last executing test programs:

14.057838691s ago: executing program 4 (id=657):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x40, r3, 0x5, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x1c, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x47}]}]]}, 0x40}, 0x1, 0x0, 0x0, 0x40048}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
recvmsg(r2, &(0x7f0000000400)={&(0x7f0000000300)=@qipcrtr, 0x80, &(0x7f0000000640)=[{&(0x7f0000000380)=""/63, 0x3f}, {&(0x7f00000004c0)=""/245, 0xf5}, {&(0x7f00000003c0)=""/35, 0x23}, {&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/106, 0x6a}], 0x5, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x53ae2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10)
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="140000"], 0x18}, 0xc800)
recvmmsg(r1, &(0x7f0000001140), 0x700, 0x2, 0x0)

12.826591214s ago: executing program 4 (id=660):
r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001ab00)=""/102400, 0x19000)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="300200007d04000005ef000000000000000000000000000000000000000000000000000000000000000000000000000000001b00046e6f6465767b65766f6f7e0539c60005000037"], 0x230)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$bt_hci(r3, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x8)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000080)={0x0, 0x73c, 0x2008, 0x1})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = semget$private(0x0, 0x2, 0x2)
semctl$SETALL(r5, 0x0, 0x11, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f40000002d00010026bd7000fcdbdf2504000000df"], 0xf4}, 0x1, 0x0, 0x0, 0x400000c}, 0x20000000)

12.623194315s ago: executing program 2 (id=663):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10)
listen(r3, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
sendmmsg(r4, &(0x7f000000e340)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x20000001, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9d}, 0x80, 0x0, 0x0, &(0x7f00000079c0)=ANY=[@ANYBLOB="1000000000000000290000003b"], 0x10}}], 0x1, 0x40084)
writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x25, &(0x7f00000000c0)={0x2, 0x0, 0x48})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f00000000c0))
close_range(r5, 0xffffffffffffffff, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@delqdisc={0x158, 0x25, 0x10, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x3}, {0x1, 0x4}, {0x8, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x2, 0xfc, 0xa, 0xfffff800}, {0x12, 0x2, 0xf579, 0xffff, 0x5}, 0x2, 0x7, 0x2312}}, @TCA_TBF_PRATE64={0xc, 0x5, 0x104786bfc7279f6a}, @TCA_TBF_RATE64={0xc, 0x4, 0xd1630852e14af3ae}]}}, @TCA_STAB={0xb8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xf7, 0x10, 0x3, 0xb, 0x2, 0x5, 0x8, 0x5}}, {0xe, 0x2, [0xfff8, 0x4fc6, 0x0, 0x8, 0x8]}}, {{0x1c, 0x1, {0x7, 0x7f, 0x0, 0xadf, 0x0, 0x445a3c47, 0x7, 0xa}}, {0x18, 0x2, [0xddd, 0x4, 0xa20c, 0xf43, 0x4, 0x10, 0x3, 0x23, 0x9, 0x5]}}, {{0x1c, 0x1, {0x4, 0x81, 0x9, 0x9, 0x2, 0x2, 0xffffff17, 0x4}}, {0xc, 0x2, [0x8, 0x4, 0x1, 0x0]}}, {{0x1c, 0x1, {0x3, 0x8, 0x2, 0x6, 0x0, 0x3, 0x2, 0x5}}, {0xe, 0x2, [0xa, 0x200, 0x3, 0x8, 0x42c3]}}]}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x101}, @qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x8000}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0xf99}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x4}}]}, 0x158}, 0x1, 0x0, 0x0, 0x4000040}, 0x50)

11.791300921s ago: executing program 0 (id=664):
io_setup(0x9, &(0x7f0000000040))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x0)
fspick(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14}}, 0x88}}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x6)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_targets\x00')
preadv(r3, &(0x7f0000001080)=[{&(0x7f0000000080)=""/4096, 0x1000}], 0x1, 0x2, 0x9)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x4010, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007c7000/0x2000)=nil, 0x2000)
r4 = io_uring_setup(0x1694, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001140)={0x1b, 0x0, 0x0, 0x7, 0x0, r0, 0x1, '\x00', 0x0, r3, 0x5, 0x3, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x0, 0x1}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

9.992159405s ago: executing program 2 (id=665):
io_setup(0x9, &(0x7f0000000040))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x0)
fspick(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14}}, 0x88}}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x6)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_targets\x00')
preadv(r3, &(0x7f0000001080)=[{0x0}], 0x1, 0x2, 0x9)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x4010, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007c7000/0x2000)=nil, 0x2000)
r4 = io_uring_setup(0x1694, &(0x7f0000000080)={0x0, 0x2a309, 0x8000})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001140)={0x1b, 0x0, 0x0, 0x7, 0x0, r0, 0x1, '\x00', 0x0, r3, 0x5, 0x3, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x0, 0x1}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

9.534284871s ago: executing program 1 (id=666):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10)
listen(r3, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
sendmmsg(r4, &(0x7f000000e340)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x20000001, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9d}, 0x80, 0x0, 0x0, &(0x7f00000079c0)=ANY=[@ANYBLOB="1000000000000000290000003b"], 0x10}}], 0x1, 0x40084)
writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x25, &(0x7f00000000c0)={0x2, 0x0, 0x48})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r7, 0x25, &(0x7f00000000c0))
close_range(r5, 0xffffffffffffffff, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@delqdisc={0x158, 0x25, 0x10, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x3}, {0x1, 0x4}, {0x8, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x2, 0xfc, 0xa, 0xfffff800}, {0x12, 0x2, 0xf579, 0xffff, 0x5}, 0x2, 0x7, 0x2312}}, @TCA_TBF_PRATE64={0xc, 0x5, 0x104786bfc7279f6a}, @TCA_TBF_RATE64={0xc, 0x4, 0xd1630852e14af3ae}]}}, @TCA_STAB={0xb8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xf7, 0x10, 0x3, 0xb, 0x2, 0x5, 0x8, 0x5}}, {0xe, 0x2, [0xfff8, 0x4fc6, 0x0, 0x8, 0x8]}}, {{0x1c, 0x1, {0x7, 0x7f, 0x0, 0xadf, 0x0, 0x445a3c47, 0x7, 0xa}}, {0x18, 0x2, [0xddd, 0x4, 0xa20c, 0xf43, 0x4, 0x10, 0x3, 0x23, 0x9, 0x5]}}, {{0x1c, 0x1, {0x4, 0x81, 0x9, 0x9, 0x2, 0x2, 0xffffff17, 0x4}}, {0xc, 0x2, [0x8, 0x4, 0x1, 0x0]}}, {{0x1c, 0x1, {0x3, 0x8, 0x2, 0x6, 0x0, 0x3, 0x2, 0x5}}, {0xe, 0x2, [0xa, 0x200, 0x3, 0x8, 0x42c3]}}]}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x101}, @qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x8000}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0xf99}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x4}}]}, 0x158}, 0x1, 0x0, 0x0, 0x4000040}, 0x50)

9.404998119s ago: executing program 0 (id=668):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x82)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001500), 0x0, 0x0)
ioctl$BLKROSET(r1, 0x40101287, 0x0)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000003340)="b0", 0x1}], 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={0xffffffffffffffff, 0x58, &(0x7f0000000800)}, 0x10)
mkdir(&(0x7f0000000440)='./file1\x00', 0x1a0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000000)={0xfffffffc, 0x0, 0x0, 0x0, 0xff, "db8f2d2b3b7596160c6981acf8805944823a7f"})
write$binfmt_aout(r2, &(0x7f0000000380)=ANY=[], 0xff2e)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "2f0000e400"})
syz_open_pts(r2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000003f80)={0x2020}, 0x2020)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080))

9.099494734s ago: executing program 4 (id=669):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fsopen(&(0x7f0000000000)='afs\x00', 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = gettid()
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r8 = dup(r7)
bind$bt_l2cap(r8, &(0x7f00000021c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0xe)
accept4$vsock_stream(r8, 0x0, 0x0, 0x80000)
ioctl$sock_SIOCGPGRP(r7, 0x8904, &(0x7f0000000040)=<r9=>0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r8, 0xc1105511, &(0x7f0000000340)={{0x0, 0x5, 0x2, 0x4, '\x00', 0x10000}, 0x2, 0x400, 0xe45, r9, 0xa, 0xffffff5c, 'syz1\x00', &(0x7f00000000c0)=['\x00', '(]*^@]\x00', '!!(@\xd2.}*\'\'-\x00', '{&\x00', '{\x00', '^,^,(/\x00', '3\x00', '\x00', '@,\x00', 'afs\x00'], 0x2a})
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6000000000343c0020010000000000000000000000000002fe8000000000000000000000000000aa330300000000000007080000000000000000070800000000000000000502000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000907880401d731a3f6e60c289cf217abcda8d3421f6a682ea90bbbb0e260ad9b3539e3c8c48e4f850f5349e0b42c37a52a02d9dce85fec2a798f6f8947e90de60"], 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x14, &(0x7f0000000540)="0bbb268dd6ffa80800000000000000000000210d", 0x14)
r10 = socket(0x10, 0x80002, 0x0)
read$msr(r8, &(0x7f0000000200)=""/96, 0x60)
sendmsg$nl_route_sched(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000021c0)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x25dfdbfd, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0xca, 0x3, 0x6, 0x0, 0x1}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x1}]}, {0x4}, {0xc}, {0xc, 0x4, {0x2, 0x1}}}}]}]}, 0x70}}, 0x0)

7.415613643s ago: executing program 1 (id=670):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="adeb210018000000000000e80b000000f4ff000004000000000000"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="66ad6470e0c336ace618fb05c412c18c2ca223334a072497cdb76e8cd3abd117fedd59737749cbe8712871db6727d915ed735c07b199559e1340461400ac66ecd213cfd2f604f9f9ed874785113c7f02008faaefdca322736138441d1f4129b4c55476cab700e92f6b9bb6226347494dacb40edf7f596b8afa390d3fa204977b1d7015dd8f22766d462d17d8260f9e", @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
setregid(0xee00, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = socket(0x2, 0x2, 0x1)
bind$unix(r2, &(0x7f0000000000)=@abs, 0x6e)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x8, 0x80000, 0x3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x8001, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
r9 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002340)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xfff2, 0xa}, {0x2}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x2, [@TCA_FQ_PIE_TUPDATE={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80c0}, 0x4000)
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r10, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r10, 0x0, 0x0, 0x241, 0x0, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x705, 0x70bd2b, 0x5, {0x0, 0x0, 0x0, 0x0, {0x1, 0xffe0}, {0x10, 0x8}, {0xfff2, 0xffff}}}, 0x24}, 0x1, 0x1000000, 0x0, 0x8000}, 0x0)
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00')
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x51, &(0x7f0000000140)='|{\xe4C4\xc4\x97\x8e\xf6\x9c\xdf\xf6\x1bS\xb0\x12\xfb\x0eg$\xf64\x00E\xees\xc4Cp\x99 H\xd5$v]\xb4\xe9\xd6\xe1t\x8c\xd4\x1c\xb1_\xe4\xc0\xcd\x9as\xbc%\xa6`\xb5\xcb:\xf5\xc6o2N\xf5\xea)\xeb\xc8\x89\xf4\xc1\xcdt \x85\xfe\xa4\xd6\x95\xf9\x9a'}, 0x30)
r12 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r13 = openat$cgroup_pressure(r12, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r13, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f)
write$cgroup_pressure(r13, &(0x7f0000000240)={'full', 0x20, 0x9, 0x20, 0x7}, 0x2f)
preadv(r11, &(0x7f0000000840)=[{&(0x7f0000000880)=""/192, 0xc0}], 0x1, 0x8, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

7.381214348s ago: executing program 0 (id=671):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) (async)
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x3342, 0x3}, 0x18, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x5, &(0x7f0000000200)={0x77359400}, 0x1, 0x4})
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r3, 0xc0145b0e, &(0x7f0000000040)) (async)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x11, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (async)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
finit_module(r4, 0x0, 0x2) (async)
landlock_restrict_self(r0, 0x5) (async)
unshare(0x20000400) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r5, 0x0) (async)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, &(0x7f0000000280)=0x440, 0x4) (async)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @empty}, 0x11)
r8 = inotify_init()
inotify_add_watch(r8, &(0x7f00000000c0)='./file0\x00', 0x4000001) (async)
inotify_add_watch(r8, &(0x7f0000000240)='./file0/bus\x00', 0x0) (async)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)

7.157925174s ago: executing program 4 (id=672):
syz_usb_connect(0x1, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10)
writev(r0, &(0x7f0000000480)=[{&(0x7f0000000040)=',', 0x1}], 0x1)

7.141039846s ago: executing program 1 (id=673):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) (async)
connect$unix(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32)
getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) (rerun: 32)
syz_open_dev$MSR(0x0, 0x140, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x14, 0x0, 0x2) (async, rerun: 64)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, 0x0, 0x2) (async, rerun: 64)
getuid() (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) (async, rerun: 64)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) (async)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='attr/current\x00')
writev(r4, &(0x7f00000015c0)=[{&(0x7f00000000c0)='w', 0x1}], 0x1)
socket$inet(0x2, 0x4000000000000001, 0x100)
syz_open_dev$media(0x0, 0x2ec4, 0x0) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kfree_skb\x00', r4}, 0x18) (rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f0000000300), 0x10)
sendmsg$can_bcm(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000010400"/16, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES8=r0, @ANYRES64=0x2710, @ANYBLOB="07000040010000000000000000000000f645dcde0a4f60ec"], 0x48}}, 0x0) (async, rerun: 64)
getpid() (rerun: 64)

7.139710345s ago: executing program 2 (id=674):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000680)={0x0, @win={{0x400, 0x3, 0x7138, 0x80}, 0x6, 0x77, 0x0, 0x5, 0x0, 0xb}})
ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f00000000c0)={0x200, [0x4, 0xe, 0x0, 0x766c, 0x1ff, 0x9, 0x5, 0x3, 0x6, 0x8, 0x1, 0x5, 0xfffa, 0x7fff, 0x401, 0x1, 0x200, 0x6, 0x800, 0x9, 0xfffd, 0x81, 0x7510, 0x87, 0x3, 0x6, 0x0, 0x800, 0x3, 0x9, 0x1, 0x1000, 0x8, 0xfffd, 0x9, 0x2, 0xfffc, 0x4, 0x4, 0xd, 0x5, 0xb, 0x3ff, 0x8, 0x2, 0x81, 0x7, 0x81], 0x3})
syz_usb_connect$uac1(0x0, 0xa5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902930003010000030904000000010100000a24010000000201021324060000060000000000000000080000000009240300000000000009240500fff8431cfd0924030000030004080624050400fd0904010000010200000904010101010200000905010940000000000725010000000009040200000102000009040201010122"], 0x0)

6.975192035s ago: executing program 3 (id=675):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10)
listen(r3, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
sendmmsg(r4, &(0x7f000000e340)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x20000001, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9d}, 0x80, 0x0, 0x0, &(0x7f00000079c0)=ANY=[@ANYBLOB="1000000000000000290000003b"], 0x10}}], 0x1, 0x40084)
writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x25, &(0x7f00000000c0)={0x2, 0x0, 0x48})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f00000000c0))
close_range(r5, 0xffffffffffffffff, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@delqdisc={0x158, 0x25, 0x10, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x3}, {0x1, 0x4}, {0x8, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x2, 0xfc, 0xa, 0xfffff800}, {0x12, 0x2, 0xf579, 0xffff, 0x5}, 0x2, 0x7, 0x2312}}, @TCA_TBF_PRATE64={0xc, 0x5, 0x104786bfc7279f6a}, @TCA_TBF_RATE64={0xc, 0x4, 0xd1630852e14af3ae}]}}, @TCA_STAB={0xb8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xf7, 0x10, 0x3, 0xb, 0x2, 0x5, 0x8, 0x5}}, {0xe, 0x2, [0xfff8, 0x4fc6, 0x0, 0x8, 0x8]}}, {{0x1c, 0x1, {0x7, 0x7f, 0x0, 0xadf, 0x0, 0x445a3c47, 0x7, 0xa}}, {0x18, 0x2, [0xddd, 0x4, 0xa20c, 0xf43, 0x4, 0x10, 0x3, 0x23, 0x9, 0x5]}}, {{0x1c, 0x1, {0x4, 0x81, 0x9, 0x9, 0x2, 0x2, 0xffffff17, 0x4}}, {0xc, 0x2, [0x8, 0x4, 0x1, 0x0]}}, {{0x1c, 0x1, {0x3, 0x8, 0x2, 0x6, 0x0, 0x3, 0x2, 0x5}}, {0xe, 0x2, [0xa, 0x200, 0x3, 0x8, 0x42c3]}}]}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x101}, @qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x8000}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0xf99}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x4}}]}, 0x158}, 0x1, 0x0, 0x0, 0x4000040}, 0x50)

5.920848238s ago: executing program 3 (id=676):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_io_uring_setup(0x5c00, &(0x7f00000000c0)={0x0, 0x10, 0x20000, 0x1, 0x80}, 0x0, &(0x7f0000000280))
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000140)=[0xffffffffffffffff], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r5 = socket$pptp(0x18, 0x1, 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r6, &(0x7f00000002c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000000a0a010200000000000000000300000208000940000000010800084000000001"], 0x24}}, 0x20008000)
bind$pptp(r5, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
io_setup(0x202, &(0x7f0000000200))
r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000003100), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000003240)={0x0, 0x0, &(0x7f0000003200)={&(0x7f0000003140)={0x50, r7, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x2}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bridge_slave_1\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x50}}, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socket$inet6_sctp(0xa, 0x5, 0x84)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, 0x0, 0x0)
r9 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x305061, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

5.326605655s ago: executing program 1 (id=677):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
r2 = syz_io_uring_setup(0x88f, &(0x7f00000001c0)={0x0, 0xaee2, 0x10, 0xffffffff, 0x16}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x8000000000000003, {}, 0x2}, 0x18)
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)={0xdc, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x50, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xe}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'geneve1\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xffff}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x800}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x81}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x21, 0x8}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x9}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x32}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x10}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x10}, 0x40000)

4.843001196s ago: executing program 3 (id=678):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
vmsplice(r0, &(0x7f0000000380), 0x0, 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
gettid()
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000a40), 0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000011c0)=<r2=>0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000001200))
mount$9p_fd(0x0, 0x0, &(0x7f0000001340), 0x8a0400, &(0x7f0000001380)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@access_uid={'access', 0x3d, r2}}, {@version_u}, {@noxattr}, {@access_user}, {@posixacl}]}})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb6c, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x3, 0x6, 0x9, 0x4, 0x7, 0x5, 0x100000, 0x8, 0x3, 0xd, 0xe, 0x2b12, 0x100, 0x2, 0x1c00, 0xfdf5, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x7, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x1003, 0x2, 0x180000, 0x7, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0xba27, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0x2, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x100, 0x4, 0x252, 0x81, 0xb, 0x1, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x1000, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x5, 0x8, 0x9, 0x1, 0x1fc, 0x7fff, 0xffffffff]}})
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="fc010000190001000000000003000000e0000002000000000000000000000000fe8000000000000000000000000000aa00000000000000000a00008000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002100000000000000000000000000000000000000000000000000000000020000000000000000000044010500e0000001000000000000000000000000000004d63c00000002000000e00000010000000000000000000000000735000004"], 0x1fc}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0xf, &(0x7f00000015c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x2, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0xce}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
unlinkat(r6, &(0x7f0000000280)='./file0\x00', 0x200)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@jmp={0x5, 0x0, 0xd, 0x0, 0x6, 0x18, 0x10}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan1\x00'})

4.842015372s ago: executing program 1 (id=679):
mkdirat(0xffffffffffffffff, &(0x7f00000026c0)='./file0\x00', 0x0)
r0 = socket(0xf, 0x2, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000002440), 0x0, 0x24045004)
ioctl$BTRFS_IOC_START_SYNC(r2, 0x80089418, &(0x7f0000001c80)=<r4=>0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000002c0)='lp\x00', 0x3)
sendmmsg$inet(r5, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x2404c0c0)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000a00000000000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/398], 0x190)
syz_emit_ethernet(0xc2, &(0x7f0000002cc0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd60000000008c3a01fe8000000000000000000000000000bbff02000000000000000000000000000183"], 0x0)
r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x48c00, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, &(0x7f00000001c0)=0x4)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f00000014c0)=@nat={'nat\x00', 0x62, 0x5, 0x430, 0x0, 0x0, 0xffffffff, 0xe0, 0x2a0, 0x398, 0x398, 0xffffffff, 0x398, 0x398, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00', {}, {}, 0x4}, 0x0, 0xa8, 0xe0, 0x0, {0x22e}, [@common=@unspec=@statistic={{0x38}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @multicast1, @remote, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @multicast1, @empty, @gre_key, @icmp_id}}}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth1_to_hsr\x00', 'ipvlan0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key}}}}, {{@uncond, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@ttl={{0x28}}, @common=@inet=@tcpmss={{0x28}, {0xf}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x16, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x490)
write$binfmt_misc(r0, &(0x7f0000000400), 0x2000011a)
recvmmsg(r0, &(0x7f0000004d40)=[{{&(0x7f00000000c0)=@xdp, 0x80, &(0x7f0000001d80)=[{&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000003d40)=""/4096, 0x1000}, {&(0x7f0000001f40)=""/118, 0x76}, {&(0x7f0000001480)=""/40, 0x28}, {&(0x7f0000002bc0)=""/150, 0x96}, {&(0x7f0000001a40)=""/240, 0xf0}, {&(0x7f0000002dc0)=""/226, 0xe2}, {&(0x7f0000002d00)=""/152, 0x98}, {&(0x7f0000001c40)=""/34, 0x22}], 0x9, &(0x7f0000001e40)=""/117, 0x75}, 0x1}, {{&(0x7f0000001ec0)=@xdp, 0x80, &(0x7f00000022c0)=[{&(0x7f0000001b40)=""/206, 0xce}, {&(0x7f0000002040)=""/202, 0xca}, {&(0x7f00000023c0)=""/6, 0x6}, {&(0x7f0000002180)=""/178, 0xb2}, {&(0x7f0000002240)=""/74, 0x4a}], 0x5, &(0x7f0000001980)=""/170, 0xaa}, 0x1000}, {{&(0x7f0000002480)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000002700)}, 0x4}, {{0x0, 0x0, &(0x7f0000002840)=[{&(0x7f0000002740)=""/214, 0xd6}], 0x1}, 0x9}, {{&(0x7f0000002340)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000002b40)=[{&(0x7f0000002900)=""/59, 0x3b}, {&(0x7f0000002940)=""/137, 0x89}, {&(0x7f0000002a00)=""/110, 0x6e}, {&(0x7f0000001cc0)=""/184, 0xb8}], 0x4, &(0x7f0000002b80)=""/22, 0x16}, 0x6}], 0x5, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFC_CMD_VENDOR(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000004e80)=ANY=[@ANYRESHEX=r3, @ANYRES16=r3, @ANYRES64=r0, @ANYBLOB="88da2aa2330701f3dfa53d86fa17e2d68d6a2fdfb210b5fe90335f09084ff93f1027ec189bee25a7390335041fb098242ad03650e678da4c0d60aa6f25ca19a6b160bb1ef1de280f49a7e556f1e6f65db00292b30db92578751c0fedeeca94d28603d6258e6305345f5eadc26845ae7b05a02eb33be4bb04b6cf85fb5a8dfc887760cd1b71a01b8cb9d4c72e2f6e7fad3d52b38b5b82759df21a4804c5ebb976b2ba81b306a4c88f8d4126869f2385c799f00f48bfe720063c2baac62e20e160f5fb2dda85a2eb772142107bf072cef0aa31b6c5dc2518932a1d16299367cc59775747416fdd3bc55dc17b20b64e038b897c9c1b348eb9aa1d88cec71f1928761336ded0917fc824f0e8a314430e9b42e6c6367712cb350b6cafc641240023010814cc677b6f1b9a8d9973709200872c826bf1e81522e24afe7cf41038c38445e3575e53749204bd9fb37896571eaf4017672f0aa7df61c0338edd1adccbb7a4e5c5021c4fa633079937fa9a6573a53327de55fac24eb13514ccf46c2d66b31aa1fdfd0da849e463599e9b0a2a71ac51fb3da6a387282967f630bfbddb41ff3f34d1d6ca6e5b4881e2d760376758a010a554b6faddb4d7d20869321daef7181c7f2e13194dfcb225ef6deb3ffbdec4e50360f538cdf3a3e2a4124b23863a8d69623bc193dbcc3b29d9546feafd62991b4e9a0db0550adca64b0e2e5b6f6d0bb5c1ea42b292743a634ac44650b5af0e34dc84736911ab94ab09470b47606c04d9fcdb3c63556ca9dd92f20c187b4943d4c32cc17c45762bf3ff55dd9d64386bef55d57ac87158854a165cd5fa772aec4aec3e2e31c268ac0c03e0f689bb4e1b371a420a6311a8d340657015d732bfa1450f15a4b52d04a4c43af94102ea5eb2b65a14f7f0e9e8f6ea3949d0131cc68bddead84de3858295f1c4030dc1d444175db2b75c9882b038720edb87b1a4d19eaf41c784e38393d3be9ef1c54e01fb2b26147b7a445ee3e83631b62c9b625c731ebdade24efd090068f4756846ccf7673c45d17b67d8e8805cb76b407a9105e8cabb16c71c15516a2e43225934d5b6d84cd5d04d14541d9a6ae87294cd7ef534a4a6d032029ab37a778ef48a74709710042f095ef90cfd23b6ed1ac2fbba2f5cae0ab3a018886dffd3fba81ca08048a3ba2b0a6e315a803b88b57b7694ec67c4f56bf2f1ae572a03a3d2e524f4149fa00080ca0ebfb18a8d9cf5a6f43a98579001fe51ba1c2e47b43ff02cb139d855c0aa5adb7c2024489f325ead6ad302728a35214cfd0c13cb33f4662e5909d6a10c6e35482bc1758a4034a43c9a65e084842fc4e1c10377e3706b01ecf6647c5c76847544e3d38ab79a6df5988b2ac1a72f530469763d931019fc0325225a011576141bbabb8a97e26c5a07908093b87949637aec740390024f768d77291cbc91441d9b92e035785ed24c06a459c08d75c77da08ccb2bc82bf0a2d41a8f42c59712b4d3b9e980fe4cd869e47a348653357d146424412bedafe0c7c9393d48364798bfeacc477ce5c497d9286a9319021a63f25539bac33b37278797e3d6e501f71d85dfada48422928e4d671936daa423d47d84f434206a463696e400ee55a69c308ddc3ab40f89d8254632fc452d831b2984d61b58c296503b9e873c4ace0b6e61e00b9c146e6598164a513c28d134c3ecf8ad637aee2a229743159bc656b4fbbc9f72ce44d3ac4b24d6db16c328241ea2869919f910d82f7cd567369a7689745d8a67fb5a5f2589fb5246d3393f208cf261ed699e410d2dd3315d155254d8cfd6fb1ad684f6b3c8745e511428ceee5a4086e4207563c94c1d703dcbf25bbcb89cdbf91bd1290fb162215901b6f29f38b5cf62b607e789feb5cddf4dc1007eba72c3e5df8c1a146d0b98330ab3ce4e1e1253d5b1e95dcd4ff3dbfb819f69d0da6638c2a34d0fe1d5a210f92bb155db369cc35612af3e379d091d42f28ea672b5270486e3ee401d8dfc24b0a6fca884024a3b417d533d7d88ac20ee4e9cc57527d5558e454db343d2d9f119fdd03736cf63ccd2fc4a6c99683ce92f75313d71d5c46dc3bb222c79b7be8ce90ad55ead44fdbbf02ceb731a608b14028d509b7de5c8fc62153a1e587761da83d10a9de813aa7fd665076d2b597e62809fdd10e12dfb27aa182a13cc4d62786df87a32d95dff9bdddcdafcda2333764a4779a52b64deb5cac7f3001a63ba1209c9f5b403eb0ba0457058653a28ae65477b5bb707164cd1891e419fc9f658bc5d5fe0797ac81eecb05ae21c1d63e4990f5d266f5f923baee5b5e661bba09bf97f55422cdf975807c58dce153ad178762a896e76ededeb707d4093ae8a0f07ed977679e1dcefc98c29c80fdcf0fd55c55dedef32f01dc1340788f939011462d48b82689fdfd8192b8e480989ea6b5970d5f0e3d22e5455437977806dfe27b6a3026550d56045524962f7dc8d72af4da38dd75f7cfaddd2d9f6a43c744b3fa7bd1147bad3b7a7699f18bad8d06e9416e916cda0150c4af4b51bead46c0641a3cf9ea97011d3cd25a88a2506543663917814334e2e2e96fc716a22af8748fffa0e8d0e709dc3cdeb78cfc3d8cc3096392149a33f7e286075739c9fcf7eee357bf43980ba7c44fa77393a275f4fcd9d27b6d2afb3b94951c338c2355196e492c235ad372b14caa0181fce5b19b0aed811d8c471b1ffe47b73512297b7ddc69cf2d178e07b0dafa2bc4d2685271cac3fdde63a5977f79c4eb2ae6cb5e3234afc9589cf11bc3d51037097e5f0e5c788f4f05d562aeb387a4611dbcedc58ea5e8c7b529c8645bf08cb18ac5629b5b80a0744f895900cc28a8849d92c5038f91b6fd3fe498980e47f441813574ae2b9fdf85f960cae0d2ffa8dfdf7e5656d1ba2478530e7e605d6e56f16c6b166576dd5422ad245cfe7e2e6983ae964ad517f0cf5f07a82ea92fb732b51ed9d5696c9e8d314fc9bddaaee828cca4d8e09e230449170bcf253412892d2e04bd8a40cfad76c97fc9316909ba940222252653b2c9d301594af4de28d1648eca1159d312bb917080c7d27dc5779a956e2e7c15c331368eb1aa2ba26b4ebf01bb8c17afcf1067402394cd3988223fc74456b6825f11205fc3a451bd2f1bfba3a62084ed100872e95a5e6f6811cd08db1564ccc52a16724ee6fb39956cad0d24dd6689df192bbd703a6dc0afd32acf33b95ece9d740c812f5dc6f0e72e8b1531472a23c2d28f7713531ec39bc71014079209b5183e4ce5fccea18754ded0814b88b40eeef5886fcb75b20cbb8332a3bb2903e32d456958ce52c3895a5482738e19ce0403bc42f59987d52e2668cd946054792dacbe2098f91254456b16195eb2ce30766da50c45a7b878a92694e728688fc36ac11123c7a3c35a604286468cfe9ad4759ba71902ea82ac8fd7b102312b957c4c4247a2bb426951beec4a024642125a6bf8e8cca4d8934bee1394e156163b75791f8ea2681683cba0750dd7d9b36ae6dcbb7f28e39bcceeaf9d41b4283f3fd9759e5b592496443dc120a4bbde8ad7fb2657c007978fdb2e165993b4543246f6d207bb82faea87b875717acd56941621b13058480a5f83035e6060e3664028028855f77258dfa0542a8760e7472d85f1080180cd9bebd231504aec73319ef866798d84de4014e53e2668ac1ff42e709baf3eadf5eda847bbd44572fd171110ded193a56340257e207d3c6e5d1f2595c917493c8da68259ed35186acee92e2114975817c974a8b626d8f694fbd894d3a638e19e654664d81048de60efca3b84d5a99d8c66680a92a145af9ef3c740057ae5a8e0c4d3fb0c273c5dc472defb1af2f88f0d21e3b097b87ff0acb21f6ad3b5c648ccf57bd7dfc534aa3f91d9fbd8813a8f75422a4ce6b1bcd86eb642f25089ac9859ecc9b56e26ab96984f413cb94410f99906865939f6c0719842c61fbe6e96911812c32e8f54f1fda3ba84aaeadca4005188a7de03d4c08d7c6c971c70acff986e6a6ba32e0fcc3c5469b26c9242b63218030c72d71bc6cce7e9a80f05823592b9425e8a72b5edf9936b53bd8d3f29134b2f153b7f38a2f2d0983e6e4b3491a4131c86934431bc445c8264a12f4ad15586228a7533d13213e8fc0a61e23ff38cd08784fa5ab2e26c3938a701a8b6c37e4af723a938516a9d60e47dd3f988e965d081ffffefc0c7be7d23541bc9231793d979bdf65f4182526713259d2b91609d9b42d99c2930ef14e7d52aaf2e4e86d76c84a93f223007bae0cc9074c05e1ce1a8783cbce976997deaafe1e87e9cdbe43b152f23171d02e598ee816397254cf9b63ddf29a5181a6562fe58f195378e2543703956ea2fd9ffd57d7def81c7982329351464bca3621241a4abd6e5e64b4ae192f0bfd0ef2060e822f48a57c8aa8639bf92e790fd655a814c1beef5e789f115a42ce632e82768c6fa0f69df3e7f716b458e984edda903e646d86670c39a99267bfc26f76ec92d2b93afea92375c6213120e6ca6841c1e871a8b02d86bbd885b209c7a38712b8e7c2d67279d57f57164289f7b650ca6ed9a78058eb2cb2c8ed910b77e105d0d360b8c48f9d4e06c5421700c07d39469fd11504156b1b2e978571ffb8fc302277400b07a0e455720254cb2f9715f7b1e789aaaf8154a79eba9481082cf5e3f262871a1ffe7535445bca91f103b4a437ac75867d99c568fb44a1ba9fe76e21518b71782593cb75b704b2acf48092c1eda0991bf694670cc571d7553820b26798bd0c88496fc60828ea537ab586ed68c85c8a0395fadde68b2339cc018ccde616f0dad476bda5d9c88a203e8c2bc3b34e5cb135b94ea46833ec10a0313826d0f5b15708d534913705c08f3821f1a36b39b1d86edf0423d586974752f84e5787d5104083f1990951dfe66cab9ab1f20267abef9cfdaf466c67b30a089640eb407ff7775d8d640c3447f4fab5fb3fbbfcc9159c8703d7834b635f276abe54fe915a852e92bb23386b53fb9ffec1a5632b56e50bca7c212c518d56b1c706c21d2ca187f6d088ef1ae33efbc2b4800629025ed934bd5bdb90a7af81f3667056f8cdca5e1ea8e05053dc71d4f9ce54617a7c129f09c4221877b3e22ecdfd3fe7a4933c9cac6222439a49dbdff95a2006b71cff76670aa7d05993c76c9ba66de6f7be9621ea7319ce6d31b5278717be9bdd4f8c6d1fc0638f111dbb1dc123d4fbcec1524cb38814b26b1deb668062e77d025df21acba1c54493f5ebb4d9bf441f009672483408b68580ad7eea334081725d2ddd7d250141e1f882f0f141af79fee07578f41b8f939ba32e637d6862f11a2ec5d0bd5ce5e3f47146ded95bba786bb5a78e9ccfd685adfaf9118490475189bd3f5343f6d743e9a9f443d9aea9c6652d76e33ea8e23df6f6aca8a4993bbebc12e89a7a2e7629731cccac2b8dce2c610cf9d6bf92f94cf829976df199f326ee8f3f6c9b7323be4c6b8173f646f88651919cf453ab1065076de9b537fafc9555de557ac6475ce377eb38046f61018716eaa97e869086081c069dee92fd8caa228b2e6b0ca8680ddf36687557e126fe2cbd2fdbfee545532f05c8216ec9b6a466bdbb61ec67aa1d7bbf308ec2bcb8829ae59b1affa215108b4dbbe03f2e8e453187c8f2fd4bc903946c0bd0b7b634cd4f58741eb7519bbfe7bac10c1130ceda3db12fd12929d4de3703d61b741e9a9a18eb237728c5311a752c77066d127cab1bd7ef59670aafdba982819058d78996a810925093c6e8704c3a89dbaf84495ab9679521d3daa59183625e", @ANYRESDEC=r4, @ANYRES32=r8, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20000011}, 0x4000000)

4.002985976s ago: executing program 0 (id=680):
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0xfffffffe, 0x1}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x20042}, 0x10)
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000040)={0x4042, 0x1}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r4, &(0x7f0000000380)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x62, 0x0}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'dvmrp1\x00', 0x1})
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f50b, &(0x7f0000000080)={0x0, 0xfffffffffffffe09, 0xfffffffffffffbff})
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="dbad"])

3.926344376s ago: executing program 4 (id=681):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x82)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001500), 0x0, 0x0)
ioctl$BLKROSET(r1, 0x40101287, 0x0)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000003340)="b0", 0x1}], 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={0xffffffffffffffff, 0x58, &(0x7f0000000800)}, 0x10)
mkdir(&(0x7f0000000440)='./file1\x00', 0x1a0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000000)={0xfffffffc, 0x0, 0x0, 0x0, 0xff, "db8f2d2b3b7596160c6981acf8805944823a7f"})
write$binfmt_aout(r2, &(0x7f0000000380)=ANY=[], 0xff2e)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "2f0000e400"})
syz_open_pts(r2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000003f80)={0x2020}, 0x2020)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080))

3.797865437s ago: executing program 3 (id=682):
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000080)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000600)=""/85, &(0x7f00000000c0)=""/85})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000f, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b60000000000000001000000000000006104fcff0000210395000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0))
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180))
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000800)=ANY=[@ANYBLOB], 0x14}], 0x1}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32=r7, @ANYRES32=r5, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7, <r8=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f00000002c0)=r4}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r8}, &(0x7f0000000240), &(0x7f00000003c0)=r4}, 0x20)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="5c0000007a006bcd9e3fe3dc6e08000007200000010000204da60864160af36504005425198bc3488bc3a0e69ee517d34460bc24eab556a705251e6182949a3651f668c3664402682fb6e27bbfa83b5cae0300c9f4d1931fe71197ef", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r9 = dup(r2)
write$6lowpan_enable(r9, 0x0, 0x0)

3.794583144s ago: executing program 2 (id=683):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fsopen(&(0x7f0000000000)='afs\x00', 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = gettid()
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r8 = dup(r7)
bind$bt_l2cap(r8, &(0x7f00000021c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0xe)
accept4$vsock_stream(r8, 0x0, 0x0, 0x80000)
ioctl$sock_SIOCGPGRP(r7, 0x8904, &(0x7f0000000040)=<r9=>0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r8, 0xc1105511, &(0x7f0000000340)={{0x0, 0x5, 0x2, 0x4, '\x00', 0x10000}, 0x2, 0x400, 0xe45, r9, 0xa, 0xffffff5c, 'syz1\x00', &(0x7f00000000c0)=['\x00', '(]*^@]\x00', '!!(@\xd2.}*\'\'-\x00', '{&\x00', '{\x00', '^,^,(/\x00', '3\x00', '\x00', '@,\x00', 'afs\x00'], 0x2a})
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6000000000343c0020010000000000000000000000000002fe8000000000000000000000000000aa330300000000000007080000000000000000070800000000000000000502000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000907880401d731a3f6e60c289cf217abcda8d3421f6a682ea90bbbb0e260ad9b3539e3c8c48e4f850f5349e0b42c37a52a02d9dce85fec2a798f6f8947e90de60"], 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x14, &(0x7f0000000540)="0bbb268dd6ffa80800000000000000000000210d", 0x14)
r10 = socket(0x10, 0x80002, 0x0)
read$msr(r8, &(0x7f0000000200)=""/96, 0x60)
sendmsg$nl_route_sched(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000021c0)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x25dfdbfd, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x6}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0xca, 0x3, 0x6, 0x0, 0x1}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x1}]}, {0x4}, {0xc}, {0xc, 0x4, {0x2, 0x1}}}}]}]}, 0x70}}, 0x0)

2.766224424s ago: executing program 4 (id=684):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$SIOCGSTAMPNS(r1, 0x8907, 0x0)
sendto$inet(r1, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10)
recvmmsg(r1, &(0x7f0000001380)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x120, 0x0)
ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x4008b100, &(0x7f0000000440)={0x18, 0x0, {0x1, @multicast, 'nr0\x00'}})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r2)
r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0)
sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r4, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x1880}, 0x140080c5)
sendmsg$IEEE802154_ADD_IFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100fcff7f00ffdbdf252100000009001e00706879300000000005002000010000000c0005000200aaaaaaaaaaaa"], 0x34}, 0x1, 0x0, 0x0, 0x400c011}, 0x40000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = dup(r6)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
write$tun(r7, &(0x7f0000000580)={@void, @val={0x3, 0x3, 0x867f, 0x3, 0x4, 0xe}, @ipv4=@igmp={{0x4e, 0x4, 0x3, 0x3d, 0x1bf, 0x64, 0x0, 0x70, 0x2, 0x0, @empty, @private=0xa010101, {[@timestamp_prespec={0x44, 0x24, 0x6a, 0x3, 0x4, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0xe36e}, {@private=0xa010101, 0x6}, {@empty, 0x4}, {@broadcast, 0x3}]}, @rr={0x7, 0x2b, 0x67, [@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @rand_addr=0x64010101, @rand_addr=0x64010102, @empty, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x24}, @multicast2, @dev={0xac, 0x14, 0x14, 0x2c}]}, @rr={0x7, 0x13, 0x17, [@multicast1, @remote, @empty, @multicast2]}, @cipso={0x86, 0x56, 0x0, [{0x7, 0xa, "df843eb0c09f7e51"}, {0x0, 0x3, "be"}, {0x1, 0x5, "a17bfb"}, {0x2, 0x3, "a6"}, {0x0, 0x11, "5e1d22e2a0258e9b23197b5df65362"}, {0x5, 0xc, "9e3de078d108221f9d82"}, {0x0, 0x7, "6ebc690bce"}, {0x5, 0x8, "1422dafac265"}, {0x2, 0xc, "190da2cc264734e91ab0"}, {0x1, 0x3, 'a'}]}, @rr={0x7, 0x13, 0xe7, [@multicast1, @remote, @rand_addr=0x64010101, @remote]}, @generic={0x263e48df9c1616ad, 0x11, "d30ace6d4c770602d95705248efaeb"}, @timestamp={0x44, 0x1c, 0x2c, 0x0, 0x7, [0x1ff, 0x4dc0000, 0xff, 0x4, 0x4, 0xb]}, @timestamp_addr={0x44, 0x24, 0x4f, 0x1, 0x4, [{@rand_addr=0x64010100, 0xff}, {@remote}, {@private=0xa010100, 0x2}, {@multicast1}]}, @noop, @ra={0x94, 0x4, 0x1}]}}, {0x14, 0x6, 0x0, @local, "97543cbf3e5c5846f791bec77b7352c0041905d1d890c5f0cb5027de514a0a38349fc24eba8a16bd345f2536bacc5445ee66eef0132403d167baf34937d69c68fb131843e41a73feaf6b902de48c52b1f662caaaf1b5ad9d03d81504e0b627c51888989ee04414fab1050bff245c716ce1b92731626516c0bb955378679f39"}}}, 0x1c9)
r8 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r8)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000080)=ANY=[], 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@delpolicy={0x5c, 0x14, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in6=@mcast2}}, [@sec_ctx={0xc, 0x8, {0x21, 0x8, 0x0, 0x0, 0xffffffffffffffa2}}]}, 0x5c}}, 0x0)
ioctl$EVIOCRMFF(r8, 0x40045506, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000480)={&(0x7f00000004c0)={0x34, r3, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_LLSEC_KEY_BYTES={0x14, 0x30, "77b1cb066f801c240d66fa1c378b9c39"}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x20004050)
syz_usb_connect(0x0, 0x33, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100007b8955403a0976245b0d0102030109022100010d20000009040000000e0100000f2402010102"], 0x0)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x18600, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000300)={0xc, 0x0, <r11=>0x0})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r7, 0xc0189378, &(0x7f0000000380)={{0x1, 0x1, 0x18, r7, {<r12=>0xffffffffffffffff}}, './file0\x00'})
r13 = openat$cgroup_int(r7, &(0x7f00000003c0)='cpuset.cpu_exclusive\x00', 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r12, 0xc0189376, &(0x7f0000000400)={{0x1, 0x1, 0x18, r13, {0x9}}, './file0\x00'})
ioctl$IOMMU_IOAS_MAP$PAGES(r10, 0x3b85, &(0x7f0000000340)={0x28, 0x1, r11, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x7})

2.736769393s ago: executing program 2 (id=685):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000000140)='./file0\x00')
r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)
fallocate(r2, 0x0, 0x0, 0x1000f4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4048400)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x441, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2b442, 0x0)

2.559340787s ago: executing program 0 (id=686):
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x140, 0x800, 0x3ff, 0x0, 0x0, 0x0, {0x4, 0x4}, {}, {0x0, 0x4}, {0x0, 0x0, 0x8}, 0x0, 0x3f0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x2, 0xc})
syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
getsockopt$sock_buf(r5, 0x1, 0x1c, 0x0, &(0x7f0000000200)=0x2000000)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6, r6}, 0x38)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xb1)
mmap(&(0x7f0000568000/0x2000)=nil, 0x1000000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

2.509782959s ago: executing program 3 (id=687):
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f000000e0c0), 0x10010)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000200)=@gcm_256={{0x304}, "00e0f07600", "832b4d2434b35bca8c0b78d2afff6d70d2025c7f53123828322d5af0d5c6c3a5", '`\a-N', "298f0e6df9ae9b3d"}, 0x38)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000020301040000000000000000000040200800010001"], 0x1c}}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x23, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write(r4, &(0x7f0000000000)="5a000300010003", 0x7)
sendmsg$NFQNL_MSG_CONFIG(r0, 0x0, 0x0)
close(r0)

982.779683ms ago: executing program 0 (id=688):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x111, 0x4}}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8924, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRESDEC=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r5}, 0x18)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_MOD(r7, 0x3, 0xffffffffffffffff, &(0x7f00000001c0))
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="3800000055000100040000fe0f00000807000000", @ANYRES32=r10, @ANYBLOB="20000100", @ANYRES32=r10, @ANYBLOB="00000000e003000000000000200000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40080)

387.281128ms ago: executing program 1 (id=689):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="600000000206010000000000000000000000000005000400000000000900020073797a30000000001400078008001340000000fd07000600000000910500050002000000050001000601000011000300686173683a69702c6d61726b"], 0x60}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETCHAIN(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2c000000040a03002000000000000000020000080900010073797a"], 0x2c}, 0x1, 0x0, 0x0, 0x48840}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000009060102000000000000ffff020000000900020073797a31000000000500010007000000280007"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x8)
mount$tmpfs(0x0, &(0x7f0000002980)='./file0\x00', &(0x7f00000029c0), 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB='inode32,size=82%5'])
r4 = syz_usb_connect(0x3, 0x64, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000cb8be7406d04230807000102030109025200010000000009044000000e0100390a2403080500070e11240606"], 0x0)
syz_usb_control_io(r4, &(0x7f0000000280)={0x2c, &(0x7f0000000640)={0x40, 0x7, 0xe7, {0xe7, 0x3, "a323c04926a17a78c3505438d67ba68faaa9ddd96446d33b18231700067feb5b295f4edf7056f24a764c4a072c0cdcec2b7375a7175ef1f32ca6e2e7e7800d10ffbe41e16e016aff58c684322927ae3342de3ba18f95c3d2b1ce38f40c51ac96b17940bd69926005198b6d3e710f90944227bc9a5b2e9fead71d85b4ee94acb137452337b2f23e2ffe1aab87ca94c63865f2069fc1821ef226e62f375216d6bd1597f714d2a1566012851b9d7c7dbb305819f6686bf54fe889077866e7782b719f9b092bb5ebd5e723a13b4bf91332c03e6575591299704b13b001dd2902ba5cc53bfa7c9d"}}, &(0x7f0000000740)={0x0, 0x3, 0xf7, @string={0xf7, 0x3, "de470c051d40606532894c58078ca652610ae0ed2cbc8673a7dc898cc496e13715fdd77f71722c1cd8fcc342d0d5cf7e3686c407ac094ac8cd14a4806816487eebd237a9f51a633de0e7ca7d74f0a8ff6fb024d790a00d9d84dc6b38798f9b80942fef14d2868875df66bd9e64bda94d0ed56a38eaa203f9df313ecf091c51f050a0f7e979c02e34b76d3cf8541aaa0580065f4ac9c069c1e8356f98198fb15ba1c4b2c3c8effb7b5f82580ebeec57966ac37b830828396dbf6874be535fb87d65d133c9e482bc974240eb7841bb72195d99277bb821c8145c6bc334d759a3fcb6728b83f24ca88499e672f6ccda1d4eb7b6519112"}}, &(0x7f0000000840)={0x0, 0xf, 0x1c7, {0x5, 0xf, 0x1c7, 0x6, [@ssp_cap={0x14, 0x10, 0xa, 0x5, 0x2, 0x4, 0xf000, 0x5, [0xff0000, 0xc0c0]}, @generic={0x9f, 0x10, 0x3, "f124425141439fd99747f4c8fccb81f6f31d61634d5caaeeb7c933b8a70c6865dadaf68b13f8f9885ade75fcd955f159f0124dd0c2a1166dd175a02790c82a312f0c99c4449806cd3a8ff1f6e076a948bf06073717280dfd85e55010c7954be0d34477120b223f69f15620e244a31f7d1327c32e42cb67f40cad133c36f433de69ff94608b453693428844c0d4c7ae3c5ccd83c30e16b2dcc893ea29"}, @generic={0xed, 0x10, 0x1, "f0717222df6096fcfd55abd24b7d5a47e058cfa8b70ffb4985aeb799631fae7629b1a50638342a92ccbb4cd9b125caf5c8d6814b17ca783674cc8308b171b6367f2950573320446b40742c73b8532dc2d4945d7b6b8866dfaaa925fba211b0ed2ef0a95a2806435e9144a60f173965e5db24915a26893a30f64f06b6d2ae600dabcce1ccee156c4762e2777fc656a20bd8d066e3933d39bb24e23d6a545d68f37878b262cde4173cd20db9985d5b25cf1bca110f62690c9282458248d70de6a6448349edfd19125e19f478c5e02853a02b3c290015fda8e00064dea5381febcad6a53084a4dd4492b8ba"}, @ss_container_id={0x14, 0x10, 0x4, 0xd4, "17465c3c8da21a6ce880b763c1b132cb"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x2, 0x0, 0x7, 0x3, 0x4, 0x2}]}}, &(0x7f0000000000)={0x20, 0x29, 0xf, {0xf, 0x29, 0x7, 0x60, 0x1, 0x7, "2730a6f2", "979d7d60"}}, &(0x7f0000000040)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x2, 0x2, 0x7, 0x38, 0x6, 0x7, 0xa7}}}, &(0x7f0000000c40)={0x84, &(0x7f0000000340)={0x40, 0x6, 0x35, "aca4a17b2c4d75afc7f877b79cdbf256b49d9275236d6af767f27ce1854722fe510aec2a43fac25dcda135456a9a030f99edd780be"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x13}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x0, 0x3}}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x80, 0x20}}, &(0x7f0000000540)={0x40, 0x7, 0x2, 0x44c}, &(0x7f0000000580)={0x40, 0x9, 0x1, 0xe}, &(0x7f00000005c0)={0x40, 0xb, 0x2, 'FX'}, &(0x7f0000000a40)={0x40, 0xf, 0x2, 0x57}, &(0x7f0000000a80)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000ac0)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000000b00)={0x40, 0x19, 0x2, "8df0"}, &(0x7f0000000b40)={0x40, 0x1a, 0x2, 0x6}, &(0x7f0000000b80)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000bc0)={0x40, 0x1e, 0x1, 0xa}, &(0x7f0000000c00)={0x40, 0x21, 0x1}})

128.926612ms ago: executing program 2 (id=690):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$tipc(0x1e, 0x2, 0x0)
mknod(0x0, 0x8000, 0x6262768b)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(0x0, 0x0)
setreuid(0xffffffffffffffff, 0xee00)
setresuid(0xee01, 0x0, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}, {0x4, 0xc9}}}, 0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)

0s ago: executing program 3 (id=691):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000880)=ANY=[@ANYBLOB="38001100", @ANYRES16=r4, @ANYBLOB="0902000000000000000001000000050002000a00000014000700ff00000000000000000000000000000108000b00", @ANYBLOB="0ae3"], 0x38}}, 0x0)

kernel console output (not intermixed with test programs):

87] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  169.225907][  T976] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  169.373962][ T5887] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  169.384977][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.411774][ T5887] usb 2-1: config 0 descriptor??
[  169.429351][ T5887] cp210x 2-1:0.0: cp210x converter detected
[  169.452848][ T5833] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  169.575905][   T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  169.618684][ T6647] fuse: Unknown parameter ''
[  169.715643][  T976] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  169.884742][  T976] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  170.025261][  T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.149722][    T9] hub 4-1:4.0: activate --> -90
[  170.367266][   T24] usb 1-1: device descriptor read/8, error -71
[  170.377395][  T976] usb 3-1: config 0 descriptor??
[  170.598770][    T9] hub 4-1:4.0: hub_ext_port_status failed (err = -71)
[  170.613774][    T9] usb 4-1-port2: connect-debounce failed
[  170.625877][   T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  170.652116][   T24] usb 1-1: device descriptor read/8, error -71
[  170.696314][    T9] usb 4-1: Failed to suspend device, error -71
[  170.780739][   T24] usb usb1-port1: unable to enumerate USB device
[  170.865967][  T976] ath6kl: Unsupported hardware version: 0x0
[  170.886508][  T976] ath6kl: Failed to init ath6kl core: -22
[  170.907501][  T976] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -22
[  170.967384][ T5881] usb 4-1: USB disconnect, device number 9
[  171.036685][ T5887] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71
[  171.045148][ T5887] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  171.079478][  T976] usb 3-1: USB disconnect, device number 7
[  171.085186][   T30] audit: type=1326 audit(1747124060.823:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6636 comm="syz.2.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  171.096291][ T5887] usb 2-1: cp210x converter now attached to ttyUSB0
[  171.167101][   T30] audit: type=1326 audit(1747124060.823:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6636 comm="syz.2.190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  171.170903][ T5887] usb 2-1: USB disconnect, device number 5
[  171.279869][ T5887] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  171.324373][ T5887] cp210x 2-1:0.0: device disconnected
[  171.496442][ T6661] netlink: 32 bytes leftover after parsing attributes in process `syz.3.198'.
[  172.186138][   T30] audit: type=1326 audit(1747124061.853:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6654 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  172.454736][   T30] audit: type=1326 audit(1747124061.853:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6654 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  172.734090][   T30] audit: type=1326 audit(1747124061.853:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6654 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  172.874589][   T30] audit: type=1326 audit(1747124061.853:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6654 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  172.995421][   T30] audit: type=1326 audit(1747124061.853:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6654 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  173.035910][   T30] audit: type=1326 audit(1747124061.863:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6654 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  173.117948][   T30] audit: type=1326 audit(1747124061.863:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6654 comm="syz.0.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  176.446194][ T6592] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  176.531557][ T6722] netlink: 8 bytes leftover after parsing attributes in process `syz.4.213'.
[  176.541031][ T6722] netlink: 8 bytes leftover after parsing attributes in process `syz.4.213'.
[  176.615953][ T5963] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  176.637211][ T6592] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  176.669291][ T6592] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 47999, setting to 64
[  176.685962][ T6592] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  176.703257][ T6592] usb 3-1: New USB device found, idVendor=1bc7, idProduct=1040, bcdDevice=b5.b1
[  176.713076][ T6592] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.722097][ T6592] usb 3-1: Product: syz
[  176.732764][ T6592] usb 3-1: Manufacturer: syz
[  177.268149][ T5963] usb 1-1: config 0 has an invalid interface number: 113 but max is 0
[  177.293288][ T6592] usb 3-1: SerialNumber: syz
[  177.332757][ T6592] usb 3-1: config 0 descriptor??
[  177.337894][ T5963] usb 1-1: config 0 has no interface number 0
[  177.344043][ T5963] usb 1-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[  177.366243][ T6715] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  177.369184][ T5963] usb 1-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  177.403933][ T5963] usb 1-1: config 0 interface 113 has no altsetting 0
[  177.429848][ T5963] usb 1-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  177.441289][ T6592] option 3-1:0.0: GSM modem (1-port) converter detected
[  177.698978][ T5963] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.719248][ T6592] usb 3-1: USB disconnect, device number 8
[  178.585851][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  178.585871][   T30] audit: type=1326 audit(1747124068.323:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6714 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  178.674819][   T30] audit: type=1326 audit(1747124068.323:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6714 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  178.691437][ T5963] usb 1-1: Product: syz
[  178.703556][ T6592] option 3-1:0.0: device disconnected
[  178.723786][ T5963] usb 1-1: Manufacturer: syz
[  178.860802][ T5963] usb 1-1: SerialNumber: syz
[  178.873182][ T5963] usb 1-1: config 0 descriptor??
[  178.899980][    C1] usb 1-1: NFC: Urb failure (status -71)
[  178.939667][ T5963] usb 1-1: NFC: Unable to get FW version
[  178.964188][   T30] audit: type=1326 audit(1747124068.323:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6714 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  178.978768][ T5963] pn533_usb 1-1:0.113: probe with driver pn533_usb failed with error -90
[  179.015879][   T30] audit: type=1326 audit(1747124068.323:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6714 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  179.568382][ T6751] vim2m vim2m.0: vidioc_s_fmt queue busy
[  180.439218][ T5963] usb 1-1: USB disconnect, device number 10
[  181.171947][ T6592] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  181.578622][ T6592] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  181.608770][ T6592] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  181.634203][ T6592] usb 2-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  181.643142][ T6770] netlink: 12 bytes leftover after parsing attributes in process `syz.0.227'.
[  181.655472][ T6592] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.839987][ T6592] usb 2-1: config 0 descriptor??
[  181.915170][ T6773] libceph: resolve '.' (ret=-3): failed
[  182.459516][ T6778] FAULT_INJECTION: forcing a failure.
[  182.459516][ T6778] name failslab, interval 1, probability 0, space 0, times 0
[  182.475506][ T6778] CPU: 0 UID: 0 PID: 6778 Comm: syz.4.230 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  182.475535][ T6778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  182.475549][ T6778] Call Trace:
[  182.475555][ T6778]  <TASK>
[  182.475562][ T6778]  dump_stack_lvl+0x189/0x250
[  182.475594][ T6778]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.475622][ T6778]  ? __pfx__printk+0x10/0x10
[  182.475662][ T6778]  ? __pfx___might_resched+0x10/0x10
[  182.475692][ T6778]  ? fs_reclaim_acquire+0x7d/0x100
[  182.475719][ T6778]  should_fail_ex+0x414/0x560
[  182.475752][ T6778]  should_failslab+0xa8/0x100
[  182.475773][ T6778]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  182.475802][ T6778]  ? __alloc_skb+0x112/0x2d0
[  182.475831][ T6778]  __alloc_skb+0x112/0x2d0
[  182.475858][ T6778]  alloc_skb_with_frags+0xca/0x890
[  182.475887][ T6778]  ? register_lock_class+0x51/0x320
[  182.475924][ T6778]  sock_alloc_send_pskb+0x857/0x990
[  182.475974][ T6778]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  182.476009][ T6778]  ? dev_get_by_index+0x22/0x2e0
[  182.476039][ T6778]  ? dev_get_by_index+0x22/0x2e0
[  182.476074][ T6778]  packet_sendmsg+0x3664/0x5400
[  182.476121][ T6778]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  182.476158][ T6778]  ? smack_socket_sendmsg+0x1fa/0x520
[  182.476183][ T6778]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  182.476201][ T6778]  ? __lock_acquire+0xaac/0xd20
[  182.476223][ T6778]  ? __pfx_packet_sendmsg+0x10/0x10
[  182.476258][ T6778]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  182.476295][ T6778]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  182.476316][ T6778]  ? __pfx_packet_sendmsg+0x10/0x10
[  182.476337][ T6778]  __sock_sendmsg+0x21c/0x270
[  182.476353][ T6778]  ____sys_sendmsg+0x52d/0x830
[  182.476377][ T6778]  ? __pfx_____sys_sendmsg+0x10/0x10
[  182.476415][ T6778]  ? import_iovec+0x74/0xa0
[  182.476446][ T6778]  ___sys_sendmsg+0x21f/0x2a0
[  182.476474][ T6778]  ? __pfx____sys_sendmsg+0x10/0x10
[  182.476523][ T6778]  ? __fget_files+0x2a/0x420
[  182.476537][ T6778]  ? __fget_files+0x3a0/0x420
[  182.476569][ T6778]  __sys_sendmmsg+0x227/0x430
[  182.476601][ T6778]  ? __pfx___sys_sendmmsg+0x10/0x10
[  182.476647][ T6778]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  182.476694][ T6778]  ? ksys_write+0x1f0/0x250
[  182.476721][ T6778]  ? rcu_is_watching+0x15/0xb0
[  182.476761][ T6778]  __x64_sys_sendmmsg+0xa0/0xc0
[  182.476789][ T6778]  do_syscall_64+0xf6/0x210
[  182.476815][ T6778]  ? clear_bhb_loop+0x60/0xb0
[  182.476837][ T6778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.476857][ T6778] RIP: 0033:0x7f2d5e58e969
[  182.476875][ T6778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.476891][ T6778] RSP: 002b:00007f2d5f48b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  182.476911][ T6778] RAX: ffffffffffffffda RBX: 00007f2d5e7b5fa0 RCX: 00007f2d5e58e969
[  182.476927][ T6778] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000007
[  182.476936][ T6778] RBP: 00007f2d5f48b090 R08: 0000000000000000 R09: 0000000000000000
[  182.476945][ T6778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.476953][ T6778] R13: 0000000000000000 R14: 00007f2d5e7b5fa0 R15: 00007ffe00d46108
[  182.476974][ T6778]  </TASK>
[  182.795277][    C0] vkms_vblank_simulate: vblank timer overrun
[  182.999696][ T6780] erofs (device nbd2): cannot find valid erofs superblock
[  184.101836][ T6592] usbhid 2-1:0.0: can't add hid device: -71
[  184.508496][ T6592] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  184.621615][ T6592] usb 2-1: USB disconnect, device number 6
[  186.087171][ T6813] ieee802154 phy0 wpan0: encryption failed: -22
[  188.543580][ T6829] netlink: 'syz.2.242': attribute type 4 has an invalid length.
[  188.564544][ T6829] netlink: 152 bytes leftover after parsing attributes in process `syz.2.242'.
[  188.595978][ T6829] net_ratelimit: 14 callbacks suppressed
[  188.595998][ T6829] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  188.767424][   T30] audit: type=1326 audit(1747124078.503:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6808 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  188.794579][   T30] audit: type=1326 audit(1747124078.503:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6808 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  189.034368][ T6836] warning: `syz.2.242' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  189.720613][ T6840] afs: Unknown parameter ''
[  189.856071][   T30] audit: type=1326 audit(1747124078.503:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6808 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  189.982287][   T30] audit: type=1326 audit(1747124078.503:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6808 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  190.045867][ T6592] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  190.060703][   T30] audit: type=1326 audit(1747124078.503:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6808 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  190.090310][ T6843] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  190.129762][   T30] audit: type=1326 audit(1747124078.503:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6808 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  190.200286][   T30] audit: type=1326 audit(1747124078.503:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6808 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  190.307102][   T30] audit: type=1326 audit(1747124078.503:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6808 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  190.335885][   T30] audit: type=1326 audit(1747124078.533:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6808 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  190.387712][ T6592] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  190.399475][   T30] audit: type=1326 audit(1747124078.533:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6808 comm="syz.3.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  190.430937][ T6592] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  190.500900][ T6592] usb 5-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  190.627546][ T6592] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.646139][   T24] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  191.037505][ T6592] usb 5-1: config 0 descriptor??
[  191.057667][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  191.117341][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  191.249448][   T24] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  191.263916][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  191.281460][   T24] usb 4-1: SerialNumber: syz
[  191.504241][ T6859] netlink: 12 bytes leftover after parsing attributes in process `syz.2.249'.
[  191.532396][ T6859] tmpfs: Bad value for 'size'
[  191.675833][  T976] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  191.795895][ T5887] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  191.826055][  T976] usb 2-1: Using ep0 maxpacket: 32
[  191.842280][  T976] usb 2-1: New USB device found, idVendor=1ba6, idProduct=0001, bcdDevice=49.88
[  191.851943][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.860141][  T976] usb 2-1: Product: syz
[  191.864482][  T976] usb 2-1: Manufacturer: syz
[  191.869518][  T976] usb 2-1: SerialNumber: syz
[  191.878046][  T976] usb 2-1: config 0 descriptor??
[  191.904310][  T976] as10x_usb: device has been detected
[  191.922832][  T976] dvbdev: DVB: registering new adapter (Abilis Systems DVB-Titan)
[  191.959415][ T5887] usb 3-1: config 0 has an invalid interface number: 64 but max is 0
[  191.975713][ T5887] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  191.991544][ T5887] usb 3-1: config 0 has no interface number 0
[  192.003071][  T976] usb 2-1: DVB: registering adapter 1 frontend 0 (Abilis Systems DVB-Titan)...
[  192.025816][ T5887] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  192.043447][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.057601][  T976] as10x_usb: error during firmware upload part1
[  192.069228][  T976] Registered device Abilis Systems DVB-Titan
[  192.069399][ T6861] bridge_slave_0: left allmulticast mode
[  192.071630][ T5887] usb 3-1: Product: syz
[  192.076187][ T6861] bridge_slave_0: left promiscuous mode
[  192.106105][ T6861] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.121986][ T5887] usb 3-1: Manufacturer: syz
[  192.155206][ T5887] usb 3-1: SerialNumber: syz
[  192.248294][ T5887] usb 3-1: config 0 descriptor??
[  192.354509][  T976] usb 2-1: USB disconnect, device number 7
[  192.404183][ T6861] bridge_slave_1: left allmulticast mode
[  192.419171][ T6861] bridge_slave_1: left promiscuous mode
[  192.438300][ T6861] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.454338][  T976] Unregistered device Abilis Systems DVB-Titan
[  192.458772][  T976] as10x_usb: device has been disconnected
[  192.489828][ T6861] bond0: (slave bond_slave_0): Releasing backup interface
[  192.546876][ T6592] usbhid 5-1:0.0: can't add hid device: -71
[  192.553583][ T6592] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  192.585056][ T6592] usb 5-1: USB disconnect, device number 7
[  192.654956][ T6861] bond0: (slave bond_slave_1): Releasing backup interface
[  192.703006][ T5887] usb 3-1: Found UVC 0.00 device syz (046d:0823)
[  192.724711][ T6861] team0: Port device team_slave_0 removed
[  192.736498][ T5887] usb 3-1: No valid video chain found.
[  192.757364][ T5887] usb 3-1: USB disconnect, device number 9
[  192.771383][ T6861] team0: Port device team_slave_1 removed
[  192.785573][ T6861] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  192.817234][ T6861] batman_adv: batadv0: Removing interface: batadv_slave_0
[  192.839139][ T6861] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  192.848480][ T6861] batman_adv: batadv0: Removing interface: batadv_slave_1
[  193.114706][   T24] usb 4-1: 0:2 : does not exist
[  193.140434][   T24] usb 4-1: unit 48 not found!
[  193.241902][   T24] usb 4-1: USB disconnect, device number 10
[  193.420020][ T6387] udevd[6387]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  193.735954][   T24] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  193.761333][ T6878] erofs (device nbd1): cannot find valid erofs superblock
[  194.061257][   T24] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  194.072252][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.089389][   T24] usb 4-1: config 0 descriptor??
[  194.406403][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  194.412997][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  196.086040][ T5909] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  196.304491][   T24] pegasus 4-1:0.0: probe with driver pegasus failed with error -110
[  196.398671][ T5909] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.891451][ T5909] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  197.157420][ T5909] usb 5-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  197.460439][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.896507][ T5909] usb 5-1: config 0 descriptor??
[  197.939819][ T5909] usb 5-1: can't set config #0, error -71
[  199.511066][   T24] usb 4-1: USB disconnect, device number 11
[  199.533947][ T5909] usb 5-1: USB disconnect, device number 8
[  201.343415][ T6926] netlink: 32 bytes leftover after parsing attributes in process `syz.3.266'.
[  205.083729][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  205.084059][   T30] audit: type=1326 audit(1747124094.713:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6937 comm="syz.0.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  205.337666][   T30] audit: type=1326 audit(1747124094.713:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6937 comm="syz.0.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  205.481766][   T30] audit: type=1326 audit(1747124094.713:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6937 comm="syz.0.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  205.675948][   T30] audit: type=1326 audit(1747124094.713:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6937 comm="syz.0.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  205.826002][   T30] audit: type=1326 audit(1747124094.713:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6937 comm="syz.0.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  205.904496][   T30] audit: type=1326 audit(1747124094.713:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6937 comm="syz.0.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  206.018583][   T30] audit: type=1326 audit(1747124094.713:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6937 comm="syz.0.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  207.233960][ T5833] Bluetooth: hci4: unexpected event for opcode 0x2040
[  207.333875][   T30] audit: type=1326 audit(1747124094.713:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6937 comm="syz.0.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  207.355339][    C0] vkms_vblank_simulate: vblank timer overrun
[  207.513407][   T30] audit: type=1326 audit(1747124094.723:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6937 comm="syz.0.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  207.623104][   T30] audit: type=1326 audit(1747124094.723:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6937 comm="syz.0.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  208.096114][ T5881] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  208.217241][ T6592] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  208.706085][ T5881] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  208.715896][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.740184][ T5881] usb 3-1: config 0 descriptor??
[  208.841549][ T6592] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  208.894296][ T6592] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.962061][ T6592] usb 1-1: config 0 descriptor??
[  209.596384][ T5887] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  209.908817][ T5887] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  210.029173][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.062847][ T6592] pegasus 1-1:0.0: probe with driver pegasus failed with error -110
[  211.277242][ T5881] pegasus 3-1:0.0: probe with driver pegasus failed with error -110
[  211.310311][ T5887] usb 5-1: config 0 descriptor??
[  214.195405][ T5887] pegasus 5-1:0.0: probe with driver pegasus failed with error -71
[  214.687861][ T5881] usb 3-1: USB disconnect, device number 10
[  215.588776][  T976] usb 1-1: USB disconnect, device number 11
[  215.596778][ T6986] input: syz0 as /devices/virtual/input/input10
[  215.616422][ T5887] usb 5-1: USB disconnect, device number 9
[  217.300117][ T5833] Bluetooth: hci0: unexpected event for opcode 0x2040
[  218.928903][ T7026] netlink: 32 bytes leftover after parsing attributes in process `syz.0.292'.
[  220.761484][ T6592] usb 5-1: new low-speed USB device number 10 using dummy_hcd
[  221.109016][ T6592] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  221.131565][ T6592] usb 5-1: config 0 has no interface number 0
[  222.190652][ T5833] Bluetooth: hci2: unexpected event for opcode 0x2040
[  222.217091][ T6592] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  222.255248][ T6592] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  224.262329][ T7064] Bluetooth: MGMT ver 1.23
[  225.690051][ T6592] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  226.185612][ T6592] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  226.197309][ T6592] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  226.208579][ T6592] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  226.222307][ T6592] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  226.232870][ T6592] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.273049][ T6592] usb 5-1: config 0 descriptor??
[  226.280083][ T6592] usb 5-1: can't set config #0, error -71
[  226.300051][ T6592] usb 5-1: USB disconnect, device number 10
[  226.983199][ T7089] program syz.2.312 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  227.501308][ T7085] netlink: 252 bytes leftover after parsing attributes in process `syz.3.311'.
[  227.845441][ T7094] Lens B: =================  START STATUS  =================
[  227.853077][ T7094] Lens B: Focus, Absolute: 0
[  227.859215][ T7094] Lens B: ==================  END STATUS  ==================
[  228.961324][ T5833] Bluetooth: hci0: unexpected event for opcode 0x2040
[  229.105959][ T5909] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  229.342902][ T5909] usb 4-1: config 0 has an invalid interface number: 29 but max is 0
[  229.715797][ T5909] usb 4-1: config 0 has no interface number 0
[  229.721970][ T5909] usb 4-1: config 0 interface 29 has no altsetting 0
[  229.754897][ T5909] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  229.764501][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.784708][ T5909] usb 4-1: Product: syz
[  229.791312][ T5909] usb 4-1: Manufacturer: syz
[  229.803021][ T5909] usb 4-1: SerialNumber: syz
[  229.850101][ T5909] usb 4-1: config 0 descriptor??
[  229.985925][  T976] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  230.210250][  T976] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  230.253114][  T976] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  230.281917][ T5909] peak_usb 4-1:0.29 can0: unable to request usb[type=0 value=1] err=-32
[  230.290493][ T5909] peak_usb 4-1:0.29: unable to read PCAN-USB X6 firmware info (err -32)
[  230.304013][  T976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.389550][ T5909] peak_usb 4-1:0.29: probe with driver peak_usb failed with error -32
[  230.838035][ T5909] usb 4-1: USB disconnect, device number 12
[  230.945260][  T976] usb 5-1: config 0 descriptor??
[  231.515223][  T976] ath6kl: Unsupported hardware version: 0x0
[  231.571339][  T976] ath6kl: Failed to init ath6kl core: -22
[  231.585347][  T976] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -22
[  231.599236][ T7130] netlink: 32 bytes leftover after parsing attributes in process `syz.1.323'.
[  231.733309][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  231.733322][   T30] audit: type=1326 audit(1747124121.463:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7099 comm="syz.4.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  231.768413][  T976] usb 5-1: USB disconnect, device number 11
[  231.812393][   T30] audit: type=1326 audit(1747124121.473:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7099 comm="syz.4.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  233.065847][ T5887] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  233.301234][ T5887] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  233.335330][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.382734][ T5887] usb 5-1: config 0 descriptor??
[  233.642604][ T5833] Bluetooth: hci4: unexpected event for opcode 0x2040
[  234.727117][ T5887] pegasus 5-1:0.0: probe with driver pegasus failed with error -32
[  238.678196][ T5887] usb 5-1: USB disconnect, device number 12
[  240.065986][ T7169] xt_CT: You must specify a L4 protocol and not use inversions on it
[  241.480820][   T30] audit: type=1326 audit(1747124131.063:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7165 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  241.510350][    C0] vkms_vblank_simulate: vblank timer overrun
[  241.868926][   T30] audit: type=1326 audit(1747124131.063:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7165 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  242.094834][   T30] audit: type=1326 audit(1747124131.063:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7165 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  242.122855][   T30] audit: type=1326 audit(1747124131.063:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7165 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  242.144343][    C0] vkms_vblank_simulate: vblank timer overrun
[  242.158250][   T30] audit: type=1326 audit(1747124131.063:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7165 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  242.179638][    C0] vkms_vblank_simulate: vblank timer overrun
[  242.351175][   T30] audit: type=1326 audit(1747124131.063:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7165 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  242.373264][   T30] audit: type=1326 audit(1747124131.063:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7165 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  242.381591][ T5833] Bluetooth: hci2: unexpected event for opcode 0x2040
[  242.394776][    C0] vkms_vblank_simulate: vblank timer overrun
[  242.409620][   T30] audit: type=1326 audit(1747124131.073:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7165 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  242.431144][    C0] vkms_vblank_simulate: vblank timer overrun
[  242.454169][   T30] audit: type=1326 audit(1747124131.073:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7165 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  242.477149][   T30] audit: type=1326 audit(1747124131.073:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7165 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0438e969 code=0x7ffc0000
[  244.087570][   T24] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  245.284051][   T24] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  245.355465][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.446967][   T24] usb 1-1: config 0 descriptor??
[  245.480350][ T7208] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  245.835951][ T5880] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  246.077835][ T5880] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  246.162715][ T5880] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  246.260855][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.425273][ T5880] usb 4-1: config 0 descriptor??
[  246.823650][   T24] pegasus 1-1:0.0: probe with driver pegasus failed with error -32
[  247.621485][ T5880] ath6kl: Unsupported hardware version: 0x0
[  247.829710][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  247.829740][   T30] audit: type=1326 audit(1747124137.313:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7202 comm="syz.3.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  248.327939][ T5880] ath6kl: Failed to init ath6kl core: -22
[  248.334086][ T5880] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22
[  248.446631][   T30] audit: type=1326 audit(1747124137.323:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7202 comm="syz.3.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  248.567899][   T24] usb 4-1: USB disconnect, device number 13
[  248.821258][ T5833] Bluetooth: hci3: unexpected event for opcode 0x2040
[  248.877621][ T5880] usb 1-1: USB disconnect, device number 12
[  249.949003][ T5909] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  250.219720][ T5909] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  250.719073][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.995952][ T5909] usb 5-1: config 0 descriptor??
[  251.724526][ T7260] vivid-000: disconnect
[  252.286819][ T7255] vivid-000: reconnect
[  253.286235][ T5909] pegasus 5-1:0.0: probe with driver pegasus failed with error -110
[  255.431726][ T5878] usb 5-1: USB disconnect, device number 13
[  255.635860][ T5880] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  255.826833][ T5833] Bluetooth: hci0: unexpected event for opcode 0x2040
[  255.871142][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  255.885856][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  256.699617][ T5880] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  256.716001][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.759656][ T5880] usb 1-1: config 0 descriptor??
[  256.890708][   T30] audit: type=1326 audit(1747124146.613:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7291 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  256.959234][   T30] audit: type=1326 audit(1747124146.613:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7291 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  257.054112][   T30] audit: type=1326 audit(1747124146.613:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7291 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  257.138132][   T30] audit: type=1326 audit(1747124146.613:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7291 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  257.186681][   T30] audit: type=1326 audit(1747124146.613:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7291 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  257.208122][    C0] vkms_vblank_simulate: vblank timer overrun
[  257.316983][   T30] audit: type=1326 audit(1747124146.623:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7291 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  257.338488][    C0] vkms_vblank_simulate: vblank timer overrun
[  257.344962][   T30] audit: type=1326 audit(1747124146.623:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7291 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  258.090774][ T5880] pegasus 1-1:0.0: probe with driver pegasus failed with error -32
[  261.484474][ T5819] usb 1-1: USB disconnect, device number 13
[  261.499845][   T30] audit: type=1326 audit(1747124146.623:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7291 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  261.551898][   T30] audit: type=1326 audit(1747124146.623:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7291 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  262.758217][ T5880] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  263.011127][   T30] audit: type=1326 audit(1747124152.713:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.1.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  263.131202][ T5880] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  263.228997][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.273584][   T30] audit: type=1326 audit(1747124152.713:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.1.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  263.365556][   T30] audit: type=1326 audit(1747124152.723:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.1.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  263.387213][    C0] vkms_vblank_simulate: vblank timer overrun
[  263.563130][ T5880] usb 5-1: config 0 descriptor??
[  263.568560][   T30] audit: type=1326 audit(1747124152.723:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.1.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  263.571611][ T5833] Bluetooth: hci2: unexpected event for opcode 0x2040
[  263.590485][    C0] vkms_vblank_simulate: vblank timer overrun
[  263.623923][   T30] audit: type=1326 audit(1747124152.723:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.1.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  263.650468][   T30] audit: type=1326 audit(1747124152.723:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.1.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  263.673178][    C0] vkms_vblank_simulate: vblank timer overrun
[  263.706260][   T30] audit: type=1326 audit(1747124152.723:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.1.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  263.735169][   T30] audit: type=1326 audit(1747124152.733:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.1.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  264.475878][   T30] audit: type=1326 audit(1747124152.733:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.1.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  266.087917][ T5880] pegasus 5-1:0.0: probe with driver pegasus failed with error -110
[  267.463130][ T5878] usb 5-1: USB disconnect, device number 14
[  267.496979][ T7346] vim2m vim2m.0: vidioc_s_fmt queue busy
[  269.074277][ T5833] Bluetooth: hci3: unexpected event for opcode 0x2040
[  269.125989][ T5878] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  270.028847][ T5878] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  270.065248][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.087499][ T7375] netlink: 'syz.4.394': attribute type 6 has an invalid length.
[  270.123017][ T5878] usb 4-1: config 0 descriptor??
[  270.136147][ T7375] tmpfs: Bad value for 'size'
[  270.402492][ T6592] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  270.407445][ T7384] netlink: 56 bytes leftover after parsing attributes in process `syz.2.397'.
[  270.660506][ T6592] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  271.802299][ T5878] pegasus 4-1:0.0: probe with driver pegasus failed with error -32
[  272.652805][ T6592] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  273.376494][ T6592] usb 5-1: config 0 has no interface number 0
[  273.495193][ T7365] syz.1.390: vmalloc error: size 100663296, failed to allocated page array size 196608, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  273.554641][ T7365] CPU: 0 UID: 0 PID: 7365 Comm: syz.1.390 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  273.554666][ T7365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  273.554682][ T7365] Call Trace:
[  273.554691][ T7365]  <TASK>
[  273.554699][ T7365]  dump_stack_lvl+0x189/0x250
[  273.554727][ T7365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  273.554748][ T7365]  ? __pfx__printk+0x10/0x10
[  273.554771][ T7365]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  273.554796][ T7365]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  273.554822][ T7365]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  273.554849][ T7365]  warn_alloc+0x214/0x310
[  273.554872][ T7365]  ? __pfx_warn_alloc+0x10/0x10
[  273.554894][ T7365]  ? __get_vm_area_node+0x28f/0x300
[  273.554915][ T7365]  __vmalloc_node_range_noprof+0x5f2/0x12c0
[  273.554937][ T7365]  ? __asan_memset+0x22/0x50
[  273.554988][ T7365]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  273.555005][ T7365]  ? __kasan_kmalloc_large+0x1a/0xa0
[  273.555041][ T7365]  ? rcu_is_watching+0x15/0xb0
[  273.555074][ T7365]  ? bpf_uprobe_multi_link_attach+0x437/0xda0
[  273.555099][ T7365]  ? bpf_uprobe_multi_link_attach+0x437/0xda0
[  273.555120][ T7365]  __kvmalloc_node_noprof+0x3a0/0x5e0
[  273.555134][ T7365]  ? bpf_uprobe_multi_link_attach+0x437/0xda0
[  273.555152][ T7365]  ? bpf_uprobe_multi_link_attach+0x418/0xda0
[  273.555173][ T7365]  bpf_uprobe_multi_link_attach+0x437/0xda0
[  273.555200][ T7365]  ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10
[  273.555216][ T7365]  ? __fget_files+0x2a/0x420
[  273.555232][ T7365]  ? __fget_files+0x2a/0x420
[  273.555246][ T7365]  ? __fget_files+0x2a/0x420
[  273.555262][ T7365]  ? bpf_prog_attach_check_attach_type+0x453/0x540
[  273.555287][ T7365]  link_create+0x70a/0x8a0
[  273.555310][ T7365]  __sys_bpf+0x599/0x860
[  273.555329][ T7365]  ? __pfx___sys_bpf+0x10/0x10
[  273.555358][ T7365]  ? rcu_is_watching+0x15/0xb0
[  273.555388][ T7365]  __x64_sys_bpf+0x7c/0x90
[  273.555405][ T7365]  do_syscall_64+0xf6/0x210
[  273.555425][ T7365]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  273.555440][ T7365]  ? clear_bhb_loop+0x60/0xb0
[  273.555458][ T7365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.555473][ T7365] RIP: 0033:0x7f520958e969
[  273.555488][ T7365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  273.555501][ T7365] RSP: 002b:00007f520a37a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  273.555517][ T7365] RAX: ffffffffffffffda RBX: 00007f52097b5fa0 RCX: 00007f520958e969
[  273.555528][ T7365] RDX: 0000000000000040 RSI: 00002000000012c0 RDI: 000000000000001c
[  273.555538][ T7365] RBP: 00007f5209610ab1 R08: 0000000000000000 R09: 0000000000000000
[  273.555547][ T7365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  273.555556][ T7365] R13: 0000000000000000 R14: 00007f52097b5fa0 R15: 00007ffea1a1cec8
[  273.555579][ T7365]  </TASK>
[  273.555590][ T7365] Mem-Info:
[  273.799245][    C0] vkms_vblank_simulate: vblank timer overrun
[  273.865993][ T5881] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  273.885912][ T6592] usb 5-1: string descriptor 0 read error: -71
[  273.892470][ T6592] usb 5-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  273.944472][ T5819] usb 4-1: USB disconnect, device number 14
[  273.977412][ T7365] active_anon:260 inactive_anon:7536 isolated_anon:0
[  273.977412][ T7365]  active_file:14474 inactive_file:40356 isolated_file:0
[  273.977412][ T7365]  unevictable:768 dirty:172 writeback:0
[  273.977412][ T7365]  slab_reclaimable:10179 slab_unreclaimable:101835
[  273.977412][ T7365]  mapped:32755 shmem:3211 pagetables:1047
[  273.977412][ T7365]  sec_pagetables:0 bounce:0
[  273.977412][ T7365]  kernel_misc_reclaimable:0
[  273.977412][ T7365]  free:1320802 free_pcp:399 free_cma:0
[  274.032741][ T6592] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.113449][ T7365] Node 0 active_anon:1040kB inactive_anon:30244kB active_file:57480kB inactive_file:161420kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130844kB dirty:684kB writeback:0kB shmem:11308kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11316kB pagetables:4388kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  274.176544][ T6592] usb 5-1: config 0 descriptor??
[  274.210129][ T6592] usb 5-1: can't set config #0, error -71
[  274.265990][ T6592] usb 5-1: USB disconnect, device number 15
[  274.273374][ T7365] Node 1 active_anon:0kB inactive_anon:0kB active_file:416kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:176kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  274.273611][ T5881] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  274.307657][    C0] vkms_vblank_simulate: vblank timer overrun
[  274.329991][ T7365] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  274.358522][    C0] vkms_vblank_simulate: vblank timer overrun
[  274.366429][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.376862][ T7365] lowmem_reserve[]: 0 2504 2504 2504 2504
[  274.401765][ T5881] usb 3-1: config 0 descriptor??
[  274.422276][ T7365] Node 0 DMA32 free:1359200kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:1036kB inactive_anon:30240kB active_file:57388kB inactive_file:161408kB unevictable:1536kB writepending:684kB present:3129332kB managed:2564592kB mlocked:0kB bounce:0kB free_pcp:1524kB local_pcp:312kB free_cma:0kB
[  274.453139][    C0] vkms_vblank_simulate: vblank timer overrun
[  274.456756][ T5819] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  274.485553][ T7365] lowmem_reserve[]: 0 0 0 0 0
[  274.491622][ T7365] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:4kB active_file:92kB inactive_file:12kB unevictable:0kB writepending:0kB present:1048580kB managed:112kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  274.524061][    C0] vkms_vblank_simulate: vblank timer overrun
[  274.537442][ T7365] lowmem_reserve[]: 0 0 0 0 0
[  274.542328][ T7365] Node 1 Normal free:3908568kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:416kB inactive_file:4kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  274.575227][    C0] vkms_vblank_simulate: vblank timer overrun
[  274.667603][ T5819] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  274.669323][ T7365] lowmem_reserve[]: 0 0 0 0 0
[  274.702445][ T7365] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  274.711886][ T5819] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.757467][ T5819] usb 4-1: config 0 descriptor??
[  274.786370][ T7365] Node 0 DMA32: 8*4kB (UE) 5*8kB (UE) 280*16kB (UME) 432*32kB (UME) 305*64kB (UME) 66*128kB (ME) 26*256kB (UM) 18*512kB (ME) 7*1024kB (UM) 4*2048kB (UME) 312*4096kB (M) = 1355528kB
[  274.842289][ T7365] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  274.883496][ T7365] Node 1 Normal: 202*4kB (UME) 47*8kB (UE) 43*16kB (UME) 215*32kB (UME) 80*64kB (UME) 36*128kB (UME) 10*256kB (UME) 9*512kB (UM) 2*1024kB (ME) 3*2048kB (UE) 946*4096kB (M) = 3908656kB
[  274.941176][ T7365] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  275.009508][ T7365] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  275.037799][ T7365] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  275.115837][ T7365] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  275.166540][ T7365] 60903 total pagecache pages
[  275.192764][ T7365] 0 pages in swap cache
[  275.202973][ T7365] Free swap  = 124996kB
[  275.220686][ T7365] Total swap = 124996kB
[  275.231271][ T7365] 2097051 pages RAM
[  275.245787][ T7365] 0 pages HighMem/MovableOnly
[  275.260970][ T7365] 424244 pages reserved
[  275.269656][ T7413] FAULT_INJECTION: forcing a failure.
[  275.269656][ T7413] name failslab, interval 1, probability 0, space 0, times 0
[  275.283035][ T7413] CPU: 1 UID: 0 PID: 7413 Comm: syz.4.403 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  275.283073][ T7413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  275.283088][ T7413] Call Trace:
[  275.283099][ T7413]  <TASK>
[  275.283109][ T7413]  dump_stack_lvl+0x189/0x250
[  275.283150][ T7413]  ? __pfx_dump_stack_lvl+0x10/0x10
[  275.283180][ T7413]  ? __pfx__printk+0x10/0x10
[  275.283220][ T7413]  ? __pfx___might_resched+0x10/0x10
[  275.283268][ T7413]  ? fs_reclaim_acquire+0x7d/0x100
[  275.283295][ T7413]  should_fail_ex+0x414/0x560
[  275.283321][ T7413]  should_failslab+0xa8/0x100
[  275.283341][ T7413]  kmem_cache_alloc_noprof+0x73/0x3c0
[  275.283370][ T7413]  ? radix_tree_node_alloc+0x7e/0x3a0
[  275.283399][ T7413]  radix_tree_node_alloc+0x7e/0x3a0
[  275.283428][ T7413]  idr_get_free+0x2b3/0xa70
[  275.283466][ T7413]  idr_alloc_u32+0x159/0x2d0
[  275.283504][ T7413]  ? __pfx_idr_alloc_u32+0x10/0x10
[  275.283569][ T7413]  ? rcu_is_watching+0x15/0xb0
[  275.283604][ T7413]  gen_new_kid+0x9e/0x140
[  275.283634][ T7413]  ? __pfx_gen_new_kid+0x10/0x10
[  275.283675][ T7413]  u32_change+0x127d/0x26b0
[  275.283706][ T7413]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  275.283741][ T7413]  ? __pfx_u32_change+0x10/0x10
[  275.283783][ T7413]  ? lockdep_rtnl_is_held+0x26/0x40
[  275.283810][ T7413]  ? u32_lookup_ht+0x1b7/0x1d0
[  275.283844][ T7413]  tc_new_tfilter+0xdca/0x15b0
[  275.283905][ T7413]  ? __pfx_tc_new_tfilter+0x10/0x10
[  275.283970][ T7413]  ? __pfx_tc_new_tfilter+0x10/0x10
[  275.283996][ T7413]  rtnetlink_rcv_msg+0x7cc/0xb70
[  275.284022][ T7413]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  275.284043][ T7413]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  275.284071][ T7413]  ? ref_tracker_free+0x63a/0x7d0
[  275.284090][ T7413]  ? __copy_skb_header+0xa7/0x550
[  275.284130][ T7413]  netlink_rcv_skb+0x21c/0x490
[  275.284155][ T7413]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  275.284179][ T7413]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  275.284225][ T7413]  ? netlink_deliver_tap+0x2e/0x1b0
[  275.284248][ T7413]  ? netlink_deliver_tap+0x2e/0x1b0
[  275.284277][ T7413]  netlink_unicast+0x758/0x8d0
[  275.284311][ T7413]  netlink_sendmsg+0x805/0xb30
[  275.284332][ T7413]  ? is_bpf_text_address+0x26/0x2b0
[  275.284369][ T7413]  ? __pfx_netlink_sendmsg+0x10/0x10
[  275.284403][ T7413]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  275.284424][ T7413]  ? __pfx_netlink_sendmsg+0x10/0x10
[  275.284449][ T7413]  __sock_sendmsg+0x21c/0x270
[  275.284473][ T7413]  ____sys_sendmsg+0x505/0x830
[  275.284508][ T7413]  ? __pfx_____sys_sendmsg+0x10/0x10
[  275.284553][ T7413]  ? import_iovec+0x74/0xa0
[  275.284586][ T7413]  ___sys_sendmsg+0x21f/0x2a0
[  275.284616][ T7413]  ? __pfx____sys_sendmsg+0x10/0x10
[  275.284685][ T7413]  ? __fget_files+0x2a/0x420
[  275.284703][ T7413]  ? __fget_files+0x3a0/0x420
[  275.284734][ T7413]  __x64_sys_sendmsg+0x19b/0x260
[  275.284765][ T7413]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  275.284809][ T7413]  ? do_syscall_64+0xba/0x210
[  275.284840][ T7413]  do_syscall_64+0xf6/0x210
[  275.284865][ T7413]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  275.284887][ T7413]  ? clear_bhb_loop+0x60/0xb0
[  275.284912][ T7413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.284931][ T7413] RIP: 0033:0x7f2d5e58e969
[  275.284951][ T7413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.284970][ T7413] RSP: 002b:00007f2d5f48b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  275.284991][ T7413] RAX: ffffffffffffffda RBX: 00007f2d5e7b5fa0 RCX: 00007f2d5e58e969
[  275.285005][ T7413] RDX: 0000000000000800 RSI: 00002000000001c0 RDI: 0000000000000004
[  275.285018][ T7413] RBP: 00007f2d5f48b090 R08: 0000000000000000 R09: 0000000000000000
[  275.285031][ T7413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  275.285043][ T7413] R13: 0000000000000000 R14: 00007f2d5e7b5fa0 R15: 00007ffe00d46108
[  275.285077][ T7413]  </TASK>
[  275.306909][ T7365] 0 pages cma reserved
[  276.168215][ T5881] pegasus 3-1:0.0: probe with driver pegasus failed with error -110
[  276.288604][ T5833] Bluetooth: hci4: unexpected event for opcode 0x2040
[  276.410516][ T5819] pegasus 4-1:0.0: probe with driver pegasus failed with error -110
[  277.576117][ T7432] netlink: 56 bytes leftover after parsing attributes in process `syz.0.406'.
[  277.936561][ T5887] usb 4-1: USB disconnect, device number 15
[  277.944517][ T5819] usb 3-1: USB disconnect, device number 11
[  278.431084][ T7442] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  278.669325][ T7442] FAULT_INJECTION: forcing a failure.
[  278.669325][ T7442] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  278.987010][ T7442] CPU: 0 UID: 0 PID: 7442 Comm: syz.2.408 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  278.987041][ T7442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  278.987054][ T7442] Call Trace:
[  278.987063][ T7442]  <TASK>
[  278.987071][ T7442]  dump_stack_lvl+0x189/0x250
[  278.987107][ T7442]  ? __pfx_dump_stack_lvl+0x10/0x10
[  278.987136][ T7442]  ? __pfx__printk+0x10/0x10
[  278.987181][ T7442]  should_fail_ex+0x414/0x560
[  278.987209][ T7442]  _copy_to_user+0x31/0xb0
[  278.987240][ T7442]  simple_read_from_buffer+0xe1/0x170
[  278.987276][ T7442]  proc_fail_nth_read+0x1df/0x250
[  278.987302][ T7442]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  278.987327][ T7442]  ? rw_verify_area+0x258/0x650
[  278.987354][ T7442]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  278.987377][ T7442]  vfs_read+0x200/0x980
[  278.987410][ T7442]  ? __pfx___mutex_lock+0x10/0x10
[  278.987436][ T7442]  ? __pfx_vfs_read+0x10/0x10
[  278.987465][ T7442]  ? __fget_files+0x2a/0x420
[  278.987490][ T7442]  ? __fget_files+0x3a0/0x420
[  278.987507][ T7442]  ? __fget_files+0x2a/0x420
[  278.987536][ T7442]  ksys_read+0x145/0x250
[  278.987567][ T7442]  ? __pfx_ksys_read+0x10/0x10
[  278.987612][ T7442]  do_syscall_64+0xf6/0x210
[  278.987641][ T7442]  ? clear_bhb_loop+0x60/0xb0
[  278.987666][ T7442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.987686][ T7442] RIP: 0033:0x7f9f0438d37c
[  278.987704][ T7442] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  278.987722][ T7442] RSP: 002b:00007f9f05250030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  278.987745][ T7442] RAX: ffffffffffffffda RBX: 00007f9f045b5fa0 RCX: 00007f9f0438d37c
[  278.987760][ T7442] RDX: 000000000000000f RSI: 00007f9f052500a0 RDI: 0000000000000004
[  278.987772][ T7442] RBP: 00007f9f05250090 R08: 0000000000000000 R09: 0000000000000000
[  278.987784][ T7442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  278.987795][ T7442] R13: 0000000000000000 R14: 00007f9f045b5fa0 R15: 00007ffe58f16e28
[  278.987828][ T7442]  </TASK>
[  280.209161][ T7457] netlink: 32 bytes leftover after parsing attributes in process `syz.1.411'.
[  281.915795][   T30] audit: type=1326 audit(1747124171.263:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7463 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  282.090333][   T30] audit: type=1326 audit(1747124171.263:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7463 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  282.112925][    C1] vkms_vblank_simulate: vblank timer overrun
[  282.336118][   T30] audit: type=1326 audit(1747124171.263:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7463 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  282.361254][ T5833] Bluetooth: hci0: unexpected event for opcode 0x2040
[  282.368789][   T30] audit: type=1326 audit(1747124171.263:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7463 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  282.394563][   T30] audit: type=1326 audit(1747124171.263:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7463 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  282.418568][    C1] vkms_vblank_simulate: vblank timer overrun
[  282.425534][   T30] audit: type=1326 audit(1747124171.263:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7463 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  282.449866][    C1] vkms_vblank_simulate: vblank timer overrun
[  282.495821][   T30] audit: type=1326 audit(1747124171.263:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7463 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  282.762438][   T30] audit: type=1326 audit(1747124171.273:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7463 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  283.265871][   T30] audit: type=1326 audit(1747124171.273:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7463 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008538e969 code=0x7ffc0000
[  283.345914][ T5881] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  283.635080][ T7485] vim2m vim2m.0: vidioc_s_fmt queue busy
[  283.698485][ T5881] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  283.766203][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.986885][ T5881] usb 4-1: config 0 descriptor??
[  284.675910][    T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  284.717628][ T5909] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  284.831866][    T9] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  284.885985][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.899405][ T5909] usb 1-1: Using ep0 maxpacket: 8
[  284.912187][    T9] usb 2-1: config 0 descriptor??
[  285.176985][ T5909] usb 1-1: unable to get BOS descriptor or descriptor too short
[  285.229701][ T5909] usb 1-1: unable to read config index 0 descriptor/start: -71
[  285.288440][ T5909] usb 1-1: can't read configurations, error -71
[  285.846583][ T5881] pegasus 4-1:0.0: probe with driver pegasus failed with error -110
[  286.927699][    T9] pegasus 2-1:0.0: probe with driver pegasus failed with error -110
[  290.187766][    T9] usb 4-1: USB disconnect, device number 16
[  290.323279][ T5880] usb 2-1: USB disconnect, device number 8
[  293.463628][ T7544] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  293.510407][ T7549] netlink: 40 bytes leftover after parsing attributes in process `syz.2.434'.
[  293.705886][    T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  293.908954][    T9] usb 4-1: Using ep0 maxpacket: 8
[  295.626179][ T6592] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  295.795916][ T5881] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  295.823201][ T6592] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  295.844611][ T6592] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.877772][ T6592] usb 5-1: config 0 descriptor??
[  295.881004][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  295.920729][    T9] usb 4-1: unable to read config index 0 descriptor/start: -71
[  295.942081][    T9] usb 4-1: can't read configurations, error -71
[  295.985843][ T5881] usb 1-1: Using ep0 maxpacket: 16
[  296.010461][ T5881] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  296.033380][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.057220][ T5881] usb 1-1: Product: syz
[  296.068248][ T5881] usb 1-1: Manufacturer: syz
[  296.080370][ T5881] usb 1-1: SerialNumber: syz
[  296.100096][ T5881] usb 1-1: config 0 descriptor??
[  296.115609][ T5881] hub 1-1:0.0: bad descriptor, ignoring hub
[  296.129770][ T5881] hub 1-1:0.0: probe with driver hub failed with error -5
[  296.154661][ T5881] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input12
[  296.569179][ T7584] erofs (device nbd2): cannot find valid erofs superblock
[  296.662204][ T7564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.680779][ T7564] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  297.526340][ T6592] pegasus 5-1:0.0: probe with driver pegasus failed with error -110
[  299.147847][ T7589] netlink: 452 bytes leftover after parsing attributes in process `syz.3.440'.
[  299.558536][    T9] usb 5-1: USB disconnect, device number 16
[  299.921271][ T7609] netlink: 40 bytes leftover after parsing attributes in process `syz.2.445'.
[  300.418074][ T7620] binder: Binderfs stats mode cannot be changed during a remount
[  300.773222][ T7625] vim2m vim2m.0: vidioc_s_fmt queue busy
[  301.038990][   T30] audit: type=1326 audit(1747124190.703:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7612 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  301.372448][   T30] audit: type=1326 audit(1747124190.703:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7612 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  301.733385][   T30] audit: type=1326 audit(1747124190.703:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7612 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  301.950587][   T30] audit: type=1326 audit(1747124190.703:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7612 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  302.055915][   T30] audit: type=1326 audit(1747124190.703:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7612 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  302.376080][   T30] audit: type=1326 audit(1747124190.703:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7612 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  302.399670][   T30] audit: type=1326 audit(1747124190.703:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7612 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  302.424604][   T30] audit: type=1326 audit(1747124190.703:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7612 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  302.703400][   T30] audit: type=1326 audit(1747124190.703:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7612 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  302.843364][ T7637] FAULT_INJECTION: forcing a failure.
[  302.843364][ T7637] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  302.879791][   T30] audit: type=1326 audit(1747124190.713:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7612 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  302.902137][ T7637] CPU: 1 UID: 0 PID: 7637 Comm: syz.0.452 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  302.902167][ T7637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  302.902180][ T7637] Call Trace:
[  302.902188][ T7637]  <TASK>
[  302.902195][ T7637]  dump_stack_lvl+0x189/0x250
[  302.902225][ T7637]  ? __lock_acquire+0xaac/0xd20
[  302.902256][ T7637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.902284][ T7637]  ? __pfx__printk+0x10/0x10
[  302.902315][ T7637]  ? __might_fault+0xb0/0x130
[  302.902357][ T7637]  should_fail_ex+0x414/0x560
[  302.902382][ T7637]  _copy_from_user+0x2d/0xb0
[  302.902413][ T7637]  restore_altstack+0x9d/0x4b0
[  302.902436][ T7637]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[  302.902460][ T7637]  ? __pfx_restore_altstack+0x10/0x10
[  302.902490][ T7637]  ? _raw_spin_unlock_irq+0x23/0x50
[  302.902511][ T7637]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.902538][ T7637]  __ia32_sys_rt_sigreturn+0x1ac/0x7b0
[  302.902578][ T7637]  ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10
[  302.902618][ T7637]  ? __lock_acquire+0xaac/0xd20
[  302.902674][ T7637]  ? do_syscall_64+0xba/0x210
[  302.902705][ T7637]  do_syscall_64+0xf6/0x210
[  302.902730][ T7637]  ? clear_bhb_loop+0x60/0xb0
[  302.902754][ T7637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.902773][ T7637] RIP: 0033:0x7f008532ab39
[  302.902791][ T7637] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  302.902808][ T7637] RSP: 002b:00007f00861cea80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  302.902829][ T7637] RAX: ffffffffffffffda RBX: 00007f00855b5fa0 RCX: 00007f008532ab39
[  302.902844][ T7637] RDX: 00007f00861cea80 RSI: 00007f00861cebb0 RDI: 0000000000000021
[  302.902858][ T7637] RBP: 00007f00861cf090 R08: 0000000000000000 R09: 0000000000000000
[  302.902870][ T7637] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[  302.902882][ T7637] R13: 0000000000000000 R14: 00007f00855b5fa0 R15: 00007ffd443a6ef8
[  302.902915][ T7637]  </TASK>
[  303.856315][ T5880] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  304.043494][ T5880] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  304.064785][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.335515][ T7657] vim2m vim2m.0: vidioc_s_fmt queue busy
[  305.036828][ T5881] usb 1-1: USB disconnect, device number 16
[  305.105067][ T5880] usb 3-1: config 0 descriptor??
[  305.142702][ T7663] netlink: 40 bytes leftover after parsing attributes in process `syz.1.458'.
[  307.220071][ T5880] pegasus 3-1:0.0: probe with driver pegasus failed with error -110
[  307.590724][ T7674] netlink: 32 bytes leftover after parsing attributes in process `syz.3.460'.
[  309.810640][ T7680] xt_CT: You must specify a L4 protocol and not use inversions on it
[  310.514574][ T5880] usb 3-1: USB disconnect, device number 12
[  312.074432][ T7704] netlink: 40 bytes leftover after parsing attributes in process `syz.1.469'.
[  312.278164][ T5833] Bluetooth: hci1: unexpected event for opcode 0x2040
[  313.256726][ T7714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.471'.
[  313.923407][ T7718] FAULT_INJECTION: forcing a failure.
[  313.923407][ T7718] name failslab, interval 1, probability 0, space 0, times 0
[  313.937731][ T7718] CPU: 0 UID: 0 PID: 7718 Comm: syz.0.471 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  313.937752][ T7718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  313.937761][ T7718] Call Trace:
[  313.937767][ T7718]  <TASK>
[  313.937773][ T7718]  dump_stack_lvl+0x189/0x250
[  313.937800][ T7718]  ? __pfx_dump_stack_lvl+0x10/0x10
[  313.937828][ T7718]  ? __pfx__printk+0x10/0x10
[  313.937856][ T7718]  ? __pfx___might_resched+0x10/0x10
[  313.937878][ T7718]  ? fs_reclaim_acquire+0x7d/0x100
[  313.937898][ T7718]  should_fail_ex+0x414/0x560
[  313.937917][ T7718]  should_failslab+0xa8/0x100
[  313.937932][ T7718]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  313.937956][ T7718]  ? rxrpc_setsockopt+0x490/0x7f0
[  313.937983][ T7718]  rxrpc_server_keyring+0x7a/0x1e0
[  313.938006][ T7718]  rxrpc_setsockopt+0x490/0x7f0
[  313.938030][ T7718]  ? __pfx_rxrpc_setsockopt+0x10/0x10
[  313.938055][ T7718]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  313.938070][ T7718]  ? __pfx_rxrpc_setsockopt+0x10/0x10
[  313.938093][ T7718]  do_sock_setsockopt+0x25a/0x3e0
[  313.938115][ T7718]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  313.938132][ T7718]  ? __fget_files+0x2a/0x420
[  313.938151][ T7718]  ? __fget_files+0x3a0/0x420
[  313.938163][ T7718]  ? __fget_files+0x2a/0x420
[  313.938182][ T7718]  __x64_sys_setsockopt+0x18b/0x220
[  313.938205][ T7718]  do_syscall_64+0xf6/0x210
[  313.938224][ T7718]  ? clear_bhb_loop+0x60/0xb0
[  313.938243][ T7718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.938257][ T7718] RIP: 0033:0x7f008538e969
[  313.938271][ T7718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.938283][ T7718] RSP: 002b:00007f00861ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  313.938299][ T7718] RAX: ffffffffffffffda RBX: 00007f00855b6080 RCX: 00007f008538e969
[  313.938310][ T7718] RDX: 0000000000000002 RSI: 0000000000000110 RDI: 0000000000000004
[  313.938318][ T7718] RBP: 00007f00861ae090 R08: 000000000000012d R09: 0000000000000000
[  313.938328][ T7718] R10: 0000200000000700 R11: 0000000000000246 R12: 0000000000000001
[  313.938337][ T7718] R13: 0000000000000000 R14: 00007f00855b6080 R15: 00007ffd443a6ef8
[  313.938359][ T7718]  </TASK>
[  314.183913][    C0] vkms_vblank_simulate: vblank timer overrun
[  314.256227][ T7724] netlink: 32 bytes leftover after parsing attributes in process `syz.1.473'.
[  315.128347][ T5880] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  315.249872][ T7736] xt_CT: You must specify a L4 protocol and not use inversions on it
[  316.198170][ T5880] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  316.322267][ T5880] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  316.379320][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.415944][ T6592] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  316.438806][ T5880] usb 5-1: config 0 descriptor??
[  317.133691][ T6592] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  317.297381][ T7758] vim2m vim2m.0: vidioc_s_fmt queue busy
[  317.396290][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  317.576407][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  318.875624][ T5880] ath6kl: Failed to read usb control message: -110
[  319.449600][ T6592] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.931955][ T6592] usb 3-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  321.957695][ T5880] ath6kl: Unable to read the bmi data from the device: -110
[  322.165591][ T6592] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.165845][ T5880] ath6kl: Unable to recv target info: -110
[  322.201766][ T5880] ath6kl: Failed to init ath6kl core: -110
[  322.209895][ T5880] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -110
[  322.425987][ T5833] Bluetooth: hci1: unexpected event for opcode 0x2040
[  322.487382][ T6592] usb 3-1: config 0 descriptor??
[  322.632659][ T5909] usb 5-1: USB disconnect, device number 17
[  323.173011][ T6592] usb 3-1: can't set config #0, error -71
[  325.599698][ T6592] usb 3-1: USB disconnect, device number 13
[  325.889236][ T7767] netlink: 'syz.2.483': attribute type 6 has an invalid length.
[  326.656361][ T7767] tmpfs: Bad value for 'size'
[  327.156070][ T5878] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  327.355877][    T9] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  327.356436][ T5878] usb 3-1: config 0 has an invalid interface number: 64 but max is 0
[  327.458567][ T5878] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  327.472270][ T5878] usb 3-1: config 0 has no interface number 0
[  327.484140][ T5878] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  327.495891][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.508796][ T5878] usb 3-1: Product: syz
[  327.513376][ T5878] usb 3-1: Manufacturer: syz
[  327.518858][ T5878] usb 3-1: SerialNumber: syz
[  327.533240][ T5878] usb 3-1: config 0 descriptor??
[  327.547455][    T9] usb 5-1: config 0 has an invalid interface number: 29 but max is 0
[  327.568323][    T9] usb 5-1: config 0 has no interface number 0
[  327.575932][ T5909] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  327.591057][    T9] usb 5-1: config 0 interface 29 has no altsetting 0
[  327.633165][    T9] usb 5-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  327.653849][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.673582][    T9] usb 5-1: Product: syz
[  327.688136][    T9] usb 5-1: Manufacturer: syz
[  327.699702][    T9] usb 5-1: SerialNumber: syz
[  327.736097][ T5909] usb 2-1: Using ep0 maxpacket: 32
[  327.748200][    T9] usb 5-1: config 0 descriptor??
[  327.763414][ T5909] usb 2-1: config 0 has an invalid interface number: 231 but max is 0
[  327.774745][ T5909] usb 2-1: config 0 has no interface number 0
[  327.782128][ T5909] usb 2-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  327.793708][ T5909] usb 2-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  328.027524][ T5878] usb 3-1: Found UVC 0.00 device syz (046d:0823)
[  328.043022][ T5878] usb 3-1: No valid video chain found.
[  328.066386][    T9] peak_usb 5-1:0.29: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
[  328.069505][ T5878] usb 3-1: USB disconnect, device number 14
[  328.100457][ T5909] usb 2-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b
[  328.121869][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.156877][ T5909] usb 2-1: Product: syz
[  328.161330][ T5909] usb 2-1: Manufacturer: syz
[  328.177705][ T5909] usb 2-1: SerialNumber: syz
[  328.227724][ T5909] usb 2-1: config 0 descriptor??
[  328.239497][ T7779] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  328.253422][ T7779] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  328.281965][    T9] peak_usb 5-1:0.29 can0: sending command failure: -22
[  328.301605][    T9] peak_usb 5-1:0.29 can0: sending command failure: -22
[  328.302182][ T5909] plusb 2-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.1-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 16:59:22:a6:e0:c0
[  328.344757][    T9] peak_usb 5-1:0.29 can0: sending command failure: -22
[  328.438140][    T9] peak_usb 5-1:0.29: probe with driver peak_usb failed with error -22
[  328.489707][    T9] usb 5-1: USB disconnect, device number 18
[  328.544046][ T5909] usb 2-1: USB disconnect, device number 9
[  328.643290][ T5909] plusb 2-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.1-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1
[  330.931982][ T5833] Bluetooth: hci3: unexpected event for opcode 0x2040
[  332.338599][ T7821] netlink: 1 bytes leftover after parsing attributes in process `syz.0.497'.
[  332.365277][ T7826] xt_CT: You must specify a L4 protocol and not use inversions on it
[  332.460533][ T7816] tipc: Started in network mode
[  332.483437][ T7816] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  332.501102][ T7816] tipc: Enabled bearer <eth:vlan0>, priority 10
[  332.906095][ T7816] tipc: Resetting bearer <eth:vlan0>
[  333.617874][ T5909] tipc: Node number set to 10005162
[  334.217298][ T7816] tipc: Disabling bearer <eth:vlan0>
[  335.436319][ T5819] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  335.815957][ T5819] usb 3-1: Using ep0 maxpacket: 16
[  335.915374][ T5819] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  336.102214][ T5819] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  336.299879][ T5819] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  336.359852][ T5819] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  336.406766][ T5819] usb 3-1: Product: syz
[  336.429709][ T5819] usb 3-1: Manufacturer: syz
[  336.461526][ T5819] usb 3-1: SerialNumber: syz
[  336.525963][ T5878] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  336.541372][ T5819] usb 3-1: config 0 descriptor??
[  336.563474][ T5819] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  336.603279][ T5819] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  336.740830][ T5878] usb 5-1: config 0 has an invalid interface number: 29 but max is 0
[  336.820300][ T5878] usb 5-1: config 0 has no interface number 0
[  336.967780][ T5878] usb 5-1: config 0 interface 29 has no altsetting 0
[  337.067241][ T5878] usb 5-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  337.173560][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.245849][ T5878] usb 5-1: Product: syz
[  337.273826][ T5878] usb 5-1: Manufacturer: syz
[  337.304089][ T5878] usb 5-1: SerialNumber: syz
[  337.359142][ T5878] usb 5-1: config 0 descriptor??
[  337.366224][ T5819] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  337.409147][ T5819] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  337.858581][ T5878] peak_usb 5-1:0.29: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
[  338.245335][ T5878] peak_usb 5-1:0.29 can0: sending command failure: -22
[  338.270344][ T5878] peak_usb 5-1:0.29 can0: sending command failure: -22
[  338.290442][ T5878] peak_usb 5-1:0.29 can0: sending command failure: -22
[  338.331795][ T5819] em28xx 3-1:0.0: Unknown AC97 audio processor detected!
[  338.371831][ T5819] em28xx 3-1:0.0: couldn't setup AC97 register 2
[  338.820309][ T5819] em28xx 3-1:0.0: couldn't setup AC97 register 4
[  338.891764][ T5819] em28xx 3-1:0.0: couldn't setup AC97 register 6
[  338.959280][ T5878] peak_usb 5-1:0.29: probe with driver peak_usb failed with error -22
[  339.018118][ T5878] usb 5-1: USB disconnect, device number 19
[  339.138303][ T5819] em28xx 3-1:0.0: couldn't setup AC97 register 54
[  339.170846][ T5819] em28xx 3-1:0.0: couldn't setup AC97 register 56
[  339.201517][ T5819] usb 3-1: USB disconnect, device number 15
[  339.749461][ T7891] FAULT_INJECTION: forcing a failure.
[  339.749461][ T7891] name failslab, interval 1, probability 0, space 0, times 0
[  339.762557][ T7891] CPU: 0 UID: 0 PID: 7891 Comm: syz.1.512 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  339.762578][ T7891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  339.762588][ T7891] Call Trace:
[  339.762594][ T7891]  <TASK>
[  339.762600][ T7891]  dump_stack_lvl+0x189/0x250
[  339.762627][ T7891]  ? __pfx_dump_stack_lvl+0x10/0x10
[  339.762648][ T7891]  ? __pfx__printk+0x10/0x10
[  339.762672][ T7891]  ? __pfx___might_resched+0x10/0x10
[  339.762694][ T7891]  ? fs_reclaim_acquire+0x7d/0x100
[  339.762715][ T7891]  should_fail_ex+0x414/0x560
[  339.762734][ T7891]  should_failslab+0xa8/0x100
[  339.762748][ T7891]  __kmalloc_noprof+0xcb/0x4f0
[  339.762772][ T7891]  ? tomoyo_encode+0x28b/0x550
[  339.762795][ T7891]  tomoyo_encode+0x28b/0x550
[  339.762818][ T7891]  tomoyo_realpath_from_path+0x58d/0x5d0
[  339.762846][ T7891]  ? tomoyo_mount_permission+0x27a/0x970
[  339.762865][ T7891]  tomoyo_mount_permission+0x377/0x970
[  339.762885][ T7891]  ? stack_depot_save_flags+0x40/0x910
[  339.762898][ T7891]  ? tomoyo_mount_permission+0x27a/0x970
[  339.762917][ T7891]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  339.762980][ T7891]  security_sb_mount+0xec/0x350
[  339.763005][ T7891]  path_mount+0xbc/0xfe0
[  339.763025][ T7891]  ? user_path_at+0x44/0x60
[  339.763041][ T7891]  ? kmem_cache_free+0x192/0x3f0
[  339.763069][ T7891]  __se_sys_mount+0x317/0x410
[  339.763088][ T7891]  ? __pfx___se_sys_mount+0x10/0x10
[  339.763104][ T7891]  ? do_syscall_64+0xba/0x210
[  339.763122][ T7891]  ? __x64_sys_mount+0x20/0xc0
[  339.763137][ T7891]  do_syscall_64+0xf6/0x210
[  339.763156][ T7891]  ? clear_bhb_loop+0x60/0xb0
[  339.763174][ T7891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.763187][ T7891] RIP: 0033:0x7f520958e969
[  339.763201][ T7891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.763214][ T7891] RSP: 002b:00007f520a37a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  339.763229][ T7891] RAX: ffffffffffffffda RBX: 00007f52097b5fa0 RCX: 00007f520958e969
[  339.763240][ T7891] RDX: 0000200000004500 RSI: 00002000000000c0 RDI: 0000000000000000
[  339.763250][ T7891] RBP: 00007f520a37a090 R08: 0000200000000200 R09: 0000000000000000
[  339.763261][ T7891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  339.763275][ T7891] R13: 0000000000000000 R14: 00007f52097b5fa0 R15: 00007ffea1a1cec8
[  339.763308][ T7891]  </TASK>
[  340.010152][ T7891] ERROR: Out of memory at tomoyo_realpath_from_path.
[  340.742735][ T7917] netlink: 8 bytes leftover after parsing attributes in process `syz.1.518'.
[  341.041761][ T5819] usb 3-1: new low-speed USB device number 16 using dummy_hcd
[  341.279815][ T7920] ieee802154 phy0 wpan0: encryption failed: -22
[  341.478659][ T7917] openvswitch: netlink: Unknown nsh attribute 0
[  341.703475][ T7917] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  341.938753][ T5819] usb 3-1: device descriptor read/64, error -71
[  342.575961][ T5878] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  342.583772][ T5819] usb 3-1: new low-speed USB device number 17 using dummy_hcd
[  342.900957][ T5878] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  343.733693][ T5819] usb 3-1: device descriptor read/64, error -71
[  343.740819][ T5878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.872623][ T5819] usb usb3-port1: attempt power cycle
[  343.909868][ T5878] usb 2-1: config 0 descriptor??
[  344.310010][ T5878] usb 2-1: can't set config #0, error -71
[  344.317871][ T5878] usb 2-1: USB disconnect, device number 10
[  344.510943][ T7943] 
: renamed from bond0 (while UP)
[  345.318421][ T7954] nbd: must specify an index to disconnect
[  347.700471][ T7949] DRBG: could not allocate digest TFM handle: hmac(sha384)
[  347.810025][ T7970] xt_l2tp: v2 tid > 0xffff: 4294967295
[  349.105782][ T5909] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  349.113743][    C1] raw-gadget.0 gadget.3: ignoring, device is not running
[  349.575773][ T5909] usb 4-1: device descriptor read/64, error -32
[  350.015956][ T5909] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  350.094311][ T6592] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  350.198994][ T5909] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  350.211147][ T5909] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  350.285043][ T6592] usb 5-1: Using ep0 maxpacket: 8
[  350.437327][ T5909] usb 4-1: New USB device found, idVendor=058f, idProduct=9410, bcdDevice= 0.00
[  350.472831][ T6592] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  350.505769][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.518642][ T6592] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  350.553856][ T5909] usb 4-1: config 0 descriptor??
[  350.575889][ T6592] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  350.617670][ T6592] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  350.637701][ T6592] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  350.679906][ T6592] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  350.689401][ T6592] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  350.715821][ T6592] usb 5-1: Product: syz
[  350.720221][ T6592] usb 5-1: Manufacturer: syz
[  350.724995][ T6592] usb 5-1: SerialNumber: syz
[  350.792586][ T6592] usb 5-1: config 0 descriptor??
[  350.797007][ T7992] erofs (device nbd0): cannot find valid erofs superblock
[  350.910726][ T5909] usbhid 4-1:0.0: can't add hid device: -71
[  350.926928][ T5909] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  350.971582][ T5909] usb 4-1: USB disconnect, device number 20
[  351.030888][ T6592] radio-si470x 5-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  351.049025][ T6592] radio-si470x 5-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  351.264876][ T8002] binder: Binderfs stats mode cannot be changed during a remount
[  351.344838][ T6592] radio-si470x 5-1:0.0: software version 0, hardware version 0
[  351.524595][ T6592] radio-si470x 5-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  351.551517][ T6592] radio-si470x 5-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  351.574191][ T6592] radio-si470x 5-1:0.0: si470x_set_report: usb_control_msg returned -71
[  351.589297][ T6592] radio-si470x 5-1:0.0: submitting int urb failed (-90)
[  351.599721][ T6592] radio-si470x 5-1:0.0: si470x_set_report: usb_control_msg returned -71
[  351.631657][ T6592] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -22
[  351.669612][ T8006] netlink: 'syz.3.540': attribute type 39 has an invalid length.
[  351.888726][ T6592] usb 5-1: USB disconnect, device number 20
[  353.414716][ T7983] Process accounting resumed
[  354.972914][ T8034] bridge0: port 3(erspan0) entered disabled state
[  355.032920][ T8038] netlink: 16 bytes leftover after parsing attributes in process `syz.2.548'.
[  355.180359][ T5833] Bluetooth: hci4: unexpected event for opcode 0x0c7b
[  355.189809][ T8043] binder: Binderfs stats mode cannot be changed during a remount
[  355.599679][ T8049] IPv6: NLM_F_CREATE should be specified when creating new route
[  356.836032][ T5833] Bluetooth: hci2: unexpected event for opcode 0x2040
[  358.079887][    T9] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  358.788044][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  358.835882][    T9] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  358.862749][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.204933][    T9] usb 3-1: config 0 descriptor??
[  361.520786][    T9] usb 3-1: can't set config #0, error -71
[  361.527953][    T9] usb 3-1: USB disconnect, device number 19
[  362.165817][ T5909] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  362.956911][ T8109] binder: Binderfs stats mode cannot be changed during a remount
[  362.976758][ T5909] usb 3-1: Using ep0 maxpacket: 16
[  362.987848][ T5909] usb 3-1: config index 0 descriptor too short (expected 46642, got 72)
[  363.000548][ T5909] usb 3-1: config 173 has too many interfaces: 131, using maximum allowed: 32
[  363.010194][ T5909] usb 3-1: config 173 contains an unexpected descriptor of type 0x1, skipping
[  363.038405][ T5909] usb 3-1: config 173 has an invalid descriptor of length 0, skipping remainder of the config
[  363.080495][ T5909] usb 3-1: config 173 has 0 interfaces, different from the descriptor's value: 131
[  363.127818][ T5909] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  363.144390][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.192481][ T5909] usb 3-1: Product: syz
[  363.223284][ T5909] usb 3-1: Manufacturer: syz
[  363.250916][ T5909] usb 3-1: SerialNumber: syz
[  363.436284][ T5819] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  363.436539][ T5880] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  363.686448][ T5819] usb 1-1: Using ep0 maxpacket: 8
[  363.756066][ T8098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  363.765118][ T8098] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  363.851607][ T5880] usb 2-1: Using ep0 maxpacket: 32
[  363.865393][ T5880] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  363.888930][ T5880] usb 2-1: config 0 has no interface number 0
[  363.891058][ T5909] usb 3-1: USB disconnect, device number 20
[  363.905554][ T5880] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  363.921507][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.967022][ T5880] usb 2-1: Product: syz
[  363.971581][ T5880] usb 2-1: Manufacturer: syz
[  363.981792][ T5880] usb 2-1: SerialNumber: syz
[  364.166849][ T5880] usb 2-1: config 0 descriptor??
[  364.184983][ T5880] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  364.224763][ T5819] usb 1-1: unable to get BOS descriptor or descriptor too short
[  364.237286][ T5819] usb 1-1: unable to read config index 0 descriptor/start: -71
[  364.261323][ T5819] usb 1-1: can't read configurations, error -71
[  364.353014][ T8125] netlink: 4 bytes leftover after parsing attributes in process `syz.3.571'.
[  364.421613][ T5880] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  364.443615][ T5880] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  364.896650][ T5880] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  365.002128][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  365.002194][ T5878] usb 2-1: USB disconnect, device number 11
[  365.031388][ T5878] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  365.047173][ T5878] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  365.059652][ T5878] quatech2 2-1:0.51: device disconnected
[  365.958283][ T5880] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  366.034471][ T5880] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  366.045742][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.091348][ T5880] usb 4-1: config 0 descriptor??
[  367.432570][ T5880] ath6kl: Unsupported hardware version: 0x0
[  367.613651][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  367.613669][   T30] audit: type=1326 audit(1747124257.353:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8126 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  367.644688][ T5880] ath6kl: Failed to init ath6kl core: -22
[  367.669217][ T5880] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22
[  367.684802][ T5880] usb 4-1: USB disconnect, device number 21
[  367.749858][   T30] audit: type=1326 audit(1747124257.353:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8126 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  368.009306][ T8167] binder: Binderfs stats mode cannot be changed during a remount
[  368.084523][ T8169] netlink: 124 bytes leftover after parsing attributes in process `syz.4.583'.
[  368.118471][ T8169] netlink: 56 bytes leftover after parsing attributes in process `syz.4.583'.
[  368.175760][ T5909] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  368.215099][ T8169] dlm: Unknown command passed to DLM device : 0
[  368.215099][ T8169] 
[  368.376021][ T5878] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  368.566688][ T5909] usb 3-1: Using ep0 maxpacket: 16
[  368.703891][ T5909] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  368.735913][ T5878] usb 2-1: Using ep0 maxpacket: 8
[  368.771259][ T5909] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  368.816288][ T5878] usb 2-1: config 2 has an invalid interface number: 1 but max is 0
[  368.824379][ T5878] usb 2-1: config 2 has no interface number 0
[  368.834061][ T5909] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  368.886166][ T5909] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  368.901011][ T5878] usb 2-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=47.78
[  368.917730][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.926383][ T5909] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  369.059794][ T5878] usb 2-1: Product: syz
[  369.168225][ T8176] vim2m vim2m.0: vidioc_s_fmt queue busy
[  369.548481][ T5878] usb 2-1: Manufacturer: syz
[  369.638826][ T5878] usb 2-1: SerialNumber: syz
[  369.701212][ T5909] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  369.848117][ T5909] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  369.941893][ T5909] usb 3-1: Manufacturer: syz
[  370.217213][ T5909] usb 3-1: config 0 descriptor??
[  370.280085][ T5878] usb 2-1: selecting invalid altsetting 1
[  370.461050][ T8165] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.506388][ T8165] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  370.626781][ T5878] snd-usb-us122l 2-1:2.1: usb_set_interface error
[  371.105388][ T5878] snd-usb-us122l 2-1:2.1: probe with driver snd-usb-us122l failed with error -22
[  371.123696][ T5878] usb 2-1: USB disconnect, device number 12
[  371.235779][ T5909] rc_core: IR keymap rc-hauppauge not found
[  371.241952][ T5909] Registered IR keymap rc-empty
[  371.247799][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  371.270253][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  371.330827][ T5833] Bluetooth: hci0: unexpected event for opcode 0x0c7b
[  371.538650][ T5909] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  371.553240][ T5909] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input13
[  371.619762][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  371.675883][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  371.734865][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  371.815818][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  371.895868][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  372.419377][ T8202] netlink: 20 bytes leftover after parsing attributes in process `syz.1.589'.
[  372.693267][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  372.996849][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  373.385866][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  373.410421][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  373.446208][ T5909] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  373.468334][ T5909] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[  373.486216][ T5909] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  373.545079][ T5909] usb 3-1: USB disconnect, device number 21
[  373.655863][ T5878] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  373.855801][    T9] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  373.863633][ T5887] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  373.895833][ T5878] usb 1-1: Using ep0 maxpacket: 32
[  373.908213][ T5878] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  373.950972][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.023800][ T5878] usb 1-1: config 0 descriptor??
[  374.176844][ T5887] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  374.195308][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  374.229685][ T5887] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  374.240454][    T9] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  374.264161][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.270508][ T5878] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  374.283698][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.327076][ T5887] usb 4-1: config 0 descriptor??
[  374.349877][    T9] usb 5-1: config 0 descriptor??
[  374.349899][ T5878] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  374.418431][ T8224] FAULT_INJECTION: forcing a failure.
[  374.418431][ T8224] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  374.436730][ T5878] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  374.459725][ T5878] usb 1-1: media controller created
[  374.488337][ T5878] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  374.501971][ T8224] CPU: 1 UID: 0 PID: 8224 Comm: syz.2.597 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  374.502004][ T8224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  374.502020][ T8224] Call Trace:
[  374.502029][ T8224]  <TASK>
[  374.502041][ T8224]  dump_stack_lvl+0x189/0x250
[  374.502068][ T8224]  ? __lock_acquire+0xaac/0xd20
[  374.502098][ T8224]  ? __pfx_dump_stack_lvl+0x10/0x10
[  374.502120][ T8224]  ? __pfx__printk+0x10/0x10
[  374.502146][ T8224]  ? __might_fault+0xb0/0x130
[  374.502180][ T8224]  should_fail_ex+0x414/0x560
[  374.502201][ T8224]  _copy_from_user+0x2d/0xb0
[  374.502226][ T8224]  memdup_user+0x5e/0xd0
[  374.502252][ T8224]  strndup_user+0x68/0xd0
[  374.502272][ T8224]  __se_sys_mount+0x9c/0x410
[  374.502289][ T8224]  ? ksys_write+0x1f0/0x250
[  374.502313][ T8224]  ? __pfx___se_sys_mount+0x10/0x10
[  374.502331][ T8224]  ? do_syscall_64+0xba/0x210
[  374.502351][ T8224]  ? __x64_sys_mount+0x20/0xc0
[  374.502371][ T8224]  do_syscall_64+0xf6/0x210
[  374.502396][ T8224]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  374.502413][ T8224]  ? clear_bhb_loop+0x60/0xb0
[  374.502432][ T8224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.502448][ T8224] RIP: 0033:0x7f9f0438e969
[  374.502463][ T8224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  374.502477][ T8224] RSP: 002b:00007f9f05250038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  374.502494][ T8224] RAX: ffffffffffffffda RBX: 00007f9f045b5fa0 RCX: 00007f9f0438e969
[  374.502508][ T8224] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000
[  374.502522][ T8224] RBP: 00007f9f05250090 R08: 0000200000000400 R09: 0000000000000000
[  374.502532][ T8224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  374.502542][ T8224] R13: 0000000000000000 R14: 00007f9f045b5fa0 R15: 00007ffe58f16e28
[  374.502566][ T8224]  </TASK>
[  374.599150][ T5940] udevd[5940]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  374.956961][ T5887] ath6kl: Unsupported hardware version: 0x0
[  374.966342][ T5887] ath6kl: Failed to init ath6kl core: -22
[  374.973716][ T5887] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22
[  375.100116][    T9] ath6kl: Unsupported hardware version: 0x0
[  375.107115][    T9] ath6kl: Failed to init ath6kl core: -22
[  375.117904][    T9] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -22
[  375.566632][   T30] audit: type=1326 audit(1747124265.183:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8207 comm="syz.3.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  375.886039][   T30] audit: type=1326 audit(1747124265.203:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8207 comm="syz.3.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f746bb8e969 code=0x7ffc0000
[  375.913717][ T5887] usb 5-1: USB disconnect, device number 21
[  375.961271][   T30] audit: type=1326 audit(1747124265.613:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8209 comm="syz.4.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  376.053741][   T30] audit: type=1326 audit(1747124265.613:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8209 comm="syz.4.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d5e58e969 code=0x7ffc0000
[  376.090018][ T5878] stb0899_attach: Driver disabled by Kconfig
[  376.096437][ T5878] az6027: no front-end attached
[  376.096437][ T5878] 
[  376.505024][ T5878] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  376.519380][ T5878] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input14
[  377.437209][ T5878] dvb-usb: schedule remote query interval to 400 msecs.
[  377.444422][ T5878] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  377.455547][ T5878] usb 1-1: USB disconnect, device number 19
[  377.669015][ T8246] FAULT_INJECTION: forcing a failure.
[  377.669015][ T8246] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  377.760366][ T8246] CPU: 1 UID: 0 PID: 8246 Comm: syz.2.600 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  377.760399][ T8246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  377.760412][ T8246] Call Trace:
[  377.760421][ T8246]  <TASK>
[  377.760430][ T8246]  dump_stack_lvl+0x189/0x250
[  377.760462][ T8246]  ? __lock_acquire+0xaac/0xd20
[  377.760493][ T8246]  ? __pfx_dump_stack_lvl+0x10/0x10
[  377.760520][ T8246]  ? __pfx__printk+0x10/0x10
[  377.760551][ T8246]  ? __might_fault+0xb0/0x130
[  377.760594][ T8246]  should_fail_ex+0x414/0x560
[  377.760619][ T8246]  _copy_from_user+0x2d/0xb0
[  377.760646][ T8246]  ___sys_sendmsg+0x158/0x2a0
[  377.760676][ T8246]  ? __pfx____sys_sendmsg+0x10/0x10
[  377.760739][ T8246]  ? __fget_files+0x2a/0x420
[  377.760758][ T8246]  ? __fget_files+0x3a0/0x420
[  377.760787][ T8246]  __sys_sendmmsg+0x227/0x430
[  377.760819][ T8246]  ? __pfx___sys_sendmmsg+0x10/0x10
[  377.760856][ T8246]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  377.760902][ T8246]  ? ksys_write+0x1f0/0x250
[  377.760928][ T8246]  ? rcu_is_watching+0x15/0xb0
[  377.760967][ T8246]  __x64_sys_sendmmsg+0xa0/0xc0
[  377.760997][ T8246]  do_syscall_64+0xf6/0x210
[  377.761024][ T8246]  ? clear_bhb_loop+0x60/0xb0
[  377.761049][ T8246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.761069][ T8246] RIP: 0033:0x7f9f0438e969
[  377.761088][ T8246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.761105][ T8246] RSP: 002b:00007f9f05250038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  377.761128][ T8246] RAX: ffffffffffffffda RBX: 00007f9f045b5fa0 RCX: 00007f9f0438e969
[  377.761143][ T8246] RDX: 0000000000000002 RSI: 0000200000001440 RDI: 0000000000000003
[  377.761157][ T8246] RBP: 00007f9f05250090 R08: 0000000000000000 R09: 0000000000000000
[  377.761169][ T8246] R10: 0000000004001c00 R11: 0000000000000246 R12: 0000000000000001
[  377.761182][ T8246] R13: 0000000000000000 R14: 00007f9f045b5fa0 R15: 00007ffe58f16e28
[  377.761214][ T8246]  </TASK>
[  378.124953][ T5878] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  378.456263][ T5878] usb 1-1: new low-speed USB device number 20 using dummy_hcd
[  378.509297][ T5887] usb 4-1: USB disconnect, device number 22
[  378.795938][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  378.814055][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  379.208485][ T5878] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  379.239136][ T5878] usb 1-1: config 0 has no interface number 0
[  379.269727][   T59] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  379.496255][ T5878] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  379.515040][ T5878] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  379.526709][ T5878] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  379.536124][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.556888][ T5878] usb 1-1: config 0 descriptor??
[  379.566238][ T8248] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  379.598653][ T5878] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  379.717209][   T59] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  379.820483][   T59] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  380.463721][   T59] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  380.474851][   T59] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.493932][   T59] usb 2-1: config 0 descriptor??
[  380.509710][   T59] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  380.717642][ T8248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  380.837404][ T8248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  383.365404][    T9] usb 2-1: USB disconnect, device number 13
[  383.531752][ T5880] usb 1-1: USB disconnect, device number 20
[  387.849644][ T5887] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  388.424571][ T5887] usb 4-1: config 0 has an invalid interface number: 29 but max is 0
[  388.706096][ T5887] usb 4-1: config 0 has no interface number 0
[  388.712288][ T5887] usb 4-1: config 0 interface 29 has no altsetting 0
[  388.723793][ T8313] sp0: Synchronizing with TNC
[  388.794021][ T8328] overlayfs: missing 'lowerdir'
[  388.861972][ T5887] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  388.882041][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.905565][ T5887] usb 4-1: Product: syz
[  388.912125][ T5887] usb 4-1: Manufacturer: syz
[  388.917401][ T5887] usb 4-1: SerialNumber: syz
[  388.954066][ T5887] usb 4-1: config 0 descriptor??
[  389.146073][ T5819] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  389.227424][ T5887] peak_usb 4-1:0.29: PEAK-System PCAN-USB X6 v39 fw v162.167.78 (2 channels)
[  389.362388][ T5819] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  389.392844][ T5819] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  389.419253][ T5887] peak_usb 4-1:0.29 can0: sending command failure: -22
[  389.427405][ T5887] peak_usb 4-1:0.29 can0: sending command failure: -22
[  389.434328][ T5887] peak_usb 4-1:0.29 can0: sending command failure: -22
[  389.518161][ T5887] peak_usb 4-1:0.29: probe with driver peak_usb failed with error -22
[  389.659753][ T5819] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  389.672537][ T5819] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  389.683748][ T5819] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  389.697800][ T5819] usb 3-1: config 0 interface 0 has no altsetting 0
[  389.716236][ T5819] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  389.725352][ T5819] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  389.884515][ T8351] xt_CT: You must specify a L4 protocol and not use inversions on it
[  390.273397][ T5887] usb 4-1: USB disconnect, device number 23
[  390.395837][ T5819] usb 3-1: Product: syz
[  390.400108][ T5819] usb 3-1: Manufacturer: syz
[  390.404763][ T5819] usb 3-1: SerialNumber: syz
[  390.422242][ T5819] usb 3-1: config 0 descriptor??
[  390.448215][ T8336] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  390.468411][ T5819] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  390.506081][ T5819] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  390.573204][ T8357] netlink: 'syz.0.626': attribute type 1 has an invalid length.
[  392.057065][    T9] usb 3-1: USB disconnect, device number 22
[  392.073285][    T9] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  392.387999][ T8374] openvswitch: netlink: Message has 3 unknown bytes.
[  392.394790][ T8374] openvswitch: netlink: Actions may not be safe on all matching packets
[  394.949611][   T30] audit: type=1326 audit(1747124284.543:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  395.336045][   T30] audit: type=1326 audit(1747124284.543:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  395.442848][ T8410] tmpfs: Bad value for 'mpol'
[  395.448511][ T8406] FAULT_INJECTION: forcing a failure.
[  395.448511][ T8406] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  395.448548][ T8406] CPU: 1 UID: 0 PID: 8406 Comm: syz.4.640 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  395.448572][ T8406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  395.448586][ T8406] Call Trace:
[  395.448595][ T8406]  <TASK>
[  395.448603][ T8406]  dump_stack_lvl+0x189/0x250
[  395.448635][ T8406]  ? __lock_acquire+0xaac/0xd20
[  395.448665][ T8406]  ? __pfx_dump_stack_lvl+0x10/0x10
[  395.448693][ T8406]  ? __pfx__printk+0x10/0x10
[  395.448724][ T8406]  ? __might_fault+0xb0/0x130
[  395.448768][ T8406]  should_fail_ex+0x414/0x560
[  395.448794][ T8406]  _copy_from_user+0x2d/0xb0
[  395.448824][ T8406]  ___sys_sendmsg+0x158/0x2a0
[  395.448856][ T8406]  ? __pfx____sys_sendmsg+0x10/0x10
[  395.448922][ T8406]  ? __fget_files+0x2a/0x420
[  395.448940][ T8406]  ? __fget_files+0x3a0/0x420
[  395.448970][ T8406]  __x64_sys_sendmsg+0x19b/0x260
[  395.449000][ T8406]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  395.449049][ T8406]  ? do_syscall_64+0xba/0x210
[  395.449084][ T8406]  do_syscall_64+0xf6/0x210
[  395.449121][ T8406]  ? clear_bhb_loop+0x60/0xb0
[  395.449149][ T8406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.449171][ T8406] RIP: 0033:0x7f2d5e58e969
[  395.449190][ T8406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.449208][ T8406] RSP: 002b:00007f2d5f48b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  395.449231][ T8406] RAX: ffffffffffffffda RBX: 00007f2d5e7b5fa0 RCX: 00007f2d5e58e969
[  395.449247][ T8406] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  395.449261][ T8406] RBP: 00007f2d5f48b090 R08: 0000000000000000 R09: 0000000000000000
[  395.449275][ T8406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  395.449287][ T8406] R13: 0000000000000000 R14: 00007f2d5e7b5fa0 R15: 00007ffe00d46108
[  395.449321][ T8406]  </TASK>
[  395.674866][   T30] audit: type=1326 audit(1747124284.543:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  395.699965][ T8413] netlink: 'syz.3.639': attribute type 29 has an invalid length.
[  395.786018][   T30] audit: type=1326 audit(1747124284.543:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  396.169168][ T8413] netlink: 'syz.3.639': attribute type 29 has an invalid length.
[  396.294064][   T30] audit: type=1326 audit(1747124284.543:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  396.595884][   T30] audit: type=1326 audit(1747124284.543:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  396.623052][ T8413] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  396.689949][   T30] audit: type=1326 audit(1747124284.553:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  396.723302][ T8410] input: syz0 as /devices/virtual/input/input15
[  396.762837][   T30] audit: type=1326 audit(1747124284.553:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  396.907835][   T30] audit: type=1326 audit(1747124284.553:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  397.155833][   T30] audit: type=1326 audit(1747124284.553:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.1.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520958e969 code=0x7ffc0000
[  398.819112][ T8448] XFS (nullb0): Invalid superblock magic number
[  400.185412][ T8459] binder: 8456:8459 ioctl 8904 200000002340 returned -22
[  400.253102][ T8467] syz.4.652 (8467): drop_caches: 0
[  400.477571][ T8471] netlink: 8 bytes leftover after parsing attributes in process `syz.2.653'.
[  401.529386][ T8480] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  401.651926][ T8480] qnx6: wrong signature (magic) in superblock #1.
[  401.660073][ T8480] qnx6: unable to read the first superblock
[  401.775834][    T9] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  402.098875][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  402.107974][    T9] usb 2-1: not running at top speed; connect to a high speed hub
[  402.117340][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  402.134600][    T9] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[  402.147062][    T9] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  402.209366][    T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  402.257754][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.277629][ T8483] netlink: 4 bytes leftover after parsing attributes in process `syz.4.657'.
[  402.298887][    T9] usb 2-1: Product: syz
[  402.316828][    T9] usb 2-1: Manufacturer: syz
[  402.322281][    T9] usb 2-1: SerialNumber: syz
[  405.480954][    T9] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  406.631719][ T8507] netlink: 52 bytes leftover after parsing attributes in process `syz.3.662'.
[  406.695430][    T9] usb 2-1: USB disconnect, device number 14
[  407.095344][ T6387] udevd[6387]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  408.919143][ T8539] fuse: Unknown parameter 'f­dpàÃ6¬æûÄÁŒ'
[  409.265921][ T5878] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  409.511187][ T5887] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  409.616208][ T5878] usb 1-1: Using ep0 maxpacket: 8
[  409.714310][ T5878] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  409.766363][ T5878] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  409.820465][ T5878] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  409.890906][ T5878] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  409.980226][ T5878] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  410.033004][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.462986][ T5878] usb 1-1: GET_CAPABILITIES returned 0
[  410.483137][ T5878] usbtmc 1-1:16.0: can't read capabilities
[  410.562708][ T5881] usb 5-1: new low-speed USB device number 22 using dummy_hcd
[  410.585776][ T5887] usb 3-1: Using ep0 maxpacket: 16
[  410.593000][ T5887] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  410.603987][ T5887] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  410.615379][ T5887] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  410.738897][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.786398][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.800510][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.814870][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.830590][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.900344][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.916669][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.939061][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.949813][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.959251][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.968468][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.978425][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  410.993751][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  411.039273][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  411.049718][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  411.061917][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  411.099638][ T5887] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  411.109577][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.118097][ T5887] usb 3-1: Product: syz
[  411.122488][ T5887] usb 3-1: Manufacturer: syz
[  411.127276][ T5887] usb 3-1: SerialNumber: syz
[  411.166164][ T5881] usb 5-1: device descriptor read/64, error -71
[  411.456284][ T5887] usb 3-1: USB disconnect, device number 23
[  411.462701][ T5881] usb 5-1: new low-speed USB device number 23 using dummy_hcd
[  411.687615][ T6387] udevd[6387]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  411.705604][ T5881] usb 5-1: device descriptor read/64, error -71
[  411.829633][ T6592] usb 1-1: USB disconnect, device number 21
[  412.007130][ T5881] usb usb5-port1: attempt power cycle
[  412.519045][ T8570] 9pnet_fd: Insufficient options for proto=fd
[  415.033833][ T8595] x_tables: ip_tables: MASQUERADE target: used from hooks INPUT, but only usable from POSTROUTING
[  415.195899][ T6592] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  415.459196][ T6592] usb 5-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b
[  415.691932][ T6592] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.712291][   T38] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x53200
[  415.715834][ T6592] usb 5-1: Product: syz
[  415.725449][ T6592] usb 5-1: Manufacturer: syz
[  415.745707][ T6592] usb 5-1: SerialNumber: syz
[  415.786509][   T38] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  415.855758][ T8608] netlink: 'syz.1.689': attribute type 6 has an invalid length.
[  415.866648][ T8608] netlink: 12 bytes leftover after parsing attributes in process `syz.1.689'.
[  415.880246][ T8608] tmpfs: Bad value for 'size'
[  415.901528][   T38] page_type: f0(buddy)
[  415.909422][   T38] raw: 00fff00000000000 ffffea00014bc008 ffff88813fffc7d0 0000000000000000
[  415.919720][   T38] raw: 0000000000000000 0000000000000008 00000000f0000000 0000000000000000
[  415.932736][   T38] page dumped because: VM_WARN_ON_FOLIO(!folio_test_large(folio))
[  415.942880][   T38] page_owner tracks the page as freed
[  415.950688][   T38] page last allocated via order 8, migratetype Movable, gfp_mask 0x1c20ca(GFP_TRANSHUGE_LIGHT), pid 8586, tgid 8584 (syz.2.685), ts 415613392832, free_ts 415708188855
[  415.998795][ T6592] gspca_main: pac207-2.14.0 probing 093a:2476
[  416.038419][ T6592] gspca_pac207: Failed to read a register (index 0x0000, error -71)
[  416.066659][ T6592] usb 5-1: Found UVC 0.00 device syz (093a:2476)
[  416.096197][ T6592] usb 5-1: No valid video chain found.
[  416.117149][ T6592] usb 5-1: USB disconnect, device number 25
[  416.136837][ T5878] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  416.151282][   T38]  post_alloc_hook+0x1d8/0x230
[  416.156876][   T38]  get_page_from_freelist+0x21c7/0x22a0
[  416.162999][   T38]  __alloc_frozen_pages_noprof+0x181/0x370
[  416.169762][   T38]  alloc_pages_mpol+0x232/0x4a0
[  416.174986][   T38]  folio_alloc_mpol_noprof+0x39/0x70
[  416.181454][   T38]  shmem_alloc_folio+0xbb/0x160
[  416.190977][   T38]  shmem_alloc_and_add_folio+0x624/0xf60
[  416.198334][   T38]  shmem_get_folio_gfp+0x543/0x15f0
[  416.203741][   T38]  shmem_fallocate+0x80f/0xde0
[  416.213455][   T38]  vfs_fallocate+0x6a0/0x830
[  416.220063][   T38]  __x64_sys_fallocate+0xc0/0x110
[  416.225210][   T38]  do_syscall_64+0xf6/0x210
[  416.238243][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.244281][   T38] page last free pid 8586 tgid 8584 stack trace:
[  416.253492][   T38]  __free_pages_ok+0x910/0xac0
[  416.266363][   T38]  __folio_put+0x21b/0x2c0
[  416.271105][   T38]  hpage_collapse_scan_file+0x3ab3/0x4200
[  416.279838][   T38]  madvise_collapse+0x485/0xa80
[  416.285037][   T38]  madvise_do_behavior+0xde6/0x3500
[  416.291411][   T38]  __x64_sys_madvise+0x10c/0x150
[  416.297818][   T38]  do_syscall_64+0xf6/0x210
[  416.303081][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.311179][ T5878] usb 2-1: config 0 has an invalid interface number: 64 but max is 0
[  416.320515][ T5878] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  416.332017][ T5878] usb 2-1: config 0 has no interface number 0
[  416.340458][   T38] ------------[ cut here ]------------
[  416.346856][   T38] WARNING: CPU: 1 PID: 38 at ./include/linux/mm.h:1335 folio_large_mapcount+0xd0/0x110
[  416.357473][   T38] Modules linked in:
[  416.361793][   T38] CPU: 1 UID: 0 PID: 38 Comm: khugepaged Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  416.373968][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  416.384643][   T38] RIP: 0010:folio_large_mapcount+0xd0/0x110
[  416.390902][   T38] Code: 04 38 84 c0 75 29 8b 03 ff c0 5b 41 5e 41 5f e9 96 d2 2b 09 cc e8 d0 cb 99 ff 48 89 df 48 c7 c6 20 de 77 8b e8 a1 dc de ff 90 <0f> 0b 90 eb b6 89 d9 80 e1 07 80 c1 03 38 c1 7c cb 48 89 df e8 87
[  416.411974][    C1] vkms_vblank_simulate: vblank timer overrun
[  416.418514][   T38] RSP: 0018:ffffc90000af77e0 EFLAGS: 00010246
[  416.425076][   T38] RAX: e1fcb38c0ff8ce00 RBX: ffffea00014c8000 RCX: e1fcb38c0ff8ce00
[  416.433435][   T38] RDX: 0000000000000001 RSI: ffffffff8d9226df RDI: ffff88801e2fbc00
[  416.442091][   T38] RBP: ffffc90000af7b50 R08: ffff8880b8923e93 R09: 1ffff110171247d2
[  416.450422][   T38] R10: dffffc0000000000 R11: ffffed10171247d3 R12: 1ffffd4000299000
[  416.459086][   T38] R13: dffffc0000000000 R14: 0000000000000000 R15: dffffc0000000000
[  416.467997][   T38] FS:  0000000000000000(0000) GS:ffff8881261fb000(0000) knlGS:0000000000000000
[  416.478420][   T38] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  416.485336][   T38] CR2: 00007ffe58f12dc0 CR3: 0000000030e04000 CR4: 00000000003526f0
[  416.493606][   T38] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  416.501830][   T38] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  416.510361][   T38] Call Trace:
[  416.514709][   T38]  <TASK>
[  416.518396][   T38]  is_refcount_suitable+0x350/0x430
[  416.524001][   T38]  hpage_collapse_scan_file+0x6d4/0x4200
[  416.529830][   T38]  ? hpage_collapse_scan_file+0x192/0x4200
[  416.536005][   T38]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  416.542112][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  416.549095][   T38]  ? __pfx_hpage_collapse_scan_file+0x10/0x10
[  416.555736][   T38]  ? __lock_acquire+0xaac/0xd20
[  416.560678][   T38]  ? __pfx___up_read+0x10/0x10
[  416.566492][   T38]  khugepaged+0xa2a/0x1690
[  416.572102][   T38]  ? __pfx_khugepaged+0x10/0x10
[  416.577115][   T38]  ? do_raw_spin_lock+0x121/0x290
[  416.582539][   T38]  ? __pfx_autoremove_wake_function+0x10/0x10
[  416.589226][   T38]  ? __pfx_autoremove_wake_function+0x10/0x10
[  416.595922][   T38]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  416.602563][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  416.609069][   T38]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  416.616110][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  416.622921][   T38]  ? __kthread_parkme+0x7b/0x200
[  416.628264][   T38]  ? __kthread_parkme+0x1a1/0x200
[  416.633587][   T38]  kthread+0x70e/0x8a0
[  416.638134][   T38]  ? __pfx_khugepaged+0x10/0x10
[  416.645407][   T38]  ? __pfx_kthread+0x10/0x10
[  416.651063][   T38]  ? __pfx_kthread+0x10/0x10
[  416.657330][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  416.664004][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  416.670330][   T38]  ? __pfx_kthread+0x10/0x10
[  416.675503][   T38]  ret_from_fork+0x4b/0x80
[  416.680205][   T38]  ? __pfx_kthread+0x10/0x10
[  416.685066][   T38]  ret_from_fork_asm+0x1a/0x30
[  416.690239][   T38]  </TASK>
[  416.694534][   T38] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  416.705601][   T38] CPU: 1 UID: 0 PID: 38 Comm: khugepaged Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  416.721643][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  416.735848][   T38] Call Trace:
[  416.740503][   T38]  <TASK>
[  416.744735][   T38]  dump_stack_lvl+0x99/0x250
[  416.750474][   T38]  ? __asan_memcpy+0x40/0x70
[  416.755507][   T38]  ? __pfx_dump_stack_lvl+0x10/0x10
[  416.761891][   T38]  ? __pfx__printk+0x10/0x10
[  416.766685][   T38]  panic+0x2db/0x790
[  416.771683][   T38]  ? __pfx_panic+0x10/0x10
[  416.776670][   T38]  ? show_trace_log_lvl+0x4fb/0x550
[  416.785209][   T38]  ? ret_from_fork_asm+0x1a/0x30
[  416.792703][   T38]  __warn+0x31b/0x4b0
[  416.800011][   T38]  ? folio_large_mapcount+0xd0/0x110
[  416.807618][   T38]  ? folio_large_mapcount+0xd0/0x110
[  416.813980][   T38]  report_bug+0x2be/0x4f0
[  416.821237][   T38]  ? folio_large_mapcount+0xd0/0x110
[  416.827304][   T38]  ? folio_large_mapcount+0xd0/0x110
[  416.833267][   T38]  ? folio_large_mapcount+0xd2/0x110
[  416.838759][   T38]  handle_bug+0x84/0x160
[  416.843055][   T38]  exc_invalid_op+0x1a/0x50
[  416.847691][   T38]  asm_exc_invalid_op+0x1a/0x20
[  416.853916][   T38] RIP: 0010:folio_large_mapcount+0xd0/0x110
[  416.860101][   T38] Code: 04 38 84 c0 75 29 8b 03 ff c0 5b 41 5e 41 5f e9 96 d2 2b 09 cc e8 d0 cb 99 ff 48 89 df 48 c7 c6 20 de 77 8b e8 a1 dc de ff 90 <0f> 0b 90 eb b6 89 d9 80 e1 07 80 c1 03 38 c1 7c cb 48 89 df e8 87
[  416.881392][   T38] RSP: 0018:ffffc90000af77e0 EFLAGS: 00010246
[  416.887493][   T38] RAX: e1fcb38c0ff8ce00 RBX: ffffea00014c8000 RCX: e1fcb38c0ff8ce00
[  416.895587][   T38] RDX: 0000000000000001 RSI: ffffffff8d9226df RDI: ffff88801e2fbc00
[  416.903673][   T38] RBP: ffffc90000af7b50 R08: ffff8880b8923e93 R09: 1ffff110171247d2
[  416.911785][   T38] R10: dffffc0000000000 R11: ffffed10171247d3 R12: 1ffffd4000299000
[  416.920225][   T38] R13: dffffc0000000000 R14: 0000000000000000 R15: dffffc0000000000
[  416.928500][   T38]  is_refcount_suitable+0x350/0x430
[  416.933988][   T38]  hpage_collapse_scan_file+0x6d4/0x4200
[  416.939764][   T38]  ? hpage_collapse_scan_file+0x192/0x4200
[  416.945616][   T38]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  416.952486][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  416.959094][   T38]  ? __pfx_hpage_collapse_scan_file+0x10/0x10
[  416.965810][   T38]  ? __lock_acquire+0xaac/0xd20
[  416.971256][   T38]  ? __pfx___up_read+0x10/0x10
[  416.977165][   T38]  khugepaged+0xa2a/0x1690
[  416.981802][   T38]  ? __pfx_khugepaged+0x10/0x10
[  416.986714][   T38]  ? do_raw_spin_lock+0x121/0x290
[  416.991863][   T38]  ? __pfx_autoremove_wake_function+0x10/0x10
[  416.998146][   T38]  ? __pfx_autoremove_wake_function+0x10/0x10
[  417.004344][   T38]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  417.010253][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  417.015489][   T38]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  417.021682][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  417.028293][   T38]  ? __kthread_parkme+0x7b/0x200
[  417.033796][   T38]  ? __kthread_parkme+0x1a1/0x200
[  417.039054][   T38]  kthread+0x70e/0x8a0
[  417.044677][   T38]  ? __pfx_khugepaged+0x10/0x10
[  417.050182][   T38]  ? __pfx_kthread+0x10/0x10
[  417.055068][   T38]  ? __pfx_kthread+0x10/0x10
[  417.059922][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  417.065491][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  417.071608][   T38]  ? __pfx_kthread+0x10/0x10
[  417.076321][   T38]  ret_from_fork+0x4b/0x80
[  417.082276][   T38]  ? __pfx_kthread+0x10/0x10
[  417.087069][   T38]  ret_from_fork_asm+0x1a/0x30
[  417.091889][   T38]  </TASK>
[  417.095436][   T38] Kernel Offset: disabled
[  417.099921][   T38] Rebooting in 86400 seconds..