last executing test programs:

30.871659971s ago: executing program 2 (id=2453):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0xa, 0x1, 0x2f)
getsockopt$kcm_KCM_RECV_DISABLE(r1, 0x11e, 0x1, 0x0, 0x20000000)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f00000001c0)={0x5, 0x0, 0x5}, 0x10)
r2 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private1}, {0xa, 0x0, 0x0, @mcast1, 0xffffffff}}, 0x5c)
setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f00000001c0)=0x1, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a140000001000010000000000000000000084000a09"], 0x28}}, 0x4000050)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev, 0x11}, 0x1c)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000100))
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000080)=0x80)
ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_LINKAT={0x27, 0xa, 0x0, 0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00', 0xffffffffffffffff, 0x1400})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x40, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x3938700}, 0x1, 0x0, 0x1})
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f00000000c0)=',,\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff9000/0x2000)=nil, 0x2000, &(0x7f0000000140)=',,\x00')
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"})
r9 = syz_open_pts(r8, 0x141201)
write(r9, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCFLSH(r8, 0x540b, 0x2)
sendmsg$nl_route(r7, &(0x7f0000000400)={0x0, 0xfffffff0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000760009eeffffffffffffff0400000000", @ANYRES32=<r10=>0x0, @ANYBLOB="04000d80080005"], 0x24}, 0x1, 0x5502000000000000}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, &(0x7f0000000380)='cache=mmap')
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001a00010000000000000000000200000000000000000000000c00090007003303", @ANYRES32, @ANYRES16=r9, @ANYRES16=r10], 0x30}}, 0x0)

29.379883802s ago: executing program 2 (id=2455):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x4, &(0x7f0000000780)=[{0x45, 0x0, 0x4}, {}, {}, {}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x5, 0x84)
unshare(0x680)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000000)=0x5, 0x4)

25.118654158s ago: executing program 2 (id=2464):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000240)=@newtaction={0x14}, 0x14}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x400000000000235, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000001d00), 0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x59032, 0xffffffffffffffff, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev, 0xd}, 0x1c)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$xdp(0x2c, 0x3, 0x0)
connect$inet(r5, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}}, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))

23.928014157s ago: executing program 2 (id=2467):
syz_open_dev$usbfs(&(0x7f0000000080), 0x0, 0x0)
io_setup(0x3ff, &(0x7f0000000500))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_usb_connect$cdc_ecm(0x4, 0x62, &(0x7f0000000100)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x50, 0x1, 0x1, 0x1, 0x80, 0x9, [{{0x9, 0x4, 0x0, 0x10, 0x2, 0x2, 0x6, 0x0, 0x3, {{0xa, 0x24, 0x6, 0x0, 0x0, "410105d407"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x8, 0xb7fc, 0xb, 0xf9}, [@network_terminal={0x7, 0x24, 0xa, 0xf, 0x10, 0xfd, 0x2}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x5, 0x4, 0x3}}], {{0x9, 0x5, 0x82, 0x2, 0x400, 0x0, 0x4, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x8, 0xc, 0x9}}}}}]}}]}}, &(0x7f00000009c0)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x201, 0x9, 0x1, 0x9, 0x20, 0x8}, 0x5, &(0x7f0000000200)={0x5, 0xf, 0x5}, 0x9, [{0xfe, &(0x7f0000000400)=@string={0xfe, 0x3, "2051657138da4c62b9162f0c72e3ed4227f6432118d01d85633705f127aaeae07dbce0708efb97b03b5742f56840778fc25743c62227d73176ee7390f73d54a9808db5f651ca841183fff0dbc0f40c4637b6caceee81410b1fc91d681987b1cb1014d55eb0e021a54ddb2c20a90b9aa0f7ed4409b9be5619d0a07187fe55299232ffa6318aec81b6457f85e8d404dcc1bfa92b39d18b165cdf6fed8b64f1d05780fac654ac8427aa05bd8a5637482f85d08106b44a4479d909f7547e0af7310a967cb4616a3e44585246178a843142d833270491056828818721e495c2f4de9bc3f466043268cf929e4a9705236c3569a1714983173d586d7285a6ce"}}, {0xe6, &(0x7f0000000540)=@string={0xe6, 0x3, "ffc13c60a6de47295f11f0acfad44cf33a5d0bf06152063411177972627d551e4143bfac0afbb7afc4838301e38415d7e634f284f8e955164e5e76858b8be9aa92b08609b7b7c03d0f022a2b043310fc4fd99fd4974817ed3e13a9615a3b6e48267af57d7d825e5fd116a2b3197506ae534b5767fa51492aee95c45a4660532fa279822ece3da9073ec979b88d8b64894f2b3ebfbe959c181296c1688249325aa4871a57385771fff45c19f98bd32fa4df1781cc3d1358d9361601459784b7b355370f5675867adfddfeabd4b249c31063a1486a806c3868aa27bceae527ea641579dd9a"}}, {0xd6, &(0x7f0000000640)=@string={0xd6, 0x3, "cd2bef4c6d5e896a52159a99fa8509be3625730a77ebb39546952b2602765350d9fc0bc4774c295f8887dfd40a461ede3c28f7a3190e4b2193bccf3acc819ff29c20dc276bda59355f41040a22ae8b5380fb15d38a91c6d5d0795a44d2dd15440f8ef99f0542042938c0a37c6fc270dc3eb325ef5f536261c0117920f9022d1c4b868d4f9d63658c4792c69b02e69665c33d4d9dfaf3c28fc4da53ffab8ca16ce3fe04d2d623aa72699baa0600b3977bcfc1b60c370cf13f457c0943cf199b08ed57b574c981e82473769b9843763a1c5c76a1ab"}}, {0xb2, &(0x7f0000000300)=@string={0xb2, 0x3, "c762eee261340557bf0de0377ba4f85ff0cead8f561b5065fc00fe447bc2b6952b34eb36b1b7ee93fcc0c7a6e6938f4f4a68b0a935d04846321dc0a3ee5950bfff99c243004393146e6da290486cb94991daa4000c6da8cee4f33cce0dc9ddc1f3c5232d5c8d3568c1593a7c4d364fb39925f8bb53a283885f14bbc32ecec03991aad49dc1f82359a4674b3d2b030f58e8b7b3b14463bb138e9907da6142c665986781c4982282cceaaefa3b528ebf6c"}}, {0x21, &(0x7f0000000280)=@string={0x21, 0x3, "134596bde90ba4bba4a94bf39dc153b2ab1ae9c420d1b3d1d9f68249d33c54"}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x43f}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x409}}, {0xab, &(0x7f0000000800)=@string={0xab, 0x3, "c399a6fac5e91d335bcade1914515abc58afb24eb2f1e311a7631af1f41ef7a34850bf0f8f16b105378fd1a5c2b3380d4fc9cab1066d33671e1e7b8dbf0b569795e4c91e8a8c62cecaedf554e9ca874ec44eaffc7e0af9018b1baaa683c022a8292d6140bef1ef48cd71d18c3cad1a1d3659955a05f259439da4c9a007601fdfea6c53a3963d00df706a262b73315c9607b5f153a68024e063af2c4de67b59160e6faf78ab811a4d99"}}, {0xcc, &(0x7f00000008c0)=@string={0xcc, 0x3, "59a67f2e48cdaede36f0c049a5830fba2a05943db71e52105304c1ca4d456d71c8e2765eaac48ec8098774217b3cec3f4dc520b06673e554e6fdf104ea4ffdc06fdf062b15ff98aa6379a6aa70dc8da51a6a06ea8edc098fd2c0aaed1b9cefc224371a014dcce9253d7f951cdb583a0e5488d9a336409e4f54489deef6e08cf7048e080b8e0cad8a0a7395fb6a24a46e40d97933c8ce83dd90ded987ba2593c0bfed1264a5802ac198530d106afe98b9e32356b1a56571478be226fe92453fc7375cc585a302ec15d534"}}]})
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, 0x0)
ioctl$DRM_IOCTL_MODE_DIRTYFB(r3, 0xc01864b1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)})
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0xdf4, 0x42083)
ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000040)={0x980902, 0x3, @value=0x140000000000})
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)
r5 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r5, 0xc040565e, &(0x7f0000000040)={0x2})

23.850118616s ago: executing program 1 (id=2468):
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xa0090199)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
r1 = syz_open_dev$video(&(0x7f0000000200), 0x9, 0x423940)
ioctl$VIDIOC_S_FMT(r1, 0xc0cc5605, &(0x7f0000000100)={0x1, @pix_mp={0x2, 0x0, 0x38303553, 0x0, 0x2, [{0xffffffff}, {0x0, 0x7}, {}, {}, {0x0, 0x2}, {0x8001, 0x6}, {0x4}], 0x3, 0x62}})
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x1b3a, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x3, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000))
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x98}, {0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde, 0x0, 0x0, 0x8}, {0x3fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}]})
getpid()
process_madvise(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)='O', 0x1}], 0x1, 0x19, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000380)=@filter={'filter\x00', 0xe, 0x2, 0x90, [0x0, 0x20000040, 0x20000070, 0x200000a0], 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0040000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff00000000"]}, 0xe0)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000140)=0x6, 0x4)
syz_open_dev$vbi(&(0x7f0000000100), 0x1, 0x2)

23.470455382s ago: executing program 1 (id=2469):
r0 = syz_usb_connect(0x0, 0x3d7, &(0x7f00000007c0)=ANY=[@ANYBLOB="120100004cefc008e10593085bfd010203010902c50301000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x18, &(0x7f0000002300)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000440)={0xc, &(0x7f0000000380)={0x0, 0x5, 0x44, {0x44, 0x4, "b53c5604455fa4ca58108dae66521281978d2ce2ef519e45aeaa3a4ac5b1baff090092baab20018cfab65f184e2855375dc2cd8f6a5c753172348582bbb4397fc8ec"}}, &(0x7f0000000400)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000006c0)={0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="00134600000052d0b0f865f88c3f16dedddcc59f9e55335599496664f147c826890194814ef05a614d13ec4b6ec777592a0214bdfe058fe770fd124dc63f870d63f2ddabbdd882"], &(0x7f0000000500)={0x0, 0xa, 0x1, 0x80}, &(0x7f0000000540)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000580)={0x20, 0x80, 0x1c, {0x6, 0x7f, 0x9, 0x2, 0x5, 0x880, 0x401, 0x80000001, 0xe, 0xff84, 0x0, 0xffff}}, &(0x7f00000005c0)={0x20, 0x85, 0x4, 0x8e}, &(0x7f0000000600)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000640)={0x20, 0x87, 0x2, 0x2}, &(0x7f0000000680)={0x20, 0x89, 0x2, 0x1}})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="03c90000cf47d16331aef6ee13ff7f266e13da7be839b35e9ae1a333f2d8fd8e1983903166f4d8f3d5e043b8eb3a4dd0a04b39df97c82009b793cd734558a268aac6cea0ca6aa40899810bc164d8ad6b2ce23bf4b88d9b72991218c6c68e9a992582d217f639c8ad76405b511163edb9ca95e8123830003ab82fc86a517ac2aff77866914ebb9aca4a6e530d80f19ee31eeb1e5b8139b72264f8fceb54ee9980e771c5f11155b69e12e65e6a3699d1b80648dd949081f1a612b7b5950f41554c9b832f7cf9efa4987bd88887917199318d28808204e7638ca5932c066d2a662e600ac0a8f27b86c066f2bceabd1b3af66c12fefa311c5afe0821a14432925187a05476e0a972e85f26a24832c357d70d354ade966e6963234e4956658ac9ece3780485fcb3decb69a029ffbeda1c7b27bb020f4137624286d8a2d22221028b3efd3433e7fd3ba291446947a274a748f45bb347fa49e295cfa305f5dd46b662afde61cfee33ea823d23f46a662146886c6e3c30e660d765f46dcc14914b3e342e44436410fedeb6594f37ac94cd336dea463e0541daadbe70b5b925741db16240afc85f391539569ac14e5dccb9ca5790c33f8a6cdd7abc1cb762972634968ecb9f1dff8b6b6cd6f5f56db31c24ac5b2b1bed2efea1f4e67f686a8abfa41f297a165b9fcb4800230ed07af34727fe6c2cc6daf796cc38e8f03ee4fb786a92fabfbded442086d657dec598edb21ba428d4bb28ac974c38218bcf08ad3b4f6698ae05855769dbe5693eac83a223b76a5f452195795d3d485e5c0a18caf2315c3a21acb4bb661082b1c4fccfff8f0c52c353dedd3b9e575b800cfec557e43527228abf820e16411b45c77e99f308dcc5dcd1c3b8ddb828e6481c1fc6275c3e1ed4a1f0fe6d97db39cb3ad5b08400cc990ed5797e23fcd81ee76eed1caaf2ec709c18b014dfcfac7eb658f1c07a894dca1d8e23ebbc18c7b0acefacd915235a54637d13965681a6a527325d13b4a88a21505860873038bc6ca68e25bed80496e65b53a4817e7dba3cbe31eebb770ab04202486634b7210500238707cd664735c07e539e8ccb09ec82d7fad69c4f31113b4a01089a81d4a1787d69957a2dfcf371f0c357eba5a587f0d09d64588f3fade99726d786085b513e720fd1d889104e1d98bf4fe23d6bd8c408c44fc702880e6c53a733aaafec836a80b9e69d1432225dda63a755bde5103fbba7af46f81b3b0c3457d49e187c7fa53e9410d4ff7dd1c9a954d549b49197f350e8451e850279ba4690a4ff3fa4f91ebfa4dda7d2a60257d70c09ad6520387baf2cd734bf1f993565f7ccf80f29b1414e595de79ec03faf7afbeff3daf0034aeecfe41640366ae3c1d1b9437cb7580b9a94fe71a5ffe7be4f959cc5972e1672c5f5c5d252a63804d1a292aac2582b78ac73ea143095bc1283b210c66ecc5b5b9be4d6649920118d51429328f8a983a89f8f5d6ec383c89f07e91e0726ed40776d72d7499652a84f9d0bb086e9479a6d703907ee17345ed763ae817751515c744d428ac51fb10eba495f9a477809a4c1b447a94a3f6d1a092b109478ca36c3da494552d34f30d74a32958c53ec091e32ca8aaf5c814881d4bb3add2b07f362e9e4ea17b3f8b6e7310fcbea4ea6f2d9f5505b011011b75eb4dbf2455f665027abe2bb73dd37dff9c6aab6e9454bbd7bb887aef12f19f446bcbf257ada0e5144f708ccf350f07b861b813eb4cdab02d74b660d960c737f553f84b2d027da58f02345704583717199f693c913bfc2704cfde1b31270c43f17d51c82b672796fd6e1d09e34659d7e5fd9a1a69dcdde367c074b47beeb88f374740a64d9e9a99f4fabdbfca311174da518f868704e3fe259e6069330b04d2d3804a3428d2e04a483599f5ff47ff8c877601fcae33999575180fb540ff00c55728d0ee8eb6550658c7cbc8be4f87b50a9650a33aa164c6bae4044dfc080cf43a1c80e8a8132f973faefcf2ee23f9c2f3119fa93c0e5875832d4f8b6c2a1c347d480f15ead27ba7fb6e2ba9f2204982023b15b0f9df44ce9bba765c9598810593dd32a520ba72a5bfc375f36f4ea4a55017b1494c392568ef6828c18a1f2cec1442f705687695e42f62734ac2c1b0fed399ccf29b20fccd476afc72217182a73c970029c7679dffaebfc2ab9e8d18f5e757ccde87ac69b2bb0243b2e86d225dd2edad4919977bde1806bd6305eff22f2d63646c3a856a002aaea40d96e4811fe0cf5ad942e087c55551fdccc65835686320aa635ec50872f1c30cd8a732515b4dbfa132f905205f4b2ec64d1b9a9101ee2c3d0a110e40fd40d2c0b19f9a77b43f0b14e283ad1038de31cb21c2857d278933fd4bf106a7a93e16b28d71dfa73fa0695c77c0b1236e4cc7f17837be252d1011edf8ba626315e416b2963e96172b3294ec1f087672b0fc404edb79ca9b8e7a46f69b7a6f8b0488ec6c10f937632cc29bdb6f2c0ca86b978db6ca3cb9aa9b5f253fb5ba52e5b3738468236bd3ed26da1158e14881860f37f586b3b004ff7233a7427ece1c1365bb273aa1ce801c6d61b35a247c38917df23b9f12f7e764dabf9af18885e447a952de7796c3dd27e77325be816eb82ae9026ef5a855ddfb9aaf4a0bfc153f079c95337d2ee3c2ac36e5b4e8c5da765bf5d11edcf01ef11a3748d7ca0b1fd6f8882fbfd3423bd429c8592ec28a98bba845e7fe829ae2b11f5215ce819bf777ab45d73e9afe3cc76840b7d368161ee140efdec81ca1d5716c2ea5b255fabb5a4698864c8d427738837c45f1006cbf1f68bbedbfdf70e5b65b21b1934826c06d4d3da4f08e3ad376cec5aafb2f9eae9a06cab375ef5a44f30a563e5245077d84823b88d71912f458fe17d36e4b2a88260ad121af2e5a43a555ef61ffd242c09d5011b9be422c4c310a834f664c732930c1d329212aa9f063356c85130c965d919180e62afd193224d3792db6a069ff2bc8770bd6294a6884cbfb71301859a26b7572440ee12719e8753831bf73d353a33ea64c57df0bac0cc8938ea28370724439170824d1b55d415eed14f620d3a28bb5009edd12e9322df3573bbd9b0d0ff2cbd2e48c0c297f63c100116097c48c8f4cf0a7c4fb5156723fcb615236b6db175442b2db90c3e426cca9de56f55effdbb981c75c99a8dd084a619882fb216b000cb99eae616f0b5d7a8a2cc675cbd3e0a61b6f602250b040ae57f998471095563334e165f35139ec22aabf8ada15b890e2cf038a4f40d129760e39b166f58cfb4bfee7d4455ce06ad098745e0edac9434e4c61f889cbe6d7cf74da35f1b6d2b4455abf954223d1638ff808508228a3060d390e9ce539d2dcb032ae5d6c5abcd4df4bfb63f9851e45bb961cca2150eb386abd67dab2a12c096aa8df742e41ff7718f9dd77099d9bc87a2a46d8d6ffb903b23b429747c9acb21c0e88067eb6c7fa2507ef0673e6b65a15767cfa4ef9b52adbce41ea3461f77b0e705a2d5cbcf3841bd22414f3ef2402a915705a18113d370d35619fdbbfb4fe6e1581a8520525e863d931aaaed58d06d093905b0d83dd1345f4b8213954102abf8048be627d437f267d4a0a6e6f181891562b61be55f1e646120cfe17d8d2961ad86d1575856fff39791b90ccc6895495cc0f3a1e2604f5b729aec7452b133b9c822bbc74df480670f34cf0335d42b5ad6a7009c49050d97ef8c09eff8716dbb9ce5a5d67ffad2541860017bfe982c0e48390f987f470c7b600fb29be4d3a74251d85ef1cf1fe3b5a146bb9f6fee2369cba1f2be75782b14a422b0820fa00c1250f4d437f24914a94a8564fa079fe803b39c528707dd2906120d53020000b725596b68553f1653aad2fdd23114e4a7ca3402fcdf0b060323a683a03109ffbec9627c803da8a55665e156a335528f113eb730bb28c0480daf8f2b65483d0f3805e1c512b680d8698e63a80b45aa8c7e12ad0f0e072eefc806fde42455bc4d157e402a86218896d5638f8fdadb1fbffaf4fe92f526475612980f0c5a539a9cec3c63e4efa5b893611af45c8003650888dc5b958a18848cffe11e0636f40e3ade10da702b71a69e6941e506ec3f0297349867949246310909ff445005f68910308df1e44f7ef04efbcb6ade53086aeb80b0ca96b94c9e6353c77bc1ce575edd6a1ab76e000d2ca0bc80c09d76d2bf25d90c93d5fcf6c123a9e83a3354b798356aeb2e99721732d52b1ec6c84d79d6f1237186260e7e63f29cfe8050a8fd44d57b52582b45e1fe027792c07ef33a0ac686606dd009ef3839e179190aca20d01db1d2263898a6953feb5d2e8093a4b4a2b18f6cb06a0251d3862672814b5165213c65174fe5dad7673186293e336348fc77a6d545cc07355c07a8b9a98c95d76fa5dc4c19181578a6dc4f2b29b647ab6a09f6756994c8e389c7c165766f154468b380e1e67cb2edbc7f67b6bfad1de690c3f472908b11d1c502ca61b5e869cd2cf8e11e39eceb9d31fca090fd5dd15e1f5a8c4de58531df3fa96d655653a5b99ea449d3865e07401ecb63fb4ac4042c893841c2b70b4a133937ac0dca8d6f442de175f138ab7cf19477c2483caf524fc443b3243d31f15f3f518b2d7964314d7d34754ae417dd9d46a83e443cef18eb673f46f34aeaba592a171bb4710002da17d9d6554208fc384de22bff7e05d2bfb821656e78bfa084be46fe6b0f04a06c6bc80afbd406a918a57d582345b260360cec7168142ef0e0da8ad70ac9703d6206c6da23558374ad8bc1e8fe5cdede25e8ad5d0d0741d85e86566b7b9172f457e36feabb881f14a04d182b6971bb1aa1c37a608ff0eeaba1b6c37c4bdb15696afb0e031ef8b214a7a72892593c910829c820f773135f3441afc90cadeb50f76d4a5bbd713c8b3dc441599dcae659b9ad417affde5d9ee3933f00ea69323fd33e0b9a12b1ee29b2e97c7b1db3fa0a900678c6490a847fdd85fa93bb134e3239638052359774bc22405a0abb698081ce1dce2dfe0c0430b641f00d230013944df65581f6b5f458165b16aad8b92b44bf28b3236cac5239c91fe2351c5f53359d072aa34ffee18ff275afdc0dc7b889da928fdd4e300a52699cb5a4fea8cc42f636b15e449daef52df3586d4b55fd047b04e96734aa2c45bcad8f05dbf3c97daefcd6bad396a6aed71849e484eb0e3526970973db9b268b71e726748aacb5c2203cde2992af74cac612d33cecba7f3e5d66e2a2e449eb00e770af4fe13be6d16877cfa46c108c29d8db1efff5356433fc627741d12605056ec78c02bf143afc9e2161c15ce65a0f8c9f13a6b7a9164f256301ff0ca23dfffb77ec46ddd29b63d7bcfe5ae482f76f1c0e819b24b970209058bd0c"], 0x1004)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

21.103201644s ago: executing program 2 (id=2472):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r1, 0x40405514, &(0x7f0000000200)={0x9})
r2 = memfd_create(&(0x7f0000001800)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84\xcdN\xf7\xf6\b~\xed_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xadNaC\xa6\xf9\xa7>c\x84\xd8\xfa\xf1\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8g8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\xea\x82\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\x0f\x8eS\xaeX\x93\x7f\xd3\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x84\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)2\xe2\xd6\x81\x00b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|&k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc2Ru2Ht\re\xa1\xf6\xbd\xaa\xb0\x83}i\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xed\xc8\xccH\xd1=\x81\x00\x00\x00\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xd6\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\x86C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17U\xf0\x16K\xf9&@\xb1[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5#\x7f\xa8\x1f\x14\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebk\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x850\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96\x87\xc0e\xab\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!\xec\xf7$\xc2\xbaU \x98\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\"k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea\x04P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xec\x01\'\t\x89(\xf9\x98B\xaf\xde*\x91\xd5k\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\xdfC\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xc9\xcfw\xf3\x02\x1b\xde\xc3\x86\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x13\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcdQ\xdf\x83\xbdjp,\xe8\xbb\xe6\xc6Db\xa7\xd6\xcd\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd4k7L\x8a\xa3Z\xf9%{\xfax\x9a\x04\'/\x90\xe6\xe2\xe9\xf1@o\x0ez\xb8\xce\xbeF\x0fkE\xf4ry\x92n\xff\xcb\xf8e\xf3j\xc5[wK\xb1\xdb\xf7-r\xd3\x1bx\x9b$\x91\x03q\x9e@\xd8R\x11\x05|\x8f\xb4\xc9\x16\x87C\xab\x96\xc4\xef\xea\xb9\r\xf5\xf3\xbe\x8a\t\xc7\x88\xc0sL;.\xcf\x1d\xc4^\xb0l\xbb\x97\xc5\xf6n\xca\x18\xb5\xb5IP(\x0f\x11=\xed\xf1\x0fM\xb0\x81\xff\xa9~\xf7\xa3\xa6\xd3\x15I\xecXG\x89\xa8\b\x8b\xcc\xe8\x88\xa07Z\x03\xa8.\x7f\x16qlk\xf1\xf1y\x8c\xde\xd6|\xa1(\xf4\x12O\xca3\xf8%1\x8d\xd7\a\xfeJ\xe6\x8bc\xb3\x1bKC.\xafB\x8d\xdd\xf9\x1e\x9d\xa7\x13\x00\x14\xc7\xa1\xf3\x1e\xcb\x19\x13z`\xac\xf3\xd1x\x1b#}\xfaYR\xc5#Zoag@\x18\xfa*\xb4\xc4\x04\x03V\x87\xc5\xe7\xb5\x9bJ\x85-\x7f\xfe\xc0\xb7g\xe8\'`\x96q\x88[\xf8\xe8L\x12\x85\xf5t\x99\x0e}\xd3H\xed\xda\xf3>\xd8\x12\x8cXc5%\x03\x8d`\xdayC\x9b\x9a\xd9c\xe9\xb4\v\x99\x87\xe4\x00\x8a\x8eS\x8e\f\x05YH\xa2\x0e\xbc\x9c\x95\b2Cf6\x9a\xe7\xb9\x86\xbe\xd0\xda\x91\xc1sl\x11PA\x93\xa5\x93\xc8\xf1w\x7fp6z\xbf\xe8[\'u\xb8\xd2$K\x12\rt\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00r\xe2`\xdf\xd2\xb3\xaf\xe9\xc4!Z\xb4&\xa2\x12\xe2i\x91kC$A\xafR\xb3\xff\x1d=\xec\x10\xb4+\x13\'\x92>\x14\x00\a\xb6R\x8b\xdcz\xc3\xd1Y\xd6\xd9;s \xb0\x938\xb7D9\xdcN\xbd\xdbn\xe35\xa7\x02\x9c\xc1\xd9\x13?\xc9\xd7\xab\x9c\xf3\x82\xd1\xee^kk\xce\xdbn\x02\x1f\x80\t\xdbr\xa9\xcc\xf1\xcb\x9f@\x8c\xfc\x02W/p\x97\xb0\xbd\x8f\xdb|n2a\xee\x95u\x83\xca\x8a>}\xd3\xd0\xff6.pa\x17\xe3e\xd2\x7f\xf6\xbc\x9d\x112\x1b\x14<B\x91\xc0{{\x9d@\xb3a\xad\x14\xe9\xcc|\xd7\xa1\xc6\xb9F\x04\xce]\xb9Y\xbd\xbd\f\xa4F;q\xec\x83\x9bM\x93\xa4\x9c\xdd\x93\xa0\x82E\x02d\xd4RAI\xd9O\x17\xa6P#\xa35\a\xf6\xbb\t>p\xa1\xd6u\xefn\xb4\xa3\x05D\x8c\xc5l\xcc\b\xeb\xf42\xe9\xf15\xf3\xf2\xee\xd6\xed\t\xb3\xf7\x1a\x7f\xe6\xb4z\x19\xe1\xb4w\xf7\xa6\xd7\\\xfa\x96\xe2{\xc5\xca\xf3,\x1f]S\xc0\x9fa\xbd\xfa3\x19\x85\xf15\xf4\x184\xa3{\xac\xfd\x9c0\xad\x1b\x88\xdf\x8eb\xb0\xec\xb2\x80\xf0=\x1aBk\x8fi/7\f\x98D\x9d\xca\x9d\xfaq\xefG`\xe2\x9d9w\xef\xe6\x00'/1976, 0x7)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x0, 0x13, r2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
dup3(r2, r3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x2c011, r3, 0x0)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x9)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0xc2c45513, &(0x7f00000000c0)={0x9, 0x0, 0x0, 0x0, 'syz1\x00'})
syz_usb_connect(0x6, 0x24, &(0x7f0000000980)={{0x12, 0x1, 0x0, 0xe7, 0x43, 0x34, 0x40, 0x2040, 0x2009, 0xfede, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x50, 0x0, [{{0x9, 0x4, 0xe, 0x0, 0x0, 0x45, 0x74, 0xeb}}]}}]}}, 0x0)

20.225439006s ago: executing program 1 (id=2473):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fc00103}]})
epoll_create1(0x0)
r1 = openat$cuse(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
read$FUSE(r1, &(0x7f00000008c0)={0x2020}, 0x2020)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_int(r3, 0x29, 0x1a, &(0x7f0000000000)=0x7fb, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f00000001c0)=[@in={0x2, 0x4e21, @loopback}], 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000340)={<r5=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={r5, 0x1, r4})

19.794422315s ago: executing program 2 (id=2475):
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000000000866660488000000000001090224000100000000090400000103000000092100000001330700"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000500)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x7, {[@main=@item_012={0x1, 0x0, 0x9, '5'}, @global=@item_4={0x3, 0x1, 0x0, "fe862411"}]}}, 0x0}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x2, 0x3, 0x0, 0x4, 0x0, 0x0, 0xeffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x0, 0x1000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

18.807081537s ago: executing program 3 (id=2476):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYBLOB], 0x4c}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x2, 0x3, 0x0, 0x4, 0x0, 0x0, 0xeffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x0, 0x1000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

18.61993653s ago: executing program 1 (id=2477):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000240)=@newtaction={0x14}, 0x14}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x400000000000235, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000001d00), 0xffffffffffffffff)
r4 = userfaultfd(0x801)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev, 0xd}, 0x1c)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$xdp(0x2c, 0x3, 0x0)
connect$inet(r6, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}}, 0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))

17.222189989s ago: executing program 1 (id=2483):
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0x0, 0x0, 0x0, r0, 0xd})

17.144207813s ago: executing program 3 (id=2485):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18)
r1 = socket$netlink(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
listen(0xffffffffffffffff, 0x400)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, 0x0, 0x0)

16.761974678s ago: executing program 3 (id=2486):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010300000000000000f00800000008000300", @ANYRES32], 0x24}}, 0x0) (fail_nth: 1)

16.163850681s ago: executing program 4 (id=2487):
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x4a, &(0x7f00000000c0)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000dc0)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="200004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r2, &(0x7f0000000280)=[{&(0x7f0000000340)=""/186, 0xba}], 0x1, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

15.757353154s ago: executing program 3 (id=2488):
socket$kcm(0x10, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2dd800000000000000001900000020000180080003006c616e31000000000000000000000000000000000000000068b8caf83f5ccb7076d7e607f60c2461453f78159004fda548da45bf062476f14d393ef988f04551a80558265d039bbcdbbbafbc5e2356d0bc420eff8a6b46d1ece82f10937d621d46988b858c01bca8806db18500ef7f73b8421ac77d2d77f90fe0a83b45d2582b035ca26ab384dc35b4f91947e975b9db92d5650e7e085edb28043f080f250ada3a11ed5bfa49e25e6c8c0000000000000000000076fc2866844022c3061b907ef3510c6d5d9eef8def86fe98910ceb00d87e346b20394ab62efffcb431984c745af4ebee47c60655e4948eb8e8799312c84fbe05079e6539b780fc982bc3a82fbd1c41da5f19b945971cee3b18f884d6eb729a93d0e624bc066ddb95cfe7edcd63c289d1f0c8e8fd7015d2a41f04ee3dd77d75a495d555154b7270fffa1300b5d2020228b54fe59b23345ec3d092dfe34002273b4aa610e000"/380], 0x34}}, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="1201000000fcff106a051300000000000001090224000105000000090400000103000000092100000001220500090581030000000000853a3c4e6bf6c7529728884ab44c6ca9baf2348902dc51ffeff3199f5a51f204aa1247b120aab0abfe88cddb0c5766ffffffffffffff0e7085e281813755ff65c403c6001b7ac574f67c78915a00cb0408219e300065161b1aea27ea4eb9080fa237731465936e2a37cd1dcc29515615c1f7338eebb1b85dacc6886316"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000), 0x13f}}, 0x45)
r4 = socket$kcm(0x10, 0x2, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x7fffffff)
socket$nl_route(0x10, 0x3, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f000020a000/0x3000)=nil, 0x3000, 0x3000002, 0x10010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101"], 0x7c}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)="1400000035000b63d25a80648c2594f90324fc60", 0x14}], 0x1}, 0x0)
r5 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000080)=0x80000003)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
r6 = dup2(r5, r5)
read$FUSE(r6, &(0x7f0000004380)={0x2020}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f0000000180)={0x2020}, 0xfffffe92)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r6, 0xc0189376, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r7=>r5, {0x80000001}}, './file0\x00'})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f0000000100)={'wg1\x00'})

14.143955837s ago: executing program 0 (id=2489):
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff0000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYBLOB='\b'], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

13.066368668s ago: executing program 0 (id=2490):
socket$kcm(0x10, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2dd800000000000000001900000020000180080003006c616e31000000000000000000000000000000000000000068b8caf83f5ccb7076d7e607f60c2461453f78159004fda548da45bf062476f14d393ef988f04551a80558265d039bbcdbbbafbc5e2356d0bc420eff8a6b46d1ece82f10937d621d46988b858c01bca8806db18500ef7f73b8421ac77d2d77f90fe0a83b45d2582b035ca26ab384dc35b4f91947e975b9db92d5650e7e085edb28043f080f250ada3a11ed5bfa49e25e6c8c0000000000000000000076fc2866844022c3061b907ef3510c6d5d9eef8def86fe98910ceb00d87e346b20394ab62efffcb431984c745af4ebee47c60655e4948eb8e8799312c84fbe05079e6539b780fc982bc3a82fbd1c41da5f19b945971cee3b18f884d6eb729a93d0e624bc066ddb95cfe7edcd63c289d1f0c8e8fd7015d2a41f04ee3dd77d75a495d555154b7270fffa1300b5d2020228b54fe59b23345ec3d092dfe34002273b4aa610e000"/380], 0x34}}, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="1201000000fcff106a051300000000000001090224000105000000090400000103000000092100000001220500090581030000000000853a3c4e6bf6c7529728884ab44c6ca9baf2348902dc51ffeff3199f5a51f204aa1247b120aab0abfe88cddb0c5766ffffffffffffff0e7085e281813755ff65c403c6001b7ac574f67c78915a00cb0408219e300065161b1aea27ea4eb9080fa237731465936e2a37cd1dcc29515615c1f7338eebb1b85dacc6886316"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000), 0x13f}}, 0x45)
r4 = socket$kcm(0x10, 0x2, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x7fffffff)
socket$nl_route(0x10, 0x3, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f000020a000/0x3000)=nil, 0x3000, 0x3000002, 0x10010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101"], 0x7c}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)="1400000035000b63d25a80648c2594f90324fc60", 0x14}], 0x1}, 0x0)
r5 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000080)=0x80000003)
r6 = dup2(r5, r5)
read$FUSE(r6, &(0x7f0000004380)={0x2020}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f0000000180)={0x2020}, 0xfffffe92)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r6, 0xc0189376, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r7=>r5, {0x80000001}}, './file0\x00'})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f0000000100)={'wg1\x00'})
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)

12.521733103s ago: executing program 3 (id=2491):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000000000001"])
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg$unix(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x100)
ioctl$int_in(r4, 0x5421, &(0x7f0000000000)=0xffffffffffffffff)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) (async)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000f103"])
mbind(&(0x7f0000001000/0x800000)=nil, 0x800005, 0x0, 0x0, 0x0, 0x2)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000140))
socket$inet_udp(0x2, 0x2, 0x0) (async)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r6, 0x0) (async)
listen(r6, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60ff00f500240600fe8000000000000000000000000000aafe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ac0e57cd9a42a85445f8bed9cc4f9a212bc20000fe0490a1c02aed510000000000001e045c400000"], 0x0) (async)
syz_emit_ethernet(0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60ff00f500240600fe8000000000000000000000000000aafe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ac0e57cd9a42a85445f8bed9cc4f9a212bc20000fe0490a1c02aed510000000000001e045c400000"], 0x0)
madvise(&(0x7f0000736000/0x2000)=nil, 0x2000, 0x11) (async)
madvise(&(0x7f0000736000/0x2000)=nil, 0x2000, 0x11)

12.242203201s ago: executing program 4 (id=2492):
r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xf5\xbf\xb4\b\xedcJ\x8e\a\x00\x00\x00\x00\x00\x00\x00\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0)
write(r0, &(0x7f0000000140)='/', 0x1)
sendfile(r0, r0, &(0x7f0000001000), 0xfec)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x12, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')

11.44316112s ago: executing program 4 (id=2493):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000240)=@newtaction={0x14}, 0x14}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x400000000000235, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000001d00), 0xffffffffffffffff)
r4 = userfaultfd(0x801)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev, 0xd}, 0x1c)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$xdp(0x2c, 0x3, 0x0)
connect$inet(r6, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}}, 0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))

10.391767279s ago: executing program 4 (id=2494):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0xa, 0x1, 0x2f)
getsockopt$kcm_KCM_RECV_DISABLE(r1, 0x11e, 0x1, 0x0, 0x20000000)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f00000001c0)={0x5, 0x0, 0x5}, 0x10)
r2 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private1}, {0xa, 0x0, 0x0, @mcast1, 0xffffffff}}, 0x5c)
setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f00000001c0)=0x1, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a140000001000010000000000000000000084000a09"], 0x28}}, 0x4000050)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev, 0x11}, 0x1c)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000100))
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000080)=0x80)
ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_LINKAT={0x27, 0xa, 0x0, 0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00', 0xffffffffffffffff, 0x1400})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x40, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x3938700}, 0x1, 0x0, 0x1})
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f00000000c0)=',,\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff9000/0x2000)=nil, 0x2000, &(0x7f0000000140)=',,\x00')
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"})
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x102800)
write(0xffffffffffffffff, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCFLSH(r8, 0x540b, 0x2)
sendmsg$nl_route(r7, &(0x7f0000000400)={0x0, 0xfffffff0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000760009eeffffffffffffff0400000000", @ANYRES32=<r9=>0x0, @ANYBLOB="04000d80080005"], 0x24}, 0x1, 0x5502000000000000}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, &(0x7f0000000380)='cache=mmap')
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001a00010000000000000000000200000000000000000000000c00090007003303", @ANYRES32, @ANYRES16, @ANYRES16=r9], 0x30}}, 0x0)

9.806494377s ago: executing program 0 (id=2495):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYBLOB='\x00\x00\x00'], 0x4c}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x2, 0x3, 0x0, 0x4, 0x0, 0x0, 0xeffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x0, 0x1000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

9.523298819s ago: executing program 1 (id=2497):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000f18b3d106d04b2085980010203010902120001000020060904"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102373, 0x18fe5}], 0x1, 0x9, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
setsockopt$RXRPC_UPGRADEABLE_SERVICE(r1, 0x110, 0x5, &(0x7f00000007c0)=[0x1, 0x3], 0x2)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="fcdc1604205e8cbbcefaad894e19dd76e431f2acbdc43e180a716aa978260bb201846ad8e0653a2e9eb529c15826987a813ae0cc1fd310a4495968bdb7ed03db0ca60249aef7cfd4e54da42edf35ea4f7131faa56dc3046d7592b94fb5454f7ebf573000b19bb4f82b2908a4c5", @ANYRES16, @ANYBLOB="010028bd7000fcdbdf250f0000000c00990001000000010000000500a2000300000008007e000100000010001b80040003000500010020000000640017800500030010000000000000000500030011000000000000000c000400dbc664a68095ac70050006000900000000000000050006000700000000000000050002001400000000000000050003000f000000000000000500030012000000000000000a00340001010101010100000500a200040000000800a10001000000080026006c0900000800a10021850000080026006c09000008007e00010000001c00a6800a00060008021100000000000a000600ff"], 0xfc}, 0x1, 0x0, 0x0, 0x24008851}, 0x20044001)
socket$inet(0x2, 0x3, 0x7)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, 0x0, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00')
read$FUSE(r3, &(0x7f0000001c00)={0x2020}, 0x2020)
preadv(r3, &(0x7f0000000280)=[{&(0x7f0000000000)=""/142, 0x8e}], 0x1, 0x0, 0x0)
r4 = socket(0xa, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast1, 0x0, 0x0, 'lblcr\x00'}, 0x2c)
read(r3, &(0x7f0000001b00)=""/194, 0xc2)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x40000)
r5 = socket$netlink(0x10, 0x3, 0xf)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000091050000d23b2482d70ea62800", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c000280050003000c000000"], 0x3c}, 0x1, 0x0, 0x0, 0x20004016}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001240)=@newlink={0x44, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x883}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_TOS={0x5, 0x5, 0x7f}, @IFLA_IPTUN_PMTUDISC={0x5}]}}}]}, 0x44}}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x3, 0xc0)

9.313152099s ago: executing program 4 (id=2498):
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xa1, 0x12, 0x17, 0x10, 0xb95, 0x172a, 0xf7f4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xfb, 0x0, 0x0, 0x6c, 0x5d, 0x65}}]}}]}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x260c0, 0x0)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x4000000000002, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x0, @my=0x0}, 0x10)
open$dir(&(0x7f0000000000)='./file0\x00', 0x490a80, 0x0)
ppoll(&(0x7f00000000c0)=[{r3, 0x856d}, {r4, 0x0, 0x64}], 0x2, 0x0, 0x0, 0x0)
r5 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r5, 0x84, 0xb, &(0x7f0000000040), 0x4)
r6 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000240)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r6, 0x47f9, 0x0, 0x0, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000500)="fd", 0x1}], 0x1}, 0x0)
recvmsg$kcm(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r5, 0x0, 0x0)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000040))
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
r9 = syz_open_procfs(0x0, &(0x7f00000001c0)='timers\x00')
read$FUSE(r9, &(0x7f0000000540)={0x2020}, 0x2020)
lseek(r9, 0x3, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)

9.018115852s ago: executing program 3 (id=2499):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xeef, 0x72d0, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000279600"})
syz_open_pts(r0, 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = dup(r4)
r6 = memfd_create(&(0x7f0000001d00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81\x01\x00\x00\x00\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;|\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea%\xc0\xe9\x9d,K\x97\xe1m|g', 0xd)
r7 = fcntl$dupfd(r6, 0x0, r6)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xffffff1f, 0x12, r7, 0x0)
read$FUSE(r7, &(0x7f0000005180)={0x2020}, 0x2020)
ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000bc0)=ANY=[@ANYBLOB="01"])
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="a392a44919290afe610860a6fd07cf33607fb95ab078f5e88fba18f3088bef3a110b50d558bc1f54c9491d5863371797c136d03b533154c42235d79d6a30cafcdd7f3e99caf149dd5f94e8"])
r8 = dup(r1)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x40000239, 0x0, &(0x7f0000000080)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
r11 = syz_create_resource$binfmt(&(0x7f0000000080)='./file0\x00')
openat$binfmt(0xffffff9c, r11, 0x41, 0x1ff)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x71, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x2a4}, 0x1})
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r12=>0xffffffffffffffff}, 0x84080)
write$P9_RLOCK(r12, &(0x7f00000000c0)={0x8, 0x35, 0x1}, 0x8)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x4)

6.641796365s ago: executing program 0 (id=2500):
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff0000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYBLOB='\b'], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

4.939617905s ago: executing program 0 (id=2501):
r0 = syz_io_uring_setup(0x5a4, &(0x7f0000001300), &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f00000000c0)="b994000040b800a00000ba000000000f30650f015cd37a26660f3881159b4c00000f09c4c1f973d12fc4e1ff706d0074f30f2a250090000066baf80cb85e8b3582ef66bafc0c66b8cb8766ef660f213f660fe0710a", 0x55}], 0x1, 0x40, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000012c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x8, 0x0, 0x7, 0x0, 0x0})
io_uring_enter(r0, 0x47fa, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x18, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff]}, 0x1)
r3 = socket$pppoe(0x18, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
recvmsg$unix(r4, &(0x7f0000000340)={&(0x7f0000000200), 0x6e, &(0x7f0000000300)=[{&(0x7f0000000280)=""/98, 0x62}, {&(0x7f0000001380)=""/4096, 0x1000}], 0x2}, 0x8041)
ioctl$PPPOEIOCSFWD(r3, 0x4004b100, &(0x7f0000000000)={0x18, 0x0, {0x4, @local, 'macvtap0\x00'}})

3.86674693s ago: executing program 0 (id=2502):
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x4a, &(0x7f00000000c0)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000dc0)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="200004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r2, &(0x7f0000000280)=[{&(0x7f0000000340)=""/186, 0xba}], 0x1, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

0s ago: executing program 4 (id=2503):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, 'WNib'}, @main=@item_4={0x3, 0x0, 0x0, "a857cdbc"}, @main=@item_4={0x3, 0x0, 0xb}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_usb_connect$printer(0x6, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x2, 0x20, 0x0, [{{0x9, 0x4, 0x0, 0xb, 0x1, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x39, 0x5, 0x4}}}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x200, 0x7, 0x9, 0x7, 0x20, 0x5}, 0xb6, &(0x7f0000000200)={0x5, 0xf, 0xb6, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0xf, 0x7, 0xdcb2}, @generic={0xa0, 0x10, 0x4, "8afd09dc0d686cf78c1df47a9828691a8c3843bad1ee3a3009e50a1dca5069e3bd20e7d4aea654af6f4de3246befc7ad083f536f739a08831492f81fc31fde4f0366e31407222a31c8ec4e9169a96455ca0c48b6634a8895eda4357fa71c41de0d65527570a27ea7444d2055ab437e52f105dc16928d311fd7e26eddcef0efcac491105d5e3b7f38d3427ecf4bb9d29580d3d065b58e04778c6670c5ab"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x40, 0xad, 0xb}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x415}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x43f}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x41d}}]})
write$UHID_CREATE2(r2, &(0x7f00000002c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r2, 0x0)
ioctl$HIDIOCSFLAG(r1, 0x4004480f, &(0x7f0000000000)=0x3)

kernel console output (not intermixed with test programs):

dummy_hcd
[  757.609894][    T9] usb 1-1: selecting invalid altsetting 2
[  757.682072][ T9672] usb 4-1: new full-speed USB device number 69 using dummy_hcd
[  757.771341][ T5265] usb 2-1: Using ep0 maxpacket: 8
[  757.778996][ T5265] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  757.789779][ T5265] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  757.803234][ T5265] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  757.818582][ T5265] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  757.829429][ T5265] usb 2-1: config 0 descriptor??
[  757.844411][ T5265] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  757.865476][ T9672] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  757.879894][ T9672] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  757.894682][ T9672] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  757.904445][ T9672] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  757.912863][ T9672] usb 4-1: SerialNumber: syz
[  757.925033][ T9672] usb 4-1: bad CDC descriptors
[  757.931463][ T9672] usb-storage 4-1:1.0: USB Mass Storage device detected
[  757.958669][ T9672] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  758.069350][T14466] batadv_slave_0: entered promiscuous mode
[  758.091439][T14466] batadv_slave_0: entered allmulticast mode
[  758.147437][    C0] usb 1-1: async_complete: urb error -71
[  758.153246][    C0] usb 1-1: async_complete: urb error -71
[  758.158974][    C0] usb 1-1: async_complete: urb error -71
[  758.187293][    T9] get_1284_register: usb error -71
[  758.194092][    T9] uss720 1-1:0.125: probe with driver uss720 failed with error -71
[  758.213279][    T9] usb 1-1: USB disconnect, device number 33
[  758.246869][ T9672] usb 2-1: USB disconnect, device number 54
[  758.431316][ T9699] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  758.611353][ T9699] usb 5-1: Using ep0 maxpacket: 8
[  758.618630][ T9699] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  758.633237][ T9699] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  758.648097][ T9699] usb 5-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  758.661056][ T9699] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  758.672426][ T9699] usb 5-1: config 0 descriptor??
[  758.683566][ T9699] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  758.758815][T14487] FAULT_INJECTION: forcing a failure.
[  758.758815][T14487] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  758.773873][T14487] CPU: 1 UID: 0 PID: 14487 Comm: syz.2.2294 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  758.784723][T14487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  758.794842][T14487] Call Trace:
[  758.798162][T14487]  <TASK>
[  758.801131][T14487]  dump_stack_lvl+0x241/0x360
[  758.805943][T14487]  ? __pfx_dump_stack_lvl+0x10/0x10
[  758.811207][T14487]  ? __pfx__printk+0x10/0x10
[  758.815858][T14487]  ? __pfx_lock_release+0x10/0x10
[  758.820959][T14487]  should_fail_ex+0x3b0/0x4e0
[  758.825714][T14487]  _copy_from_user+0x2f/0xe0
[  758.830333][T14487]  __sys_bpf+0x1a4/0x810
[  758.834609][T14487]  ? __pfx___sys_bpf+0x10/0x10
[  758.839415][T14487]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  758.845780][T14487]  __ia32_sys_bpf+0x7c/0x90
[  758.850310][T14487]  __do_fast_syscall_32+0xb4/0x110
[  758.855442][T14487]  ? exc_page_fault+0x590/0x8c0
[  758.860326][T14487]  do_fast_syscall_32+0x34/0x80
[  758.865204][T14487]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  758.871552][T14487] RIP: 0023:0xf73fd579
[  758.875634][T14487] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  758.895275][T14487] RSP: 002b:00000000f56e656c EFLAGS: 00000206 ORIG_RAX: 0000000000000165
[  758.903728][T14487] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000020002800
[  758.911717][T14487] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000
[  758.919731][T14487] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  758.927741][T14487] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  758.935749][T14487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  758.943756][T14487]  </TASK>
[  759.104261][ T9699] usb 5-1: USB disconnect, device number 22
[  759.121368][    T9] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  759.189167][T14497] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2297'.
[  759.265665][T14498] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2297'.
[  759.275132][T14498] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2297'.
[  759.302421][    T9] usb 1-1: Using ep0 maxpacket: 8
[  759.309354][    T9] usb 1-1: config 135 has an invalid interface number: 230 but max is 0
[  759.319419][    T9] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  759.329984][    T9] usb 1-1: config 135 has no interface number 0
[  759.336469][    T9] usb 1-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  759.347953][    T9] usb 1-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  759.361658][    T9] usb 1-1: config 135 interface 230 has no altsetting 0
[  759.371871][    T9] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  759.380973][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  759.389237][    T9] usb 1-1: Product: syz
[  759.394451][    T9] usb 1-1: Manufacturer: syz
[  759.399070][    T9] usb 1-1: SerialNumber: syz
[  759.412864][    T9] usb 1-1: Found UVC 0.00 device syz (18ec:3288)
[  759.419723][    T9] usb 1-1: No valid video chain found.
[  759.653116][    T9] usb 1-1: USB disconnect, device number 34
[  759.824174][T14500] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2298'.
[  760.088122][T14505] tipc: Started in network mode
[  760.105517][T14505] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711
[  760.115397][T14505] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  760.134933][T14505] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2299'.
[  760.301056][    T9] usb 4-1: USB disconnect, device number 69
[  760.367680][T14516] FAULT_INJECTION: forcing a failure.
[  760.367680][T14516] name failslab, interval 1, probability 0, space 0, times 0
[  760.382194][T14516] CPU: 1 UID: 0 PID: 14516 Comm: syz.3.2302 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  760.393019][T14516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  760.403095][T14516] Call Trace:
[  760.406411][T14516]  <TASK>
[  760.409354][T14516]  dump_stack_lvl+0x241/0x360
[  760.414053][T14516]  ? __pfx_dump_stack_lvl+0x10/0x10
[  760.419267][T14516]  ? __pfx__printk+0x10/0x10
[  760.423874][T14516]  ? fs_reclaim_acquire+0x93/0x130
[  760.429001][T14516]  ? __pfx___might_resched+0x10/0x10
[  760.434313][T14516]  should_fail_ex+0x3b0/0x4e0
[  760.439023][T14516]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  760.444760][T14516]  should_failslab+0xac/0x100
[  760.449470][T14516]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  760.455233][T14516]  __kmalloc_noprof+0xd8/0x400
[  760.460020][T14516]  tomoyo_realpath_from_path+0xcf/0x5e0
[  760.465598][T14516]  tomoyo_path_number_perm+0x23a/0x880
[  760.471082][T14516]  ? tomoyo_path_number_perm+0x208/0x880
[  760.476727][T14516]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  760.482738][T14516]  ? __pfx_lock_acquire+0x10/0x10
[  760.487799][T14516]  ? __fget_files+0x29/0x470
[  760.492407][T14516]  ? __fget_files+0x3f3/0x470
[  760.497108][T14516]  security_file_ioctl_compat+0xc6/0x2a0
[  760.502766][T14516]  __se_compat_sys_ioctl+0xd6/0xc90
[  760.507985][T14516]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  760.513815][T14516]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  760.519820][T14516]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  760.526174][T14516]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  760.532778][T14516]  ? lockdep_hardirqs_on+0x99/0x150
[  760.537992][T14516]  __do_fast_syscall_32+0xb4/0x110
[  760.543119][T14516]  ? exc_page_fault+0x590/0x8c0
[  760.547994][T14516]  do_fast_syscall_32+0x34/0x80
[  760.552875][T14516]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  760.559218][T14516] RIP: 0023:0xf7f22579
[  760.563302][T14516] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  760.582922][T14516] RSP: 002b:00000000f56a656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  760.591355][T14516] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c008ae88
[  760.599343][T14516] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  760.607333][T14516] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  760.615318][T14516] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  760.623304][T14516] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  760.631302][T14516]  </TASK>
[  760.647377][T14516] ERROR: Out of memory at tomoyo_realpath_from_path.
[  760.781906][ T9672] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  760.961259][ T9672] usb 1-1: Using ep0 maxpacket: 8
[  760.966506][  T938] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  760.978942][ T9672] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  760.989900][ T9672] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  761.008793][ T9672] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  761.018621][ T9672] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  761.028861][ T9672] usb 1-1: config 0 descriptor??
[  761.042758][ T9672] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  761.061263][ T9638] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  761.141527][  T938] usb 5-1: Using ep0 maxpacket: 8
[  761.148815][  T938] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  761.184065][  T938] usb 5-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  761.206537][  T938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.211814][ T9638] usb 4-1: Using ep0 maxpacket: 8
[  761.220757][  T938] usb 5-1: Product: syz
[  761.226033][  T938] usb 5-1: Manufacturer: syz
[  761.230833][  T938] usb 5-1: SerialNumber: syz
[  761.235532][ T9638] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  761.235581][ T9638] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  761.252068][  T938] usb 5-1: config 0 descriptor??
[  761.269764][ T9638] usb 4-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  761.279150][ T9638] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  761.283564][  T938] gspca_main: stk014-2.14.0 probing 05e1:0893
[  761.294442][  T938] usb 5-1: selecting invalid altsetting 1
[  761.297483][ T9638] usb 4-1: config 0 descriptor??
[  761.347982][ T9638] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  761.461482][ T9699] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  761.488963][  T938] gspca_stk014: init reg: 0x00
[  761.494164][  T938] stk014 5-1:0.0: probe with driver stk014 failed with error -5
[  761.504022][   T46] usb 1-1: USB disconnect, device number 35
[  761.612760][ T9699] usb 3-1: config 0 has an invalid interface number: 183 but max is 0
[  761.623776][ T9699] usb 3-1: config 0 has no interface number 0
[  761.629955][ T9699] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=26.3d
[  761.640177][  T938] usb 4-1: USB disconnect, device number 70
[  761.644600][ T9699] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  761.661763][ T9699] usb 3-1: config 0 descriptor??
[  761.711324][ T5278] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  761.861445][ T5278] usb 2-1: Using ep0 maxpacket: 8
[  761.869439][ T5278] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  761.879959][ T5278] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  761.895024][ T5278] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  761.904279][ T5278] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  761.915468][ T5278] usb 2-1: config 0 descriptor??
[  761.924914][ T5278] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  762.101552][ T9699] airspy 3-1:0.183: Board ID: 00
[  762.106550][ T9699] airspy 3-1:0.183: Firmware version: 
[  762.213087][  T938] usb 2-1: USB disconnect, device number 55
[  762.441491][    T9] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  762.482162][T14550] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2314'.
[  762.607448][    T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  762.616346][    T9] usb 1-1: config 0 has no interface number 0
[  762.622652][    T9] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  762.631846][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.646142][    T9] usb 1-1: config 0 descriptor??
[  762.660521][    T9] usb 1-1: selecting invalid altsetting 1
[  762.667399][    T9] dvb_ttusb_budget: ttusb_init_controller: error
[  762.674817][    T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  762.741738][    T9] DVB: Unable to find symbol cx22700_attach()
[  762.788221][    T9] DVB: Unable to find symbol tda10046_attach()
[  762.794802][    T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  762.857727][T14557] bridge_slave_0: left allmulticast mode
[  762.863822][T14557] bridge_slave_0: left promiscuous mode
[  762.873047][T14557] bridge0: port 1(bridge_slave_0) entered disabled state
[  762.886861][T14557] bridge_slave_1: left allmulticast mode
[  762.894961][T14557] bridge_slave_1: left promiscuous mode
[  762.900788][T14557] bridge0: port 2(bridge_slave_1) entered disabled state
[  762.918964][T14557] bond0: (slave bond_slave_0): Releasing backup interface
[  762.940601][T14557] bond0: (slave bond_slave_1): Releasing backup interface
[  762.984786][T14557] team0: Port device team_slave_0 removed
[  763.003218][T14557] team0: Port device team_slave_1 removed
[  763.009903][T14557] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  763.017816][T14557] batman_adv: batadv0: Removing interface: batadv_slave_0
[  763.034469][T14557] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  763.043270][T14557] batman_adv: batadv0: Removing interface: batadv_slave_1
[  763.126157][ T9699] airspy 3-1:0.183: Registered as swradio16
[  763.143739][ T9699] airspy 3-1:0.183: SDR API is still slightly experimental and functionality changes may follow
[  763.371542][ T9699] usb 3-1: USB disconnect, device number 56
[  763.389709][T14570] FAULT_INJECTION: forcing a failure.
[  763.389709][T14570] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  763.405938][T14570] CPU: 1 UID: 0 PID: 14570 Comm: syz.3.2318 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  763.416790][T14570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  763.426901][T14570] Call Trace:
[  763.430227][T14570]  <TASK>
[  763.433213][T14570]  dump_stack_lvl+0x241/0x360
[  763.437961][T14570]  ? __pfx_dump_stack_lvl+0x10/0x10
[  763.443233][T14570]  ? __pfx__printk+0x10/0x10
[  763.447973][T14570]  ? snprintf+0xda/0x120
[  763.452308][T14570]  should_fail_ex+0x3b0/0x4e0
[  763.457071][T14570]  _copy_to_user+0x2f/0xb0
[  763.461553][T14570]  simple_read_from_buffer+0xca/0x150
[  763.467003][T14570]  proc_fail_nth_read+0x1e9/0x250
[  763.472107][T14570]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  763.477739][T14570]  ? rw_verify_area+0x55e/0x6f0
[  763.482662][T14570]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  763.488297][T14570]  vfs_read+0x201/0xbc0
[  763.492542][T14570]  ? __pfx_lock_release+0x10/0x10
[  763.497651][T14570]  ? __pfx_vfs_read+0x10/0x10
[  763.502410][T14570]  ? __fget_files+0x3f3/0x470
[  763.507167][T14570]  ? fdget_pos+0x24e/0x320
[  763.511663][T14570]  ksys_read+0x183/0x2b0
[  763.515968][T14570]  ? __pfx_ksys_read+0x10/0x10
[  763.520760][T14570]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  763.527365][T14570]  ? lockdep_hardirqs_on+0x99/0x150
[  763.532581][T14570]  __do_fast_syscall_32+0xb4/0x110
[  763.537740][T14570]  ? exc_page_fault+0x590/0x8c0
[  763.542638][T14570]  do_fast_syscall_32+0x34/0x80
[  763.547511][T14570]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  763.553882][T14570] RIP: 0023:0xf7f22579
[  763.557990][T14570] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  763.577634][T14570] RSP: 002b:00000000f56a65a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  763.586076][T14570] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f56a6620
[  763.594064][T14570] RDX: 000000000000000f RSI: 00000000f73abff4 RDI: 0000000000000000
[  763.602066][T14570] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  763.610147][T14570] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  763.618144][T14570] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  763.626149][T14570]  </TASK>
[  763.688800][    T9] usb 1-1: USB disconnect, device number 36
[  763.759126][ T5265] usb 5-1: USB disconnect, device number 23
[  764.091777][  T938] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  764.211405][ T5265] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  764.283271][  T938] usb 4-1: Using ep0 maxpacket: 8
[  764.290566][  T938] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  764.301743][  T938] usb 4-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  764.310851][  T938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.323285][  T938] usb 4-1: config 0 descriptor??
[  764.339911][  T938] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  764.364134][ T5278] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  764.372544][ T9699] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  764.388402][ T5265] usb 5-1: Using ep0 maxpacket: 8
[  764.396936][ T5265] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  764.416842][ T5265] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  764.435861][ T5265] usb 5-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  764.448387][ T5265] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.463714][ T5265] usb 5-1: config 0 descriptor??
[  764.473307][ T5265] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  764.531293][ T5278] usb 3-1: Using ep0 maxpacket: 16
[  764.536754][ T9699] usb 2-1: Using ep0 maxpacket: 8
[  764.544730][ T5278] usb 3-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  764.556726][ T5278] usb 3-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  764.566671][ T5278] usb 3-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  764.575881][ T5278] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.585547][ T9699] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  764.596645][ T9699] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  764.612004][ T9699] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  764.621129][ T9699] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.637177][ T9699] usb 2-1: config 0 descriptor??
[  764.659285][ T9699] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  764.723049][ T9699] usb 4-1: USB disconnect, device number 71
[  764.731851][ T9638] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  764.763690][ T5265] usb 5-1: USB disconnect, device number 24
[  764.891552][ T9638] usb 1-1: Using ep0 maxpacket: 8
[  764.909888][ T9638] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  764.926199][ T9638] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  764.939283][ T9638] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  764.949521][  T938] usb 2-1: USB disconnect, device number 56
[  764.951370][ T9638] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.977853][ T9638] usb 1-1: config 0 descriptor??
[  764.987240][ T9638] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  765.254834][  T938] usb 1-1: USB disconnect, device number 37
[  765.548405][T14599] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2328'.
[  765.801460][ T9638] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  765.961377][ T9638] usb 2-1: Using ep0 maxpacket: 32
[  765.969524][ T9638] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  765.978726][ T9638] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  765.988240][ T9638] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  765.997768][ T9638] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  766.008682][ T9638] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  766.030198][ T9638] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  766.044492][ T9638] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  766.054324][ T9638] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.066442][ T9638] usb 2-1: config 0 descriptor??
[  766.081396][ T9699] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  766.101089][ T5278] usbhid 3-1:5.0: can't add hid device: -71
[  766.107724][ T5278] usbhid 3-1:5.0: probe with driver usbhid failed with error -71
[  766.119952][ T5278] usb 3-1: USB disconnect, device number 57
[  766.241631][ T9699] usb 1-1: Using ep0 maxpacket: 16
[  766.272240][ T9699] usb 1-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  766.305371][ T9638] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 57 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  766.316653][ T9699] usb 1-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  766.342144][ T9699] usb 1-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  766.355654][ T9638] usb 2-1: USB disconnect, device number 57
[  766.371541][ T9699] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.382519][ T9638] usblp0: removed
[  766.603424][  T938] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  766.645461][T14612] team0: Port device veth0_to_team added
[  766.733179][T14612] team0: Port device veth0_to_team removed
[  766.776730][  T938] usb 5-1: Using ep0 maxpacket: 8
[  766.786981][  T938] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  766.788484][T14612] team0: Port device team_slave_0 removed
[  766.800153][  T938] usb 5-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  766.814537][  T938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  766.822860][  T938] usb 5-1: Product: syz
[  766.827308][  T938] usb 5-1: Manufacturer: syz
[  766.832502][  T938] usb 5-1: SerialNumber: syz
[  766.841426][ T9638] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  766.855734][  T938] usb 5-1: config 0 descriptor??
[  766.876493][  T938] gspca_main: stk014-2.14.0 probing 05e1:0893
[  766.891895][  T938] usb 5-1: selecting invalid altsetting 1
[  767.021616][ T9638] usb 2-1: Using ep0 maxpacket: 32
[  767.035458][ T9638] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  767.053817][ T9638] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  767.063921][ T9638] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  767.073420][ T9638] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  767.083836][  T938] gspca_stk014: init reg: 0x00
[  767.084961][ T9638] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  767.089005][  T938] stk014 5-1:0.0: probe with driver stk014 failed with error -5
[  767.099090][ T9638] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  767.121517][ T9638] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  767.140128][ T9638] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  767.158921][ T9638] usb 2-1: config 0 descriptor??
[  767.374121][ T9638] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 58 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  767.625542][T12733] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  767.686845][    C0] usblp0: nonzero read bulk status received: -71
[  767.687975][ T9638] usb 2-1: USB disconnect, device number 58
[  767.712696][T14601] usblp0: error -71 reading from printer
[  767.765814][ T9638] usblp0: removed
[  767.849568][T12733] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  767.861829][  T938] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  767.916081][ T9699] usbhid 1-1:5.0: can't add hid device: -71
[  767.940944][ T9699] usbhid 1-1:5.0: probe with driver usbhid failed with error -71
[  767.965763][ T9699] usb 1-1: USB disconnect, device number 38
[  767.985271][T12733] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  768.042021][  T938] usb 4-1: Using ep0 maxpacket: 8
[  768.052062][  T938] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  768.062640][  T938] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  768.094635][  T938] usb 4-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  768.118419][T12733] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  768.118901][  T938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  768.163212][  T938] usb 4-1: config 0 descriptor??
[  768.178289][ T5236] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  768.179628][  T938] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  768.201472][ T5236] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  768.211117][ T5236] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  768.228125][ T5236] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  768.239983][ T5236] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  768.248209][ T5236] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  768.446973][T12733] bridge_slave_1: left allmulticast mode
[  768.458540][T12733] bridge_slave_1: left promiscuous mode
[  768.466652][T12733] bridge0: port 2(bridge_slave_1) entered disabled state
[  768.485427][T12733] bridge_slave_0: left allmulticast mode
[  768.492395][T12733] bridge_slave_0: left promiscuous mode
[  768.498275][T12733] bridge0: port 1(bridge_slave_0) entered disabled state
[  768.565772][ T9699] usb 4-1: USB disconnect, device number 72
[  768.828099][T14641] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2342'.
[  769.064100][T12733] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  769.076876][T12733] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  769.091750][T12733] bond0 (unregistering): Released all slaves
[  769.210676][T12733] tipc: Left network mode
[  769.426252][ T9672] usb 5-1: USB disconnect, device number 25
[  769.668825][T14630] chnl_net:caif_netlink_parms(): no params data found
[  769.771301][ T9699] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  769.880520][T14667] macvlan0: entered allmulticast mode
[  769.897776][T14667] veth1_vlan: entered allmulticast mode
[  769.931462][ T9699] usb 2-1: Using ep0 maxpacket: 16
[  769.942851][ T9699] usb 2-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  769.997455][ T9699] usb 2-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  770.030850][T14672] team0: Port device veth0_to_team added
[  770.036808][ T9699] usb 2-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  770.062458][T14675] veth1_vlan: left allmulticast mode
[  770.067925][ T9699] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.138657][T14675] macvlan0 (unregistering): left allmulticast mode
[  770.162830][T12733] hsr_slave_0: left promiscuous mode
[  770.170213][T12733] hsr_slave_1: left promiscuous mode
[  770.178875][T12733] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  770.186763][T12733] batman_adv: batadv0: Removing interface: batadv_slave_0
[  770.196119][T12733] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  770.209187][T12733] batman_adv: batadv0: Removing interface: batadv_slave_1
[  770.221609][ T5278] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  770.261866][T12733] veth1_macvtap: left promiscuous mode
[  770.267607][T12733] veth0_macvtap: left promiscuous mode
[  770.274055][T12733] veth1_vlan: left promiscuous mode
[  770.279520][T12733] veth0_vlan: left promiscuous mode
[  770.307516][T14685] FAULT_INJECTION: forcing a failure.
[  770.307516][T14685] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  770.331382][T10756] Bluetooth: hci3: command tx timeout
[  770.333447][T14685] CPU: 1 UID: 0 PID: 14685 Comm: syz.0.2351 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  770.348001][T14685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  770.358112][T14685] Call Trace:
[  770.361424][T14685]  <TASK>
[  770.364369][T14685]  dump_stack_lvl+0x241/0x360
[  770.369079][T14685]  ? __pfx_dump_stack_lvl+0x10/0x10
[  770.374304][T14685]  ? __pfx__printk+0x10/0x10
[  770.378914][T14685]  ? __pfx_lock_release+0x10/0x10
[  770.383984][T14685]  should_fail_ex+0x3b0/0x4e0
[  770.388688][T14685]  _copy_from_user+0x2f/0xe0
[  770.393302][T14685]  __sys_bpf+0x1a4/0x810
[  770.397563][T14685]  ? __pfx___sys_bpf+0x10/0x10
[  770.402353][T14685]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  770.408707][T14685]  __ia32_sys_bpf+0x7c/0x90
[  770.413222][T14685]  __do_fast_syscall_32+0xb4/0x110
[  770.418349][T14685]  ? exc_page_fault+0x590/0x8c0
[  770.423245][T14685]  do_fast_syscall_32+0x34/0x80
[  770.428113][T14685]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  770.434574][T14685] RIP: 0023:0xf7fb0579
[  770.438654][T14685] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  770.458286][T14685] RSP: 002b:00000000f573656c EFLAGS: 00000206 ORIG_RAX: 0000000000000165
[  770.466723][T14685] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000002000e000
[  770.474721][T14685] RDX: 0000000000000032 RSI: 0000000000000000 RDI: 0000000000000000
[  770.482733][T14685] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  770.490719][T14685] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  770.498716][T14685] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  770.506732][T14685]  </TASK>
[  770.557889][ T5278] usb 4-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=66.21
[  770.569466][ T5278] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.603299][ T5278] usb 4-1: config 0 descriptor??
[  770.635380][T12733] pim6reg (unregistering): left allmulticast mode
[  770.639076][ T5278] pegasus_notetaker 4-1:0.0: Invalid number of endpoints
[  770.667048][ T5278] pegasus_notetaker 4-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  770.913837][T14689] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  770.928597][T14689] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  770.961573][ T5278] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  771.121282][ T5278] usb 1-1: Using ep0 maxpacket: 8
[  771.129377][ T5278] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  771.154545][ T5278] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  771.175537][ T5278] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  771.185031][ T5278] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  771.201464][ T5278] usb 1-1: config 0 descriptor??
[  771.219013][ T5278] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  771.293626][T12733] team0 (unregistering): Port device team_slave_1 removed
[  771.356446][T12733] team0 (unregistering): Port device team_slave_0 removed
[  771.653282][ T5278] usb 1-1: USB disconnect, device number 39
[  771.665825][ T9699] usbhid 2-1:5.0: can't add hid device: -71
[  771.681793][ T9699] usbhid 2-1:5.0: probe with driver usbhid failed with error -71
[  771.693277][ T9699] usb 2-1: USB disconnect, device number 59
[  772.099501][T14679] team0: Port device veth0_to_team removed
[  772.128383][T14679] team0: Port device team_slave_0 removed
[  772.204077][T14630] bridge0: port 1(bridge_slave_0) entered blocking state
[  772.259603][T14630] bridge0: port 1(bridge_slave_0) entered disabled state
[  772.290551][T14630] bridge_slave_0: entered allmulticast mode
[  772.302757][T14630] bridge_slave_0: entered promiscuous mode
[  772.311944][T14692] tipc: Started in network mode
[  772.316953][T14692] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711
[  772.333480][T14692] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  772.364834][T14630] bridge0: port 2(bridge_slave_1) entered blocking state
[  772.380526][T14630] bridge0: port 2(bridge_slave_1) entered disabled state
[  772.389681][T14630] bridge_slave_1: entered allmulticast mode
[  772.407902][T14630] bridge_slave_1: entered promiscuous mode
[  772.431045][T10756] Bluetooth: hci3: command tx timeout
[  772.470185][T14630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  772.519080][T14630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  772.582559][T14630] team0: Port device team_slave_0 added
[  772.594379][T14630] team0: Port device team_slave_1 added
[  772.640086][T14630] batman_adv: batadv0: Adding interface: batadv_slave_0
[  772.651526][T14630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  772.679498][T14630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  772.705039][T14630] batman_adv: batadv0: Adding interface: batadv_slave_1
[  772.720670][T14630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  772.789698][T14630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  772.894050][T14630] hsr_slave_0: entered promiscuous mode
[  772.901007][T14630] hsr_slave_1: entered promiscuous mode
[  772.914971][T14630] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  772.926302][T14630] Cannot create hsr debugfs directory
[  773.002327][ T9672] usb 4-1: USB disconnect, device number 73
[  773.121531][ T5278] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  773.301925][ T5278] usb 5-1: Using ep0 maxpacket: 8
[  773.309004][ T5278] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  773.372653][ T5278] usb 5-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  773.399466][ T5278] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  773.447554][ T5278] usb 5-1: Product: syz
[  773.469594][ T5278] usb 5-1: Manufacturer: syz
[  773.480923][ T5278] usb 5-1: SerialNumber: syz
[  773.517243][ T5278] usb 5-1: config 0 descriptor??
[  773.562319][ T9672] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  773.577405][ T5278] gspca_main: stk014-2.14.0 probing 05e1:0893
[  773.583821][ T5278] usb 5-1: selecting invalid altsetting 1
[  773.710061][T14728] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2359'.
[  773.721331][ T9638] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  773.746128][ T9672] usb 4-1: Using ep0 maxpacket: 8
[  773.746294][ T5278] gspca_stk014: init reg: 0x00
[  773.753175][ T9672] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  773.756141][ T5278] stk014 5-1:0.0: probe with driver stk014 failed with error -5
[  773.778335][ T9672] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  773.827097][ T9672] usb 4-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  773.846720][ T9672] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  773.878552][ T9672] usb 4-1: config 0 descriptor??
[  773.882029][ T9638] usb 2-1: Using ep0 maxpacket: 8
[  773.894605][ T9638] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  773.897561][ T9672] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  773.909028][ T9638] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  773.951385][ T9638] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  773.965054][T14630] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  773.972037][ T9638] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  773.982490][ T9638] usb 2-1: config 0 descriptor??
[  773.992555][ T9638] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  774.003862][T14630] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  774.023894][T14630] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  774.037935][T14630] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  774.170553][T14630] 8021q: adding VLAN 0 to HW filter on device bond0
[  774.199803][T14630] 8021q: adding VLAN 0 to HW filter on device team0
[  774.213324][ T5278] usb 4-1: USB disconnect, device number 74
[  774.235094][T12733] bridge0: port 1(bridge_slave_0) entered blocking state
[  774.242312][T12733] bridge0: port 1(bridge_slave_0) entered forwarding state
[  774.253368][T12733] bridge0: port 2(bridge_slave_1) entered blocking state
[  774.260658][T12733] bridge0: port 2(bridge_slave_1) entered forwarding state
[  774.370839][T14630] 8021q: adding VLAN 0 to HW filter on device batadv0
[  774.440524][T14630] veth0_vlan: entered promiscuous mode
[  774.464646][T14630] veth1_vlan: entered promiscuous mode
[  774.491587][T10756] Bluetooth: hci3: command tx timeout
[  774.528407][T14630] veth0_macvtap: entered promiscuous mode
[  774.548031][T14630] veth1_macvtap: entered promiscuous mode
[  774.587477][T14630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  774.615998][T14630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  774.633531][T14630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  774.647372][T14630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  774.660656][T14630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  774.677408][T14630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  774.690419][T14630] batman_adv: batadv0: Interface activated: batadv_slave_0
[  774.707771][T14630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  774.718624][T14630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  774.730075][T14630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  774.741479][  T938] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  774.759859][T14630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  774.789189][T14630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  774.802532][T14630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  774.814609][T14630] batman_adv: batadv0: Interface activated: batadv_slave_1
[  774.828018][T14630] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  774.838537][T14630] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  774.876107][T14630] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  774.913919][T14630] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  774.938823][T14762] pim6reg: entered allmulticast mode
[  774.941595][  T938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  774.961249][  T938] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a
[  774.972030][  T938] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  774.990687][T14762] pim6reg: left allmulticast mode
[  775.026809][  T938] usb 1-1: Product: syz
[  775.032801][  T938] usb 1-1: Manufacturer: syz
[  775.038811][  T938] usb 1-1: SerialNumber: syz
[  775.060476][T14765] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2361'.
[  775.067291][  T938] usb 1-1: config 0 descriptor??
[  775.156232][ T3126] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  775.166345][ T3126] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  775.267617][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  775.282831][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  775.317492][  T938] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-8
[  775.342254][  T938] dvb_usb_af9035 1-1:0.0: probe with driver dvb_usb_af9035 failed with error -8
[  775.379005][  T938] usb 1-1: USB disconnect, device number 40
[  775.541612][ T9638] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  775.701487][ T9638] usb 4-1: Using ep0 maxpacket: 8
[  775.713421][ T9638] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  775.724634][ T9638] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  775.737898][   T46] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  775.747696][ T9638] usb 4-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  775.758752][ T9638] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  775.782564][ T9638] usb 4-1: config 0 descriptor??
[  775.797854][ T9638] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  775.891541][   T46] usb 3-1: Using ep0 maxpacket: 8
[  775.900952][   T46] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  775.915965][  T938] usb 5-1: USB disconnect, device number 26
[  775.930764][   T46] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  775.984154][   T46] usb 3-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  776.012943][   T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  776.025821][   T46] usb 3-1: config 0 descriptor??
[  776.036940][   T46] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  776.196241][    T9] usb 4-1: USB disconnect, device number 75
[  776.373180][  T938] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  776.384164][    T9] usb 3-1: USB disconnect, device number 58
[  776.421362][ T9638] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  776.524804][ T5265] usb 2-1: USB disconnect, device number 60
[  776.541322][  T938] usb 5-1: Using ep0 maxpacket: 16
[  776.554291][  T938] usb 5-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  776.567935][  T938] usb 5-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  776.579909][T10756] Bluetooth: hci3: command tx timeout
[  776.586205][  T938] usb 5-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  776.591561][ T9638] usb 1-1: Using ep0 maxpacket: 16
[  776.595538][  T938] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  776.677957][ T9638] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  776.702249][ T9638] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  776.741276][ T9638] usb 1-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[  776.773337][ T9638] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  776.802524][ T9638] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  776.820937][ T9638] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  776.833487][ T9638] usb 1-1: Manufacturer: syz
[  776.848990][ T9638] usb 1-1: config 0 descriptor??
[  776.961368][T14820] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2367'.
[  777.023481][T14821] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2367'.
[  777.032863][ T5265] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  777.071679][ T9699] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  777.224818][ T5265] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  777.242747][ T9699] usb 4-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=66.21
[  777.252927][ T5265] usb 2-1: config 0 has no interface number 0
[  777.262854][ T5265] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  777.265262][ T9699] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  777.296055][ T9699] usb 4-1: config 0 descriptor??
[  777.315546][ T5265] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  777.316966][ T9699] pegasus_notetaker 4-1:0.0: Invalid number of endpoints
[  777.338414][ T9699] pegasus_notetaker 4-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  777.361744][ T5265] usb 2-1: config 0 descriptor??
[  777.368644][T14824] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2364'.
[  777.397881][ T5265] usb 2-1: selecting invalid altsetting 1
[  777.408050][ T5265] dvb_ttusb_budget: ttusb_init_controller: error
[  777.414605][ T5265] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  777.562394][ T5265] DVB: Unable to find symbol cx22700_attach()
[  777.598679][T14827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  777.626252][T14827] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  777.695694][ T5265] DVB: Unable to find symbol tda10046_attach()
[  777.705275][ T5265] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  778.073057][ T9638] usb 2-1: USB disconnect, device number 61
[  778.111121][  T938] usbhid 5-1:5.0: can't add hid device: -71
[  778.170138][  T938] usbhid 5-1:5.0: probe with driver usbhid failed with error -71
[  778.180991][  T938] usb 5-1: USB disconnect, device number 27
[  778.852218][T14833] binder: BINDER_SET_CONTEXT_MGR already set
[  778.910181][T14833] binder: 14832:14833 ioctl 4018620d 20000a80 returned -16
[  779.141613][ T9638] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  779.201836][  T938] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  779.301536][ T9638] usb 3-1: Using ep0 maxpacket: 32
[  779.318638][ T9638] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  779.348188][ T9638] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  779.381531][  T938] usb 2-1: Using ep0 maxpacket: 8
[  779.383846][ T9638] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  779.407490][  T938] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  779.418453][ T9638] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  779.429110][ T9638] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  779.430057][  T938] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  779.440316][ T9638] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  779.468848][ T9672] usb 1-1: USB disconnect, device number 41
[  779.472905][ T9638] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  779.487170][ T9638] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.495587][  T938] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  779.495626][  T938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.498064][  T938] usb 2-1: config 0 descriptor??
[  779.536459][ T9638] usb 3-1: config 0 descriptor??
[  779.538367][  T938] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  779.642254][ T9699] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  779.801954][ T9699] usb 5-1: Using ep0 maxpacket: 8
[  779.814497][ T9638] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 59 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  779.826804][ T9699] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  779.847216][ T9638] usb 3-1: USB disconnect, device number 59
[  779.870906][ T9699] usb 5-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  779.881195][ T9638] usblp0: removed
[  779.887597][  T938] usb 2-1: USB disconnect, device number 62
[  779.894000][ T9699] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  779.906812][ T5278] usb 4-1: USB disconnect, device number 76
[  779.919088][ T9699] usb 5-1: Product: syz
[  779.933266][ T9699] usb 5-1: Manufacturer: syz
[  779.934003][ T9672] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  779.939493][ T9699] usb 5-1: SerialNumber: syz
[  779.973492][ T9699] usb 5-1: config 0 descriptor??
[  779.989504][ T9699] gspca_main: stk014-2.14.0 probing 05e1:0893
[  779.997227][ T9699] usb 5-1: selecting invalid altsetting 1
[  780.101328][ T9672] usb 1-1: Using ep0 maxpacket: 8
[  780.109055][ T9672] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  780.119456][ T9672] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  780.133061][ T9672] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  780.142267][ T9672] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  780.160396][ T9672] usb 1-1: config 0 descriptor??
[  780.168723][ T9672] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  780.188801][ T9699] gspca_stk014: init reg: 0x00
[  780.197157][ T9699] stk014 5-1:0.0: probe with driver stk014 failed with error -5
[  780.301330][ T5278] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  780.341342][ T9638] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  780.461509][ T5278] usb 4-1: Using ep0 maxpacket: 8
[  780.468729][ T5278] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  780.490204][ T5278] usb 4-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  780.500926][ T5278] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  780.501338][ T9638] usb 3-1: Using ep0 maxpacket: 32
[  780.518167][ T5278] usb 4-1: config 0 descriptor??
[  780.526000][ T5278] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  780.534018][ T9638] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  780.548354][ T9638] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  780.557423][ T9638] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  780.567331][ T9638] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  780.577836][ T9638] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  780.588077][ T9638] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  780.601562][ T9638] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  780.610897][ T9638] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  780.624163][ T9638] usb 3-1: config 0 descriptor??
[  780.835378][ T9672] usb 4-1: USB disconnect, device number 77
[  780.845953][ T9638] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 60 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  781.991398][ T9638] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  782.096817][ T9699] usb 3-1: USB disconnect, device number 60
[  782.125500][ T9699] usblp0: removed
[  782.155274][ T9638] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  782.168297][ T9638] usb 2-1: config 0 has no interface number 0
[  782.192359][ T9638] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  782.209290][ T9638] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  782.219953][ T9638] usb 2-1: config 0 descriptor??
[  782.234746][ T9638] usb 2-1: selecting invalid altsetting 1
[  782.248570][ T9638] dvb_ttusb_budget: ttusb_init_controller: error
[  782.256546][ T9638] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  782.347594][ T9638] DVB: Unable to find symbol cx22700_attach()
[  782.410705][ T9638] DVB: Unable to find symbol tda10046_attach()
[  782.428293][ T9638] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  782.433773][  T938] usb 5-1: USB disconnect, device number 28
[  782.723286][ T5265] usb 1-1: USB disconnect, device number 42
[  782.855920][ T9672] usb 2-1: USB disconnect, device number 63
[  783.095113][  T938] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  783.161383][ T5265] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  783.271668][  T938] usb 3-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=66.21
[  783.280797][  T938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.305015][  T938] usb 3-1: config 0 descriptor??
[  783.320153][  T938] pegasus_notetaker 3-1:0.0: Invalid number of endpoints
[  783.330123][ T5265] usb 1-1: Using ep0 maxpacket: 8
[  783.336838][  T938] pegasus_notetaker 3-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  783.348170][ T5265] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  783.371048][ T5265] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  783.401280][ T5265] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  783.410488][ T5265] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.422197][ T5265] usb 1-1: config 0 descriptor??
[  783.441398][ T5265] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  783.560552][T14896] FAULT_INJECTION: forcing a failure.
[  783.560552][T14896] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  783.573871][ T9699] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  783.589351][T14896] CPU: 0 UID: 0 PID: 14896 Comm: syz.1.2390 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  783.600284][T14896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  783.603466][T14897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  783.610360][T14896] Call Trace:
[  783.610377][T14896]  <TASK>
[  783.610389][T14896]  dump_stack_lvl+0x241/0x360
[  783.610423][T14896]  ? __pfx_dump_stack_lvl+0x10/0x10
[  783.610450][T14896]  ? __pfx__printk+0x10/0x10
[  783.639579][T14896]  should_fail_ex+0x3b0/0x4e0
[  783.644333][T14896]  _copy_from_user+0x2f/0xe0
[  783.648996][T14896]  move_addr_to_kernel+0x82/0x150
[  783.654085][T14896]  __sys_connect+0xc1/0x300
[  783.658655][T14896]  ? __pfx___sys_connect+0x10/0x10
[  783.663864][T14896]  __ia32_sys_connect+0x7a/0x90
[  783.668768][T14896]  __do_fast_syscall_32+0xb4/0x110
[  783.673931][T14896]  ? exc_page_fault+0x590/0x8c0
[  783.678855][T14896]  do_fast_syscall_32+0x34/0x80
[  783.683755][T14896]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  783.690133][T14896] RIP: 0023:0xf7fb0579
[  783.694249][T14896] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  783.713913][T14896] RSP: 002b:00000000f573656c EFLAGS: 00000206 ORIG_RAX: 000000000000016a
[  783.721320][ T9699] usb 5-1: Using ep0 maxpacket: 32
[  783.722369][T14896] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000280
[  783.722392][T14896] RDX: 000000000000006e RSI: 0000000000000000 RDI: 0000000000000000
[  783.722408][T14896] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  783.722425][T14896] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  783.722442][T14896] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  783.740386][ T9699] usb 5-1: New USB device found, idVendor=09fb, idProduct=ebbe, bcdDevice=ea.fe
[  783.743622][T14896]  </TASK>
[  783.781034][ T9699] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.789216][ T9699] usb 5-1: Product: syz
[  783.793595][ T9699] usb 5-1: Manufacturer: syz
[  783.798240][ T9699] usb 5-1: SerialNumber: syz
[  783.804254][T14897] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  783.835712][ T9699] usb 5-1: config 0 descriptor??
[  783.936184][  T938] usb 1-1: USB disconnect, device number 43
[  784.086823][T14893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  784.112494][T14893] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  784.257820][ T5265] usb 5-1: USB disconnect, device number 29
[  784.301450][ T9699] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  784.471505][ T9699] usb 2-1: Using ep0 maxpacket: 32
[  784.496379][ T9699] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  784.512933][ T9699] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  784.523497][ T9699] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  784.533232][ T9699] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  784.543623][ T9699] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  784.554632][ T9699] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  784.570594][T14911] FAULT_INJECTION: forcing a failure.
[  784.570594][T14911] name failslab, interval 1, probability 0, space 0, times 0
[  784.591212][ T9699] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  784.609200][ T9699] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  784.626325][T14911] CPU: 0 UID: 0 PID: 14911 Comm: syz.0.2393 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  784.637169][T14911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  784.647237][T14911] Call Trace:
[  784.650526][T14911]  <TASK>
[  784.653463][T14911]  dump_stack_lvl+0x241/0x360
[  784.658170][T14911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  784.663482][T14911]  ? __pfx__printk+0x10/0x10
[  784.668111][T14911]  ? fs_reclaim_acquire+0x93/0x130
[  784.673248][T14911]  ? __pfx___might_resched+0x10/0x10
[  784.678569][T14911]  should_fail_ex+0x3b0/0x4e0
[  784.683274][T14911]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  784.689007][T14911]  should_failslab+0xac/0x100
[  784.693704][T14911]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  784.699438][T14911]  __kmalloc_noprof+0xd8/0x400
[  784.704238][T14911]  tomoyo_realpath_from_path+0xcf/0x5e0
[  784.709812][T14911]  tomoyo_path_number_perm+0x23a/0x880
[  784.715282][T14911]  ? tomoyo_path_number_perm+0x208/0x880
[  784.720930][T14911]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  784.726929][T14911]  ? __pfx_lock_acquire+0x10/0x10
[  784.732001][T14911]  ? __fget_files+0x29/0x470
[  784.736623][T14911]  ? __fget_files+0x3f3/0x470
[  784.741331][T14911]  security_file_ioctl_compat+0xc6/0x2a0
[  784.747092][T14911]  __se_compat_sys_ioctl+0xd6/0xc90
[  784.752299][T14911]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  784.758119][T14911]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  784.764149][T14911]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  784.770585][T14911]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  784.777181][T14911]  ? lockdep_hardirqs_on+0x99/0x150
[  784.782385][T14911]  __do_fast_syscall_32+0xb4/0x110
[  784.787507][T14911]  ? exc_page_fault+0x590/0x8c0
[  784.792395][T14911]  do_fast_syscall_32+0x34/0x80
[  784.797251][T14911]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  784.803588][T14911] RIP: 0023:0xf7fb0579
[  784.807665][T14911] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  784.827279][T14911] RSP: 002b:00000000f573656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  784.835706][T14911] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000c10c5541
[  784.843682][T14911] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000
[  784.851661][T14911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  784.859639][T14911] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  784.867619][T14911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  784.875611][T14911]  </TASK>
[  784.902846][ T9699] usb 2-1: config 0 descriptor??
[  784.974186][T14911] ERROR: Out of memory at tomoyo_realpath_from_path.
[  785.176175][ T9699] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 64 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  785.219193][ T9699] usb 2-1: USB disconnect, device number 64
[  785.246034][ T9699] usblp0: removed
[  785.481292][  T938] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  785.631777][  T938] usb 1-1: Using ep0 maxpacket: 8
[  785.643972][  T938] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  785.664633][  T938] usb 1-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  785.691409][ T5265] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  785.718891][  T938] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  785.727289][ T9672] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  785.739590][  T938] usb 1-1: Product: syz
[  785.745272][  T938] usb 1-1: Manufacturer: syz
[  785.756241][  T938] usb 1-1: SerialNumber: syz
[  785.767363][  T938] usb 1-1: config 0 descriptor??
[  785.788804][  T938] gspca_main: stk014-2.14.0 probing 05e1:0893
[  785.804642][  T938] usb 1-1: selecting invalid altsetting 1
[  785.861395][ T5265] usb 5-1: Using ep0 maxpacket: 8
[  785.883791][ T5265] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  785.896103][ T9672] usb 2-1: Using ep0 maxpacket: 32
[  785.903712][ T5265] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  785.903977][ T9638] usb 3-1: USB disconnect, device number 61
[  785.925698][ T9672] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  785.954962][ T9672] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  785.968105][ T5265] usb 5-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  785.978910][ T9672] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  786.014290][ T5265] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.023591][ T9672] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  786.034627][ T9672] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  786.044716][ T9672] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  786.057915][ T9672] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  786.067158][ T9672] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.075895][  T938] gspca_stk014: init reg: 0x00
[  786.080730][  T938] stk014 1-1:0.0: probe with driver stk014 failed with error -5
[  786.108159][ T5265] usb 5-1: config 0 descriptor??
[  786.114244][ T9672] usb 2-1: config 0 descriptor??
[  786.196815][ T5265] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  786.353997][ T9672] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 65 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  786.431541][ T9638] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  786.431762][  T938] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  786.450230][ T9699] usb 5-1: USB disconnect, device number 30
[  786.581328][ T9638] usb 3-1: Using ep0 maxpacket: 8
[  786.588295][ T9638] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  786.600352][ T9638] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  786.601407][  T938] usb 4-1: Using ep0 maxpacket: 16
[  786.615266][ T9638] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  786.625570][ T9638] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  786.630196][  T938] usb 4-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  786.633760][ T9638] usb 3-1: Product: syz
[  786.650099][ T9638] usb 3-1: Manufacturer: syz
[  786.654952][  T938] usb 4-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  786.655004][  T938] usb 4-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  786.655134][  T938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.688269][ T9638] usb 3-1: SerialNumber: syz
[  786.696312][ T9638] usb 3-1: config 0 descriptor??
[  786.710913][ T9638] radio-si470x 3-1:0.0: could not find interrupt in endpoint
[  786.719360][ T9638] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5
[  786.729546][ T9638] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  787.011074][T14928] @: renamed from vlan0 (while UP)
[  787.099703][  T938] usbhid 4-1:5.0: can't add hid device: -71
[  787.111099][  T938] usbhid 4-1:5.0: probe with driver usbhid failed with error -71
[  787.133564][  T938] usb 4-1: USB disconnect, device number 78
[  787.590527][  T938] usb 2-1: USB disconnect, device number 65
[  787.599152][  T938] usblp0: removed
[  787.708971][T14930] tipc: Started in network mode
[  787.733635][T14930] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711
[  787.748103][T14932] xt_CT: No such helper "netbios-ns"
[  787.760389][T14930] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  787.772397][T14930] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2400'.
[  788.250812][ T9672] usb 1-1: USB disconnect, device number 44
[  788.260898][  T938] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  788.321344][ T5278] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  788.431381][ T9638] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  788.441437][  T938] usb 4-1: Using ep0 maxpacket: 8
[  788.450463][  T938] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  788.462018][  T938] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  788.475081][  T938] usb 4-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  788.481482][ T5278] usb 5-1: Using ep0 maxpacket: 8
[  788.484244][  T938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  788.499431][  T938] usb 4-1: config 0 descriptor??
[  788.500487][ T5278] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  788.509803][  T938] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  788.535870][ T5278] usb 5-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  788.546316][ T5278] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  788.558253][ T5278] usb 5-1: config 0 descriptor??
[  788.567408][ T5278] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  788.601588][ T9638] usb 2-1: Using ep0 maxpacket: 8
[  788.608398][ T9638] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  788.619024][ T9638] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  788.632423][ T9638] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  788.641612][ T9638] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  788.651687][ T9638] usb 2-1: config 0 descriptor??
[  788.662284][ T9638] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  788.835998][ T9638] usb 4-1: USB disconnect, device number 79
[  788.884087][ T5278] usb 5-1: USB disconnect, device number 31
[  789.005671][  T938] usb 2-1: USB disconnect, device number 66
[  789.075664][ T5265] usb 3-1: USB disconnect, device number 62
[  789.201503][ T2634] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  789.249502][T14959] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2409'.
[  789.360795][ T2634] usb 1-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=66.21
[  789.381242][ T2634] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.393066][ T2634] usb 1-1: config 0 descriptor??
[  789.420451][ T2634] pegasus_notetaker 1-1:0.0: Invalid number of endpoints
[  789.437150][ T2634] pegasus_notetaker 1-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  789.642834][T14964] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  789.709738][T14969] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  789.747248][T14969] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  789.878995][T14962] vlan2: entered promiscuous mode
[  789.884910][T14962] vlan2: entered allmulticast mode
[  789.890835][T14962] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  789.899223][T14962] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  789.930506][T14962] team0: Port device vlan2 added
[  789.951570][ T9672] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  790.025323][T14972] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  790.035617][T14972] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2413'.
[  790.127899][ T9672] usb 2-1: Using ep0 maxpacket: 16
[  790.137979][ T9672] usb 2-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  790.175938][ T9672] usb 2-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  790.281342][ T9672] usb 2-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  790.295888][ T9672] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.298303][T14975] xt_CT: No such helper "netbios-ns"
[  790.475220][T14979] FAULT_INJECTION: forcing a failure.
[  790.475220][T14979] name failslab, interval 1, probability 0, space 0, times 0
[  790.509560][T14979] CPU: 1 UID: 0 PID: 14979 Comm: syz.3.2416 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  790.520410][T14979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  790.530515][T14979] Call Trace:
[  790.533835][T14979]  <TASK>
[  790.536801][T14979]  dump_stack_lvl+0x241/0x360
[  790.541531][T14979]  ? __pfx_dump_stack_lvl+0x10/0x10
[  790.546782][T14979]  ? __pfx__printk+0x10/0x10
[  790.551422][T14979]  ? fs_reclaim_acquire+0x93/0x130
[  790.556585][T14979]  ? __pfx___might_resched+0x10/0x10
[  790.561939][T14979]  should_fail_ex+0x3b0/0x4e0
[  790.566684][T14979]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  790.572443][T14979]  should_failslab+0xac/0x100
[  790.577166][T14979]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  790.582941][T14979]  __kmalloc_noprof+0xd8/0x400
[  790.587745][T14979]  tomoyo_realpath_from_path+0xcf/0x5e0
[  790.593347][T14979]  tomoyo_path_number_perm+0x23a/0x880
[  790.598861][T14979]  ? tomoyo_path_number_perm+0x208/0x880
[  790.604547][T14979]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  790.610578][T14979]  ? __pfx_lock_acquire+0x10/0x10
[  790.615695][T14979]  ? __fget_files+0x29/0x470
[  790.620346][T14979]  ? __fget_files+0x3f3/0x470
[  790.625082][T14979]  security_file_ioctl_compat+0xc6/0x2a0
[  790.630760][T14979]  __se_compat_sys_ioctl+0xd6/0xc90
[  790.636009][T14979]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  790.641876][T14979]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  790.647908][T14979]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  790.654291][T14979]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  790.660930][T14979]  ? lockdep_hardirqs_on+0x99/0x150
[  790.666169][T14979]  __do_fast_syscall_32+0xb4/0x110
[  790.671349][T14979]  ? exc_page_fault+0x590/0x8c0
[  790.676263][T14979]  do_fast_syscall_32+0x34/0x80
[  790.681164][T14979]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  790.687549][T14979] RIP: 0023:0xf7f22579
[  790.691661][T14979] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  790.711336][T14979] RSP: 002b:00000000f56a656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  790.719813][T14979] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  790.727842][T14979] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  790.735857][T14979] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  790.743863][T14979] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  790.751861][T14979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  790.759876][T14979]  </TASK>
[  790.769033][T14979] ERROR: Out of memory at tomoyo_realpath_from_path.
[  790.798550][  T938] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  790.849631][ T9672] usbhid 2-1:5.0: can't add hid device: -71
[  790.859204][ T9672] usbhid 2-1:5.0: probe with driver usbhid failed with error -71
[  790.873898][ T9672] usb 2-1: USB disconnect, device number 67
[  790.961366][  T938] usb 3-1: Using ep0 maxpacket: 8
[  790.969983][  T938] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  790.982253][  T938] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  790.998734][  T938] usb 3-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  791.017346][  T938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  791.028827][  T938] usb 3-1: config 0 descriptor??
[  791.047706][  T938] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  791.433441][T14993] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2421'.
[  791.492715][T14994] dccp_close: ABORT with 40 bytes unread
[  791.507541][T14995] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2421'.
[  791.516817][T14995] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2421'.
[  791.853620][T15002] pim6reg: entered allmulticast mode
[  791.869216][T15002] pim6reg: left allmulticast mode
[  791.988664][ T2634] usb 1-1: USB disconnect, device number 45
[  792.018861][T15004] tipc: Started in network mode
[  792.024555][T15004] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711
[  792.035935][T15004] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  792.049189][T15004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2424'.
[  792.351555][ T9672] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[  792.401382][ T2634] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  792.500770][T15013] vlan2: entered promiscuous mode
[  792.506170][T15013] vlan2: entered allmulticast mode
[  792.512220][T15013] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  792.519728][T15013] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  792.533776][ T9672] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  792.543720][T15013] team0: Port device vlan2 added
[  792.570430][ T9672] usb 4-1: config 0 has no interface number 0
[  792.573548][ T2634] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  792.584137][ T9672] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  792.585536][ T2634] usb 1-1: config 0 has no interface number 0
[  792.594016][ T9672] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  792.608392][ T2634] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  792.619413][ T2634] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  792.640510][ T2634] usb 1-1: config 0 descriptor??
[  792.668978][ T9672] usb 4-1: config 0 descriptor??
[  792.704768][ T2634] usb 1-1: selecting invalid altsetting 1
[  792.706726][ T9672] usb 4-1: selecting invalid altsetting 1
[  792.721690][ T9672] dvb_ttusb_budget: ttusb_init_controller: error
[  792.728554][ T9672] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  792.770546][ T2634] dvb_ttusb_budget: ttusb_init_controller: error
[  792.800891][ T2634] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  792.921333][ T9638] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  793.034039][ T9672] DVB: Unable to find symbol cx22700_attach()
[  793.131320][ T9638] usb 5-1: device descriptor read/64, error -71
[  793.184061][ T2634] DVB: Unable to find symbol cx22700_attach()
[  793.184918][ T9672] DVB: Unable to find symbol tda10046_attach()
[  793.243329][ T2634] DVB: Unable to find symbol tda10046_attach()
[  793.249569][ T2634] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  793.285097][ T9672] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  793.461459][ T9638] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  793.507278][ T5278] usb 1-1: USB disconnect, device number 46
[  793.591293][ T9638] usb 5-1: device descriptor read/64, error -71
[  793.643834][ T2634] usb 3-1: USB disconnect, device number 63
[  793.685608][ T9672] usb 4-1: USB disconnect, device number 80
[  793.710420][ T9638] usb usb5-port1: attempt power cycle
[  793.931676][ T5278] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  794.051348][ T2634] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  794.061588][ T9638] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  794.081316][ T5278] usb 2-1: Using ep0 maxpacket: 16
[  794.087480][ T9638] usb 5-1: device descriptor read/8, error -71
[  794.095086][ T5278] usb 2-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  794.107208][ T5278] usb 2-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  794.118425][ T5278] usb 2-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  794.128178][ T5278] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  794.191473][ T2634] usb 3-1: device descriptor read/64, error -71
[  794.341431][ T9638] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  794.377682][ T9638] usb 5-1: device descriptor read/8, error -71
[  794.431922][ T2634] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  794.487778][T15039] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  794.501851][ T9638] usb usb5-port1: unable to enumerate USB device
[  794.516599][T15039] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2436'.
[  794.582170][ T2634] usb 3-1: device descriptor read/64, error -71
[  794.623742][ T5278] usbhid 2-1:5.0: can't add hid device: -71
[  794.629812][ T5278] usbhid 2-1:5.0: probe with driver usbhid failed with error -71
[  794.661975][ T5278] usb 2-1: USB disconnect, device number 68
[  794.701375][ T9672] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[  794.721651][ T2634] usb usb3-port1: attempt power cycle
[  794.871499][ T5265] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  794.881470][ T9672] usb 4-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=66.21
[  794.890565][ T9672] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  794.903387][ T9672] usb 4-1: config 0 descriptor??
[  794.912041][ T9672] pegasus_notetaker 4-1:0.0: Invalid number of endpoints
[  794.919546][ T9672] pegasus_notetaker 4-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  795.021548][ T5265] usb 1-1: Using ep0 maxpacket: 16
[  795.029071][ T5265] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  795.040321][ T5265] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  795.050170][ T5265] usb 1-1: New USB device found, idVendor=5543, idProduct=0004, bcdDevice= 0.00
[  795.059398][ T5265] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.061472][ T2634] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  795.076435][ T5265] usb 1-1: config 0 descriptor??
[  795.102375][ T2634] usb 3-1: device descriptor read/8, error -71
[  795.183202][T15043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  795.193277][T15043] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  795.302110][ T5265] uclogic 0003:5543:0004.000E: unknown main item tag 0x0
[  795.313307][ T5265] uclogic 0003:5543:0004.000E: unknown main item tag 0x0
[  795.321039][ T5265] uclogic 0003:5543:0004.000E: No inputs registered, leaving
[  795.331264][ T5265] uclogic 0003:5543:0004.000E: hidraw0: USB HID v0.00 Device [HID 5543:0004] on usb-dummy_hcd.0-1/input0
[  795.351387][ T2634] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  795.360233][   T46] usb 1-1: USB disconnect, device number 47
[  795.396930][ T2634] usb 3-1: device descriptor read/8, error -71
[  795.431905][T15047] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2439'.
[  795.507348][T15050] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2439'.
[  795.518942][T15050] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2439'.
[  795.535698][ T2634] usb usb3-port1: unable to enumerate USB device
[  795.763878][T15056] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2440'.
[  795.781624][   T46] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  795.931573][   T46] usb 1-1: Using ep0 maxpacket: 8
[  795.944486][   T46] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  795.955249][   T46] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  795.968372][   T46] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  795.977590][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.987570][   T46] usb 1-1: config 0 descriptor??
[  795.997638][   T46] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  796.293930][ T5265] usb 1-1: USB disconnect, device number 48
[  796.343904][T15059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2441'.
[  796.831407][ T5278] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  796.981524][ T5265] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  797.011256][ T5278] usb 2-1: Using ep0 maxpacket: 8
[  797.018030][ T5278] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  797.028698][ T5278] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  797.042036][ T5278] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  797.059227][ T5278] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  797.069394][ T5278] usb 2-1: config 0 descriptor??
[  797.084443][ T5278] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  797.141629][ T9671] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  797.151246][ T5265] usb 5-1: Using ep0 maxpacket: 32
[  797.167919][ T5265] usb 5-1: New USB device found, idVendor=09fb, idProduct=ebbe, bcdDevice=ea.fe
[  797.180038][ T5265] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  797.189959][ T5265] usb 5-1: Product: syz
[  797.194401][ T5265] usb 5-1: Manufacturer: syz
[  797.199371][ T5265] usb 5-1: SerialNumber: syz
[  797.206463][ T5265] usb 5-1: config 0 descriptor??
[  797.331314][ T9671] usb 3-1: Using ep0 maxpacket: 8
[  797.338168][ T9671] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  797.348849][ T9671] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  797.363569][ T9671] usb 3-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  797.372979][ T9671] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  797.383363][ T9671] usb 3-1: config 0 descriptor??
[  797.395218][ T9671] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  797.420806][T15069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  797.432857][T15069] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  797.445452][ T9671] usb 5-1: USB disconnect, device number 36
[  797.480198][ T5278] usb 4-1: USB disconnect, device number 81
[  797.575905][T15084] netlink: 'syz.0.2450': attribute type 39 has an invalid length.
[  797.742232][ T9671] usb 3-1: USB disconnect, device number 68
[  797.811099][T15090] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2451'.
[  797.891321][ T5278] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[  797.914329][T15091] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2451'.
[  797.924609][T15091] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2451'.
[  798.044697][ T5278] usb 4-1: Using ep0 maxpacket: 16
[  798.075509][ T5278] usb 4-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  798.113048][ T5278] usb 4-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  798.149883][ T5278] usb 4-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  798.187960][ T5278] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  798.421382][ T9699] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  798.591352][ T9699] usb 5-1: Using ep0 maxpacket: 32
[  798.606467][ T9699] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  798.629808][ T9699] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  798.838568][ T9699] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  799.070579][ T9699] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  799.102115][ T9699] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  799.119382][ T9699] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  799.155710][ T5278] usbhid 4-1:5.0: can't add hid device: -71
[  799.175151][ T5278] usbhid 4-1:5.0: probe with driver usbhid failed with error -71
[  799.189636][ T9699] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  799.220951][ T5278] usb 4-1: USB disconnect, device number 82
[  799.238238][ T9699] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  799.271842][T15095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2453'.
[  799.315251][ T9699] usb 5-1: config 0 descriptor??
[  799.589437][ T9699] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 37 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  799.653770][ T9699] usb 5-1: USB disconnect, device number 37
[  799.675217][ T9699] usblp0: removed
[  800.127862][T15110] FAULT_INJECTION: forcing a failure.
[  800.127862][T15110] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  800.160899][T15110] CPU: 1 UID: 0 PID: 15110 Comm: syz.0.2457 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  800.171764][T15110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  800.181867][T15110] Call Trace:
[  800.185186][T15110]  <TASK>
[  800.188153][T15110]  dump_stack_lvl+0x241/0x360
[  800.192883][T15110]  ? __pfx_dump_stack_lvl+0x10/0x10
[  800.198127][T15110]  ? __pfx__printk+0x10/0x10
[  800.202778][T15110]  should_fail_ex+0x3b0/0x4e0
[  800.207514][T15110]  _copy_from_user+0x2f/0xe0
[  800.212157][T15110]  move_addr_to_kernel+0x82/0x150
[  800.217254][T15110]  __sys_bind+0x162/0x2d0
[  800.221669][T15110]  ? __pfx___sys_bind+0x10/0x10
[  800.226604][T15110]  __ia32_sys_bind+0x7a/0x90
[  800.231255][T15110]  __do_fast_syscall_32+0xb4/0x110
[  800.236416][T15110]  ? exc_page_fault+0x590/0x8c0
[  800.241341][T15110]  do_fast_syscall_32+0x34/0x80
[  800.246245][T15110]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  800.252621][T15110] RIP: 0023:0xf7fb0579
[  800.256732][T15110] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  800.276393][T15110] RSP: 002b:00000000f573656c EFLAGS: 00000206 ORIG_RAX: 0000000000000169
[  800.284882][T15110] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020e15000
[  800.292918][T15110] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  800.301059][T15110] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  800.309087][T15110] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  800.317115][T15110] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  800.325151][T15110]  </TASK>
[  800.371672][T15111] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.2456'.
[  800.381426][ T9699] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  800.389349][T15111] netlink: 'syz.3.2456': attribute type 3 has an invalid length.
[  800.397769][T15111] netlink: 105 bytes leftover after parsing attributes in process `syz.3.2456'.
[  800.551441][ T9699] usb 5-1: Using ep0 maxpacket: 32
[  800.573196][ T9699] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  800.594920][ T9699] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  800.615910][ T9699] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  800.645587][ T9699] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  800.680085][ T9699] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  800.701665][ T5236] Bluetooth: hci1: unexpected event for opcode 0x080e
[  800.736980][ T9699] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  800.752183][ T9699] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  800.761978][ T9699] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  800.781800][ T9699] usb 5-1: config 0 descriptor??
[  801.014455][ T9699] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 38 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  801.081640][ T5278] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  801.243649][ T5278] usb 1-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=66.21
[  801.261915][ T5278] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  801.299342][    C1] usblp0: nonzero read bulk status received: -71
[  801.319426][ T5278] usb 1-1: config 0 descriptor??
[  801.328318][T15093] usblp0: error -71 reading from printer
[  801.342762][ T5278] pegasus_notetaker 1-1:0.0: Invalid number of endpoints
[  801.365551][ T5278] pegasus_notetaker 1-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  801.415498][    C1] usblp0: nonzero read bulk status received: -71
[  801.428352][ T5278] usb 5-1: USB disconnect, device number 38
[  801.445976][ T5278] usblp0: removed
[  801.630124][T15117] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  801.650597][T15117] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  803.789051][ T9699] usb 1-1: USB disconnect, device number 49
[  803.901442][ T2634] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[  804.076273][ T2634] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  804.093743][ T2634] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  804.109782][ T2634] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  804.167958][ T2634] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  804.190148][ T5278] usb 2-1: USB disconnect, device number 69
[  804.223925][ T9699] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  804.236444][ T2634] usb 4-1: Manufacturer: syz
[  804.277795][ T2634] usb 4-1: config 0 descriptor??
[  804.339692][T15129] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2464'.
[  804.414040][T15132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2464'.
[  804.425331][T15132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2464'.
[  804.442103][ T9699] usb 1-1: Using ep0 maxpacket: 8
[  804.449965][ T9699] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  804.462503][ T9699] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  804.485452][ T9699] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  804.497747][ T9699] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  804.520759][ T9699] usb 1-1: config 0 descriptor??
[  804.551772][ T9699] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  804.783489][T10756] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  804.795025][T10756] Bluetooth: hci1: Injecting HCI hardware error event
[  804.809159][ T5236] Bluetooth: hci1: hardware error 0x00
[  804.882864][T15125] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  805.003934][T15141] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2465'.
[  805.193864][ T2634] usb 4-1: USB disconnect, device number 83
[  805.524133][ T2634] usb 1-1: USB disconnect, device number 50
[  805.625748][T15148] mmap: syz.1.2468 (15148) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  805.657049][T15148] futex_wake_op: syz.1.2468 tries to shift op by 144; fix this program
[  805.703656][ T5278] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  805.811305][ T9699] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  805.871901][ T5278] usb 5-1: Using ep0 maxpacket: 16
[  805.888519][ T5278] usb 5-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  805.900619][ T5278] usb 5-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  805.916764][ T5278] usb 5-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  805.926158][ T5278] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  806.053499][ T9699] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  806.064964][ T9699] usb 3-1: config 0 has no interface number 0
[  806.086415][ T2634] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  806.103893][ T9699] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  806.147676][ T9699] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  806.184223][ T9699] usb 3-1: config 0 descriptor??
[  806.220111][ T9699] usb 3-1: selecting invalid altsetting 1
[  806.238711][ T9699] dvb_ttusb_budget: ttusb_init_controller: error
[  806.249135][ T9699] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  806.281497][ T2634] usb 2-1: Using ep0 maxpacket: 8
[  806.319260][ T2634] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  806.352881][ T2634] usb 2-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  806.377884][ T2634] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.406747][ T2634] usb 2-1: Product: syz
[  806.411050][ T2634] usb 2-1: Manufacturer: syz
[  806.512895][ T2634] usb 2-1: SerialNumber: syz
[  806.576406][ T2634] usb 2-1: config 0 descriptor??
[  806.623280][ T2634] gspca_main: stk014-2.14.0 probing 05e1:0893
[  806.661608][ T2634] usb 2-1: selecting invalid altsetting 1
[  806.830390][ T2634] gspca_stk014: init reg: 0x00
[  806.850600][ T2634] stk014 2-1:0.0: probe with driver stk014 failed with error -5
[  806.873998][   T46] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  806.894947][ T5236] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  806.954697][ T9699] DVB: Unable to find symbol cx22700_attach()
[  806.978934][ T5278] usbhid 5-1:5.0: can't add hid device: -71
[  806.988501][ T5278] usbhid 5-1:5.0: probe with driver usbhid failed with error -71
[  807.017985][ T5278] usb 5-1: USB disconnect, device number 39
[  807.061552][   T46] usb 4-1: Using ep0 maxpacket: 32
[  807.073684][   T46] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  807.089295][   T46] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  807.109399][   T46] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  807.135036][   T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  807.171334][   T46] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  807.199203][   T46] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  807.248247][   T46] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  807.269007][   T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  807.314522][   T46] usb 4-1: config 0 descriptor??
[  807.437083][ T9699] DVB: Unable to find symbol tda10046_attach()
[  807.448770][ T9699] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  807.500875][ T9699] usb 3-1: USB disconnect, device number 69
[  807.549350][   T46] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 84 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  807.579325][   T46] usb 4-1: USB disconnect, device number 84
[  807.613186][   T46] usblp0: removed
[  807.825965][T15161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2471'.
[  808.013849][ T9699] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  808.081357][   T46] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  808.181358][ T9699] usb 1-1: Using ep0 maxpacket: 16
[  808.244017][ T9699] usb 1-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  808.255531][   T46] usb 4-1: Using ep0 maxpacket: 32
[  808.273747][   T46] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  808.297412][   T46] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  808.307179][ T9699] usb 1-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  808.372588][   T46] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  808.398542][ T9699] usb 1-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  808.443920][   T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  808.464403][ T9699] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  808.489347][   T46] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  808.581047][   T46] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  808.619537][   T46] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  808.699017][   T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  808.786462][   T46] usb 4-1: config 0 descriptor??
[  808.924496][ T5278] usb 2-1: USB disconnect, device number 70
[  809.045991][   T46] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 85 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  809.102970][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  809.109474][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  809.719483][T15173] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2474'.
[  809.833571][T15173] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2474'.
[  810.022263][ T9699] usbhid 1-1:5.0: can't add hid device: -71
[  810.047764][   T46] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  810.084793][ T9699] usbhid 1-1:5.0: probe with driver usbhid failed with error -71
[  810.125600][ T9699] usb 1-1: USB disconnect, device number 51
[  810.251685][   T46] usb 3-1: Using ep0 maxpacket: 8
[  810.272714][   T46] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  810.308821][   T46] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  810.358983][ T9699] usb 4-1: USB disconnect, device number 85
[  810.369089][   T46] usb 3-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  810.409051][ T9699] usblp0: removed
[  810.427557][   T29] audit: type=1326 audit(1729211704.990:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15170 comm="syz.1.2473" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x7fc00000
[  810.449712][    C1] vkms_vblank_simulate: vblank timer overrun
[  810.475964][   T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  810.548845][   T46] usb 3-1: config 0 descriptor??
[  810.615171][   T46] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  810.664654][   T29] audit: type=1326 audit(1729211704.990:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15170 comm="syz.1.2473" exe="/root/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf7fb0579 code=0x7fc00000
[  810.686707][    C1] vkms_vblank_simulate: vblank timer overrun
[  810.968886][   T29] audit: type=1326 audit(1729211704.990:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15170 comm="syz.1.2473" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x7fc00000
[  811.007680][T15185] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2477'.
[  811.089436][   T29] audit: type=1326 audit(1729211704.990:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15170 comm="syz.1.2473" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x7fc00000
[  811.122871][T15189] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  811.169044][T15191] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2477'.
[  811.207251][T15190] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2478'.
[  811.243004][T15191] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2477'.
[  811.252911][   T29] audit: type=1326 audit(1729211704.990:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15170 comm="syz.1.2473" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x7fc00000
[  811.363679][   T29] audit: type=1326 audit(1729211704.990:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15170 comm="syz.1.2473" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x7fc00000
[  811.385791][    C1] vkms_vblank_simulate: vblank timer overrun
[  811.480922][   T29] audit: type=1326 audit(1729211704.990:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15170 comm="syz.1.2473" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x7fc00000
[  811.503081][    C1] vkms_vblank_simulate: vblank timer overrun
[  811.528234][   T29] audit: type=1326 audit(1729211704.990:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15170 comm="syz.1.2473" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x7fc00000
[  811.550442][    C1] vkms_vblank_simulate: vblank timer overrun
[  811.568588][T15199] FAULT_INJECTION: forcing a failure.
[  811.568588][T15199] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  811.589385][T15199] CPU: 1 UID: 0 PID: 15199 Comm: syz.0.2480 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  811.600217][T15199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  811.610302][T15199] Call Trace:
[  811.613621][T15199]  <TASK>
[  811.616585][T15199]  dump_stack_lvl+0x241/0x360
[  811.621345][T15199]  ? __pfx_dump_stack_lvl+0x10/0x10
[  811.626586][T15199]  ? __pfx__printk+0x10/0x10
[  811.631228][T15199]  ? snprintf+0xda/0x120
[  811.635516][T15199]  should_fail_ex+0x3b0/0x4e0
[  811.640249][T15199]  _copy_to_user+0x2f/0xb0
[  811.644722][T15199]  simple_read_from_buffer+0xca/0x150
[  811.650139][T15199]  proc_fail_nth_read+0x1e9/0x250
[  811.655199][T15199]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  811.660803][T15199]  ? rw_verify_area+0x55e/0x6f0
[  811.665708][T15199]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  811.671317][T15199]  vfs_read+0x201/0xbc0
[  811.675540][T15199]  ? __pfx_lock_release+0x10/0x10
[  811.680622][T15199]  ? __pfx_vfs_read+0x10/0x10
[  811.685356][T15199]  ? __fget_files+0x3f3/0x470
[  811.690086][T15199]  ? fdget_pos+0x24e/0x320
[  811.694537][T15199]  ksys_read+0x183/0x2b0
[  811.698802][T15199]  ? __pfx_ksys_read+0x10/0x10
[  811.703587][T15199]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  811.710218][T15199]  ? lockdep_hardirqs_on+0x99/0x150
[  811.715463][T15199]  __do_fast_syscall_32+0xb4/0x110
[  811.720626][T15199]  ? exc_page_fault+0x590/0x8c0
[  811.725538][T15199]  do_fast_syscall_32+0x34/0x80
[  811.730450][T15199]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  811.736828][T15199] RIP: 0023:0xf7fb0579
[  811.740936][T15199] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  811.760594][T15199] RSP: 002b:00000000f57155a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  811.769062][T15199] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f5715620
[  811.777077][T15199] RDX: 000000000000000f RSI: 00000000f743bff4 RDI: 0000000000000000
[  811.785092][T15199] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  811.793105][T15199] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  811.801121][T15199] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  811.809155][T15199]  </TASK>
[  811.812403][    C1] vkms_vblank_simulate: vblank timer overrun
[  811.819358][   T29] audit: type=1326 audit(1729211704.990:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15170 comm="syz.1.2473" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x7fc00000
[  811.851285][   T29] audit: type=1326 audit(1729211704.990:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15170 comm="syz.1.2473" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb0579 code=0x7fc00000
[  812.495577][   T46] IPVS: starting estimator thread 0...
[  812.511076][T15206] IPVS: wrr: SCTP 127.0.0.1:0 - no destination available
[  812.537043][ T5278] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  812.632680][T15210] IPVS: using max 15 ests per chain, 36000 per kthread
[  812.640105][T15213] FAULT_INJECTION: forcing a failure.
[  812.640105][T15213] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  812.667913][T15206] input: syz1 as /devices/virtual/input/input78
[  812.698613][T15213] CPU: 1 UID: 0 PID: 15213 Comm: syz.3.2486 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  812.709464][T15213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  812.719575][T15213] Call Trace:
[  812.722895][T15213]  <TASK>
[  812.725868][T15213]  dump_stack_lvl+0x241/0x360
[  812.730595][T15213]  ? __pfx_dump_stack_lvl+0x10/0x10
[  812.735852][T15213]  ? __pfx__printk+0x10/0x10
[  812.740493][T15213]  ? __pfx_lock_release+0x10/0x10
[  812.745580][T15213]  should_fail_ex+0x3b0/0x4e0
[  812.750314][T15213]  _copy_from_user+0x2f/0xe0
[  812.754956][T15213]  get_compat_msghdr+0xae/0x730
[  812.759862][T15213]  ? __fget_files+0x29/0x470
[  812.764496][T15213]  ? __pfx_get_compat_msghdr+0x10/0x10
[  812.769996][T15213]  ? __fget_files+0x3f3/0x470
[  812.774731][T15213]  __sys_sendmsg+0x25d/0x380
[  812.779369][T15213]  ? __pfx___sys_sendmsg+0x10/0x10
[  812.784553][T15213]  ? __pfx_vfs_write+0x10/0x10
[  812.789386][T15213]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  812.796020][T15213]  ? lockdep_hardirqs_on+0x99/0x150
[  812.801267][T15213]  __do_fast_syscall_32+0xb4/0x110
[  812.806429][T15213]  ? exc_page_fault+0x590/0x8c0
[  812.811335][T15213]  do_fast_syscall_32+0x34/0x80
[  812.816226][T15213]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  812.822618][T15213] RIP: 0023:0xf7f22579
[  812.826727][T15213] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  812.846386][T15213] RSP: 002b:00000000f56a656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  812.854872][T15213] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
[  812.862908][T15213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  812.870930][T15213] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  812.878946][T15213] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  812.886966][T15213] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  812.894997][T15213]  </TASK>
[  813.018539][ T5278] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  813.034500][ T5278] usb 1-1: config 0 has no interface number 0
[  813.053197][ T5278] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  813.094852][ T5278] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.137444][ T5278] usb 1-1: config 0 descriptor??
[  813.176535][ T5278] usb 1-1: selecting invalid altsetting 1
[  813.203207][ T5278] dvb_ttusb_budget: ttusb_init_controller: error
[  813.218563][ T5278] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  813.335583][ T5278] DVB: Unable to find symbol cx22700_attach()
[  813.441421][   T46] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  813.520814][ T5278] DVB: Unable to find symbol tda10046_attach()
[  813.527371][ T5278] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  813.591469][   T46] usb 5-1: Using ep0 maxpacket: 32
[  813.618627][   T46] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  813.635142][   T46] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  813.673031][   T46] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  813.710944][   T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  813.747901][   T46] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  813.778414][   T46] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  813.818062][   T46] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  813.842907][   T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.879600][   T46] usb 5-1: config 0 descriptor??
[  813.931547][ T5278] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  814.091460][ T5278] usb 4-1: Using ep0 maxpacket: 16
[  814.110197][ T5278] usb 4-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  814.138010][   T46] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 40 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  814.172772][ T5278] usb 4-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  814.193297][ T5278] usb 4-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  814.217346][ T9699] usb 1-1: USB disconnect, device number 52
[  814.229272][   T46] usb 5-1: USB disconnect, device number 40
[  814.279013][ T5278] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  814.289584][   T46] usblp0: removed
[  814.701515][   T46] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  814.881372][   T46] usb 5-1: Using ep0 maxpacket: 32
[  814.907943][   T46] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  814.943780][   T46] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  814.978414][   T46] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  815.018306][   T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  815.063036][   T46] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  815.104787][   T46] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  815.168963][   T46] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  815.207836][   T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  815.255762][   T46] usb 5-1: config 0 descriptor??
[  815.291020][T15223] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2489'.
[  815.414809][T15224] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2489'.
[  815.521715][   T46] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 41 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  815.872886][ T5278] usbhid 4-1:5.0: can't add hid device: -71
[  815.913264][ T5278] usbhid 4-1:5.0: probe with driver usbhid failed with error -71
[  815.954712][ T5278] usb 4-1: USB disconnect, device number 86
[  816.611530][ T5278] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  816.791506][ T5278] usb 1-1: Using ep0 maxpacket: 16
[  816.816534][ T5278] usb 1-1: config 5 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  816.866844][ T5278] usb 1-1: config 5 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  816.926429][ T5278] usb 1-1: New USB device found, idVendor=056a, idProduct=0013, bcdDevice= 0.00
[  816.944530][   T46] usb 5-1: USB disconnect, device number 41
[  816.972777][   T46] usblp0: removed
[  816.991488][ T5278] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.947144][T15240] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2493'.
[  818.099374][T15242] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2493'.
[  818.112528][T15242] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2493'.
[  818.715252][ T5278] usbhid 1-1:5.0: can't add hid device: -71
[  818.734370][ T5278] usbhid 1-1:5.0: probe with driver usbhid failed with error -71
[  818.760742][ T5278] usb 1-1: USB disconnect, device number 53
[  819.080225][T15244] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2494'.
[  820.184738][ T5278] usb 3-1: USB disconnect, device number 70
[  820.461521][ T9699] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  820.661381][ T9699] usb 2-1: Using ep0 maxpacket: 16
[  820.681423][   T46] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  820.697567][ T9699] usb 2-1: New USB device found, idVendor=046d, idProduct=08b2, bcdDevice=80.59
[  820.713681][ T5278] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[  820.759032][ T9699] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  820.828260][ T9699] usb 2-1: Product: syz
[  820.851577][ T9699] usb 2-1: Manufacturer: syz
[  820.883939][ T9699] usb 2-1: SerialNumber: syz
[  820.891585][   T46] usb 5-1: Using ep0 maxpacket: 16
[  820.910546][   T46] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[  820.928390][ T5278] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  820.962522][ T9699] usb 2-1: config 0 descriptor??
[  820.971727][   T46] usb 5-1: config 0 has no interface number 0
[  820.988629][ T5278] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  821.041634][   T46] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  821.053387][ T9699] pwc: Logitech QuickCam 4000 Pro USB webcam detected.
[  821.073897][ T5278] usb 4-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00
[  821.083956][   T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  821.124998][ T5278] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  821.145639][   T46] usb 5-1: Product: syz
[  821.149976][   T46] usb 5-1: Manufacturer: syz
[  821.170373][T10756] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  821.202411][T10756] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  821.222332][T10756] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  821.230987][T10756] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  821.241005][T10756] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  821.249408][T10756] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  821.262722][ T5278] usb 4-1: config 0 descriptor??
[  821.281205][   T46] usb 5-1: SerialNumber: syz
[  821.295760][   T46] usb 5-1: config 0 descriptor??
[  821.324542][   T46] asix 5-1:0.251: probe with driver asix failed with error -22
[  822.028313][ T3126] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.667743][ T5283] IPVS: starting estimator thread 0...
[  822.771278][T15269] IPVS: using max 16 ests per chain, 38400 per kthread
[  822.924591][ T3126] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  823.274865][T15268] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2500'.
[  823.944372][T15272] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2500'.
[  824.175500][ T9699] pwc: Failed to set LED on/off time (-71)
[  824.267671][ T9699] pwc: send_video_command error -71
[  824.311973][ T9699] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  824.371644][ T9699] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[  824.449859][ T9699] usb 2-1: USB disconnect, device number 71
[  824.571470][T10756] Bluetooth: hci3: command tx timeout
[  825.745178][ T3126] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  825.901401][ T9699] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  826.101514][ T9699] usb 1-1: Using ep0 maxpacket: 32
[  826.143504][ T9699] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  826.178839][ T9699] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  826.204113][ T9699] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  826.234773][ T9699] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  826.250152][   T46] usb 5-1: USB disconnect, device number 42
[  826.303491][ T9699] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  826.325430][ T9699] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  826.357397][ T9699] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  826.375033][ T5278] usbhid 4-1:0.0: can't add hid device: -32
[  826.384010][ T5278] usbhid 4-1:0.0: probe with driver usbhid failed with error -32
[  826.395672][ T9699] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  826.426758][ T9699] usb 1-1: config 0 descriptor??
[  826.651392][T10756] Bluetooth: hci3: command tx timeout
[  826.684833][ T9699] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 54 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  826.699603][ T9699] usb 1-1: USB disconnect, device number 54
[  826.708993][ T9699] usblp0: removed
[  827.391427][ T9699] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  827.561423][ T9699] usb 1-1: Using ep0 maxpacket: 32
[  827.584121][ T9699] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  827.599350][ T9699] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  827.619271][ T9699] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  827.636640][ T9699] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  827.648291][ T9699] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  827.665104][ T9699] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  827.686729][ T9699] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  827.699021][ T9699] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  827.717742][ T9699] usb 1-1: config 0 descriptor??
[  827.983809][ T9699] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 55 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  828.731541][T10756] Bluetooth: hci3: command tx timeout
[  829.142490][ T9699] usb 4-1: USB disconnect, device number 87
[  829.220684][    C1] usblp0: nonzero read bulk status received: -71
[  829.227453][T15286] usblp0: error -71 reading from printer
[  829.233697][    C1] usblp0: nonzero read bulk status received: -71
[  829.458865][ T5278] usb 1-1: USB disconnect, device number 55
[  829.474237][ T5278] usblp0: removed
[  829.658329][T15278] chnl_net:caif_netlink_parms(): no params data found
[  829.741460][ T9699] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  829.906311][ T9699] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  829.926571][ T9699] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  829.947173][ T9699] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  829.958839][ T9699] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  829.979894][ T9699] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  829.999819][ T9699] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  830.032356][ T9699] usb 5-1: config 0 descriptor??
[  830.469870][ T9699] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0
[  830.492079][ T9699] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[  830.565516][ T9699] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  830.713212][   T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  830.730134][   T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  830.754942][ T5278] usb 5-1: USB disconnect, device number 43
[  830.777482][   T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  830.787567][   T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  830.795915][   T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  830.804977][   T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  830.812375][ T5234] Bluetooth: hci3: command tx timeout
[  831.563314][T10756] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  831.582153][T10756] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  831.593299][T10756] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  831.602043][T10756] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  831.617699][T10756] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  831.625497][T10756] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  831.691566][   T54] Bluetooth: hci0: command 0x0406 tx timeout
[  832.971606][   T54] Bluetooth: hci5: command tx timeout
[  833.691491][   T54] Bluetooth: hci6: command tx timeout
[  834.067449][T15284] ==================================================================
[  834.075613][T15284] BUG: KASAN: double-free in kref_put+0x4ab/0x7c0
[  834.082095][T15284] Free of addr ffff888025f03460 by task syz.0.2502/15284
[  834.089150][T15284] 
[  834.091576][T15284] CPU: 1 UID: 0 PID: 15284 Comm: syz.0.2502 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  834.102407][T15284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  834.112588][T15284] Call Trace:
[  834.115899][T15284]  <TASK>
[  834.118859][T15284]  dump_stack_lvl+0x241/0x360
[  834.123581][T15284]  ? __pfx_dump_stack_lvl+0x10/0x10
[  834.128824][T15284]  ? __pfx__printk+0x10/0x10
[  834.133450][T15284]  ? _printk+0xd5/0x120
[  834.137647][T15284]  ? __virt_addr_valid+0x183/0x530
[  834.142798][T15284]  ? __virt_addr_valid+0x183/0x530
[  834.147953][T15284]  print_report+0x169/0x550
[  834.152502][T15284]  ? __virt_addr_valid+0x183/0x530
[  834.157654][T15284]  ? __virt_addr_valid+0x183/0x530
[  834.162813][T15284]  ? __virt_addr_valid+0x45f/0x530
[  834.167966][T15284]  ? __phys_addr+0xba/0x170
[  834.172514][T15284]  ? kref_put+0x4ab/0x7c0
[  834.176906][T15284]  kasan_report_invalid_free+0x11a/0x140
[  834.182587][T15284]  ? kref_put+0x4ab/0x7c0
[  834.186961][T15284]  ? kref_put+0x4ab/0x7c0
[  834.191324][T15284]  check_slab_allocation+0xc6/0x110
[  834.196572][T15284]  ? kref_put+0x4ab/0x7c0
[  834.200950][T15284]  kfree+0x151/0x440
[  834.204898][T15284]  ? kref_put+0x4ab/0x7c0
[  834.209274][T15284]  kref_put+0x4ab/0x7c0
[  834.213562][T15284]  raw_release+0x135/0x1e0
[  834.218013][T15284]  ? __pfx_raw_release+0x10/0x10
[  834.222992][T15284]  __fput+0x23f/0x880
[  834.227030][T15284]  task_work_run+0x24f/0x310
[  834.231670][T15284]  ? __pfx_task_work_run+0x10/0x10
[  834.236830][T15284]  ? switch_task_namespaces+0xe4/0x110
[  834.242339][T15284]  do_exit+0xa2f/0x28e0
[  834.246540][T15284]  ? __pfx_do_exit+0x10/0x10
[  834.251158][T15284]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  834.256578][T15284]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  834.262622][T15284]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  834.269021][T15284]  ? _raw_spin_lock_irq+0xdf/0x120
[  834.274189][T15284]  do_group_exit+0x207/0x2c0
[  834.278820][T15284]  ? _raw_spin_unlock_irq+0x23/0x50
[  834.284070][T15284]  ? lockdep_hardirqs_on+0x99/0x150
[  834.289307][T15284]  get_signal+0x16a3/0x1740
[  834.293854][T15284]  ? do_nanosleep+0x80/0x600
[  834.298501][T15284]  ? __pfx_get_signal+0x10/0x10
[  834.303392][T15284]  ? hrtimer_nanosleep+0x331/0x3f0
[  834.308544][T15284]  arch_do_signal_or_restart+0x96/0x860
[  834.314136][T15284]  ? __pfx_get_old_timespec32+0x10/0x10
[  834.319728][T15284]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  834.325945][T15284]  ? __se_sys_clock_nanosleep_time32+0x32d/0x3c0
[  834.332347][T15284]  ? syscall_exit_to_user_mode+0xa3/0x370
[  834.338552][T15284]  syscall_exit_to_user_mode+0xc9/0x370
[  834.344146][T15284]  __do_fast_syscall_32+0xc4/0x110
[  834.349301][T15284]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  834.355501][T15284]  ? lockdep_hardirqs_on+0x99/0x150
[  834.360742][T15284]  do_fast_syscall_32+0x34/0x80
[  834.365635][T15284]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  834.372018][T15284] RIP: 0023:0xf7fb0579
[  834.376121][T15284] Code: Unable to access opcode bytes at 0xf7fb054f.
[  834.382817][T15284] RSP: 002b:00000000f759fa60 EFLAGS: 00000206 ORIG_RAX: 000000000000010b
[  834.391276][T15284] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  834.399283][T15284] RDX: 00000000f759fa94 RSI: 00000000f759fa8c RDI: 00000000f759fa94
[  834.407307][T15284] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  834.415317][T15284] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  834.423360][T15284] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  834.431377][T15284]  </TASK>
[  834.434422][T15284] 
[  834.436767][T15284] Allocated by task 15286:
[  834.441214][T15284]  kasan_save_track+0x3f/0x80
[  834.445929][T15284]  __kasan_kmalloc+0x98/0xb0
[  834.450553][T15284]  __kmalloc_node_track_caller_noprof+0x225/0x440
[  834.457019][T15284]  memdup_user+0x2b/0xc0
[  834.461302][T15284]  raw_ioctl+0xd0c/0x3cd0
[  834.465663][T15284]  __se_compat_sys_ioctl+0x510/0xc90
[  834.470982][T15284]  __do_fast_syscall_32+0xb4/0x110
[  834.476137][T15284]  do_fast_syscall_32+0x34/0x80
[  834.481022][T15284]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  834.487398][T15284] 
[  834.489747][T15284] Freed by task 15285:
[  834.493837][T15284]  kasan_save_track+0x3f/0x80
[  834.498548][T15284]  kasan_save_free_info+0x40/0x50
[  834.503619][T15284]  __kasan_slab_free+0x59/0x70
[  834.508420][T15284]  kfree+0x1a0/0x440
[  834.512353][T15284]  kref_put+0x4ab/0x7c0
[  834.516538][T15284]  raw_release+0x135/0x1e0
[  834.520985][T15284]  __fput+0x23f/0x880
[  834.525007][T15284]  __ia32_sys_close+0x7f/0x110
[  834.529816][T15284]  __do_fast_syscall_32+0xb4/0x110
[  834.534964][T15284]  do_fast_syscall_32+0x34/0x80
[  834.539864][T15284]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  834.546235][T15284] 
[  834.548583][T15284] The buggy address belongs to the object at ffff888025f03460
[  834.548583][T15284]  which belongs to the cache kmalloc-16 of size 16
[  834.562505][T15284] The buggy address is located 0 bytes inside of
[  834.562505][T15284]  16-byte region [ffff888025f03460, ffff888025f03470)
[  834.575564][T15284] 
[  834.577916][T15284] The buggy address belongs to the physical page:
[  834.584369][T15284] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888025f03600 pfn:0x25f03
[  834.594573][T15284] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff)
[  834.602689][T15284] page_type: f5(slab)
[  834.606707][T15284] raw: 00fff00000000200 ffff88801ac41640 ffffea00009cc510 ffffea000071e190
[  834.615327][T15284] raw: ffff888025f03600 0000000000800073 00000001f5000000 0000000000000000
[  834.623942][T15284] page dumped because: kasan: bad access detected
[  834.630392][T15284] page_owner tracks the page as allocated
[  834.636130][T15284] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5240, tgid 5240 (syz-executor), ts 80748228171, free_ts 80742096024
[  834.656941][T15284]  register_dummy_stack+0x8a/0xe0
[  834.662010][T15284]  init_page_owner+0x3e/0x970
[  834.666778][T15284]  page_ext_init+0x731/0x790
[  834.671409][T15284]  mm_core_init+0x4c/0x60
[  834.675769][T15284] page last free pid 24 tgid 24 stack trace:
[  834.681774][T15284]  free_unref_page+0xcfb/0xf20
[  834.686591][T15284]  rcu_core+0xaaa/0x17a0
[  834.690870][T15284]  handle_softirqs+0x2c5/0x980
[  834.695674][T15284]  run_ksoftirqd+0xca/0x130
[  834.700228][T15284]  smpboot_thread_fn+0x544/0xa30
[  834.705214][T15284]  kthread+0x2f0/0x390
[  834.709316][T15284]  ret_from_fork+0x4b/0x80
[  834.713777][T15284]  ret_from_fork_asm+0x1a/0x30
[  834.718589][T15284] 
[  834.720937][T15284] Memory state around the buggy address:
[  834.726669][T15284]  ffff888025f03300: 00 00 fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[  834.734779][T15284]  ffff888025f03380: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 01 fc fc
[  834.742883][T15284] >ffff888025f03400: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[  834.750981][T15284]                                                        ^
[  834.758214][T15284]  ffff888025f03480: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[  834.766317][T15284]  ffff888025f03500: 00 00 fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[  834.774413][T15284] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  835.189754][   T54] Bluetooth: hci5: command tx timeout
[  835.225948][T15284] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  835.233220][T15284] CPU: 1 UID: 0 PID: 15284 Comm: syz.0.2502 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[  835.244201][T15284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  835.254304][T15284] Call Trace:
[  835.257619][T15284]  <TASK>
[  835.260578][T15284]  dump_stack_lvl+0x241/0x360
[  835.265308][T15284]  ? __pfx_dump_stack_lvl+0x10/0x10
[  835.270550][T15284]  ? __pfx__printk+0x10/0x10
[  835.275200][T15284]  ? preempt_schedule+0xe1/0xf0
[  835.280138][T15284]  ? vscnprintf+0x5d/0x90
[  835.284540][T15284]  panic+0x349/0x880
[  835.288485][T15284]  ? check_panic_on_warn+0x21/0xb0
[  835.293647][T15284]  ? __pfx_panic+0x10/0x10
[  835.298125][T15284]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  835.304180][T15284]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  835.310574][T15284]  ? print_report+0x502/0x550
[  835.315315][T15284]  check_panic_on_warn+0x86/0xb0
[  835.320321][T15284]  ? kref_put+0x4ab/0x7c0
[  835.324693][T15284]  end_report+0x77/0x160
[  835.328978][T15284]  kasan_report_invalid_free+0x12a/0x140
[  835.334656][T15284]  ? kref_put+0x4ab/0x7c0
[  835.339030][T15284]  ? kref_put+0x4ab/0x7c0
[  835.343400][T15284]  check_slab_allocation+0xc6/0x110
[  835.348657][T15284]  ? kref_put+0x4ab/0x7c0
[  835.353025][T15284]  kfree+0x151/0x440
[  835.356971][T15284]  ? kref_put+0x4ab/0x7c0
[  835.361357][T15284]  kref_put+0x4ab/0x7c0
[  835.365552][T15284]  raw_release+0x135/0x1e0
[  835.370005][T15284]  ? __pfx_raw_release+0x10/0x10
[  835.374986][T15284]  __fput+0x23f/0x880
[  835.379023][T15284]  task_work_run+0x24f/0x310
[  835.383654][T15284]  ? __pfx_task_work_run+0x10/0x10
[  835.388802][T15284]  ? switch_task_namespaces+0xe4/0x110
[  835.394312][T15284]  do_exit+0xa2f/0x28e0
[  835.398507][T15284]  ? __pfx_do_exit+0x10/0x10
[  835.403132][T15284]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  835.408546][T15284]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  835.414594][T15284]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  835.420985][T15284]  ? _raw_spin_lock_irq+0xdf/0x120
[  835.426165][T15284]  do_group_exit+0x207/0x2c0
[  835.430806][T15284]  ? _raw_spin_unlock_irq+0x23/0x50
[  835.436065][T15284]  ? lockdep_hardirqs_on+0x99/0x150
[  835.441316][T15284]  get_signal+0x16a3/0x1740
[  835.445859][T15284]  ? do_nanosleep+0x80/0x600
[  835.450503][T15284]  ? __pfx_get_signal+0x10/0x10
[  835.455394][T15284]  ? hrtimer_nanosleep+0x331/0x3f0
[  835.460555][T15284]  arch_do_signal_or_restart+0x96/0x860
[  835.466160][T15284]  ? __pfx_get_old_timespec32+0x10/0x10
[  835.471760][T15284]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  835.477965][T15284]  ? __se_sys_clock_nanosleep_time32+0x32d/0x3c0
[  835.484352][T15284]  ? syscall_exit_to_user_mode+0xa3/0x370
[  835.490110][T15284]  syscall_exit_to_user_mode+0xc9/0x370
[  835.495706][T15284]  __do_fast_syscall_32+0xc4/0x110
[  835.500856][T15284]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  835.507054][T15284]  ? lockdep_hardirqs_on+0x99/0x150
[  835.512290][T15284]  do_fast_syscall_32+0x34/0x80
[  835.517185][T15284]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  835.523556][T15284] RIP: 0023:0xf7fb0579
[  835.527668][T15284] Code: Unable to access opcode bytes at 0xf7fb054f.
[  835.534365][T15284] RSP: 002b:00000000f759fa60 EFLAGS: 00000206 ORIG_RAX: 000000000000010b
[  835.542831][T15284] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  835.550838][T15284] RDX: 00000000f759fa94 RSI: 00000000f759fa8c RDI: 00000000f759fa94
[  835.558853][T15284] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  835.566865][T15284] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  835.574879][T15284] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  835.582917][T15284]  </TASK>
[  835.586315][T15284] Kernel Offset: disabled
[  835.590649][T15284] Rebooting in 86400 seconds..