975ba000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c37933c CR3=000000006c6aa000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000003a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8561dc95 RDI=ffffffff9b102740 RBP=ffffffff9b102700 RSP=ffffc90000538550
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=000000000000003a R14=ffffffff9b102700 R15=ffffffff8561dc30
RIP=ffffffff8561dcbf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880976ba000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c3282a0 CR3=000000004be13000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff888026e2d398 RCX=0000000000000001 RDX=0000000000000000
RSI=ffffffff8e5c1420 RDI=ffff888026e2d398 RBP=ffffffff8e5c1420 RSP=ffffc90003bf7900
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffff888026e2c880 R13=ffff888026e2d370 R14=00000000ffffffff R15=0000000000000001
RIP=ffffffff8b949060 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977ba000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f54ad510 CR3=000000004ba50000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000