last executing test programs:

1m9.148272874s ago: executing program 4 (id=721):
fsopen(&(0x7f0000000100)='udf\x00', 0x0)
syz_emit_ethernet(0x46, 0x0, 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x4000000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m8.800342446s ago: executing program 4 (id=723):
mkdirat(0xffffffffffffff9c, 0x0, 0xc0)
mount$bind(0x0, &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x6, 0x36, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x60, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x1)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
getsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f0000000040)={@dev, <r2=>0x0}, &(0x7f0000000080)=0x14)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x5, '\x00', r2, r0, 0x2, 0x0, 0x4, 0x0, @void, @value, @void, @value}, 0x50)

1m5.937353302s ago: executing program 2 (id=737):
fsopen(&(0x7f0000000100)='udf\x00', 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000090000"], 0x44}}, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x4000000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m5.527522628s ago: executing program 4 (id=742):
syz_emit_ethernet(0x3e, &(0x7f0000000100)={@multicast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x8, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x5, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x1, 0x65, 0x0, 0x1, 0x2f, 0xfffc, @dev={0xac, 0x14, 0x14, 0x1e}, @remote}}}}}}, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="12010000b1bd2f087d0403508c2f010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f00000000c0)={0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="0000f50000000341e9"], 0x0}, 0x0)
openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x5, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2008000000000015000500511b48033d03010000000000950000d300000000bc26080006000000bf67000000000000070300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063ed3118b2d680cbc"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6a34, @void, @value}, 0x94)

1m5.21741489s ago: executing program 1 (id=745):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xd)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000140)={0xfa, 0x101, 0x1020, 0x10, 0xf, "24669c7029b3856e66e74b1117149e7a265ae1"})

1m5.099559766s ago: executing program 0 (id=746):
r0 = syz_open_dev$media(&(0x7f0000000000), 0x46, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f0000000240)={0x0, 0xfffffffffffffe73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000002c0)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f00080000000000000000850000000e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
syz_open_dev$video(&(0x7f00000002c0), 0x200, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r1, 0xc0106407, &(0x7f00000000c0)={0x1, 0x2})
ioctl$DRM_IOCTL_SET_VERSION(r1, 0xc0106407, &(0x7f0000000140)={0x1, 0x1})
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='nfs4\x00', 0x2810000, &(0x7f00000000c0)='GPL\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x51b402)

1m5.017972816s ago: executing program 1 (id=748):
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e21, @local}, 0x10)
ioctl$FS_IOC_READ_VERITY_METADATA(0xffffffffffffffff, 0xc0286687, &(0x7f0000000180)={0x1, 0x2, 0x49, &(0x7f0000000300)=""/73})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x2, 0x0, 0x0)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$session_to_parent(0x12)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000280)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}, {@cpuset_v2_mode}]}) (fail_nth: 3)

1m4.896059963s ago: executing program 0 (id=749):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
r2 = openat$smackfs_logging(0xffffffffffffff9c, 0x0, 0x2, 0x0)
readv(r2, &(0x7f0000002540)=[{&(0x7f0000002240)=""/118, 0x76}], 0x1)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x5)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x12, &(0x7f0000000340)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
io_setup(0x6, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x20000804)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0xfffffffffffffffc)
remap_file_pages(&(0x7f0000a95000/0x2000)=nil, 0x2000, 0x8, 0x18, 0x10000)
add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x4c}, 0x1, 0x0, 0x0, 0x488d5}, 0xc000)
r6 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r6, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001240)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0x40)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_to_team\x00', <r7=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x401, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2093}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}}]}, 0x48}}, 0x20000000)

1m4.894786846s ago: executing program 2 (id=750):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={0xffffffffffffffff, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x40)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d3120900"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000056f000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
add_key(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m4.065958686s ago: executing program 2 (id=752):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000900000030000380140002007369"], 0x44}}, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x4000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fdinfo/4\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m3.982146546s ago: executing program 1 (id=753):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
fanotify_mark(0xffffffffffffffff, 0x201, 0x48001003, 0xffffffffffffffff, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r1, 0x1, 0x1d, &(0x7f0000000100)=0x6, 0x4)
getsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, 0x0, &(0x7f0000000080))
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1}, 0x1c)
listen(r6, 0xfffffffc)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r5, 0x0, 0x0)

1m2.779782327s ago: executing program 0 (id=754):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, &(0x7f0000000080)={0x90002, 0x0, [0x5, 0x80000000, 0x8000000000000081, 0x80000001, 0x8, 0x1, 0x1, 0xfffffffffffffff8]})
getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000400)=""/54, &(0x7f0000000100)=0x36)
r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
getsockname$ax25(r1, &(0x7f0000000200)={{0x3, @null}, [@rose, @rose, @bcast, @null, @netrom, @netrom, @rose, @default]}, 0x0)
r2 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r3 = dup(r2)
r4 = syz_io_uring_setup(0x14e, &(0x7f0000000480)={0x0, 0x99ca, 0x10100, 0x0, 0x385, 0x0, r3}, &(0x7f0000000440)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x708, 0x41e3, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0)
r7 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9c0000000001010400000000000000000a0000003c0001802c00018014000300ff01000000000000000000000000000114000400ff010000000000000000000000003c0002802c00018014000300fc00000000002efaffffffffffff000014000400fe88000000e8000000000000000000010c0002800500010000000000080007400000000006001240000100006c61973d0b6bc2dd670482e128b8e31351e994c1e117625893b2954df06932e8f98cfc06c0509415f005530692c4078cf4ef51954d00"/209], 0x9c}}, 0x0)
r9 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x28, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
listen(r1, 0x3)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000002200)={'wlan1\x00'})
r12 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r13 = dup(r12)
ioctl$TCSETAW(r12, 0x5407, &(0x7f0000000000)={0x7, 0xfffb, 0x1, 0x1, 0x1, "8cd373f12210c706"})
write$UHID_INPUT(r13, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b44090987f70e06d038e7ff7fc6e5539b303d0e8b089b07323068090890e0879b0a0ac6e70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b35070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2d8160f94e35f2d2d12913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc1943cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
sendmsg$NL80211_CMD_NEW_KEY(r11, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r10, @ANYRES16=r10, @ANYRESOCT=r12], 0x2c}}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$nl_route(0x10, 0x3, 0x0)

1m2.736581473s ago: executing program 2 (id=756):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, 0x0, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b"], 0x15)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e0f30fa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m2.547983017s ago: executing program 1 (id=758):
unshare(0x68040200) (async)
r0 = syz_open_pts(0xffffffffffffffff, 0x100) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, 0x0, 0x4a, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000df7000/0x3000)=nil, 0x3000, 0x3000007, 0x40010, 0xffffffffffffffff, 0x0) (async)
sched_setscheduler(0x0, 0x2, 0x0) (async)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$vcsu(&(0x7f0000000280), 0xea47, 0x40881)
r1 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xca03, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x1000, 0xa, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xd, 0x3, 0xe}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0) (async)
syz_usb_control_io$hid(r1, &(0x7f0000000100)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x3, {[@main=@item_012={0x2, 0x0, 0xc, "780e"}]}}, 0x0}, 0x0) (async)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, 0x0, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x1000, 0x0, 0x3}, 0x1c) (async)
mmap(&(0x7f000099d000/0x1000)=nil, 0x1000, 0x8, 0x8031, r0, 0x0) (async)
socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0) (async)
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="042fff01ffffffffffff3e1b6f18c705000f1586b26cfc794dfcaa3ab5116653671ad56fa1367a5263704d600e8bc2bcec0b9c232ba16cf83c3c37cc27653d1d8dacf737a63b0e9c3c2918b0a8da7426e21270818594c397a0422caacc9d7f1d53c87e39d8085e410e1a9ffbe9121e4cf5eb03e85aefa5c6a372b8fdb0dcefce07fc8ef78bfb59cab4dd9dc53a29430200dc4881705812b4485d313b74769bce1fc540f53e679b5109f4ccb489ad524932b0c1dd4c1d40118747363bddd225af1b997fad20b576fc7eee0231d4e69cf9334808a570c8b917af35b0959b33cce98af306557af6f3613661b4b634979667ce3453fdaf9cbdd551fb25ae9664bcb5af6c"], 0x102)
getsockopt$IP6T_SO_GET_INFO(r4, 0x29, 0x40, &(0x7f0000000040)={'raw\x00', 0x0, [0x81, 0x7, 0x10001, 0x8001, 0x5]}, &(0x7f0000000000)=0x54)

1m2.460057509s ago: executing program 3 (id=759):
r0 = io_uring_setup(0xf02, &(0x7f00000008c0)={0x0, 0xaa72, 0x1000})
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000000)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
io_uring_register$IORING_REGISTER_FILES(r0, 0x1e, &(0x7f0000000000)=[r0], 0x1)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default]}, 0x48)
sendto(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)=@pppoe={0x18, 0x0, {0x2, @broadcast, 'macvlan0\x00'}}, 0x80)

1m2.340806763s ago: executing program 4 (id=760):
fsopen(&(0x7f0000000100)='udf\x00', 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000090000"], 0x44}}, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x4000000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m2.240487608s ago: executing program 3 (id=761):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r1, 0x5)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r2, &(0x7f0000000040)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100fdffffff001000000700000008000900020000000aefb00673ad8be0055708000b0000000000"], 0x24}}, 0x890)
bind$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)

1m1.739727506s ago: executing program 0 (id=762):
mkdirat(0xffffffffffffff9c, 0x0, 0xc0)
r0 = syz_open_dev$vcsu(&(0x7f00000001c0), 0xc2, 0x101001)
r1 = open_tree(r0, 0x0, 0x0)
syz_usb_connect(0x6, 0x36, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x60, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
getsockopt$inet6_mreq(r2, 0x29, 0x14, &(0x7f0000000040)={@dev, <r3=>0x0}, &(0x7f0000000080)=0x14)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x5, '\x00', r3, r1, 0x2, 0x0, 0x4, 0x0, @void, @value, @void, @value}, 0x50)

1m1.651733722s ago: executing program 3 (id=763):
r0 = socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a000900", @ANYRES32=0x0], 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000013c0)={0x3, 0x100, 0x2, {0x5, @vbi={0xb5, 0x0, 0xffffffff, 0x31364d59, [0x0, 0x8000000], [0x8200, 0x1]}}})
ioctl$VIDIOC_QBUF(r6, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x0, 0x10, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "001500"}, 0x0, 0x2, {}, 0x58603})
rt_sigtimedwait(0x0, 0x0, 0x0, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r7, 0x4b47, &(0x7f0000000080)={0xaa, 0x7f, 0x7fff})
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000d00)=0x68c2, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r8=>0x0})
sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x11, 0xf7, r8, 0x1, 0x20, 0x6, @local}, 0x14)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r9, 0x84, 0x15, 0x0, 0x0)
recvfrom$packet(r0, 0x0, 0x0, 0x2000, 0x0, 0x0)

1m1.642578956s ago: executing program 2 (id=764):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/fs/smackfs/mapped\x00', 0x2, 0x0)
pread64(r1, 0x0, 0x0, 0x4)

1m0.547845825s ago: executing program 3 (id=765):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000140)=[{0x6, 0x5, 0x2, 0x7fff0000}]})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
socket$tipc(0x1e, 0x5, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
writev(r1, &(0x7f0000000880)=[{&(0x7f0000002a00)="1cfd000000000000000000004b50", 0xe}], 0x1)
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x7, &(0x7f0000000000)=[{0x0, 0x10, 0x2, 0x80000001}, {0x8000, 0x0, 0x8, 0x61}, {0x4, 0x2, 0x4, 0x3}, {0xfff9, 0x4, 0x7f, 0x1}, {0x3, 0x5, 0x7e, 0x3c}, {0x2, 0x6, 0x45}, {0x0, 0x4, 0x1, 0x2}]})
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000140)=[{0x6, 0x5, 0x2, 0x7fff0000}]}) (async)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (async)
socket$tipc(0x1e, 0x5, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) (async)
writev(r1, &(0x7f0000000880)=[{&(0x7f0000002a00)="1cfd000000000000000000004b50", 0xe}], 0x1) (async)
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x7, &(0x7f0000000000)=[{0x0, 0x10, 0x2, 0x80000001}, {0x8000, 0x0, 0x8, 0x61}, {0x4, 0x2, 0x4, 0x3}, {0xfff9, 0x4, 0x7f, 0x1}, {0x3, 0x5, 0x7e, 0x3c}, {0x2, 0x6, 0x45}, {0x0, 0x4, 0x1, 0x2}]}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0) (async)

59.963697021s ago: executing program 1 (id=766):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000900000030000380140002007369"], 0x44}}, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x4000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fdinfo/4\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

59.950079364s ago: executing program 2 (id=767):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000002480), 0x20402, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0)
write$vga_arbiter(r1, &(0x7f0000000280)=ANY=[@ANYBLOB='decod'], 0xc)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r2=>0x0, 0x0)
gettid()
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000b40)={'wlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180), &(0x7f0000000d00)={[&(0x7f00000002c0)='(N,\x04\xca\xf3\xbf\x95\x92\xd9\x86\x1e\xa9\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\x02\x06']})
syz_io_uring_submit(r2, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x1, 0x0, @fd_index=0x3})
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000240)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r6, 0x0, &(0x7f0000ff7000/0x2000)=nil, 0x2000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r5, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r6, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r6, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xb})
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)

59.942450651s ago: executing program 4 (id=768):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000090000003000038014000200736974"], 0x44}}, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fdinfo/4\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

59.051897097s ago: executing program 3 (id=769):
socket$inet6(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2e}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
memfd_secret(0x0)
write$smackfs_change_rule(0xffffffffffffffff, &(0x7f0000000040)={'', 0x20, '', 0x20, 'ratbl', 0x20, 'rwbl'}, 0xd)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x7, 0x0, &(0x7f0000000900)="e02742e8680d85", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

58.893330927s ago: executing program 0 (id=770):
r0 = socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a000900", @ANYRES32=0x0], 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000013c0)={0x3, 0x100, 0x2, {0x5, @vbi={0xb5, 0x0, 0xffffffff, 0x31364d59, [0x0, 0x8000000], [0x8200, 0x1]}}})
ioctl$VIDIOC_QBUF(r6, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x0, 0x10, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "001500"}, 0x0, 0x2, {}, 0x58603})
rt_sigtimedwait(0x0, 0x0, 0x0, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r7, 0x4b47, &(0x7f0000000080)={0xaa, 0x7f, 0x7fff})
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000d00)=0x68c2, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r8=>0x0})
sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x11, 0xf7, r8, 0x1, 0x20, 0x6, @local}, 0x14)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000080)=0x9, 0x4)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
recvfrom$packet(r0, 0x0, 0x0, 0x2000, 0x0, 0x0)

58.829221326s ago: executing program 3 (id=771):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000105, 0x0, 0x0})
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x51c, 0x0, 0x25, 0x148, 0x340, 0x60, 0x488, 0x2a8, 0x2a8, 0x488, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @local, 0xffffffff, 0xff000000, 'bridge_slave_1\x00', 'veth1\x00', {0xff}, {0xff}, 0x73, 0x2, 0x48}, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}}}, @common=@unspec=@statistic={{0x38}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [], 0x0, 0x2}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x578)
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f00000004c0))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="17090010000000000000010000000500070000000000080009000300000008000a0000000000060002000000000014001f000000000000000000000000000000000006001b004e23000070339f0595743f4a1aa3c3f927aebf270a475900867407d1b885671120a50f553c76be4e86ce6dcaa009ed012a7793c0bc1be63829eddba4ada64029ff4ddb0bfca01d04195cd0c512cdce65a5e12eaa514ae8eff04cc2c6de24584cce3f86a7276adb2a11c281d45b8e402c2a"], 0x50}, 0x1, 0x0, 0x0, 0x44}, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)=ANY=[])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="5800000000000000ff49570100e3ef92009500000500151d80f9c6f425731e32b07238cb6fff95ffb843b554454e56f453e7c27eb45b848b3e0dba211592e1cddb8092018a11c95701b9e24d0ab77964072496ef9ae9d0f8ff5512ff82fcdb7310f272b845e2384f31f29e18e92198f5aa1f6300"/130], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
r9 = dup(r8)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r9, 0x4068aea3, &(0x7f0000000440)={0xa3, 0x0, &(0x7f0000000400)})
write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x4bb3, 0x0, &(0x7f0000000180)=<r10=>0x0, &(0x7f00000001c0)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000580)=@IORING_OP_POLL_ADD={0x6, 0x52, 0x0, @fd_index=0xa, 0x0, 0x0, 0x0, {0x48}, 0x1})
lsm_get_self_attr(0x64, 0x0, &(0x7f0000000200), 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='9p_client_req\x00', r9, 0x0, 0xfff}, 0x18)
chdir(&(0x7f00000003c0)='./file0\x00')
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r9)
sendmsg$NL80211_CMD_STOP_AP(r9, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYRES64, @ANYRES16=r12, @ANYBLOB="100026bd7000ffdbdf2510000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000004}, 0x2000c811)
lsm_set_self_attr(0x69, &(0x7f0000000500)={0x67, 0x2, 0x57, 0x37, "201d2538a63b825ca21249a94a0e29e81c7c754449ac62514dae3d5fab1efe0ba0f5460fd5e7f2e2beba96b4cec8c1f678b37fb78e4915"}, 0x57, 0x0)

58.787253609s ago: executing program 1 (id=772):
fsopen(&(0x7f0000000100)='udf\x00', 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x4000000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

58.660436878s ago: executing program 4 (id=773):
syz_usb_connect(0x6, 0x1b, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x44, 0x73, 0xae, 0x20, 0x187f, 0x300, 0x271, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9, 0x0, 0xfe, 0x0, 0x10}}]}}, 0x0)

0s ago: executing program 0 (id=774):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r5, @ANYBLOB="07002abd5248ffdbdf2507ff000008000300", @ANYRES32=r6, @ANYBLOB="0c00990001000c0069000000140004002f6163766c616e3100000000000000000400cc00080005000a"], 0xe4}}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x258, 0x4c, 0x232, 0x258, 0x0, 0x388, 0x2e8, 0x2e8, 0x388, 0x2e8, 0x3, 0x0, {[{{@ipv6={@mcast2, @mcast2, [], [], 'veth1_to_bond\x00', 'ip6gre0\x00', {}, {}, 0x6, 0x0, 0x3}, 0x0, 0x230, 0x258, 0x0, {}, [@common=@unspec=@cluster={{0x30}}, @common=@inet=@policy={{0x158}, {[{@ipv4=@dev, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@ipv4, [], @ipv4=@broadcast}, {@ipv4=@multicast2, [], @ipv4=@dev, [0xff], 0x0, 0x0, 0x0, 0x1}, {@ipv6=@loopback, [0x0, 0xffffff00], @ipv6=@private2}], 0x1}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}, @private1, [], [], 'team_slave_0\x00', 'xfrm0\x00'}, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}, {0xa}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {}, {0xffffffffffffffff}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)
sendto$inet6(r0, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0xfffffffc}, 0x1c)

kernel console output (not intermixed with test programs):

ve_0
[   96.321184][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.348717][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.370862][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.397602][ T5832] team0: Port device team_slave_0 added
[   96.416740][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.424122][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.453134][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.497918][ T5832] team0: Port device team_slave_1 added
[   96.579254][ T5829] team0: Port device team_slave_0 added
[   96.602299][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.609690][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.637647][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.687458][ T5829] team0: Port device team_slave_1 added
[   96.701657][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.709199][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.735629][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.811748][ T5831] hsr_slave_0: entered promiscuous mode
[   96.819390][ T5831] hsr_slave_1: entered promiscuous mode
[   96.826238][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   96.833937][ T5831] Cannot create hsr debugfs directory
[   96.907807][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.914894][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.942257][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.999711][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.006791][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.032900][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.050739][ T5832] hsr_slave_0: entered promiscuous mode
[   97.057397][ T5832] hsr_slave_1: entered promiscuous mode
[   97.063602][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   97.071544][ T5832] Cannot create hsr debugfs directory
[   97.250930][ T5829] hsr_slave_0: entered promiscuous mode
[   97.258983][ T5829] hsr_slave_1: entered promiscuous mode
[   97.265541][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   97.273400][ T5829] Cannot create hsr debugfs directory
[   97.385089][ T5819] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   97.443702][ T5819] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   97.498449][ T5819] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   97.548768][   T24] cfg80211: failed to load regulatory.db
[   97.566245][ T5819] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   97.634070][ T5823] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   97.669979][ T5823] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   97.685372][ T5824] Bluetooth: hci0: command tx timeout
[   97.685434][ T5130] Bluetooth: hci1: command tx timeout
[   97.693987][ T5823] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   97.749215][ T5823] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   97.848218][ T5831] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   97.898922][ T5831] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   97.919582][ T5831] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   97.926628][ T5130] Bluetooth: hci2: command tx timeout
[   97.936357][ T5831] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   98.029468][ T5832] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   98.058423][ T5832] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   98.072339][ T5832] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   98.087701][ T5130] Bluetooth: hci3: command tx timeout
[   98.095351][ T5824] Bluetooth: hci4: command tx timeout
[   98.121130][ T5832] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   98.248420][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.261296][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.273854][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.302413][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.337809][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.352330][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.437402][ T5823] 8021q: adding VLAN 0 to HW filter on device team0
[   98.462881][ T5819] 8021q: adding VLAN 0 to HW filter on device team0
[   98.494550][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.502085][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.544559][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.551894][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.563688][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.571122][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.610644][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.618045][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.642171][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.732454][ T5819] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   98.763952][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.789113][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   98.821206][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.853068][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.860357][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.899811][ T5829] 8021q: adding VLAN 0 to HW filter on device team0
[   98.921806][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.929336][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.990414][ T1095] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.997791][ T1095] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.039591][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   99.093908][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.101320][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.153917][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.161401][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.210878][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.218342][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.338052][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.527854][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.750853][ T5819] veth0_vlan: entered promiscuous mode
[   99.770576][ T5824] Bluetooth: hci0: command tx timeout
[   99.770590][ T5130] Bluetooth: hci1: command tx timeout
[   99.802353][ T5823] veth0_vlan: entered promiscuous mode
[   99.823349][ T5823] veth1_vlan: entered promiscuous mode
[   99.858648][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.872773][ T5819] veth1_vlan: entered promiscuous mode
[  100.006668][ T5824] Bluetooth: hci2: command tx timeout
[  100.051630][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.092593][ T5823] veth0_macvtap: entered promiscuous mode
[  100.137682][ T5819] veth0_macvtap: entered promiscuous mode
[  100.155209][ T5823] veth1_macvtap: entered promiscuous mode
[  100.166044][ T5824] Bluetooth: hci4: command tx timeout
[  100.171554][ T5824] Bluetooth: hci3: command tx timeout
[  100.202042][ T5819] veth1_macvtap: entered promiscuous mode
[  100.260587][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.273384][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.294156][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  100.306366][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.317967][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.334550][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.358972][ T5823] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.369071][ T5823] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.378000][ T5823] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.386872][ T5823] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.399781][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.410790][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.423847][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.460253][ T5819] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.469397][ T5819] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.479686][ T5819] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.488630][ T5819] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.590317][ T5829] veth0_vlan: entered promiscuous mode
[  100.655949][ T5829] veth1_vlan: entered promiscuous mode
[  100.696870][ T5832] veth0_vlan: entered promiscuous mode
[  100.754943][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.755212][ T5831] veth0_vlan: entered promiscuous mode
[  100.766325][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.784891][ T5832] veth1_vlan: entered promiscuous mode
[  100.857695][ T5831] veth1_vlan: entered promiscuous mode
[  100.867433][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.879606][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.891591][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.902555][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.920314][ T5829] veth0_macvtap: entered promiscuous mode
[  100.951571][ T5829] veth1_macvtap: entered promiscuous mode
[  101.007272][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.014179][ T5831] veth0_macvtap: entered promiscuous mode
[  101.015138][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.051387][ T5831] veth1_macvtap: entered promiscuous mode
[  101.071195][ T5819] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  101.080433][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.097910][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.108191][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.119073][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.131867][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.146464][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  101.158239][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.168484][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  101.180425][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.192989][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.211123][ T5832] veth0_macvtap: entered promiscuous mode
[  101.241018][ T5829] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.260705][ T5829] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.270437][ T5829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.279707][ T5829] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.323479][ T5832] veth1_macvtap: entered promiscuous mode
[  101.394333][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.412140][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.424276][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.435765][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.446403][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.457149][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.469090][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.690328][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  101.855799][ T5824] Bluetooth: hci1: command tx timeout
[  101.861976][ T5824] Bluetooth: hci0: command tx timeout
[  102.085896][ T5130] Bluetooth: hci2: command tx timeout
[  102.245441][ T5130] Bluetooth: hci3: command tx timeout
[  102.252184][ T5824] Bluetooth: hci4: command tx timeout
[  102.348965][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.359020][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  102.370011][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.391170][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  102.437861][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.451676][ T5913] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  102.471600][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.499494][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  102.514599][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.525720][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.535008][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[  102.552711][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.565047][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  102.590405][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.600467][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  102.611188][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.769766][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  102.778828][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.794489][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  102.806561][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.818446][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.830846][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.873607][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  103.592763][ T5831] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.626225][ T5831] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.640123][ T5831] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.649230][ T5831] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.680930][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  103.699036][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  103.709660][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  103.725602][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  103.740665][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  103.751775][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  103.766569][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  103.781352][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  103.804601][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.933969][ T5832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.954515][ T5832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.964876][ T5832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.235997][    T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  104.503701][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  104.519518][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.549623][    T9] usb 4-1: config 0 descriptor??
[  104.554741][ T5832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.618486][    T9] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  104.752056][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.778081][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.922037][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.943112][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.002803][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.021793][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.179394][ T1084] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.213081][ T1084] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.221177][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.234629][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.407009][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.443448][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.476237][    T9] usb 4-1: USB disconnect, device number 2
[  106.427766][ T5939] syz.4.5 uses obsolete (PF_INET,SOCK_PACKET)
[  106.730524][ T5948] FAULT_INJECTION: forcing a failure.
[  106.730524][ T5948] name failslab, interval 1, probability 0, space 0, times 0
[  106.756032][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  106.779681][ T5949] netlink: 228 bytes leftover after parsing attributes in process `syz.1.14'.
[  106.826541][ T5948] CPU: 0 UID: 0 PID: 5948 Comm: syz.0.12 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) 
[  106.826574][ T5948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  106.826593][ T5948] Call Trace:
[  106.826604][ T5948]  <TASK>
[  106.826616][ T5948]  dump_stack_lvl+0x189/0x250
[  106.826655][ T5948]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.826678][ T5948]  ? __pfx__printk+0x10/0x10
[  106.826721][ T5948]  ? __pfx___might_resched+0x10/0x10
[  106.826752][ T5948]  should_fail_ex+0x414/0x560
[  106.826773][ T5948]  should_failslab+0xa8/0x100
[  106.826791][ T5948]  __kmalloc_cache_noprof+0x70/0x3d0
[  106.826819][ T5948]  ? vhost_iotlb_alloc+0x54/0x180
[  106.826849][ T5948]  vhost_iotlb_alloc+0x54/0x180
[  106.826873][ T5948]  vhost_dev_ioctl+0x7b8/0xbc0
[  106.826898][ T5948]  ? __pfx_vhost_dev_ioctl+0x10/0x10
[  106.826930][ T5948]  vhost_vsock_dev_ioctl+0x21f/0xdc0
[  106.826956][ T5948]  ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10
[  106.826983][ T5948]  ? __fget_files+0x3a0/0x420
[  106.827002][ T5948]  ? __fget_files+0x2a/0x420
[  106.827024][ T5948]  ? bpf_lsm_file_ioctl+0x9/0x20
[  106.827051][ T5948]  ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10
[  106.827078][ T5948]  __se_sys_ioctl+0xfc/0x170
[  106.827109][ T5948]  do_syscall_64+0xf6/0x210
[  106.827139][ T5948]  ? clear_bhb_loop+0x60/0xb0
[  106.827165][ T5948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.827186][ T5948] RIP: 0033:0x7efcfd58e969
[  106.827216][ T5948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.827234][ T5948] RSP: 002b:00007efcfe343038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  106.827258][ T5948] RAX: ffffffffffffffda RBX: 00007efcfd7b5fa0 RCX: 00007efcfd58e969
[  106.827273][ T5948] RDX: 0000200000000c40 RSI: 000000004008af03 RDI: 0000000000000003
[  106.827287][ T5948] RBP: 00007efcfe343090 R08: 0000000000000000 R09: 0000000000000000
[  106.827300][ T5948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.827312][ T5948] R13: 0000000000000000 R14: 00007efcfd7b5fa0 R15: 00007ffe88b5f0d8
[  106.827345][ T5948]  </TASK>
[  106.865651][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  107.274665][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.391896][ T5957] netlink: 108 bytes leftover after parsing attributes in process `syz.2.15'.
[  107.402239][ T5957] netlink: 108 bytes leftover after parsing attributes in process `syz.2.15'.
[  107.412100][ T5957] netlink: 108 bytes leftover after parsing attributes in process `syz.2.15'.
[  107.689594][ T5962] netlink: 'syz.0.17': attribute type 18 has an invalid length.
[  107.947499][ T5956] bridge0: port 3(batadv1) entered blocking state
[  107.955213][ T5956] bridge0: port 3(batadv1) entered disabled state
[  107.964624][ T5956] batadv1: entered allmulticast mode
[  108.024092][ T5956] batadv1: entered promiscuous mode
[  108.066514][ T5957] netlink: 108 bytes leftover after parsing attributes in process `syz.2.15'.
[  108.086939][ T5957] netlink: 108 bytes leftover after parsing attributes in process `syz.2.15'.
[  108.120767][ T5957] netlink: 108 bytes leftover after parsing attributes in process `syz.2.15'.
[  108.270562][ T5962] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  108.279672][ T5962] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  108.288760][ T5962] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  108.297818][ T5962] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  108.361048][   T12] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  108.370623][   T12] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  108.390659][ T5833] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  108.425969][ T5962] Zero length message leads to an empty skb
[  108.453111][  T978] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  108.585854][ T5833] usb 4-1: Using ep0 maxpacket: 32
[  108.613132][ T5833] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  108.659106][  T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  108.665277][ T5833] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  108.703270][  T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  108.725850][ T5833] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  108.737522][ T5833] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.773554][  T978] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  108.849000][  T978] usb 5-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[  108.856421][ T5833] hub 4-1:4.0: USB hub found
[  108.866546][ T5813] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  108.875028][  T978] usb 5-1: Manufacturer: syz
[  108.936967][  T978] usb 5-1: config 0 descriptor??
[  108.956669][  T978] hub 5-1:0.0: USB hub found
[  109.000788][ T5833] hub 4-1:4.0: config failed, can't read hub descriptor (err -90)
[  109.028207][ T5813] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  109.054939][ T5813] usb 1-1: config 0 has no interface number 0
[  109.066055][ T5813] usb 1-1: config 0 interface 51 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  109.083951][ T5813] usb 1-1: New USB device found, idVendor=12d1, idProduct=8869, bcdDevice=3b.15
[  109.094176][ T5813] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.103080][ T5813] usb 1-1: Product: syz
[  109.108338][ T5813] usb 1-1: Manufacturer: syz
[  109.113207][ T5813] usb 1-1: SerialNumber: syz
[  109.144468][ T5813] usb 1-1: config 0 descriptor??
[  109.162936][ T5813] huawei_cdc_ncm 1-1:0.51: CDC Union missing and no IAD found
[  109.181256][ T5813] huawei_cdc_ncm 1-1:0.51: bind() failure
[  109.193600][  T978] hub 5-1:0.0: 1 port detected
[  109.326173][ T5873] usb 4-1: USB disconnect, device number 3
[  109.822952][ T5993] overlayfs: failed to resolve './file0': -2
[  109.875966][  T978] hub 5-1:0.0: activate --> -90
[  110.081550][ T5873] usb 5-1: USB disconnect, device number 2
[  110.656589][ T5962] syz.0.17 (5962) used greatest stack depth: 18888 bytes left
[  110.770067][ T5873] usb 1-1: USB disconnect, device number 2
[  111.313342][ T6013] evm: overlay not supported
[  111.411599][ T6013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.28'.
[  111.536427][ T5824] Bluetooth: hci5: command 0x1003 tx timeout
[  111.543770][ T5130] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  114.977864][   T47] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  117.578130][ T6070] process 'syz.0.47' launched './file0' with NULL argv: empty string added
[  119.045615][ T5130] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  125.433767][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  125.535390][ T5130] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  125.670395][    T9] usb 3-1: config 0 interface 0 altsetting 12 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.718024][    T9] usb 3-1: config 0 interface 0 altsetting 12 endpoint 0x81 has invalid wMaxPacketSize 0
[  125.764705][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  125.978699][    T9] usb 3-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  126.076356][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.367111][    T9] usb 3-1: config 0 descriptor??
[  126.879083][    T9] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0
[  127.390476][ T6156] overlayfs: missing 'lowerdir'
[  130.755241][  T978] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  130.928339][    T9] hid-led 0003:0FC5:B080.0001: probe with driver hid-led failed with error -71
[  130.966295][  T978] usb 4-1: Using ep0 maxpacket: 8
[  130.983189][  T978] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  131.000160][    T9] usb 3-1: USB disconnect, device number 2
[  131.000179][   T47] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  131.035223][  T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.059065][  T978] usb 4-1: Product: syz
[  131.066707][  T978] usb 4-1: Manufacturer: syz
[  131.071679][  T978] usb 4-1: SerialNumber: syz
[  131.116688][  T978] usb 4-1: config 0 descriptor??
[  131.179123][  T978] radio-usb-si4713 4-1:0.0: Si4713 development board discovered: (10C4:8244)
[  131.277467][   T47] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  131.337643][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.394379][   T47] usb 5-1: Product: syz
[  131.399807][   T47] usb 5-1: Manufacturer: syz
[  131.411972][   T47] usb 5-1: SerialNumber: syz
[  131.427070][   T47] usb 5-1: config 0 descriptor??
[  131.456284][   T47] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  131.992467][  T978] radio-usb-si4713 4-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  132.009693][  T978] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  133.015493][   T47] gspca_sonixj: reg_w1 err -110
[  133.024489][  T978] usb 4-1: USB disconnect, device number 4
[  133.045509][   T47] sonixj 5-1:0.0: probe with driver sonixj failed with error -110
[  133.710985][ T5824] Bluetooth: hci5: command 0x1003 tx timeout
[  133.717473][ T5130] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  133.742784][   T47] usb 5-1: USB disconnect, device number 3
[  134.055520][    T9] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  134.247600][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  134.276324][ T6201] overlayfs: missing 'lowerdir'
[  134.281352][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.975505][    T9] usb 2-1: string descriptor 0 read error: -71
[  134.981884][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  135.012360][    T9] usb 2-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[  135.168336][    T9] usb 2-1: config 0 descriptor??
[  135.176338][    T9] usb 2-1: can't set config #0, error -71
[  135.362221][    T9] usb 2-1: USB disconnect, device number 2
[  136.029945][ T5813] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  136.212795][ T5813] usb 1-1: Using ep0 maxpacket: 32
[  136.812223][ T5813] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.863946][ T5813] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.951004][ T5813] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  136.996732][ T5813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.054579][ T5813] usb 1-1: config 0 descriptor??
[  137.099803][ T5813] hub 1-1:0.0: USB hub found
[  137.288863][ T5813] hub 1-1:0.0: 1 port detected
[  137.348537][    T9] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  137.507749][    T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  137.519120][    T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  137.535656][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  137.544962][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  137.572820][    T9] usb 2-1: SerialNumber: syz
[  137.618080][    T9] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  137.675944][    T9] usb-storage 2-1:1.0: USB Mass Storage device detected
[  137.742520][    T9] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  137.802587][    T9] scsi host1: usb-storage 2-1:1.0
[  137.848082][ T6233] netlink: 60 bytes leftover after parsing attributes in process `syz.1.94'.
[  137.987648][ T5813] hub 1-1:0.0: activate --> -90
[  138.074141][ T6250] overlayfs: missing 'lowerdir'
[  138.458527][ T6233] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[  138.613850][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  138.627547][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  139.233867][    T9] usb 1-1: USB disconnect, device number 4
[  139.857671][ T5813] usb 1-1-port1: config error
[  142.601269][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  142.885371][   T10] usb 5-1: Using ep0 maxpacket: 32
[  142.917766][   T10] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  142.935213][   T10] usb 5-1: config 0 has no interface number 0
[  142.957703][   T10] usb 5-1: config 0 interface 12 has no altsetting 0
[  143.002431][   T10] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  143.015673][   T47] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  143.046642][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.066621][ T5879] usb 2-1: USB disconnect, device number 3
[  143.093172][   T10] usb 5-1: Product: syz
[  143.147196][   T10] usb 5-1: Manufacturer: syz
[  143.151888][   T10] usb 5-1: SerialNumber: syz
[  143.315587][ T5813] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  143.363321][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  143.393812][   T10] usb 5-1: config 0 descriptor??
[  143.402372][   T10] f81534 5-1:0.12: required endpoints missing
[  143.438068][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.116569][ T5813] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  144.128463][   T47] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  144.145257][ T5813] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.182424][   T47] usb 3-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[  144.200712][ T5813] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  144.250452][   T47] usb 3-1: Manufacturer: syz
[  144.267910][ T5813] usb 1-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[  144.306909][   T47] usb 3-1: config 0 descriptor??
[  144.313322][ T5813] usb 1-1: Manufacturer: syz
[  144.369817][ T5813] usb 1-1: config 0 descriptor??
[  144.378193][   T47] hub 3-1:0.0: USB hub found
[  144.443737][ T5813] hub 1-1:0.0: USB hub found
[  144.572172][   T47] hub 3-1:0.0: 1 port detected
[  144.599374][ T5813] hub 1-1:0.0: 1 port detected
[  145.348436][ T5879] hub 3-1:0.0: activate --> -90
[  145.827828][   T47] hub 1-1:0.0: activate --> -90
[  145.970247][   T10] usb 3-1: USB disconnect, device number 3
[  146.035683][   T47] hub 1-1:0.0: hub_ext_port_status failed (err = 0)
[  146.046558][    T9] usb 5-1: USB disconnect, device number 4
[  146.195749][ T5879] usb 3-1-port1: config error
[  146.220429][ T6298] netlink: 4 bytes leftover after parsing attributes in process `syz.1.112'.
[  146.393585][  T978] usb 1-1: USB disconnect, device number 5
[  149.529401][ T5824] Bluetooth: hci5: command 0x1003 tx timeout
[  149.536007][ T5130] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  152.015593][ T5879] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  152.246109][ T5879] usb 4-1: Using ep0 maxpacket: 32
[  152.335562][ T5879] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  152.392129][ T5879] usb 4-1: config 0 has no interface number 0
[  152.446950][ T5879] usb 4-1: config 0 interface 12 has no altsetting 0
[  152.553352][ T5879] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  152.585010][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.597826][ T5879] usb 4-1: Product: syz
[  152.602512][ T5879] usb 4-1: Manufacturer: syz
[  152.626460][ T5879] usb 4-1: SerialNumber: syz
[  153.043654][ T5879] usb 4-1: config 0 descriptor??
[  153.093141][ T5879] f81534 4-1:0.12: required endpoints missing
[  153.995881][  T978] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  154.178332][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  154.200149][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  154.229539][  T978] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  154.258563][  T978] usb 1-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[  154.284864][  T978] usb 1-1: Manufacturer: syz
[  154.319024][  T978] usb 1-1: config 0 descriptor??
[  154.356656][  T978] hub 1-1:0.0: USB hub found
[  154.539105][  T978] hub 1-1:0.0: 1 port detected
[  155.799605][    T9] hub 1-1:0.0: activate --> -90
[  156.175709][ T5873] usb 1-1: USB disconnect, device number 6
[  156.462516][    T9] usb 1-1-port1: config error
[  156.585515][  T978] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  156.942689][  T978] usb 3-1: Using ep0 maxpacket: 16
[  156.957571][  T978] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[  156.978146][  T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  156.999693][  T978] usb 3-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  157.021149][  T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.029670][  T978] usb 3-1: Product: syz
[  157.033905][  T978] usb 3-1: Manufacturer: syz
[  157.051909][  T978] usb 3-1: SerialNumber: syz
[  157.076196][  T978] usb 3-1: config 0 descriptor??
[  157.692236][   T47] usb 4-1: USB disconnect, device number 5
[  158.051369][ T6384] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  158.209682][  T978] appledisplay 3-1:0.0: Error while getting initial brightness: -110
[  158.225596][  T978] appledisplay 3-1:0.0: probe with driver appledisplay failed with error -110
[  159.513522][  T978] usb 3-1: USB disconnect, device number 4
[  159.857205][ T6404] FAULT_INJECTION: forcing a failure.
[  159.857205][ T6404] name failslab, interval 1, probability 0, space 0, times 0
[  159.871827][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.4.138 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) 
[  159.871857][ T6404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.871874][ T6404] Call Trace:
[  159.871882][ T6404]  <TASK>
[  159.871891][ T6404]  dump_stack_lvl+0x189/0x250
[  159.871938][ T6404]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.871965][ T6404]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.871998][ T6404]  ? dump_stack+0x9/0x20
[  159.872032][ T6404]  should_fail_ex+0x414/0x560
[  159.872059][ T6404]  should_failslab+0xa8/0x100
[  159.872081][ T6404]  kmem_cache_alloc_noprof+0x73/0x3c0
[  159.872111][ T6404]  ? mas_alloc_nodes+0x2e9/0x8e0
[  159.872140][ T6404]  mas_alloc_nodes+0x2e9/0x8e0
[  159.872175][ T6404]  mas_preallocate+0x542/0x8b0
[  159.872205][ T6404]  ? __pfx_mas_preallocate+0x10/0x10
[  159.872239][ T6404]  ? __mas_set_range+0x12f/0x3c0
[  159.872274][ T6404]  __split_vma+0x315/0x9b0
[  159.872313][ T6404]  ? __pfx___split_vma+0x10/0x10
[  159.872354][ T6404]  ? userfaultfd_unmap_prep+0x99/0x3e0
[  159.872386][ T6404]  vms_gather_munmap_vmas+0x4ab/0x12b0
[  159.872476][ T6404]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  159.872504][ T6404]  ? _parse_integer_limit+0x1ae/0x1f0
[  159.872546][ T6404]  do_vmi_align_munmap+0x25d/0x420
[  159.872571][ T6404]  ? sched_clock+0x3f/0x60
[  159.872620][ T6404]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  159.872670][ T6404]  ? mas_find+0x962/0xc10
[  159.872698][ T6404]  do_vmi_munmap+0x253/0x2e0
[  159.872733][ T6404]  __vm_munmap+0x23b/0x3d0
[  159.872766][ T6404]  ? __pfx___vm_munmap+0x10/0x10
[  159.872820][ T6404]  __x64_sys_munmap+0x60/0x70
[  159.872841][ T6404]  do_syscall_64+0xf6/0x210
[  159.872867][ T6404]  ? asm_sysvec_call_function_single+0x1a/0x20
[  159.872887][ T6404]  ? clear_bhb_loop+0x60/0xb0
[  159.872911][ T6404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.872931][ T6404] RIP: 0033:0x7f17f7d8e969
[  159.872960][ T6404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.872977][ T6404] RSP: 002b:00007f17f8b0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[  159.873006][ T6404] RAX: ffffffffffffffda RBX: 00007f17f7fb6080 RCX: 00007f17f7d8e969
[  159.873021][ T6404] RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000200000ffc000
[  159.873033][ T6404] RBP: 00007f17f8b0e090 R08: 0000000000000000 R09: 0000000000000000
[  159.873045][ T6404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.873057][ T6404] R13: 0000000000000000 R14: 00007f17f7fb6080 R15: 00007ffe6dfb5748
[  159.873090][ T6404]  </TASK>
[  161.297303][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  161.515507][    T9] usb 2-1: Using ep0 maxpacket: 32
[  161.528113][    T9] usb 2-1: config 0 has an invalid interface number: 42 but max is 0
[  161.537418][    T9] usb 2-1: config 0 has no interface number 0
[  161.573676][    T9] usb 2-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=42.27
[  161.588174][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.602771][    T9] usb 2-1: Product: syz
[  161.616566][    T9] usb 2-1: Manufacturer: syz
[  161.633840][    T9] usb 2-1: SerialNumber: syz
[  161.654544][    T9] usb 2-1: config 0 descriptor??
[  161.825637][   T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  161.884397][ T6423] netlink: 'syz.0.146': attribute type 1 has an invalid length.
[  161.930396][ T6423] netlink: 216 bytes leftover after parsing attributes in process `syz.0.146'.
[  161.953098][    T9] usb 2-1: Found UVC 0.00 device syz (1bcf:0b40)
[  162.009328][    T9] usb 2-1: Forcing UVC version to 1.0a
[  162.023441][   T10] usb 4-1: Using ep0 maxpacket: 32
[  162.044072][    T9] usb 2-1: No valid video chain found.
[  162.055022][   T10] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  162.675466][   T10] usb 4-1: config 0 has no interface number 0
[  162.681754][   T10] usb 4-1: config 0 interface 12 has no altsetting 0
[  162.704552][    T9] usb 2-1: USB disconnect, device number 4
[  163.337872][   T10] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  163.407805][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.434359][   T10] usb 4-1: Product: syz
[  163.455600][   T10] usb 4-1: Manufacturer: syz
[  163.476177][   T10] usb 4-1: SerialNumber: syz
[  163.502080][   T10] usb 4-1: config 0 descriptor??
[  163.534928][   T10] f81534 4-1:0.12: required endpoints missing
[  163.650665][   T47] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  163.818518][   T47] usb 3-1: Using ep0 maxpacket: 8
[  163.861635][   T47] usb 3-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  163.889988][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.915225][   T47] usb 3-1: Product: syz
[  163.919500][   T47] usb 3-1: Manufacturer: syz
[  163.948663][   T47] usb 3-1: SerialNumber: syz
[  164.775945][   T47] usb 3-1: config 0 descriptor??
[  164.819099][   T47] radio-usb-si4713 3-1:0.0: Si4713 development board discovered: (10C4:8244)
[  165.602823][  T978] usb 4-1: USB disconnect, device number 6
[  166.927469][   T47] radio-usb-si4713 3-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  166.963840][   T47] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  166.987695][   T47] usb 3-1: USB disconnect, device number 5
[  168.977298][ T6478] x_tables: duplicate underflow at hook 1
[  169.393358][ T6485] kvm: kvm [6483]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x800
[  169.411852][    T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  169.475984][ T6485] kvm: kvm [6483]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x800
[  169.596021][    T9] usb 3-1: Using ep0 maxpacket: 32
[  169.688746][    T9] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  169.800740][    T9] usb 3-1: config 0 has no interface number 0
[  169.861911][ T5901] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  169.885870][    T9] usb 3-1: config 0 interface 12 has no altsetting 0
[  170.212067][    T9] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  170.221736][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.232187][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  170.254414][    T9] usb 3-1: Product: syz
[  170.260972][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  170.273901][    T9] usb 3-1: Manufacturer: syz
[  170.278858][    T9] usb 3-1: SerialNumber: syz
[  170.285668][ T5901] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  170.298937][ T5901] usb 1-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[  170.309255][ T5901] usb 1-1: Manufacturer: syz
[  170.319156][    T9] usb 3-1: config 0 descriptor??
[  170.361249][    T9] f81534 3-1:0.12: required endpoints missing
[  170.371555][ T6503] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  170.380946][ T5901] usb 1-1: config 0 descriptor??
[  170.418476][ T5901] hub 1-1:0.0: USB hub found
[  170.624896][ T5901] hub 1-1:0.0: 1 port detected
[  171.877467][    T9] hub 1-1:0.0: activate --> -90
[  173.415474][    T9] hub 1-1:0.0: hub_ext_port_status failed (err = -32)
[  173.968024][    T9] usb 3-1: USB disconnect, device number 6
[  174.259529][ T6539] netlink: 60 bytes leftover after parsing attributes in process `syz.3.179'.
[  174.299288][ T6536] netlink: 60 bytes leftover after parsing attributes in process `syz.3.179'.
[  174.372885][ T6538] kvm: kvm [6537]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x800
[  174.424795][ T6538] kvm: kvm [6537]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x800
[  174.455566][ T5833] usb 1-1: USB disconnect, device number 7
[  176.705270][    T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  176.885258][    T9] usb 3-1: Using ep0 maxpacket: 32
[  176.942647][    T9] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  176.955241][    T9] usb 3-1: config 0 has no interface number 0
[  176.983494][    T9] usb 3-1: config 0 interface 12 has no altsetting 0
[  177.023135][    T9] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  177.048681][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.078866][    T9] usb 3-1: Product: syz
[  177.083217][    T9] usb 3-1: Manufacturer: syz
[  177.113609][    T9] usb 3-1: SerialNumber: syz
[  177.150033][    T9] usb 3-1: config 0 descriptor??
[  177.170824][    T9] f81534 3-1:0.12: required endpoints missing
[  179.709380][ T5833] usb 3-1: USB disconnect, device number 7
[  180.728126][ T6627] sctp: [Deprecated]: syz.1.207 (pid 6627) Use of struct sctp_assoc_value in delayed_ack socket option.
[  180.728126][ T6627] Use struct sctp_sack_info instead
[  181.045452][ T5873] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  181.247640][ T5833] libceph: connect (1)[c::]:6789 error -101
[  181.259253][ T5873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  181.275994][ T5833] libceph: mon0 (1)[c::]:6789 connect error
[  181.292844][ T5873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  181.304560][ T5873] usb 2-1: New USB device found, idVendor=0416, idProduct=c168, bcdDevice= 0.00
[  181.317693][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.326335][ T6642] ceph: No mds server is up or the cluster is laggy
[  181.351791][ T5873] usb 2-1: config 0 descriptor??
[  181.786090][ T5901] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  182.616063][ T5901] usb 5-1: Using ep0 maxpacket: 32
[  182.644275][ T5901] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  182.669792][ T5901] usb 5-1: config 0 has no interface number 0
[  182.709993][ T5901] usb 5-1: config 0 interface 12 has no altsetting 0
[  182.763910][ T5901] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  182.793162][ T5901] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.826690][ T5901] usb 5-1: Product: syz
[  182.853663][ T5901] usb 5-1: Manufacturer: syz
[  182.874502][ T5901] usb 5-1: SerialNumber: syz
[  182.905946][ T5901] usb 5-1: config 0 descriptor??
[  183.186697][ T5901] f81534 5-1:0.12: required endpoints missing
[  183.845405][ T5873] usbhid 2-1:0.0: can't add hid device: -71
[  183.855600][ T5873] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  183.933886][ T5873] usb 2-1: USB disconnect, device number 5
[  185.090291][ T5901] usb 5-1: USB disconnect, device number 5
[  188.526158][ T5873] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  188.745865][ T5873] usb 4-1: Using ep0 maxpacket: 32
[  188.859635][ T5873] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  188.904398][ T5873] usb 4-1: config 0 has no interface number 0
[  188.983370][ T5873] usb 4-1: config 0 interface 12 has no altsetting 0
[  189.072087][ T5873] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  189.081578][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.104473][ T5873] usb 4-1: Product: syz
[  189.108872][ T5873] usb 4-1: Manufacturer: syz
[  189.113535][ T5873] usb 4-1: SerialNumber: syz
[  189.128806][ T5873] usb 4-1: config 0 descriptor??
[  189.142500][ T5873] f81534 4-1:0.12: required endpoints missing
[  191.429165][ T5901] usb 4-1: USB disconnect, device number 7
[  195.006448][ T5130] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  195.835616][ T5873] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  196.069365][ T5873] usb 3-1: Using ep0 maxpacket: 32
[  196.149290][ T5901] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  196.185791][ T5873] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  196.233927][ T5873] usb 3-1: config 0 has no interface number 0
[  196.271532][ T5873] usb 3-1: config 0 interface 12 has no altsetting 0
[  196.523242][ T5873] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  196.589400][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.620111][ T5873] usb 3-1: Product: syz
[  196.624488][ T5873] usb 3-1: Manufacturer: syz
[  196.674779][ T5873] usb 3-1: SerialNumber: syz
[  197.137120][ T5873] usb 3-1: config 0 descriptor??
[  197.227394][ T5873] f81534 3-1:0.12: required endpoints missing
[  198.977901][    T9] usb 3-1: USB disconnect, device number 8
[  199.827907][ T6872] syz.4.277: attempt to access beyond end of device
[  199.827907][ T6872] nbd4: rw=2048, sector=0, nr_sectors = 8 limit=0
[  199.940918][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  199.948158][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  199.950031][ T6872] SQUASHFS error: Failed to read block 0x0: -5
[  200.074484][ T6872] unable to read squashfs_super_block
[  201.025438][   T47] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  201.197533][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  201.209006][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.221015][   T47] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  201.230665][   T47] usb 2-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[  201.239345][   T47] usb 2-1: Manufacturer: syz
[  201.248410][   T47] usb 2-1: config 0 descriptor??
[  201.261396][   T47] hub 2-1:0.0: USB hub found
[  201.355444][    T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  201.463018][   T47] hub 2-1:0.0: 1 port detected
[  201.525260][    T9] usb 5-1: Using ep0 maxpacket: 8
[  201.545863][    T9] usb 5-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  201.565196][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.573307][    T9] usb 5-1: Product: syz
[  201.585440][    T9] usb 5-1: Manufacturer: syz
[  201.591158][    T9] usb 5-1: SerialNumber: syz
[  201.609130][    T9] usb 5-1: config 0 descriptor??
[  201.636046][    T9] radio-usb-si4713 5-1:0.0: Si4713 development board discovered: (10C4:8244)
[  202.080628][   T47] hub 2-1:0.0: activate --> -90
[  202.255746][ T5833] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  202.405614][ T5833] usb 3-1: Using ep0 maxpacket: 32
[  202.415387][ T5833] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  202.426639][ T5833] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  202.437137][ T5833] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  202.446495][ T5833] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.458938][    T9] radio-usb-si4713 5-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  202.473184][ T5833] usb 3-1: config 0 descriptor??
[  202.476351][    T9] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  202.509556][ T5833] hub 3-1:0.0: USB hub found
[  202.517273][   T10] usb 2-1: USB disconnect, device number 6
[  202.523559][    T9] usb 5-1: USB disconnect, device number 6
[  202.703745][ T5833] hub 3-1:0.0: 1 port detected
[  202.725626][   T47] usb 2-1-port1: config error
[  203.206284][ T5824] Bluetooth: hci5: command 0x1003 tx timeout
[  203.212968][ T5130] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  203.575606][ T5873] hub 3-1:0.0: activate --> -90
[  203.895265][    T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  204.597280][    T9] usb 5-1: Using ep0 maxpacket: 32
[  204.610024][    T9] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  204.727801][ T6899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  204.737440][    T9] usb 5-1: config 0 has no interface number 0
[  204.743615][    T9] usb 5-1: config 0 interface 12 has no altsetting 0
[  204.772099][    T9] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  204.785315][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.793666][    T9] usb 5-1: Product: syz
[  204.797953][    T9] usb 5-1: Manufacturer: syz
[  204.802612][    T9] usb 5-1: SerialNumber: syz
[  204.804078][ T6899] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  204.832042][    T9] usb 5-1: config 0 descriptor??
[  204.846529][    T9] f81534 5-1:0.12: required endpoints missing
[  205.285536][    T9] usb 3-1: USB disconnect, device number 9
[  205.311570][ T5873] hub 3-1:0.0: hub_ext_port_status failed (err = -32)
[  207.533737][ T5903] usb 5-1: USB disconnect, device number 7
[  209.314028][ T6940] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  209.378552][ T6940] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  209.625263][ T6940] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  209.655061][ T6940] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  209.828060][ T6940] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  209.870148][ T6940] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  209.931136][ T6940] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  209.967597][ T6940] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  210.504040][ T6966] sctp: failed to load transform for md5: -4
[  210.672160][ T6940] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  210.696086][ T6940] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  211.844411][ T6987] kvm: kvm [6986]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0
[  211.879507][ T6987] kvm: kvm [6986]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0
[  211.904090][ T6987] kvm: kvm [6986]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0
[  211.937314][ T6987] kvm: kvm [6986]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0
[  211.961739][ T6987] kvm: kvm [6986]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0
[  211.991791][ T6987] kvm: kvm [6986]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0
[  212.022603][ T6987] kvm: kvm [6986]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0
[  212.040435][ T6987] kvm: kvm [6986]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0
[  212.103138][ T6987] kvm: kvm [6986]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0
[  212.112590][ T6987] kvm: kvm [6986]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0
[  212.425402][   T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  212.600224][   T10] usb 3-1: Using ep0 maxpacket: 32
[  212.617754][   T10] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  212.639057][   T10] usb 3-1: config 0 has no interface number 0
[  212.659755][   T10] usb 3-1: config 0 interface 12 has no altsetting 0
[  212.691029][   T10] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  212.740881][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.797653][   T10] usb 3-1: Product: syz
[  212.835069][   T10] usb 3-1: Manufacturer: syz
[  212.935828][   T10] usb 3-1: SerialNumber: syz
[  213.362255][   T10] usb 3-1: config 0 descriptor??
[  213.378915][   T10] f81534 3-1:0.12: required endpoints missing
[  214.442754][ T7028] netlink: 8 bytes leftover after parsing attributes in process `syz.0.316'.
[  214.468833][ T7028] netlink: 4 bytes leftover after parsing attributes in process `syz.0.316'.
[  215.298190][   T10] usb 3-1: USB disconnect, device number 10
[  215.415654][ T5903] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  215.585295][ T5903] usb 5-1: Using ep0 maxpacket: 8
[  215.626255][ T5903] usb 5-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  215.652894][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.677699][ T5903] usb 5-1: Product: syz
[  215.695028][ T5903] usb 5-1: Manufacturer: syz
[  215.723375][ T5903] usb 5-1: SerialNumber: syz
[  215.740112][ T5903] usb 5-1: config 0 descriptor??
[  215.783777][ T5903] radio-usb-si4713 5-1:0.0: Si4713 development board discovered: (10C4:8244)
[  216.616049][ T7057] netlink: 8 bytes leftover after parsing attributes in process `syz.2.323'.
[  216.663809][ T5903] radio-usb-si4713 5-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  216.720287][ T5903] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  216.774132][ T5903] usb 5-1: USB disconnect, device number 8
[  218.545221][ T5873] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  218.746904][ T5873] usb 4-1: Using ep0 maxpacket: 32
[  218.756120][    T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  218.773160][ T5873] usb 4-1: config 0 has an invalid interface number: 42 but max is 0
[  218.811150][ T5873] usb 4-1: config 0 has no interface number 0
[  218.868224][ T5873] usb 4-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=42.27
[  218.885783][ T5903] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  218.893500][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.913504][ T5873] usb 4-1: Product: syz
[  218.918560][ T5873] usb 4-1: Manufacturer: syz
[  218.923850][ T5873] usb 4-1: SerialNumber: syz
[  218.949369][ T5873] usb 4-1: config 0 descriptor??
[  218.949454][    T9] usb 5-1: Using ep0 maxpacket: 32
[  219.028965][    T9] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  219.062096][    T9] usb 5-1: config 0 has no interface number 0
[  219.068512][    T9] usb 5-1: config 0 interface 12 has no altsetting 0
[  219.095269][    T9] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  219.118655][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.130797][ T5903] usb 2-1: Using ep0 maxpacket: 8
[  219.156147][    T9] usb 5-1: Product: syz
[  219.161963][    T9] usb 5-1: Manufacturer: syz
[  219.165676][ T5873] usb 4-1: Found UVC 0.00 device syz (1bcf:0b40)
[  219.178771][    T9] usb 5-1: SerialNumber: syz
[  219.184714][ T5873] usb 4-1: Forcing UVC version to 1.0a
[  219.200770][ T5903] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  219.224935][ T5873] usb 4-1: No valid video chain found.
[  219.238677][    T9] usb 5-1: config 0 descriptor??
[  219.250657][ T5873] usb 4-1: USB disconnect, device number 8
[  219.259480][ T5903] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.274883][    T9] f81534 5-1:0.12: required endpoints missing
[  219.303427][ T5903] usb 2-1: Product: syz
[  219.308055][ T5903] usb 2-1: Manufacturer: syz
[  219.325942][ T5903] usb 2-1: SerialNumber: syz
[  219.358561][ T5903] usb 2-1: config 0 descriptor??
[  219.546987][ T5903] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244)
[  220.697428][ T5903] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  220.731185][ T5903] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  220.783380][ T5903] usb 2-1: USB disconnect, device number 7
[  221.679465][ T5903] usb 5-1: USB disconnect, device number 9
[  221.986158][ T7126] FAULT_INJECTION: forcing a failure.
[  221.986158][ T7126] name failslab, interval 1, probability 0, space 0, times 0
[  221.998972][ T7126] CPU: 1 UID: 0 PID: 7126 Comm: syz.1.338 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) 
[  221.999008][ T7126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  221.999021][ T7126] Call Trace:
[  221.999032][ T7126]  <TASK>
[  221.999042][ T7126]  dump_stack_lvl+0x189/0x250
[  221.999082][ T7126]  ? __pfx_dump_stack_lvl+0x10/0x10
[  221.999112][ T7126]  ? __pfx__printk+0x10/0x10
[  221.999153][ T7126]  ? __pfx___might_resched+0x10/0x10
[  221.999185][ T7126]  ? fs_reclaim_acquire+0x7d/0x100
[  221.999215][ T7126]  should_fail_ex+0x414/0x560
[  221.999243][ T7126]  should_failslab+0xa8/0x100
[  221.999266][ T7126]  __kmalloc_noprof+0xcb/0x4f0
[  221.999298][ T7126]  ? kfree+0x4d/0x440
[  221.999325][ T7126]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  221.999361][ T7126]  tomoyo_realpath_from_path+0xe3/0x5d0
[  221.999406][ T7126]  tomoyo_check_open_permission+0x1c1/0x3b0
[  221.999432][ T7126]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  221.999457][ T7126]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  221.999524][ T7126]  ? tomoyo_file_open+0x166/0x220
[  221.999561][ T7126]  security_file_open+0xb1/0x270
[  221.999588][ T7126]  do_dentry_open+0x35e/0x1970
[  221.999613][ T7126]  ? devcgroup_check_permission+0x86d/0x980
[  221.999655][ T7126]  vfs_open+0x3b/0x340
[  221.999675][ T7126]  ? path_openat+0x2ecd/0x3830
[  221.999706][ T7126]  path_openat+0x2ee5/0x3830
[  221.999743][ T7126]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  221.999793][ T7126]  ? __pfx_path_openat+0x10/0x10
[  221.999818][ T7126]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.999864][ T7126]  do_filp_open+0x1fa/0x410
[  221.999894][ T7126]  ? __pfx_do_filp_open+0x10/0x10
[  221.999947][ T7126]  ? _raw_spin_unlock+0x28/0x50
[  221.999969][ T7126]  ? alloc_fd+0x64c/0x6c0
[  222.000023][ T7126]  do_sys_openat2+0x121/0x1c0
[  222.000052][ T7126]  ? __pfx_do_sys_openat2+0x10/0x10
[  222.000078][ T7126]  ? exc_page_fault+0x68/0x110
[  222.000115][ T7126]  __x64_sys_openat+0x138/0x170
[  222.000147][ T7126]  do_syscall_64+0xf6/0x210
[  222.000177][ T7126]  ? clear_bhb_loop+0x60/0xb0
[  222.000204][ T7126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.000225][ T7126] RIP: 0033:0x7f170078d2d0
[  222.000245][ T7126] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  222.000263][ T7126] RSP: 002b:00007f1701627b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  222.000285][ T7126] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f170078d2d0
[  222.000300][ T7126] RDX: 0000000000000002 RSI: 00007f1701627c10 RDI: 00000000ffffff9c
[  222.000314][ T7126] RBP: 00007f1701627c10 R08: 0000000000000000 R09: 00236f6964617277
[  222.000329][ T7126] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  222.000341][ T7126] R13: 0000000000000000 R14: 00007f17009b6160 R15: 00007ffe257ddcd8
[  222.000374][ T7126]  </TASK>
[  222.000407][ T7126] ERROR: Out of memory at tomoyo_realpath_from_path.
[  222.975677][   T47] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  223.147870][   T47] usb 2-1: Using ep0 maxpacket: 8
[  223.166831][   T47] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  223.192267][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.206347][   T47] usb 2-1: Product: syz
[  223.210612][   T47] usb 2-1: Manufacturer: syz
[  223.218857][   T47] usb 2-1: SerialNumber: syz
[  223.234044][   T47] usb 2-1: config 0 descriptor??
[  223.253336][   T47] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244)
[  223.339799][ T7158] netlink: 8 bytes leftover after parsing attributes in process `syz.2.347'.
[  224.118530][   T47] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  224.261802][   T47] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  224.299021][   T47] usb 2-1: USB disconnect, device number 8
[  224.418591][ T5824] Bluetooth: hci5: command 0x1003 tx timeout
[  224.425215][ T5130] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  225.011138][ T7169] kvm_pr_unimpl_wrmsr: 102 callbacks suppressed
[  225.011164][ T7169] kvm: kvm [7168]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x40fe
[  225.039657][ T7169] kvm: kvm [7168]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xfe
[  225.127533][ T7169] kvm: kvm [7168]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3e
[  225.179144][ T7169] kvm: kvm [7168]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x403e
[  225.254587][ T7169] kvm: kvm [7168]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3e
[  225.266467][ T7169] kvm: kvm [7168]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x403e
[  225.314653][ T7169] kvm: kvm [7168]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3e
[  225.350029][ T7169] kvm: kvm [7168]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x403e
[  225.364789][ T7169] kvm: kvm [7168]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3e
[  225.381249][ T7169] kvm: kvm [7168]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x403e
[  225.575364][   T47] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  225.807058][   T47] usb 2-1: Using ep0 maxpacket: 32
[  225.826686][   T47] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  225.935188][   T47] usb 2-1: config 0 has no interface number 0
[  225.951452][   T47] usb 2-1: config 0 interface 12 has no altsetting 0
[  226.085691][   T47] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  226.225283][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.274471][   T47] usb 2-1: Product: syz
[  226.284572][   T47] usb 2-1: Manufacturer: syz
[  226.315043][   T47] usb 2-1: SerialNumber: syz
[  226.351226][   T47] usb 2-1: config 0 descriptor??
[  226.416241][   T47] f81534 2-1:0.12: required endpoints missing
[  226.985182][   T30] audit: type=1326 audit(226.908:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7194 comm="syz.4.355" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17f7d8e969 code=0x0
[  227.070196][   T30] audit: type=1326 audit(226.998:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7194 comm="syz.4.355" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f17f7d8e969 code=0x0
[  227.212367][ T7202] random: crng reseeded on system resumption
[  229.435244][ T5833] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  229.588867][   T10] usb 2-1: USB disconnect, device number 9
[  230.176592][ T5833] usb 5-1: Using ep0 maxpacket: 8
[  230.196500][ T5833] usb 5-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  230.215188][ T5833] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.228528][ T5833] usb 5-1: Product: syz
[  230.232839][ T5833] usb 5-1: Manufacturer: syz
[  230.243660][ T5833] usb 5-1: SerialNumber: syz
[  230.256277][ T5833] usb 5-1: config 0 descriptor??
[  230.265707][ T5833] radio-usb-si4713 5-1:0.0: Si4713 development board discovered: (10C4:8244)
[  230.426961][ T7243] binder: 7242:7243 ioctl 8933 200000000000 returned -22
[  230.482854][ T7243] can: request_module (can-proto-4) failed.
[  231.091436][ T5833] radio-usb-si4713 5-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  231.105023][ T5833] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  231.120311][ T5833] usb 5-1: USB disconnect, device number 10
[  231.201019][ T7259] netlink: 28 bytes leftover after parsing attributes in process `syz.1.373'.
[  231.887261][ T7275] overlayfs: failed to resolve './file1:/': -2
[  231.929885][ T7275] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  233.142622][ T7294] veth0: entered promiscuous mode
[  233.151628][ T7293] veth0: left promiscuous mode
[  233.325282][   T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  233.475365][ T5903] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  233.505421][   T10] usb 4-1: Using ep0 maxpacket: 16
[  233.529672][   T10] usb 4-1: New USB device found, idVendor=25c6, idProduct=9002, bcdDevice=62.ba
[  233.579417][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.604476][   T10] usb 4-1: Product: syz
[  233.612492][   T10] usb 4-1: Manufacturer: syz
[  233.628831][   T10] usb 4-1: SerialNumber: syz
[  233.647964][ T5903] usb 2-1: Using ep0 maxpacket: 8
[  233.655309][   T10] usb 4-1: config 0 descriptor??
[  233.668266][ T5903] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  233.683832][ T5903] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.705915][ T5903] usb 2-1: Product: syz
[  233.710190][ T5903] usb 2-1: Manufacturer: syz
[  233.716481][ T5903] usb 2-1: SerialNumber: syz
[  233.732476][ T5903] usb 2-1: config 0 descriptor??
[  233.744597][ T5903] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244)
[  233.918436][   T10] snd-usb-hiface 4-1:0.0: probe with driver snd-usb-hiface failed with error -22
[  234.518153][   T10] usb 4-1: USB disconnect, device number 9
[  234.936429][ T5903] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  234.953958][ T5903] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  234.975306][ T5903] usb 2-1: USB disconnect, device number 10
[  235.205444][ T5873] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  235.365425][ T5873] usb 3-1: Using ep0 maxpacket: 16
[  235.373344][ T5873] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  235.383731][ T5873] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  235.394694][ T5873] usb 3-1: string descriptor 0 read error: -22
[  235.411791][ T5873] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  235.421097][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.478479][ T5833] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  236.133725][ T5873] usb 3-1: 0:2 : does not exist
[  236.144644][ T5873] usb 3-1: unit 4 not found!
[  236.255305][ T5833] usb 5-1: device descriptor read/64, error -71
[  237.205203][ T5833] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  237.217743][ T7327] kvm_pr_unimpl_wrmsr: 544 callbacks suppressed
[  237.217770][ T7327] kvm: kvm [7326]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x40fe
[  237.256631][ T7327] kvm: kvm [7326]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xfe
[  237.276102][ T7333] netlink: 8 bytes leftover after parsing attributes in process `syz.3.396'.
[  237.286713][ T7327] kvm: kvm [7326]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3e
[  237.297273][ T7327] kvm: kvm [7326]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x403e
[  237.306775][ T7327] kvm: kvm [7326]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3e
[  237.325600][ T7327] kvm: kvm [7326]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x403e
[  237.338289][ T7327] kvm: kvm [7326]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3e
[  237.356753][ T5833] usb 5-1: device descriptor read/64, error -71
[  237.374678][ T7327] kvm: kvm [7326]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x403e
[  237.412831][ T5873] usb 3-1: USB disconnect, device number 11
[  237.478453][ T5833] usb usb5-port1: attempt power cycle
[  237.836111][ T7352] loop2: detected capacity change from 0 to 7
[  237.866867][ T5833] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  237.886010][ T7352] Dev loop2: unable to read RDB block 7
[  237.891853][ T7352]  loop2: AHDI p2 p3
[  237.895888][ T7352] loop2: partition table partially beyond EOD, truncated
[  237.903256][ T7352] loop2: p2 size 150995456 extends beyond EOD, truncated
[  237.926251][ T5833] usb 5-1: device descriptor read/8, error -71
[  238.250780][ T5833] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  238.488767][ T5833] usb 5-1: device descriptor read/8, error -71
[  238.615556][ T5833] usb usb5-port1: unable to enumerate USB device
[  240.585399][ T7377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.410'.
[  240.857587][ T5879] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  241.027614][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  241.042808][ T5879] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  241.067128][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.087808][ T5879] usb 5-1: config 0 descriptor??
[  241.587243][ T5879] lg-g15 0003:046D:C222.0002: hidraw0: USB HID v10.00 Device [HID 046d:c222] on usb-dummy_hcd.4-1/input0
[  241.648962][ T7383] kvm: kvm [7382]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x40fe
[  241.681797][ T7383] kvm: kvm [7382]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xfe
[  242.208941][ T7375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.235548][ T7383] kvm_pr_unimpl_wrmsr: 2262 callbacks suppressed
[  242.235571][ T7383] kvm: kvm [7382]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3e
[  242.604984][ T7383] kvm: kvm [7382]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x403e
[  242.616647][ T7375] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.685551][ T7383] kvm: kvm [7382]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3e
[  242.763683][ T5879] usb 5-1: USB disconnect, device number 15
[  244.461382][ T7419] Smack: duplicate mount options
[  245.784310][ T7447] 9p: Unknown Cache mode or invalid value PL
[  246.165551][ T5879] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  246.684277][ T5879] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  246.722585][ T5879] usb 5-1: config 0 interface 0 has no altsetting 0
[  246.741835][ T5879] usb 5-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  246.765185][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.773294][ T5879] usb 5-1: Product: syz
[  246.781042][ T5879] usb 5-1: Manufacturer: syz
[  246.795441][ T5879] usb 5-1: SerialNumber: syz
[  246.803072][ T5879] usb 5-1: config 0 descriptor??
[  246.817373][ T5879] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  246.856242][ T5879] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  246.900869][ T5879] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  246.941603][ T5879] usb 5-1: media controller created
[  247.439452][ T5879] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  247.684640][ T5879] DVB: Unable to find symbol tda10046_attach()
[  247.707713][ T5879] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  247.743920][ T5879] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  249.897602][ T5879] dvb_usb_m920x 5-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  249.956909][ T5879] usb 5-1: USB disconnect, device number 16
[  253.505285][ T5879] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  253.583132][ T7509] netlink: 44 bytes leftover after parsing attributes in process `syz.0.448'.
[  253.613818][ T7509] use of bytesused == 0 is deprecated and will be removed in the future,
[  253.622606][ T7509] use the actual size instead.
[  254.441054][ T5879] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  254.463513][ T5879] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  254.476814][ T5879] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  254.495288][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  254.509734][ T5879] usb 4-1: SerialNumber: syz
[  254.523784][ T5879] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  254.555773][ T5879] usb-storage 4-1:1.0: USB Mass Storage device detected
[  254.584635][ T5879] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  254.628467][ T5879] scsi host1: usb-storage 4-1:1.0
[  254.668324][ T5833] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  254.982605][ T5833] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  255.965247][ T5833] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  255.977417][ T5833] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  255.995224][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  256.003372][ T5833] usb 5-1: SerialNumber: syz
[  256.020927][ T5833] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  256.035727][ T5833] usb-storage 5-1:1.0: USB Mass Storage device detected
[  256.265732][ T5833] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  256.301199][ T7527] netlink: 8 bytes leftover after parsing attributes in process `syz.1.454'.
[  257.038402][ T5873] usb 4-1: USB disconnect, device number 10
[  257.475288][ T5833] scsi host2: usb-storage 5-1:1.0
[  257.573735][ T5879] usb 5-1: USB disconnect, device number 17
[  257.928837][ T5901] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  258.615192][ T5901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  258.680984][ T5901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  258.718193][ T5901] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  258.763157][ T5901] usb 2-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[  258.779760][ T5901] usb 2-1: Manufacturer: syz
[  258.800893][ T5901] usb 2-1: config 0 descriptor??
[  258.810113][ T5901] hub 2-1:0.0: USB hub found
[  259.162681][ T7564] netlink: 44 bytes leftover after parsing attributes in process `syz.0.462'.
[  259.805605][ T7563] netlink: 44 bytes leftover after parsing attributes in process `syz.2.461'.
[  259.872729][ T5901] hub 2-1:0.0: 1 port detected
[  260.926142][ T5901] hub 2-1:0.0: activate --> -90
[  261.282167][    T9] usb 2-1: USB disconnect, device number 11
[  261.370877][   T10] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  261.379453][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  261.386244][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  261.508069][ T5901] usb 2-1-port1: config error
[  261.599511][   T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  261.623006][   T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  261.652315][   T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  261.664342][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  261.677642][   T10] usb 3-1: SerialNumber: syz
[  261.689424][   T10] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  261.704522][   T10] usb-storage 3-1:1.0: USB Mass Storage device detected
[  261.727865][   T10] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  261.746957][   T10] scsi host1: usb-storage 3-1:1.0
[  264.204825][ T5813] usb 3-1: USB disconnect, device number 12
[  266.290205][ T5833] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  266.300443][ T7633] warning: `syz.3.479' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  266.475236][ T5833] usb 1-1: Using ep0 maxpacket: 8
[  266.497425][ T5833] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89
[  266.509912][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  266.550040][ T5833] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  266.560430][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.573384][ T5833] usb 1-1: Product: syz
[  266.580176][ T5833] usb 1-1: Manufacturer: syz
[  266.604937][ T5833] usb 1-1: SerialNumber: syz
[  266.774917][ T5833] usb 1-1: config 0 descriptor??
[  266.966907][ T7638] kvm: kvm [7636]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc1) = 0x8000
[  267.053758][ T5833] rc_core: IR keymap rc-streamzap not found
[  267.068057][ T7641] Bluetooth: hci2: Opcode 0x0401 failed: -22
[  267.081999][ T5833] Registered IR keymap rc-empty
[  267.117455][ T7641] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  267.117836][ T5833] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  267.155215][ T7641] overlayfs: missing 'lowerdir'
[  267.171563][ T5833] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6
[  267.223135][ T5833] usb 1-1: USB disconnect, device number 9
[  269.126789][ T5824] Bluetooth: hci2: command tx timeout
[  276.976631][ T5833] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  277.126695][ T5833] usb 2-1: device descriptor read/64, error -71
[  277.855296][ T5833] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  278.035205][ T5833] usb 2-1: device descriptor read/64, error -71
[  278.150534][ T5833] usb usb2-port1: attempt power cycle
[  278.425168][    T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  278.505296][ T5833] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  278.538648][ T5833] usb 2-1: device descriptor read/8, error -71
[  278.585208][    T9] usb 5-1: Using ep0 maxpacket: 8
[  278.607150][    T9] usb 5-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  278.626383][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.634673][    T9] usb 5-1: Product: syz
[  278.655172][    T9] usb 5-1: Manufacturer: syz
[  278.659966][    T9] usb 5-1: SerialNumber: syz
[  278.668485][    T9] usb 5-1: config 0 descriptor??
[  278.678031][    T9] radio-usb-si4713 5-1:0.0: Si4713 development board discovered: (10C4:8244)
[  278.795281][ T5833] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  278.836052][ T5833] usb 2-1: device descriptor read/8, error -71
[  278.950011][ T5833] usb usb2-port1: unable to enumerate USB device
[  279.210146][ T7763] kvm: kvm [7762]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc1) = 0x8000
[  279.288271][    T9] radio-usb-si4713 5-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  279.305623][    T9] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  279.316316][    T9] usb 5-1: USB disconnect, device number 18
[  279.355224][ T5901] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  279.525508][ T5901] usb 1-1: Using ep0 maxpacket: 8
[  279.538921][ T5901] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  279.556301][ T5901] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  279.577751][ T5901] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  279.599686][ T5901] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  279.641014][ T5901] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  279.662076][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.477929][ T5901] usb 1-1: GET_CAPABILITIES returned 0
[  280.483709][ T5901] usbtmc 1-1:16.0: can't read capabilities
[  280.636809][ T7782] netlink: 'syz.4.525': attribute type 6 has an invalid length.
[  281.445420][ T5130] Bluetooth: hci5: command 0x1003 tx timeout
[  281.454625][ T5824] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  281.850637][ T7788] fuse: Bad value for 'fd'
[  282.125502][ T5833] usb 1-1: USB disconnect, device number 10
[  284.295484][ T5813] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  284.452621][ T5813] usb 1-1: Using ep0 maxpacket: 8
[  284.488474][ T5813] usb 1-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  284.514660][ T5813] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.525279][ T5813] usb 1-1: Product: syz
[  284.529517][ T5813] usb 1-1: Manufacturer: syz
[  284.536563][ T5813] usb 1-1: SerialNumber: syz
[  284.545349][ T5813] usb 1-1: config 0 descriptor??
[  284.556160][ T5813] radio-usb-si4713 1-1:0.0: Si4713 development board discovered: (10C4:8244)
[  285.228179][ T5813] radio-usb-si4713 1-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  285.242065][ T5813] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  285.308937][ T5813] usb 1-1: USB disconnect, device number 11
[  285.589224][    T9] IPVS: starting estimator thread 0...
[  286.135485][ T7833] IPVS: using max 25 ests per chain, 60000 per kthread
[  286.204211][ T7839] netlink: 16 bytes leftover after parsing attributes in process `syz.4.543'.
[  286.539281][ T6490] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  286.588214][ T5813] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  286.602128][ T6490] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  286.867007][ T5903] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  287.173175][ T5879] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  287.225447][ T5879] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  287.255388][    T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  287.470747][ T5903] usb 5-1: config 0 has no interfaces?
[  287.488716][ T5903] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  287.502630][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.512926][ T5903] usb 5-1: Product: syz
[  287.517365][    T9] usb 4-1: Using ep0 maxpacket: 32
[  287.525127][ T5903] usb 5-1: Manufacturer: syz
[  287.532573][    T9] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  287.545913][ T5903] usb 5-1: SerialNumber: syz
[  287.554087][    T9] usb 4-1: config 0 has no interface number 0
[  287.563617][ T5903] usb 5-1: config 0 descriptor??
[  287.569083][    T9] usb 4-1: config 0 interface 12 has no altsetting 0
[  287.586983][    T9] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  287.597420][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.605975][    T9] usb 4-1: Product: syz
[  287.610574][    T9] usb 4-1: Manufacturer: syz
[  287.615870][    T9] usb 4-1: SerialNumber: syz
[  287.624256][    T9] usb 4-1: config 0 descriptor??
[  287.632614][    T9] f81534 4-1:0.12: required endpoints missing
[  287.890979][ T7839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  287.903922][ T7839] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  288.645296][ T5824] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  289.135331][ T5901] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  289.169948][ T5833] usb 5-1: USB disconnect, device number 19
[  289.295500][ T5901] usb 2-1: Using ep0 maxpacket: 32
[  289.312975][ T5901] usb 2-1: config 0 has an invalid interface number: 42 but max is 0
[  289.322165][ T5901] usb 2-1: config 0 has no interface number 0
[  289.335447][ T5901] usb 2-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=42.27
[  289.345295][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.353981][ T5901] usb 2-1: Product: syz
[  289.359086][ T5901] usb 2-1: Manufacturer: syz
[  289.364300][ T5901] usb 2-1: SerialNumber: syz
[  289.374810][ T5901] usb 2-1: config 0 descriptor??
[  289.594584][ T5901] usb 2-1: Found UVC 0.00 device syz (1bcf:0b40)
[  289.622545][ T5901] usb 2-1: Forcing UVC version to 1.0a
[  289.640248][ T5901] usb 2-1: No valid video chain found.
[  289.653574][ T5901] usb 2-1: USB disconnect, device number 16
[  289.896837][ T5833] usb 4-1: USB disconnect, device number 11
[  290.405430][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  291.226246][ T5833] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  291.247455][ T7904] Malformed UNC in devname
[  291.247455][ T7904] 
[  291.254767][ T7904] CIFS: VFS: Malformed UNC in devname
[  291.263618][ T7904] random: crng reseeded on system resumption
[  291.385940][ T5833] usb 4-1: device descriptor read/64, error -71
[  291.854303][ T7903] netlink: 4 bytes leftover after parsing attributes in process `syz.1.562'.
[  291.905519][ T5833] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  292.045280][ T5833] usb 4-1: device descriptor read/64, error -71
[  292.167384][ T5833] usb usb4-port1: attempt power cycle
[  292.535256][ T5833] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  293.039532][ T5879] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  293.048068][ T5833] usb 4-1: device descriptor read/8, error -71
[  293.195253][ T5879] usb 2-1: Using ep0 maxpacket: 32
[  293.208675][ T5879] usb 2-1: config 0 has an invalid interface number: 42 but max is 0
[  293.220427][ T5879] usb 2-1: config 0 has no interface number 0
[  293.315393][ T5833] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  293.397509][ T5879] usb 2-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=42.27
[  293.459855][ T5879] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.538229][ T5879] usb 2-1: Product: syz
[  293.542765][ T5879] usb 2-1: Manufacturer: syz
[  293.577299][ T5833] usb 4-1: device descriptor read/8, error -71
[  293.587756][ T5879] usb 2-1: SerialNumber: syz
[  293.650863][ T5879] usb 2-1: config 0 descriptor??
[  293.693719][ T5833] usb usb4-port1: unable to enumerate USB device
[  293.927923][ T5879] usb 2-1: Found UVC 0.00 device syz (1bcf:0b40)
[  293.934350][ T5879] usb 2-1: Forcing UVC version to 1.0a
[  293.965798][ T5879] usb 2-1: No valid video chain found.
[  293.977922][ T5879] usb 2-1: USB disconnect, device number 17
[  294.508909][ T7945] kvm: MONITOR instruction emulated as NOP!
[  296.962763][ T7987] xt_HMARK: spi-set and port-set can't be combined
[  297.359213][ T5833] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  297.435202][ T5879] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  297.515673][ T5833] usb 1-1: device descriptor read/64, error -71
[  297.585268][ T5879] usb 5-1: Using ep0 maxpacket: 32
[  297.639848][ T5879] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  297.686331][ T5879] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  297.750153][ T5879] usb 5-1: config 0 interface 0 has no altsetting 0
[  297.765466][ T5833] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  297.808055][ T5879] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00
[  297.845289][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  297.887626][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.955445][ T5833] usb 1-1: device descriptor read/64, error -71
[  298.075958][ T5879] usb 5-1: config 0 descriptor??
[  298.099523][ T5833] usb usb1-port1: attempt power cycle
[  298.355313][ T5980] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  298.414618][ T7999] netlink: 'syz.2.591': attribute type 6 has an invalid length.
[  298.455232][ T5833] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  298.476073][ T5833] usb 1-1: device descriptor read/8, error -71
[  298.525450][ T5980] usb 4-1: Using ep0 maxpacket: 32
[  298.547171][ T5879] corsair 0003:1B1C:1B3E.0003: failed to start in urb: -90
[  298.560214][ T5980] usb 4-1: config 0 has an invalid interface number: 42 but max is 0
[  298.577099][ T5980] usb 4-1: config 0 has no interface number 0
[  298.583752][ T5879] corsair 0003:1B1C:1B3E.0003: hidraw0: USB HID v0.00 Device [HID 1b1c:1b3e] on usb-dummy_hcd.4-1/input0
[  298.608809][ T5980] usb 4-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=42.27
[  298.625279][ T5980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.633403][ T5980] usb 4-1: Product: syz
[  298.650761][ T5980] usb 4-1: Manufacturer: syz
[  298.656282][ T5980] usb 4-1: SerialNumber: syz
[  298.664806][ T5980] usb 4-1: config 0 descriptor??
[  298.735239][ T5833] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  298.735412][    T9] usb 5-1: USB disconnect, device number 20
[  298.766021][ T5833] usb 1-1: device descriptor read/8, error -71
[  298.875595][ T5833] usb usb1-port1: unable to enumerate USB device
[  298.889870][ T5980] usb 4-1: Found UVC 0.00 device syz (1bcf:0b40)
[  298.903725][ T5980] usb 4-1: Forcing UVC version to 1.0a
[  298.920358][ T5980] usb 4-1: No valid video chain found.
[  298.942886][ T5980] usb 4-1: USB disconnect, device number 16
[  299.422715][ T8009] netlink: 'syz.0.594': attribute type 3 has an invalid length.
[  299.494775][   T30] audit: type=1326 audit(299.418:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8008 comm="syz.0.594" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efcfd58e969 code=0x0
[  299.678685][ T8014] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  299.686388][ T8014] batman_adv: batadv0: Removing interface: batadv_slave_0
[  299.739389][ T8014] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  299.774744][ T8014] batman_adv: batadv0: Removing interface: batadv_slave_1
[  301.821497][ T8050] netlink: 44 bytes leftover after parsing attributes in process `syz.1.605'.
[  303.285676][ T5980] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  303.429271][ T5980] usb 1-1: device descriptor read/64, error -71
[  303.555578][ T5879] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  303.675289][ T5980] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  303.726019][ T5879] usb 3-1: Using ep0 maxpacket: 32
[  303.785648][ T5879] usb 3-1: config 0 has an invalid interface number: 42 but max is 0
[  303.814903][ T5879] usb 3-1: config 0 has no interface number 0
[  303.824693][ T5879] usb 3-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=42.27
[  303.834792][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.847885][ T5879] usb 3-1: Product: syz
[  303.852312][ T5879] usb 3-1: Manufacturer: syz
[  303.866417][ T5879] usb 3-1: SerialNumber: syz
[  303.889224][ T5879] usb 3-1: config 0 descriptor??
[  303.926795][   T24] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  304.085864][   T24] usb 2-1: device descriptor read/64, error -71
[  304.368021][   T24] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  304.383141][ T5879] usb 3-1: Found UVC 0.00 device syz (1bcf:0b40)
[  304.436272][ T5879] usb 3-1: Forcing UVC version to 1.0a
[  304.502039][ T5879] usb 3-1: No valid video chain found.
[  304.525576][ T5879] usb 3-1: USB disconnect, device number 13
[  304.621002][   T24] usb 2-1: device descriptor read/64, error -71
[  304.667868][ T8085] netlink: 8 bytes leftover after parsing attributes in process `syz.3.616'.
[  304.736497][   T24] usb usb2-port1: attempt power cycle
[  305.097492][   T24] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  305.136004][   T24] usb 2-1: device descriptor read/8, error -71
[  305.375382][   T24] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  305.419141][   T24] usb 2-1: device descriptor read/8, error -71
[  305.495791][ T5879] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  305.535644][   T24] usb usb2-port1: unable to enumerate USB device
[  306.301455][ T5879] usb 1-1: Using ep0 maxpacket: 8
[  306.784484][ T5879] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  306.827892][ T5879] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  306.844452][ T5879] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  306.862004][ T5879] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  306.905918][ T5879] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  306.917054][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.089874][ T8125] FAULT_INJECTION: forcing a failure.
[  307.089874][ T8125] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  307.141760][ T8125] CPU: 0 UID: 0 PID: 8125 Comm: syz.1.629 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) 
[  307.141792][ T8125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  307.141814][ T8125] Call Trace:
[  307.141827][ T8125]  <TASK>
[  307.141837][ T8125]  dump_stack_lvl+0x189/0x250
[  307.141878][ T8125]  ? __pfx_dump_stack_lvl+0x10/0x10
[  307.141908][ T8125]  ? __pfx__printk+0x10/0x10
[  307.141957][ T8125]  should_fail_ex+0x414/0x560
[  307.141986][ T8125]  _copy_to_user+0x31/0xb0
[  307.142020][ T8125]  simple_read_from_buffer+0xe1/0x170
[  307.142058][ T8125]  proc_fail_nth_read+0x1df/0x250
[  307.142086][ T8125]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  307.142112][ T8125]  ? rw_verify_area+0x258/0x650
[  307.142138][ T8125]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  307.142163][ T8125]  vfs_read+0x1fd/0x980
[  307.142199][ T8125]  ? __pfx___mutex_lock+0x10/0x10
[  307.142228][ T8125]  ? __pfx_vfs_read+0x10/0x10
[  307.142269][ T8125]  ? __fget_files+0x2a/0x420
[  307.142295][ T8125]  ? __fget_files+0x3a0/0x420
[  307.142314][ T8125]  ? __fget_files+0x2a/0x420
[  307.142344][ T8125]  ksys_read+0x145/0x250
[  307.142373][ T8125]  ? __fget_files+0x2a/0x420
[  307.142394][ T8125]  ? __pfx_ksys_read+0x10/0x10
[  307.142429][ T8125]  ? do_syscall_64+0xba/0x210
[  307.142462][ T8125]  do_syscall_64+0xf6/0x210
[  307.142491][ T8125]  ? clear_bhb_loop+0x60/0xb0
[  307.142518][ T8125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.142557][ T8125] RIP: 0033:0x7f170078d37c
[  307.142577][ T8125] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  307.142595][ T8125] RSP: 002b:00007f170166a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  307.142618][ T8125] RAX: ffffffffffffffda RBX: 00007f17009b5fa0 RCX: 00007f170078d37c
[  307.142633][ T8125] RDX: 000000000000000f RSI: 00007f170166a0a0 RDI: 0000000000000004
[  307.142647][ T8125] RBP: 00007f170166a090 R08: 0000000000000000 R09: 0000000000000000
[  307.142660][ T8125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  307.142672][ T8125] R13: 0000000000000000 R14: 00007f17009b5fa0 R15: 00007ffe257ddcd8
[  307.142706][ T8125]  </TASK>
[  307.232199][ T5879] usb 1-1: GET_CAPABILITIES returned 0
[  307.371062][ T8119] netlink: 44 bytes leftover after parsing attributes in process `syz.2.627'.
[  307.371650][ T8105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  307.415701][ T8105] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  307.439010][ T5879] usbtmc 1-1:16.0: can't read capabilities
[  307.487032][    T9] usb 1-1: USB disconnect, device number 18
[  308.001379][ T8145] netlink: 44 bytes leftover after parsing attributes in process `syz.3.628'.
[  308.833146][ T8160] netlink: 20 bytes leftover after parsing attributes in process `syz.1.638'.
[  309.013164][ T8162] netlink: 8 bytes leftover after parsing attributes in process `syz.4.639'.
[  309.594604][ T8184] netlink: 'syz.2.647': attribute type 1 has an invalid length.
[  309.647807][ T8184] netlink: 224 bytes leftover after parsing attributes in process `syz.2.647'.
[  309.872519][ T8186] Driver unsupported XDP return value 0 on prog  (id 105) dev N/A, expect packet loss!
[  310.026009][ T8189] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  310.086810][ T8189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.650'.
[  310.195373][ T8189] netlink: 4 bytes leftover after parsing attributes in process `syz.0.650'.
[  310.549680][ T8205] netlink: 32 bytes leftover after parsing attributes in process `syz.0.655'.
[  310.561072][ T8205] netlink: 32 bytes leftover after parsing attributes in process `syz.0.655'.
[  310.611193][ T8207] FAULT_INJECTION: forcing a failure.
[  310.611193][ T8207] name failslab, interval 1, probability 0, space 0, times 0
[  310.625015][ T8207] CPU: 1 UID: 0 PID: 8207 Comm: syz.0.656 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) 
[  310.625046][ T8207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  310.625064][ T8207] Call Trace:
[  310.625072][ T8207]  <TASK>
[  310.625082][ T8207]  dump_stack_lvl+0x189/0x250
[  310.625121][ T8207]  ? __pfx_dump_stack_lvl+0x10/0x10
[  310.625151][ T8207]  ? __pfx__printk+0x10/0x10
[  310.625190][ T8207]  ? __pfx___might_resched+0x10/0x10
[  310.625227][ T8207]  should_fail_ex+0x414/0x560
[  310.625261][ T8207]  should_failslab+0xa8/0x100
[  310.625283][ T8207]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  310.625318][ T8207]  ? __get_vm_area_node+0x13f/0x300
[  310.625344][ T8207]  __get_vm_area_node+0x13f/0x300
[  310.625370][ T8207]  __vmalloc_node_range_noprof+0x2f1/0x12c0
[  310.625394][ T8207]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  310.625453][ T8207]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  310.625476][ T8207]  ? _parse_integer_limit+0x1ae/0x1f0
[  310.625501][ T8207]  ? rcu_is_watching+0x15/0xb0
[  310.625534][ T8207]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  310.625560][ T8207]  __vmalloc_noprof+0x7a/0x90
[  310.625582][ T8207]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  310.625602][ T8207]  bpf_prog_alloc_no_stats+0x4a/0x4e0
[  310.625626][ T8207]  bpf_prog_alloc+0x3c/0x1a0
[  310.625647][ T8207]  bpf_prog_load+0x735/0x1930
[  310.625673][ T8207]  ? __lock_acquire+0xaac/0xd20
[  310.625696][ T8207]  ? __pfx_bpf_prog_load+0x10/0x10
[  310.625732][ T8207]  ? bpf_lsm_bpf+0x9/0x20
[  310.625751][ T8207]  ? security_bpf+0x7e/0x300
[  310.625772][ T8207]  __sys_bpf+0x5f1/0x860
[  310.625792][ T8207]  ? __pfx___sys_bpf+0x10/0x10
[  310.625820][ T8207]  ? ksys_write+0x1f0/0x250
[  310.625871][ T8207]  __x64_sys_bpf+0x7c/0x90
[  310.625888][ T8207]  do_syscall_64+0xf6/0x210
[  310.625909][ T8207]  ? clear_bhb_loop+0x60/0xb0
[  310.625928][ T8207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.625943][ T8207] RIP: 0033:0x7efcfd58e969
[  310.625958][ T8207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.625971][ T8207] RSP: 002b:00007efcfe343038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  310.625989][ T8207] RAX: ffffffffffffffda RBX: 00007efcfd7b5fa0 RCX: 00007efcfd58e969
[  310.626000][ T8207] RDX: 0000000000000094 RSI: 0000200000000200 RDI: 0000000000000005
[  310.626010][ T8207] RBP: 00007efcfe343090 R08: 0000000000000000 R09: 0000000000000000
[  310.626019][ T8207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  310.626028][ T8207] R13: 0000000000000001 R14: 00007efcfd7b5fa0 R15: 00007ffe88b5f0d8
[  310.626050][ T8207]  </TASK>
[  310.896209][ T8207] syz.0.656: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  310.913035][ T8207] CPU: 0 UID: 0 PID: 8207 Comm: syz.0.656 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) 
[  310.913065][ T8207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  310.913078][ T8207] Call Trace:
[  310.913086][ T8207]  <TASK>
[  310.913095][ T8207]  dump_stack_lvl+0x189/0x250
[  310.913130][ T8207]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  310.913158][ T8207]  ? __pfx_dump_stack_lvl+0x10/0x10
[  310.913187][ T8207]  ? __pfx__printk+0x10/0x10
[  310.913220][ T8207]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  310.913255][ T8207]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  310.913305][ T8207]  warn_alloc+0x214/0x310
[  310.913336][ T8207]  ? __pfx_warn_alloc+0x10/0x10
[  310.913361][ T8207]  ? __get_vm_area_node+0x13f/0x300
[  310.913386][ T8207]  ? __get_vm_area_node+0x2b5/0x300
[  310.913415][ T8207]  __vmalloc_node_range_noprof+0x316/0x12c0
[  310.913467][ T8207]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  310.913490][ T8207]  ? _parse_integer_limit+0x1ae/0x1f0
[  310.913512][ T8207]  ? rcu_is_watching+0x15/0xb0
[  310.913536][ T8207]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  310.913555][ T8207]  __vmalloc_noprof+0x7a/0x90
[  310.913570][ T8207]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  310.913590][ T8207]  bpf_prog_alloc_no_stats+0x4a/0x4e0
[  310.913614][ T8207]  bpf_prog_alloc+0x3c/0x1a0
[  310.913636][ T8207]  bpf_prog_load+0x735/0x1930
[  310.913661][ T8207]  ? __lock_acquire+0xaac/0xd20
[  310.913683][ T8207]  ? __pfx_bpf_prog_load+0x10/0x10
[  310.913719][ T8207]  ? bpf_lsm_bpf+0x9/0x20
[  310.913743][ T8207]  ? security_bpf+0x7e/0x300
[  310.913764][ T8207]  __sys_bpf+0x5f1/0x860
[  310.913784][ T8207]  ? __pfx___sys_bpf+0x10/0x10
[  310.913813][ T8207]  ? ksys_write+0x1f0/0x250
[  310.913844][ T8207]  __x64_sys_bpf+0x7c/0x90
[  310.913861][ T8207]  do_syscall_64+0xf6/0x210
[  310.913882][ T8207]  ? clear_bhb_loop+0x60/0xb0
[  310.913901][ T8207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.913916][ T8207] RIP: 0033:0x7efcfd58e969
[  310.913930][ T8207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.913942][ T8207] RSP: 002b:00007efcfe343038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  310.913958][ T8207] RAX: ffffffffffffffda RBX: 00007efcfd7b5fa0 RCX: 00007efcfd58e969
[  310.913969][ T8207] RDX: 0000000000000094 RSI: 0000200000000200 RDI: 0000000000000005
[  310.913979][ T8207] RBP: 00007efcfe343090 R08: 0000000000000000 R09: 0000000000000000
[  310.913988][ T8207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  310.913996][ T8207] R13: 0000000000000001 R14: 00007efcfd7b5fa0 R15: 00007ffe88b5f0d8
[  310.914019][ T8207]  </TASK>
[  310.915289][ T8207] Mem-Info:
[  311.185258][ T8207] active_anon:258 inactive_anon:4232 isolated_anon:0
[  311.185258][ T8207]  active_file:13851 inactive_file:39830 isolated_file:0
[  311.185258][ T8207]  unevictable:768 dirty:215 writeback:0
[  311.185258][ T8207]  slab_reclaimable:11073 slab_unreclaimable:97381
[  311.185258][ T8207]  mapped:29926 shmem:1362 pagetables:857
[  311.185258][ T8207]  sec_pagetables:0 bounce:0
[  311.185258][ T8207]  kernel_misc_reclaimable:0
[  311.185258][ T8207]  free:1332784 free_pcp:581 free_cma:0
[  311.230513][    C0] vkms_vblank_simulate: vblank timer overrun
[  311.292592][ T8207] Node 0 active_anon:1032kB inactive_anon:16628kB active_file:55200kB inactive_file:159320kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119252kB dirty:860kB writeback:0kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11012kB pagetables:3428kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  311.409325][ T8207] Node 1 active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  311.440942][    C0] vkms_vblank_simulate: vblank timer overrun
[  311.448848][ T8207] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  311.489815][ T8207] lowmem_reserve[]: 0 2504 2504 2504 2504
[  311.496125][ T8207] Node 0 DMA32 free:1405148kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:1028kB inactive_anon:19180kB active_file:55108kB inactive_file:159308kB unevictable:1536kB writepending:876kB present:3129332kB managed:2564588kB mlocked:0kB bounce:0kB free_pcp:3068kB local_pcp:872kB free_cma:0kB
[  311.526926][    C0] vkms_vblank_simulate: vblank timer overrun
[  311.693042][ T8207] lowmem_reserve[]: 0 0 0 0 0
[  311.703953][ T8207] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:4kB active_file:92kB inactive_file:12kB unevictable:0kB writepending:0kB present:1048580kB managed:112kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  311.902752][ T8217] x_tables: ip_tables: udp match: only valid for protocol 17
[  312.386684][ T8207] lowmem_reserve[]: 0 0 0 0 0
[  312.391479][ T8207] Node 1 Normal free:3912440kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  312.420749][    C0] vkms_vblank_simulate: vblank timer overrun
[  312.565318][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  312.620276][ T8207] lowmem_reserve[]: 0 0 0 0 0
[  312.632429][ T8207] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  312.645927][ T8207] Node 0 DMA32: 3*4kB (UME) 36*8kB (UE) 68*16kB (UE) 253*32kB (UM) 564*64kB (UME) 163*128kB (UME) 91*256kB (UM) 63*512kB (UM) 42*1024kB (UME) 13*2048kB (UME) 290*4096kB (UM) = 1379468kB
[  312.835245][ T8221] netlink: 44 bytes leftover after parsing attributes in process `syz.4.659'.
[  312.945354][ T8207] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  313.505256][ T8207] Node 1 Normal: 208*4kB (UM) 45*8kB (UME) 45*16kB (UME) 194*32kB (UME) 71*64kB (UME) 29*128kB (UME) 9*256kB (UME) 7*512kB (UM) 3*1024kB (UM) 2*2048kB (U) 948*4096kB (UM) = 3912440kB
[  313.523952][ T8207] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  313.533723][ T8207] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  313.543200][ T8207] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  313.553227][ T8207] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  313.562708][ T8207] 57311 total pagecache pages
[  313.567535][ T8207] 0 pages in swap cache
[  313.571901][ T8207] Free swap  = 124996kB
[  313.576649][ T8207] Total swap = 124996kB
[  313.580871][ T8207] 2097051 pages RAM
[  313.584699][ T8207] 0 pages HighMem/MovableOnly
[  313.624765][ T8207] 424245 pages reserved
[  313.629201][ T8207] 0 pages cma reserved
[  314.135395][ T5833] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  314.162743][ T8238] netlink: 44 bytes leftover after parsing attributes in process `syz.0.665'.
[  314.214565][ T5879] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  314.345360][ T5833] usb 2-1: device descriptor read/64, error -71
[  314.455459][ T5879] usb 5-1: Using ep0 maxpacket: 8
[  314.573388][ T5879] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  314.784472][ T5879] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  314.909730][ T5833] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  314.924276][ T5879] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  314.941726][ T5879] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  314.956692][ T5879] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  314.966851][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.986660][ T8241] netlink: 44 bytes leftover after parsing attributes in process `syz.2.664'.
[  315.065209][ T5833] usb 2-1: device descriptor read/64, error -71
[  315.179881][ T5833] usb usb2-port1: attempt power cycle
[  315.188503][ T5879] usb 5-1: GET_CAPABILITIES returned 0
[  315.194088][ T5879] usbtmc 5-1:16.0: can't read capabilities
[  315.285402][ T5901] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  315.465170][ T5901] usb 1-1: Using ep0 maxpacket: 32
[  315.472565][ T5901] usb 1-1: config 0 interface 0 has no altsetting 0
[  315.487705][ T5901] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  315.501270][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.519857][ T5901] usb 1-1: Product: syz
[  315.524358][ T5901] usb 1-1: Manufacturer: syz
[  315.529439][ T5901] usb 1-1: SerialNumber: syz
[  315.539494][ T5901] usb 1-1: config 0 descriptor??
[  315.545450][ T5833] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  315.589798][ T5833] usb 2-1: device descriptor read/8, error -71
[  315.835715][ T5833] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  315.877046][ T5833] usb 2-1: device descriptor read/8, error -71
[  315.995710][ T5833] usb usb2-port1: unable to enumerate USB device
[  316.085660][ T5901] gs_usb 1-1:0.0: Configuring for 1 interfaces
[  316.127303][ T8263] netlink: 'syz.2.673': attribute type 10 has an invalid length.
[  316.157974][ T8263] veth0_vlan: left promiscuous mode
[  316.175022][ T8263] veth0_vlan: entered promiscuous mode
[  316.262792][ T8263] team0: Device veth0_vlan failed to register rx_handler
[  316.286936][ T5901] gs_usb 1-1:0.0: Couldn't get bit timing const for channel 0 (-EREMOTEIO)
[  316.299802][ T5901] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -121
[  316.662261][ T8276] netlink: 124 bytes leftover after parsing attributes in process `syz.2.676'.
[  316.856196][ T5901] usb 5-1: USB disconnect, device number 21
[  317.209607][ T8292] netlink: 44 bytes leftover after parsing attributes in process `syz.2.679'.
[  318.294391][   T24] usb 1-1: USB disconnect, device number 19
[  318.321178][ T8301] netlink: 'syz.2.685': attribute type 1 has an invalid length.
[  318.645505][    T9] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  318.733637][ T8301] 8021q: adding VLAN 0 to HW filter on device bond1
[  318.805580][    T9] usb 2-1: Using ep0 maxpacket: 8
[  318.822597][    T9] usb 2-1: config 0 has an invalid interface number: 31 but max is 0
[  318.857229][    T9] usb 2-1: config 0 has no interface number 0
[  318.860518][ T8310] tc_dump_action: action bad kind
[  318.898088][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  318.907532][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.099100][    T9] usb 2-1: Product: syz
[  319.103358][    T9] usb 2-1: Manufacturer: syz
[  319.132968][    T9] usb 2-1: SerialNumber: syz
[  319.148249][    T9] usb 2-1: config 0 descriptor??
[  319.366860][    T9] usb 2-1: Found UVC 0.04 device syz (046d:08c3)
[  319.379937][    T9] usb 2-1: No valid video chain found.
[  319.973158][    T9] usb 2-1: USB disconnect, device number 26
[  319.979764][ T8322] Malformed UNC in devname
[  319.979764][ T8322] 
[  319.991535][ T8322] CIFS: VFS: Malformed UNC in devname
[  320.325314][ T8324] kAFS: unparsable volume name
[  321.484427][ T8338] netlink: 44 bytes leftover after parsing attributes in process `syz.0.695'.
[  322.312001][ T8348] netlink: 'syz.0.700': attribute type 61 has an invalid length.
[  322.552042][ T8353] 9pnet_fd: Insufficient options for proto=fd
[  322.564232][ T8350] netlink: 16 bytes leftover after parsing attributes in process `syz.1.701'.
[  322.576448][ T8350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.701'.
[  322.821275][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  322.827850][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  323.054168][ T8348] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  323.082247][ T8359] netlink: 'syz.0.700': attribute type 61 has an invalid length.
[  323.122914][ T8366] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.704'.
[  323.152039][ T8361] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.704'.
[  323.241116][ T8368] mmap: syz.2.706 (8368) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  323.845860][ T8374] Malformed UNC in devname
[  323.845860][ T8374] 
[  323.852555][ T8374] CIFS: VFS: Malformed UNC in devname
[  324.280799][ T8384] netlink: 44 bytes leftover after parsing attributes in process `syz.0.710'.
[  325.340579][ T8391] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  325.801266][ T8391] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  326.181182][ T8371] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  326.915178][    T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  327.016004][   T10] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  327.120975][    T9] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  327.135021][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  327.149688][    T9] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  327.159663][    T9] usb 4-1: config 1 has no interface number 1
[  327.166582][    T9] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  327.195170][    T9] usb 4-1: config 1 interface 2 has no altsetting 1
[  327.203391][   T10] usb 3-1: Using ep0 maxpacket: 32
[  327.216504][   T10] usb 3-1: config 0 has an invalid interface number: 42 but max is 0
[  327.229369][    T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  327.243462][   T10] usb 3-1: config 0 has no interface number 0
[  327.268842][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.279967][    T9] usb 4-1: Product: syz
[  327.288449][   T10] usb 3-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=42.27
[  327.301857][    T9] usb 4-1: Manufacturer: syz
[  327.308200][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.317499][    T9] usb 4-1: SerialNumber: syz
[  327.330907][   T10] usb 3-1: Product: syz
[  327.336873][   T10] usb 3-1: Manufacturer: syz
[  327.348147][   T10] usb 3-1: SerialNumber: syz
[  327.366585][   T10] usb 3-1: config 0 descriptor??
[  327.379855][ T5879] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  327.545491][ T5879] usb 1-1: Using ep0 maxpacket: 8
[  327.560116][ T5879] usb 1-1: config 0 has an invalid interface number: 5 but max is 0
[  327.575938][ T5879] usb 1-1: config 0 has no interface number 0
[  327.588770][ T5879] usb 1-1: config 0 interface 5 altsetting 6 endpoint 0x8C has invalid maxpacket 1024, setting to 64
[  327.621073][   T10] usb 3-1: Found UVC 0.00 device syz (1bcf:0b40)
[  327.651445][   T10] usb 3-1: Forcing UVC version to 1.0a
[  327.651609][ T5879] usb 1-1: config 0 interface 5 altsetting 6 has a duplicate endpoint with address 0xC, skipping
[  327.665563][   T10] usb 3-1: No valid video chain found.
[  327.695251][ T5879] usb 1-1: config 0 interface 5 has no altsetting 0
[  327.701301][   T10] usb 3-1: USB disconnect, device number 14
[  327.713183][ T5879] usb 1-1: New USB device found, idVendor=16d8, idProduct=7006, bcdDevice=3e.60
[  327.735343][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.771622][ T5879] usb 1-1: Product: syz
[  327.835335][    T9] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor
[  327.864101][ T5879] usb 1-1: Manufacturer: syz
[  327.869172][ T5879] usb 1-1: SerialNumber: syz
[  327.901546][ T5879] usb 1-1: config 0 descriptor??
[  327.930574][    T9] usb 4-1: USB disconnect, device number 17
[  328.618382][    T9] usb 1-1: USB disconnect, device number 20
[  329.073211][ T8459] Malformed UNC in devname
[  329.073211][ T8459] 
[  329.080232][ T8459] CIFS: VFS: Malformed UNC in devname
[  329.521205][ T8468] netlink: 36 bytes leftover after parsing attributes in process `syz.2.732'.
[  329.572468][ T5130] Bluetooth: hci5: command 0x1003 tx timeout
[  329.605877][ T5824] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  330.368946][ T8484] netlink: 12 bytes leftover after parsing attributes in process `syz.1.739'.
[  330.925326][   T10] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  330.933569][ T8498] Malformed UNC in devname
[  330.933569][ T8498] 
[  330.941072][ T8498] CIFS: VFS: Malformed UNC in devname
[  331.051867][ T8502] nfs4: Unknown parameter 'GPL'
[  331.161918][   T10] usb 5-1: Using ep0 maxpacket: 8
[  331.189297][   T10] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  331.233424][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.278739][   T10] usb 5-1: Product: syz
[  331.305300][   T10] usb 5-1: Manufacturer: syz
[  331.310418][   T10] usb 5-1: SerialNumber: syz
[  331.343555][   T10] usb 5-1: config 0 descriptor??
[  331.358971][   T10] gspca_main: se401-2.14.0 probing 047d:5003
[  331.440054][ T8513] FAULT_INJECTION: forcing a failure.
[  331.440054][ T8513] name failslab, interval 1, probability 0, space 0, times 0
[  331.453113][ T8513] CPU: 1 UID: 0 PID: 8513 Comm: syz.1.748 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) 
[  331.453146][ T8513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  331.453160][ T8513] Call Trace:
[  331.453169][ T8513]  <TASK>
[  331.453178][ T8513]  dump_stack_lvl+0x189/0x250
[  331.453218][ T8513]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.453248][ T8513]  ? __pfx__printk+0x10/0x10
[  331.453290][ T8513]  ? __pfx___might_resched+0x10/0x10
[  331.453322][ T8513]  ? fs_reclaim_acquire+0x7d/0x100
[  331.453353][ T8513]  should_fail_ex+0x414/0x560
[  331.453389][ T8513]  should_failslab+0xa8/0x100
[  331.453412][ T8513]  __kmalloc_cache_noprof+0x70/0x3d0
[  331.453452][ T8513]  ? __se_sys_mount+0x165/0x410
[  331.453471][ T8513]  ? memdup_user+0x99/0xd0
[  331.453509][ T8513]  __se_sys_mount+0x165/0x410
[  331.453536][ T8513]  ? __pfx___se_sys_mount+0x10/0x10
[  331.453562][ T8513]  ? do_syscall_64+0xba/0x210
[  331.453589][ T8513]  ? __x64_sys_mount+0x20/0xc0
[  331.453613][ T8513]  do_syscall_64+0xf6/0x210
[  331.453640][ T8513]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  331.453662][ T8513]  ? clear_bhb_loop+0x60/0xb0
[  331.453696][ T8513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.453717][ T8513] RIP: 0033:0x7f170078e969
[  331.453737][ T8513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.453757][ T8513] RSP: 002b:00007f1701628038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  331.453779][ T8513] RAX: ffffffffffffffda RBX: 00007f17009b6160 RCX: 00007f170078e969
[  331.453796][ T8513] RDX: 00002000000001c0 RSI: 0000200000000100 RDI: 0000000000000000
[  331.453811][ T8513] RBP: 00007f1701628090 R08: 0000200000000280 R09: 0000000000000000
[  331.453825][ T8513] R10: 0000000002010042 R11: 0000000000000246 R12: 0000000000000001
[  331.453839][ T8513] R13: 0000000000000000 R14: 00007f17009b6160 R15: 00007ffe257ddcd8
[  331.453872][ T8513]  </TASK>
[  332.055604][   T10] gspca_se401: ExtraFeatures: 187
[  332.060720][   T10] gspca_se401: Too many frame sizes
[  333.124819][ T5980] usb 5-1: USB disconnect, device number 22
[  333.431255][ T8536] netlink: 76 bytes leftover after parsing attributes in process `syz.0.754'.
[  333.471632][ T8536] netlink: 12 bytes leftover after parsing attributes in process `syz.0.754'.
[  333.549243][ T8540] Malformed UNC in devname
[  333.549243][ T8540] 
[  333.556835][ T8540] CIFS: VFS: Malformed UNC in devname
[  334.168173][ T8555] netlink: 8 bytes leftover after parsing attributes in process `syz.3.761'.
[  334.790633][ T8566] netlink: 44 bytes leftover after parsing attributes in process `syz.3.763'.
[  336.485493][ T5130] Bluetooth: hci5: command 0x1003 tx timeout
[  336.495193][ T5824] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  337.579315][ T8592] netlink: 44 bytes leftover after parsing attributes in process `syz.0.770'.
[  342.005404][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  384.260576][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  384.267467][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  393.536099][ T8576] sched: DL replenish lagged too much
[  404.725298][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  445.700989][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  445.908762][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  501.065071][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  501.072276][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5831/1:b..l P8590/1:b..l P6490/1:b..l
[  501.083075][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=32381, q=181 ncpus=2)
[  501.091913][    C1] task:kworker/u8:16   state:R  running task     stack:21416 pid:6490  tgid:6490  ppid:2      task_flags:0x4208060 flags:0x00004000
[  501.109014][    C1] Workqueue: events_unbound macvlan_process_broadcast
[  501.117212][    C1] Call Trace:
[  501.121328][    C1]  <TASK>
[  501.124520][    C1]  __schedule+0x168f/0x4c70
[  501.129530][    C1]  ? preempt_schedule_irq+0xb5/0x150
[  501.135249][    C1]  ? __pfx___schedule+0x10/0x10
[  501.140249][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  501.146051][    C1]  ? preempt_schedule_irq+0xaa/0x150
[  501.151510][    C1]  preempt_schedule_irq+0xb5/0x150
[  501.156673][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  501.163434][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  501.170113][    C1]  irqentry_exit+0x6f/0x90
[  501.176411][    C1]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  501.182099][    C1] RIP: 0010:rcu_is_watching+0x67/0xb0
[  501.187723][    C1] Code: 89 f7 e8 2c ab 78 00 48 c7 c3 58 7b 73 92 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d 29 37 cb 10 <74> 11 83 e0 04 c1 e8 02 5b 41 5e 41 5f e9 47 ee aa 09 cc e8 c1 6b
[  501.209218][    C1] RSP: 0018:ffffc9000b5573f0 EFLAGS: 00000286
[  501.215342][    C1] RAX: 000000000082ff2c RBX: ffff8880b8932b58 RCX: 532c6c7ab42db400
[  501.223849][    C1] RDX: ffffc9000b557501 RSI: ffffffff8bc104c0 RDI: ffffffff8bc10480
[  501.231965][    C1] RBP: dffffc0000000000 R08: ffffc9000b557e30 R09: 0000000000000000
[  501.240092][    C1] R10: ffffc9000b557598 R11: fffff520016aaeb5 R12: ffffc9000b557e40
[  501.248289][    C1] R13: ffffffff8171ca05 R14: ffffffff8d95ac28 R15: dffffc0000000000
[  501.256319][    C1]  ? unwind_next_frame+0xa5/0x2390
[  501.261509][    C1]  ? unwind_next_frame+0xa5/0x2390
[  501.266763][    C1]  lock_release+0x4b/0x3e0
[  501.271331][    C1]  ? deref_stack_reg+0x19f/0x230
[  501.276348][    C1]  ? unwind_next_frame+0xa5/0x2390
[  501.281608][    C1]  unwind_next_frame+0x19a9/0x2390
[  501.286818][    C1]  ? unwind_next_frame+0xa5/0x2390
[  501.292522][    C1]  ? worker_thread+0x8a0/0xda0
[  501.297318][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  501.303492][    C1]  arch_stack_walk+0x11c/0x150
[  501.308287][    C1]  ? kthread+0x70e/0x8a0
[  501.312758][    C1]  stack_trace_save+0x9c/0xe0
[  501.317556][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  501.322960][    C1]  ? ip_skb_dst_mtu+0x970/0xc50
[  501.327931][    C1]  kasan_save_track+0x3e/0x80
[  501.332632][    C1]  ? kasan_save_track+0x3e/0x80
[  501.337509][    C1]  ? kasan_save_free_info+0x46/0x50
[  501.343012][    C1]  ? __kasan_slab_free+0x62/0x70
[  501.348155][    C1]  ? kmem_cache_free+0x192/0x3f0
[  501.353131][    C1]  ? skb_release_data+0x670/0x890
[  501.358270][    C1]  ? consume_skb+0x9e/0xf0
[  501.362897][    C1]  ? macvlan_process_broadcast+0x581/0x660
[  501.368818][    C1]  ? process_scheduled_works+0xadb/0x17a0
[  501.374660][    C1]  ? worker_thread+0x8a0/0xda0
[  501.379496][    C1]  ? skb_release_data+0x670/0x890
[  501.384546][    C1]  kasan_save_free_info+0x46/0x50
[  501.389678][    C1]  __kasan_slab_free+0x62/0x70
[  501.394467][    C1]  kmem_cache_free+0x192/0x3f0
[  501.399262][    C1]  skb_release_data+0x670/0x890
[  501.404231][    C1]  consume_skb+0x9e/0xf0
[  501.408673][    C1]  macvlan_process_broadcast+0x581/0x660
[  501.414494][    C1]  ? __pfx_macvlan_process_broadcast+0x10/0x10
[  501.420895][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  501.426223][    C1]  ? process_scheduled_works+0x9ec/0x17a0
[  501.432121][    C1]  ? process_scheduled_works+0x9ec/0x17a0
[  501.437907][    C1]  process_scheduled_works+0xadb/0x17a0
[  501.443873][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  501.449900][    C1]  worker_thread+0x8a0/0xda0
[  501.454544][    C1]  kthread+0x70e/0x8a0
[  501.459184][    C1]  ? __pfx_worker_thread+0x10/0x10
[  501.464337][    C1]  ? __pfx_kthread+0x10/0x10
[  501.470952][    C1]  ? __pfx_kthread+0x10/0x10
[  501.476495][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  501.481823][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  501.487157][    C1]  ? __pfx_kthread+0x10/0x10
[  501.491768][    C1]  ret_from_fork+0x4b/0x80
[  501.496464][    C1]  ? __pfx_kthread+0x10/0x10
[  501.501257][    C1]  ret_from_fork_asm+0x1a/0x30
[  501.506598][    C1]  </TASK>
[  501.509652][    C1] task:syz.1.772       state:R  running task     stack:25688 pid:8590  tgid:8590  ppid:5819   task_flags:0x40044c flags:0x00004004
[  501.523263][    C1] Call Trace:
[  501.526558][    C1]  <TASK>
[  501.529550][    C1]  __schedule+0x168f/0x4c70
[  501.534206][    C1]  ? preempt_schedule_common+0x83/0xd0
[  501.539794][    C1]  ? __pfx___schedule+0x10/0x10
[  501.544812][    C1]  ? do_raw_spin_lock+0x121/0x290
[  501.549981][    C1]  ? preempt_schedule+0xae/0xc0
[  501.555052][    C1]  preempt_schedule_common+0x83/0xd0
[  501.560504][    C1]  preempt_schedule+0xae/0xc0
[  501.565297][    C1]  ? __pfx_preempt_schedule+0x10/0x10
[  501.570869][    C1]  preempt_schedule_thunk+0x16/0x30
[  501.576093][    C1]  _raw_spin_unlock+0x3f/0x50
[  501.581521][    C1]  unmap_page_range+0x3756/0x4210
[  501.586602][    C1]  ? preempt_schedule_irq+0xb5/0x150
[  501.592049][    C1]  ? mas_next_slot+0xc20/0xcf0
[  501.596955][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[  501.602708][    C1]  ? unmap_single_vma+0x1b2/0x2a0
[  501.607889][    C1]  unmap_vmas+0x25d/0x3c0
[  501.612425][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[  501.617521][    C1]  exit_mmap+0x245/0xba0
[  501.623072][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  501.628516][    C1]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  501.634759][    C1]  ? __pfx_exit_aio+0x10/0x10
[  501.639673][    C1]  ? uprobe_clear_state+0x274/0x290
[  501.645424][    C1]  ? mm_update_next_owner+0xa7/0x870
[  501.651030][    C1]  __mmput+0x118/0x410
[  501.655150][    C1]  exit_mm+0x1da/0x2c0
[  501.659309][    C1]  ? __pfx_exit_mm+0x10/0x10
[  501.664896][    C1]  ? hrtimer_try_to_cancel+0x3d9/0x420
[  501.670715][    C1]  ? taskstats_exit+0x43c/0xa30
[  501.676216][    C1]  ? tty_audit_exit+0x153/0x200
[  501.681698][    C1]  do_exit+0x859/0x2550
[  501.685906][    C1]  ? do_raw_spin_lock+0x121/0x290
[  501.690960][    C1]  ? __pfx_do_exit+0x10/0x10
[  501.695646][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  501.701090][    C1]  do_group_exit+0x21c/0x2d0
[  501.705740][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  501.711130][    C1]  get_signal+0x125e/0x1310
[  501.716164][    C1]  arch_do_signal_or_restart+0x95/0x780
[  501.721944][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  501.728177][    C1]  ? schedule+0x16f/0x360
[  501.732633][    C1]  irqentry_exit_to_user_mode+0x81/0x120
[  501.738847][    C1]  exc_page_fault+0x91/0x110
[  501.743934][    C1]  asm_exc_page_fault+0x26/0x30
[  501.749096][    C1] RIP: 0033:0x7f170074cdbb
[  501.753810][    C1] RSP: 002b:00007ffe257ddbd0 EFLAGS: 00010206
[  501.760171][    C1] RAX: 0000000000020961 RBX: 0000000000000120 RCX: 0000555565859590
[  501.768794][    C1] RDX: 0000000000000121 RSI: 00005555658596a0 RDI: 0000000000000004
[  501.777439][    C1] RBP: 00007f1700983ca0 R08: 00000000ffffffff R09: 0000000000000000
[  501.786151][    C1] R10: 0000000000021000 R11: 0000000000000010 R12: 0000000000000110
[  501.795668][    C1] R13: 0000000000000012 R14: 00007f1700983d00 R15: 0000000000000120
[  501.805874][    C1]  </TASK>
[  501.809149][    C1] task:syz-executor    state:R  running task     stack:21896 pid:5831  tgid:5831  ppid:5818   task_flags:0x400140 flags:0x00004002
[  501.823991][    C1] Call Trace:
[  501.827315][    C1]  <TASK>
[  501.830379][    C1]  __schedule+0x168f/0x4c70
[  501.835103][    C1]  ? preempt_schedule_irq+0xb5/0x150
[  501.840680][    C1]  ? __pfx___schedule+0x10/0x10
[  501.845765][    C1]  ? preempt_schedule_irq+0xaa/0x150
[  501.851669][    C1]  preempt_schedule_irq+0xb5/0x150
[  501.857182][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  501.865354][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  501.871746][    C1]  irqentry_exit+0x6f/0x90
[  501.876972][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  501.884536][    C1] RIP: 0010:unwind_next_frame+0xc86/0x2390
[  501.891523][    C1] Code: e8 3f ef ad 00 49 89 1f 48 8b 44 24 58 80 3c 28 00 48 8b 5c 24 70 4c 8b 6c 24 50 4c 8b 64 24 10 74 08 48 89 df e8 1a ef ad 00 <4c> 89 23 ba 10 00 00 00 4c 89 ef 31 f6 e8 e8 f0 ad 00 48 8b 14 24
[  501.916158][    C1] RSP: 0018:ffffc900043aebb8 EFLAGS: 00000246
[  501.925000][    C1] RAX: 1ffff92000875d98 RBX: ffffc900043aecc0 RCX: 1ffff92000875d01
[  501.936750][    C1] RDX: ffffffff90104876 RSI: 0000000000000002 RDI: ffffc900043aedb8
[  501.947304][    C1] RBP: dffffc0000000000 R08: 000000000000000a R09: 0000000000000000
[  501.956892][    C1] R10: 0000000000000000 R11: ffffffff8171ca05 R12: ffffc900043aedc0
[  501.966894][    C1] R13: ffffc900043aecd8 R14: ffffc900043aec88 R15: ffffc900043aecd0
[  501.980440][    C1]  ? unwind_next_frame+0xa5/0x2390
[  501.987114][    C1]  ? unwind_next_frame+0xc3c/0x2390
[  501.992838][    C1]  ? unwind_next_frame+0xa5/0x2390
[  502.000450][    C1]  ? stack_trace_save+0x9c/0xe0
[  502.005923][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  502.013870][    C1]  arch_stack_walk+0x11c/0x150
[  502.019568][    C1]  ? save_stack+0xf7/0x1f0
[  502.025280][    C1]  stack_trace_save+0x9c/0xe0
[  502.031635][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  502.038115][    C1]  save_stack+0xf7/0x1f0
[  502.043162][    C1]  ? __pfx_save_stack+0x10/0x10
[  502.048193][    C1]  ? seqcount_lockdep_reader_access+0x102/0x180
[  502.054777][    C1]  __set_page_owner+0x8d/0x4a0
[  502.059964][    C1]  ? __pfx___set_page_owner+0x10/0x10
[  502.065546][    C1]  post_alloc_hook+0x1d8/0x230
[  502.070336][    C1]  get_page_from_freelist+0x21c7/0x22a0
[  502.075966][    C1]  ? __pfx_get_page_from_freelist+0x10/0x10
[  502.082338][    C1]  ? prepare_alloc_pages+0x213/0x610
[  502.087998][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[  502.094205][    C1]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  502.100761][    C1]  alloc_pages_mpol+0x232/0x4a0
[  502.106122][    C1]  alloc_pages_noprof+0xa9/0x190
[  502.111208][    C1]  pte_alloc_one+0x1e/0x160
[  502.115821][    C1]  __pte_alloc+0x25/0x160
[  502.122402][    C1]  copy_pmd_range+0x6903/0x7000
[  502.128671][    C1]  ? __pfx_mas_destroy+0x10/0x10
[  502.134180][    C1]  ? __pfx_copy_pmd_range+0x10/0x10
[  502.140001][    C1]  copy_page_range+0x95c/0xd40
[  502.146845][    C1]  ? __pfx_copy_page_range+0x10/0x10
[  502.152446][    C1]  ? copy_mm+0x11d3/0x2100
[  502.156968][    C1]  ? up_write+0x1c4/0x420
[  502.161571][    C1]  ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10
[  502.168805][    C1]  copy_mm+0x121c/0x2100
[  502.173108][    C1]  ? __pfx_copy_mm+0x10/0x10
[  502.177711][    C1]  ? do_raw_spin_lock+0x121/0x290
[  502.182797][    C1]  ? __init_rwsem+0x122/0x160
[  502.187522][    C1]  ? copy_signal+0x50b/0x630
[  502.192413][    C1]  ? copy_process+0x978/0x3b80
[  502.197410][    C1]  copy_process+0x16d3/0x3b80
[  502.202497][    C1]  ? copy_process+0x978/0x3b80
[  502.207495][    C1]  ? __pfx_copy_process+0x10/0x10
[  502.212539][    C1]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  502.219174][    C1]  ? irqentry_exit+0x74/0x90
[  502.223798][    C1]  kernel_clone+0x224/0x7f0
[  502.228322][    C1]  ? __pfx_kernel_clone+0x10/0x10
[  502.233738][    C1]  ? count_memcg_event_mm+0x35b/0x3b0
[  502.239229][    C1]  ? count_memcg_event_mm+0x92/0x3b0
[  502.244996][    C1]  __x64_sys_clone+0x18b/0x1e0
[  502.249787][    C1]  ? __pfx___x64_sys_clone+0x10/0x10
[  502.255196][    C1]  ? do_user_addr_fault+0xc8a/0x1390
[  502.260521][    C1]  ? do_syscall_64+0xba/0x210
[  502.265415][    C1]  do_syscall_64+0xf6/0x210
[  502.269967][    C1]  ? clear_bhb_loop+0x60/0xb0
[  502.274724][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.280653][    C1] RIP: 0033:0x7f17f7d851d3
[  502.285271][    C1] RSP: 002b:00007ffe6dfb59c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  502.294093][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17f7d851d3
[  502.302084][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  502.310096][    C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[  502.318465][    C1] R10: 000055558f4f17d0 R11: 0000000000000246 R12: 0000000000000000
[  502.326468][    C1] R13: 00000000000927c0 R14: 0000000000052492 R15: 00007ffe6dfb5b60
[  502.334589][    C1]  </TASK>
[  502.337681][    C1] rcu: rcu_preempt kthread starved for 5002 jiffies! g32381 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  502.348937][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  502.358983][    C1] rcu: RCU grace-period kthread stack dump:
[  502.364918][    C1] task:rcu_preempt     state:I stack:26712 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  502.377005][    C1] Call Trace:
[  502.380941][    C1]  <TASK>
[  502.383912][    C1]  __schedule+0x168f/0x4c70
[  502.388512][    C1]  ? schedule+0x165/0x360
[  502.393577][    C1]  ? __pfx___schedule+0x10/0x10
[  502.398986][    C1]  ? schedule+0x91/0x360
[  502.403573][    C1]  schedule+0x165/0x360
[  502.408153][    C1]  schedule_timeout+0x12b/0x270
[  502.413068][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  502.419677][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  502.426866][    C1]  ? __pfx_process_timeout+0x10/0x10
[  502.432229][    C1]  ? prepare_to_swait_event+0x341/0x380
[  502.437952][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[  502.442976][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  502.448823][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  502.454699][    C1]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  502.461291][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  502.466759][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[  502.472042][    C1]  ? finish_swait+0xcd/0x1f0
[  502.476767][    C1]  rcu_gp_kthread+0x99/0x390
[  502.481419][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  502.487340][    C1]  ? __kthread_parkme+0x7b/0x200
[  502.493736][    C1]  ? __kthread_parkme+0x1a1/0x200
[  502.499373][    C1]  kthread+0x70e/0x8a0
[  502.504053][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  502.509327][    C1]  ? __pfx_kthread+0x10/0x10
[  502.513972][    C1]  ? __pfx_kthread+0x10/0x10
[  502.518614][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  502.523862][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  502.529108][    C1]  ? __pfx_kthread+0x10/0x10
[  502.533752][    C1]  ret_from_fork+0x4b/0x80
[  502.538334][    C1]  ? __pfx_kthread+0x10/0x10
[  502.542986][    C1]  ret_from_fork_asm+0x1a/0x30
[  502.547838][    C1]  </TASK>
[  502.550899][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  502.557276][    C1] Sending NMI from CPU 1 to CPUs 0:
[  502.562643][    C0] NMI backtrace for cpu 0
[  502.562670][    C0] CPU: 0 UID: 0 PID: 7188 Comm: kworker/0:2H Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) 
[  502.562703][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  502.562720][    C0] Workqueue: events_highpri snd_vmidi_output_work
[  502.562757][    C0] RIP: 0010:__lock_acquire+0x26b/0xd20
[  502.562786][    C0] Code: 74 24 18 0f 83 74 0a 00 00 4c 89 6c 24 10 4a 8d 04 ad 00 00 00 00 4c 01 e8 89 f1 81 e1 ff 1f 00 00 ba 00 e0 ff ff 23 54 c5 20 <09> ca 89 54 c5 20 4c 89 5c c5 08 48 89 5c c5 10 4c 8b 6c 24 58 4c
[  502.562802][    C0] RSP: 0018:ffffc9001c187840 EFLAGS: 00000006
[  502.562817][    C0] RAX: 000000000000000a RBX: ffff88814c393850 RCX: 000000000000096f
[  502.562835][    C0] RDX: 00000000000c0000 RSI: 000000000000096f RDI: ffff888032a45a00
[  502.562848][    C0] RBP: ffff888032a464f0 R08: 0000000000000000 R09: 0000000000000001
[  502.562860][    C0] R10: 0000000000000000 R11: ffffffff88f702f7 R12: 0000000000000000
[  502.562871][    C0] R13: 0000000000000002 R14: 0000000000000000 R15: 0000000000000000
[  502.562882][    C0] FS:  0000000000000000(0000) GS:ffff8881260fb000(0000) knlGS:0000000000000000
[  502.562897][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  502.562910][    C0] CR2: 000020000056e000 CR3: 000000004f16a000 CR4: 00000000003526f0
[  502.562926][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  502.562936][    C0] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  502.562948][    C0] Call Trace:
[  502.562957][    C0]  <TASK>
[  502.562969][    C0]  ? snd_rawmidi_transmit+0x27/0xd0
[  502.562991][    C0]  lock_acquire+0x120/0x360
[  502.563015][    C0]  ? snd_rawmidi_transmit+0x27/0xd0
[  502.563042][    C0]  _raw_spin_lock_irqsave+0xa7/0xf0
[  502.563061][    C0]  ? snd_rawmidi_transmit+0x27/0xd0
[  502.563081][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  502.563104][    C0]  ? snd_midi_event_encode_byte+0x7f5/0xcc0
[  502.563131][    C0]  snd_rawmidi_transmit+0x27/0xd0
[  502.563153][    C0]  snd_vmidi_output_work+0x1a3/0x410
[  502.563185][    C0]  ? __pfx_snd_vmidi_output_work+0x10/0x10
[  502.563216][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  502.563234][    C0]  ? process_scheduled_works+0x9ec/0x17a0
[  502.563261][    C0]  ? process_scheduled_works+0x9ec/0x17a0
[  502.563290][    C0]  process_scheduled_works+0xadb/0x17a0
[  502.563331][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  502.563367][    C0]  worker_thread+0x8a0/0xda0
[  502.563385][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  502.563409][    C0]  ? __kthread_parkme+0x7b/0x200
[  502.563431][    C0]  kthread+0x70e/0x8a0
[  502.563452][    C0]  ? __pfx_worker_thread+0x10/0x10
[  502.563468][    C0]  ? __pfx_kthread+0x10/0x10
[  502.563489][    C0]  ? __pfx_kthread+0x10/0x10
[  502.563508][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  502.563527][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  502.563548][    C0]  ? __pfx_kthread+0x10/0x10
[  502.563567][    C0]  ret_from_fork+0x4b/0x80
[  502.563587][    C0]  ? __pfx_kthread+0x10/0x10
[  502.563607][    C0]  ret_from_fork_asm+0x1a/0x30
[  502.563643][    C0]  </TASK>
SYZFAIL: failed to send rpc
fd=3 want=4912 sent=0 n=-1 (errno 32: Broken pipe)
[  505.367981][ T6488] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.683549][ T6488] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.803540][ T6488] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.869145][ T6488] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.996747][ T6488] batadv1: left allmulticast mode
[  506.005466][ T6488] batadv1: left promiscuous mode
[  506.013811][ T6488] bridge0: port 3(batadv1) entered disabled state
[  506.028807][ T6488] bridge_slave_1: left allmulticast mode
[  506.036274][ T6488] bridge_slave_1: left promiscuous mode
[  506.043070][ T6488] bridge0: port 2(bridge_slave_1) entered disabled state
[  506.055561][ T6488] bridge_slave_0: left allmulticast mode
[  506.061924][ T6488] bridge_slave_0: left promiscuous mode
[  506.071701][ T6488] bridge0: port 1(bridge_slave_0) entered disabled state
[  506.499061][ T6488] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  506.513677][ T6488] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  506.529088][ T6488] bond0 (unregistering): Released all slaves
[  506.676209][ T6488] bond1 (unregistering): Released all slaves
[  506.884385][ T6488] hsr_slave_0: left promiscuous mode
[  506.893850][ T6488] hsr_slave_1: left promiscuous mode
[  506.903492][ T6488] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  506.912309][ T6488] batman_adv: batadv0: Removing interface: batadv_slave_0
[  506.923290][ T6488] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  506.931454][ T6488] batman_adv: batadv0: Removing interface: batadv_slave_1
[  506.954319][ T6488] veth1_macvtap: left promiscuous mode
[  506.961454][ T6488] veth0_macvtap: left promiscuous mode
[  506.969213][ T6488] veth1_vlan: left promiscuous mode
[  507.150422][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  507.158013][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  507.573823][ T6488] team0 (unregistering): Port device team_slave_1 removed
[  507.626275][ T6488] team0 (unregistering): Port device team_slave_0 removed
[  508.480006][ T6488] IPVS: stop unused estimator thread 0...
[  508.589565][ T6488] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  508.603566][ T6488] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.679458][ T6488] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  508.692074][ T6488] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.768373][ T6488] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  508.780592][ T6488] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.863472][ T6488] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  508.875418][ T6488] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.025504][ T6488] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.113653][ T6488] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.180218][ T6488] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.251331][ T6488] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.373836][ T6488] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.454946][ T6488] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.511149][ T6488] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.572746][ T6488] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.690739][ T6488] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.763762][ T6488] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.831574][ T6488] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.948428][ T6488] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.050434][ T6488] bridge_slave_1: left allmulticast mode
[  510.056321][ T6488] bridge_slave_1: left promiscuous mode
[  510.062116][ T6488] bridge0: port 2(bridge_slave_1) entered disabled state
[  510.072197][ T6488] bridge_slave_0: left allmulticast mode
[  510.078291][ T6488] bridge_slave_0: left promiscuous mode
[  510.084088][ T6488] bridge0: port 1(bridge_slave_0) entered disabled state
[  510.100154][ T6488] bridge_slave_1: left allmulticast mode
[  510.106587][ T6488] bridge_slave_1: left promiscuous mode
[  510.112332][ T6488] bridge0: port 2(bridge_slave_1) entered disabled state
[  510.121826][ T6488] bridge_slave_0: left allmulticast mode
[  510.128556][ T6488] bridge_slave_0: left promiscuous mode
[  510.134420][ T6488] bridge0: port 1(bridge_slave_0) entered disabled state
[  510.149312][ T6488] bridge_slave_1: left allmulticast mode
[  510.155232][ T6488] bridge_slave_1: left promiscuous mode
[  510.161282][ T6488] bridge0: port 2(bridge_slave_1) entered disabled state
[  510.171254][ T6488] bridge_slave_0: left allmulticast mode
[  510.177442][ T6488] bridge_slave_0: left promiscuous mode
[  510.183302][ T6488] bridge0: port 1(bridge_slave_0) entered disabled state
[  510.195419][ T6488] bridge_slave_1: left allmulticast mode
[  510.201267][ T6488] bridge_slave_1: left promiscuous mode
[  510.207920][ T6488] bridge0: port 2(bridge_slave_1) entered disabled state
[  510.219503][ T6488] bridge_slave_0: left allmulticast mode
[  510.225353][ T6488] bridge_slave_0: left promiscuous mode
[  510.231722][ T6488] bridge0: port 1(bridge_slave_0) entered disabled state