last executing test programs:

17.157239507s ago: executing program 1 (id=1574):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000140)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a00100000000280607ee622", 0x2e}], 0x1}, 0x24000044)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r2=>0x0})
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000000020104000000000000000009000000040003803000026d8d802c00018014000300fc00000000000000000000000000002014000400ff010000000000000000000000000001"], 0x48}, 0x1, 0x0, 0x0, 0x200080d0}, 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000001c0)={0x40, 0xe, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000b40)={0x84, &(0x7f0000000600)=ANY=[@ANYBLOB="200f8c0000003b4116d4009298b07dbf6cfa2ab7b4703eafed3dd702ba7238a50643a9b815"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={0x40, 0x13, 0x6, @multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}}, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000040)={0x15, 0x1, 0x0, "2742528909000000ce0198666a0084feea0be6b8a80052d763e61f9d13f019e3"})
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r6, 0x800448f0, &(0x7f0000000240)={0x2, 0x101, "1a6df2", 0x7, 0xc})
syz_usb_control_io$cdc_ncm(r3, &(0x7f0000000440)={0x14, &(0x7f0000000340)={0x20, 0x21, 0xba, {0xba, 0xb, "54d0a5b47b7ecf31a09d30a0b05e8c5986f0fd96f8cd33e1b7a6b3d903e47687310548ab1c9c5bacb7fd336f67581e296601303e8eba8cde09392b2b8c60e7bc3e2a1ff7aa981a58e9add3b1183d167860fcdbc1fd7a9cb7d89d284bc7a61973fe06989112de12b3c178f8ec19158c9d07f0503f2c55911e0bdff2874944c65c4e71eca32d22701d9c3a41b3eae9add66cab8b5cbfc3a61b23d2c68bc8bb574b7fdae3c4d8ad369be8f8eb38a01a2a721eb4573ffe349e26"}}, &(0x7f0000000400)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000009c0)={0x44, &(0x7f0000000640)={0x20, 0x13, 0xd6, "1d075edc85cf0546c167232a1b8638243e06389679624f414643c4022f774b5081a555702258714440eea3bbae5fd8209bad2af0d7f521e8935aa2541be42d9b91ab9bdb0438769469a2c8d405d2aed2431550cccdd1d82eb51ec3a4058979a0965cfd66e0d86158aa10506c65c28033ceff0eb9455f403a4ac13658203c3d18628c06029dd0b2cc07fad9149f7b60e068e94e8ca16affb46b1bff1682d7d9796fb10f16ba428013644bf3ed48e349a1bba50db9d1711769442f09e289c63bf1579aec96c0ad7b8836cfe1856adc3bd6db109729d5ec"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0x91}, &(0x7f0000000540)={0x0, 0x8, 0x1}, &(0x7f0000000580)={0x20, 0x80, 0x1c, {0x5, 0x6, 0x100, 0xc, 0x3, 0x8, 0x8, 0xff, 0x5, 0x8, 0x7, 0xb7d}}, &(0x7f00000005c0)={0x20, 0x85, 0x4, 0xc}, &(0x7f00000007c0)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000800)={0x20, 0x87, 0x2, 0x4}, &(0x7f0000000840)={0x20, 0x89, 0x2}})
sendmmsg$alg(r4, &(0x7f00000000c0), 0x492492492492627, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r2, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_GET_HW_INFO(r1, 0x3b8a, &(0x7f0000000200)={0x28, 0x0, r7, 0x1e, &(0x7f00000001c0)=""/30})
ioctl$IOMMU_IOAS_UNMAP$ALL(r1, 0x3b86, &(0x7f0000000040)={0x18, r2, 0x2})

12.621998242s ago: executing program 3 (id=1585):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

11.243624543s ago: executing program 3 (id=1587):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0xfffffffd, {0x0, 0x0, 0x12, 0x0, {0x0, 0xf}, {0xb, 0x5}, {0x1, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x50)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x987, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d03000000000000000000000105002000800000000000000000000003000000000300000002"], 0x0, 0x4e}, 0x20)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000200))
openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
writev(0xffffffffffffffff, &(0x7f000009de80)=[{&(0x7f0000002a80)="92601b126cd916238152311e05ee79b7129fcda028997dd43917ea01b906000000286d299a104d2d4a20d1fadfecd7687bfd3c54f8c62189c138c5c5ecd3ce6f2f1cdb482c4e8d547ca98c08e87f592e109e441fab677da071e7683f562eddb2888bee5e65daac845793ebfa0ecbc95c8a44ec908110dd9a9ae9b16301f3e59afcf93da032f2fde9dd86f1dafbb1e68e56611af12fa1380f73d38aeddbd74c68c29bfe35caf5328e85950dd5973469df4c000000", 0xb4}, {0x0}], 0x2)

10.484691652s ago: executing program 1 (id=1588):
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x123180, 0x0)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x3, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x4, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000a40)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000006380)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f00000007c0)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}, 0x50)
unshare(0x20000400)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22, 0x0, 0xffffffffffffffff, 0xe0d}, 0x50)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0xa, 0x4, 0x5, 0x0, r6}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0d0000000a000000040000000500000000000000", @ANYRES32=r7], 0x48)
syz_fuse_handle_req(r4, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x11}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x20d01, 0x0)
io_submit(0x0, 0x47f, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r8, &(0x7f00000000c0)='!', 0xb7f40}])
dup3(r8, r4, 0x0)
r9 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000180)={r9, 0xfffffffffeffffff, 0xba, 0x6})
setreuid(0x0, 0xee00)
ioctl$SG_IO(r9, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000580)="3c3513000000", 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000780)={0x2, 0x3, 0x0, 0x3, 0x11, 0x0, 0x70bd2c, 0x25dfdbfc, [@sadb_key={0x1, 0x9}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x2}}, @sadb_sa={0x2, 0x1, 0x0, 0x4, 0x0, 0x3, 0xc}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x7}}, @sadb_key={0x2, 0x8, 0x20, 0x0, "67328c21"}]}, 0x88}, 0x1, 0x7}, 0x14)

10.369741644s ago: executing program 0 (id=1590):
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f00000000c0), 0x0)

8.889808662s ago: executing program 3 (id=1591):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x40, 0x0, @mcast2}}, {{0xa, 0x0, 0x6, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x3}, {0x0, [0x0]}}, &(0x7f0000001f80)=""/226, 0x1b, 0xe2, 0x1}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000180))
r1 = socket(0x2c, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="110000000400000004000000ff"], 0x17)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r2, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r1}, 0x20)
close(r1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000000)=ANY=[], &(0x7f0000001f80)=""/212, 0x1a, 0xd4, 0xa, 0x2}, 0x28)

8.472176577s ago: executing program 0 (id=1593):
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0000000000000000002", 0x11)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0)
add_key$user(&(0x7f0000000940), &(0x7f0000000980)={'syz', 0x2}, &(0x7f00000009c0)="17", 0x1, 0xffffffffffffffff)
request_key(&(0x7f0000004e00)='user\x00', &(0x7f0000004e40)={'syz', 0x2}, 0x0, 0xfffffffffffffffe)

8.428280146s ago: executing program 4 (id=1594):
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semctl$SEM_INFO(0x0, 0x4, 0x13, 0x0)
r3 = syz_io_uring_setup(0xa1, &(0x7f0000000640)={0x0, 0xe8ce, 0x0, 0x20, 0x40000333}, &(0x7f00000006c0), &(0x7f00000020c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x34, r5, 0x603, 0x70bd30, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0xec}, @ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x34}}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x58, &(0x7f0000000340)}, 0x10)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000540)={0x0, 0x1f0}, 0x1, 0x0, 0x0, 0x20000804}, 0x4080)
io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0)

8.388293053s ago: executing program 3 (id=1595):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0)
preadv(r2, &(0x7f00000015c0), 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7.170670938s ago: executing program 0 (id=1596):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)

7.169521236s ago: executing program 4 (id=1597):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

6.75982061s ago: executing program 2 (id=1598):
mknod(&(0x7f0000000080)='./bus\x00', 0x8000, 0x7)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./bus\x00', 0x0, 0x400080, &(0x7f00000001c0)='discard')
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000b00)=0x400e704)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in=@local, 0x0, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff5f, 0x0, 0xfffffffffffffffa}, {0x200000}}, [@mark={0xc, 0x15, {0x35075d, 0x6}}]}, 0xc4}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=@delsa={0x8c, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {@in=@private=0xa010101, 0x4d2, 0x2, 0xff}, [@replay_esn_val={0x2c, 0x17, {0x4, 0x70bd2d, 0x70bd28, 0x70bd2c, 0x70bd28, 0xaeb, [0x9, 0x2, 0x0, 0x7a31666b]}}, @extra_flags={0x8, 0x18, 0x9}, @policy_type={0xa, 0x10, {0x1}}, @lifetime_val={0x24, 0x9, {0x9244, 0x4, 0x3, 0x7}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40000}, 0x801)
getitimer(0x700, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x0)
getsockopt$netlink(r2, 0x10e, 0x9, 0x0, &(0x7f0000000040))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000018008001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f6ffffffb7020000080000007b03000000000000850000001000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x94)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="b8000000150001ff"], 0xb8}}, 0x0)

5.728616644s ago: executing program 4 (id=1599):
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semctl$SEM_INFO(0x0, 0x4, 0x13, 0x0)
timerfd_create(0x0, 0x0)
r3 = syz_io_uring_setup(0xa1, &(0x7f0000000640)={0x0, 0xe8ce, 0x0, 0x20, 0x40000333}, &(0x7f00000006c0), &(0x7f00000020c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b70800000c000000638af8ff00000000b5080000000000007b8af0ff00000000bfa10000000000000701", @ANYRES32, @ANYBLOB='\x00\x00\x00'], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x34, r6, 0x603, 0x70bd30, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0xec}, @ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x34}}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={r4, 0x58, &(0x7f0000000340)}, 0x10)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000540)={0x0, 0x1f0}, 0x1, 0x0, 0x0, 0x20000804}, 0x4080)
io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0)

5.710150558s ago: executing program 1 (id=1600):
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
timerfd_create(0x0, 0x0)
r3 = syz_io_uring_setup(0xa1, 0x0, &(0x7f00000006c0), &(0x7f00000020c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b70800000c000000638af8ff00000000b5080000000000007b8af0ff00000000bfa10000000000000701", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00'], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x34, 0x0, 0x603, 0x70bd30, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0xec}, @ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x34}}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={r5, 0x58, &(0x7f0000000340)}, 0x10)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000540)={0x0, 0x1f0}, 0x1, 0x0, 0x0, 0x20000804}, 0x4080)
io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0)

5.334186149s ago: executing program 2 (id=1601):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0xfffffffd, {0x0, 0x0, 0x12, 0x0, {0x0, 0xf}, {0xb, 0x5}, {0x1, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x50)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x987, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d03000000000000000000000105002000800000000000000000000003000000000300000002"], 0x0, 0x4e}, 0x20)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000200))
openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
writev(0xffffffffffffffff, &(0x7f000009de80)=[{&(0x7f0000002a80)="92601b126cd916238152311e05ee79b7129fcda028997dd43917ea01b906000000286d299a104d2d4a20d1fadfecd7687bfd3c54f8c62189c138c5c5ecd3ce6f2f1cdb482c4e8d547ca98c08e87f592e109e441fab677da071e7683f562eddb2888bee5e65daac845793ebfa0ecbc95c8a44ec908110dd9a9ae9b16301f3e59afcf93da032f2fde9dd86f1dafbb1e68e56611af12fa1380f73d38aeddbd74c68c29bfe35caf5328e85950dd5973469df4c000000", 0xb4}, {0x0}], 0x2)

5.164349955s ago: executing program 3 (id=1602):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d3120900"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)

3.955421627s ago: executing program 4 (id=1603):
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f00000000c0), 0x0)

3.777779119s ago: executing program 2 (id=1604):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
sendmmsg$alg(r2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@delqdisc={0x5c, 0x25, 0x200, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0xf}, {0xfff1, 0xf}, {0x5, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0xa374}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xfff}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}, @TCA_RATE={0x6, 0x5, {0xb6, 0x53}}, @TCA_RATE={0x6, 0x5, {0x9, 0x5}}, @TCA_RATE={0x6, 0x5, {0x1, 0x4}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xa1fd}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c051)
recvmsg$can_raw(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)}, 0x10120)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x1})
request_key(&(0x7f0000000480)='keyring\x00', &(0x7f00000004c0)={'syz', 0x1}, 0x0, 0x0)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r5, 0xab00, r6)
r7 = dup3(r5, r0, 0x80000)
ioctl$NBD_DO_IT(r7, 0xab03)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r4, 0x1, 0x70bd2b, 0x6, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x0)

3.332352825s ago: executing program 4 (id=1605):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x40, 0x0, @mcast2}}, {{0xa, 0x0, 0x6, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x3}, {0x0, [0x0]}}, &(0x7f0000001f80)=""/226, 0x1b, 0xe2, 0x1}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000180))
r1 = socket(0x2c, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="110000000400000004000000ff"], 0x17)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r2, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r1}, 0x20)
close(r1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000000)=ANY=[], &(0x7f0000001f80)=""/212, 0x1a, 0xd4, 0xa, 0x2}, 0x28)

3.275747909s ago: executing program 0 (id=1606):
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000200)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, 0x0]}, &(0x7f0000000280)=0x2c)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000300)={r2, 0x2}, &(0x7f0000000400)=0x8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)
r3 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f0000000340)=0x8)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r4, 0x0, 0x29, 0x0, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='updatR]:a'], 0x19, 0xfffffffffffffffe)
r5 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0x0)
r6 = add_key(&(0x7f0000000000)='syzkaller\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000140)="2877f154eeabe269358e95c72c31381210e881cb5557dd2dc4ddf15ab7ed0b333e71d5d4eec619165fb91a87f4052558a4f5423a6cb65ff08acc24bf1c9c231bd08541312cec4d2ae7283a4c920b07", 0x4f, r5)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x18, 0x803, 0x8)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r9, 0x800448d3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="4000000010000104000000260000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000300", @ANYRESDEC=r6], 0x40}, 0x1, 0xd}, 0x0)

3.131047907s ago: executing program 4 (id=1607):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'netdevsim0\x00', &(0x7f0000002fc0)=@ethtool_wolinfo={0x3, 0x8, 0xfffffffd, "050000009582"}})
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4dd086d0492082a6d0000000109021b0001000000000904"], 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f00000004c0)={0x34, &(0x7f00000002c0)={0x0, 0x15, 0x4, "f0867688"}, 0x0, 0x0, 0x0, 0x0, 0x0})

2.915558542s ago: executing program 1 (id=1608):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f00000003c0)={0x0, 0x0, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(0xffffffffffffffff, 0xc01864ba, &(0x7f0000000400)={0x25b, 0x0, r3, 0xbbbbbbbb})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
syz_io_uring_setup(0xd5, 0x0, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000080))
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r6, &(0x7f0000001300)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0x1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x1}, 0x1c, &(0x7f0000000ac0)=[{&(0x7f0000000680)="d4", 0x1}], 0x1}}], 0x1, 0x20000050)
setsockopt(r6, 0x84, 0x7f, &(0x7f0000000040)="020000000d80ffff", 0x8)
close_range(r5, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4)
socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

2.78828398s ago: executing program 0 (id=1609):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000140)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a00100000000280607ee622", 0x2e}], 0x1}, 0x24000044)

1.429059278s ago: executing program 1 (id=1610):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

1.388776572s ago: executing program 2 (id=1611):
mknod(&(0x7f0000000080)='./bus\x00', 0x8000, 0x7)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f0000000180)='jfs\x00', 0x400080, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000b00)=0x400e704)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in=@local, 0x0, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff5f, 0x0, 0xfffffffffffffffa}, {0x200000}}, [@mark={0xc, 0x15, {0x35075d, 0x6}}]}, 0xc4}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=@delsa={0x8c, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {@in=@private=0xa010101, 0x4d2, 0x2, 0xff}, [@replay_esn_val={0x2c, 0x17, {0x4, 0x70bd2d, 0x70bd28, 0x70bd2c, 0x70bd28, 0xaeb, [0x9, 0x2, 0x0, 0x7a31666b]}}, @extra_flags={0x8, 0x18, 0x9}, @policy_type={0xa, 0x10, {0x1}}, @lifetime_val={0x24, 0x9, {0x9244, 0x4, 0x3, 0x7}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40000}, 0x801)
getitimer(0x700, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x0)
getsockopt$netlink(r2, 0x10e, 0x9, 0x0, &(0x7f0000000040))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000018008001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f6ffffffb7020000080000007b03000000000000850000001000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x94)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="b8000000150001ff"], 0xb8}}, 0x0)

1.338709437s ago: executing program 0 (id=1612):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d3120900"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)

1.005546999s ago: executing program 2 (id=1613):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x2080, 0x0)
io_setup(0x4, 0x0)
io_submit(0x0, 0x1, &(0x7f00000019c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xfdfe, 0x100000000000000}])

160.140185ms ago: executing program 3 (id=1614):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0xfffffffd, {0x0, 0x0, 0x12, 0x0, {0x0, 0xf}, {0xb, 0x5}, {0x1, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x50)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x987, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d03000000000000000000000105002000800000000000000000000003000000000300000002"], 0x0, 0x4e}, 0x20)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000200))
openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
writev(0xffffffffffffffff, &(0x7f000009de80)=[{&(0x7f0000002a80)="92601b126cd916238152311e05ee79b7129fcda028997dd43917ea01b906000000286d299a104d2d4a20d1fadfecd7687bfd3c54f8c62189c138c5c5ecd3ce6f2f1cdb482c4e8d547ca98c08e87f592e109e441fab677da071e7683f562eddb2888bee5e65daac845793ebfa0ecbc95c8a44ec908110dd9a9ae9b16301f3e59afcf93da032f2fde9dd86f1dafbb1e68e56611af12fa1380f73d38aeddbd74c68c29bfe35caf5328e85950dd5973469df4c000000", 0xb4}, {0x0}], 0x2)

131.906859ms ago: executing program 2 (id=1615):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x4)
setsockopt$ax25_int(r0, 0x101, 0x5, &(0x7f0000000000), 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[], 0x85}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
open(0x0, 0x2000, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)={0x14, 0x14, 0x1, 0x0, 0x20, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x200000c0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000004c00)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmmsg$inet6(r5, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @rand_addr=' \x01\x00', 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000300)="f64299c5f31cc0d798931df677b2412c14c5d9d9e3192955f9f8d32cbb83c223fb401d44d74d46bb2729bd50fcf07a98ad3d349a9540faf7daf1669cce9b94d422b5c2190cdd0a206b653dd9590eb6379c21b17fc98c69794837a7e84bb15012a9c8b262b21cf3999bfa3eee8d1552725f0520d2056008d4fb9abd7b5192d0e06bb406a8b0263d85c2ec000416daf942ba92dd55f9a490cd5dc3368743e9dbc4bb5b92598b9abc4edb8a208979302b581acf888f6943ba14b8aad8217e169933bb17c42682fa19cabe7f223cd2", 0xcd}], 0x1}}], 0x1, 0x4c040)

0s ago: executing program 1 (id=1616):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

0xb4000073aa
[  504.189326][ T8743] kvm: kvm [8737]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xb4000033aa
[  504.320754][ T8743] kvm: kvm [8737]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xb1000054bf
[  504.320807][ T8743] kvm: kvm [8737]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xb1000014bf
[  504.781855][ T8775] netlink: 'syz.3.692': attribute type 1 has an invalid length.
[  504.781890][ T8775] netlink: 4 bytes leftover after parsing attributes in process `syz.3.692'.
[  506.977014][ T8800] hub 9-0:1.0: USB hub found
[  506.978904][ T8800] hub 9-0:1.0: 1 port detected
[  509.118343][ T8824] netlink: 132 bytes leftover after parsing attributes in process `syz.0.703'.
[  510.437388][ T8832] FAULT_INJECTION: forcing a failure.
[  510.437388][ T8832] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  510.437427][ T8832] CPU: 1 UID: 0 PID: 8832 Comm: syz.2.706 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  510.437439][ T8832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  510.437447][ T8832] Call Trace:
[  510.437451][ T8832]  <TASK>
[  510.437456][ T8832]  dump_stack_lvl+0x189/0x250
[  510.437479][ T8832]  ? __pfx____ratelimit+0x10/0x10
[  510.437493][ T8832]  ? __pfx_dump_stack_lvl+0x10/0x10
[  510.437506][ T8832]  ? __pfx__printk+0x10/0x10
[  510.437524][ T8832]  should_fail_ex+0x46c/0x600
[  510.437541][ T8832]  _copy_to_user+0x31/0xb0
[  510.437555][ T8832]  simple_read_from_buffer+0xe1/0x170
[  510.437571][ T8832]  proc_fail_nth_read+0x1b6/0x220
[  510.437582][ T8832]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  510.437600][ T8832]  ? rw_verify_area+0x2ac/0x4e0
[  510.437612][ T8832]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  510.437622][ T8832]  vfs_read+0x206/0xa30
[  510.437637][ T8832]  ? __pfx_vfs_read+0x10/0x10
[  510.437646][ T8832]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  510.437662][ T8832]  ? mutex_lock_nested+0x154/0x1d0
[  510.437672][ T8832]  ? fdget_pos+0x253/0x320
[  510.437689][ T8832]  ksys_read+0x14b/0x260
[  510.437702][ T8832]  ? __pfx_ksys_read+0x10/0x10
[  510.437715][ T8832]  ? do_syscall_64+0xbe/0x3b0
[  510.437726][ T8832]  do_syscall_64+0xfa/0x3b0
[  510.437734][ T8832]  ? lockdep_hardirqs_on+0x9c/0x150
[  510.437747][ T8832]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.437757][ T8832]  ? clear_bhb_loop+0x60/0xb0
[  510.437769][ T8832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.437780][ T8832] RIP: 0033:0x7f7f95c3d5bc
[  510.437793][ T8832] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  510.437801][ T8832] RSP: 002b:00007f7f93e9e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  510.437817][ T8832] RAX: ffffffffffffffda RBX: 00007f7f95e85fa0 RCX: 00007f7f95c3d5bc
[  510.437824][ T8832] RDX: 000000000000000f RSI: 00007f7f93e9e0a0 RDI: 0000000000000004
[  510.437830][ T8832] RBP: 00007f7f93e9e090 R08: 0000000000000000 R09: 0000000000000000
[  510.437835][ T8832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  510.437841][ T8832] R13: 00007f7f95e86038 R14: 00007f7f95e85fa0 R15: 00007ffc6cade2d8
[  510.437856][ T8832]  </TASK>
[  510.620413][ T8834] netlink: 'syz.4.705': attribute type 1 has an invalid length.
[  510.620433][ T8834] netlink: 4 bytes leftover after parsing attributes in process `syz.4.705'.
[  512.172405][ T8841] netlink: 132 bytes leftover after parsing attributes in process `syz.0.709'.
[  512.554117][ T8836] kvm_pr_unimpl_wrmsr: 106 callbacks suppressed
[  512.554138][ T8836] kvm: kvm [8835]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  512.572914][ T8836] kvm: kvm [8835]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  512.575156][ T8836] kvm: kvm [8835]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  515.619836][ T8871] FAULT_INJECTION: forcing a failure.
[  515.619836][ T8871] name failslab, interval 1, probability 0, space 0, times 1
[  515.619869][ T8871] CPU: 0 UID: 0 PID: 8871 Comm: syz.0.716 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  515.619890][ T8871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  515.619900][ T8871] Call Trace:
[  515.619907][ T8871]  <TASK>
[  515.619915][ T8871]  dump_stack_lvl+0x189/0x250
[  515.619943][ T8871]  ? __pfx____ratelimit+0x10/0x10
[  515.619969][ T8871]  ? __pfx_dump_stack_lvl+0x10/0x10
[  515.619993][ T8871]  ? __pfx__printk+0x10/0x10
[  515.620018][ T8871]  ? __pfx___might_resched+0x10/0x10
[  515.620044][ T8871]  ? fs_reclaim_acquire+0x7d/0x100
[  515.620066][ T8871]  should_fail_ex+0x46c/0x600
[  515.620097][ T8871]  should_failslab+0xa8/0x100
[  515.620122][ T8871]  __kvmalloc_node_noprof+0x15a/0x550
[  515.620144][ T8871]  ? proc_sys_call_handler+0x3cb/0x700
[  515.620172][ T8871]  proc_sys_call_handler+0x3cb/0x700
[  515.620199][ T8871]  ? __pfx_proc_sys_call_handler+0x10/0x10
[  515.620231][ T8871]  vfs_read+0x560/0xa30
[  515.620261][ T8871]  ? __pfx_vfs_read+0x10/0x10
[  515.620279][ T8871]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  515.620308][ T8871]  ? mutex_lock_nested+0x154/0x1d0
[  515.620327][ T8871]  ? fdget_pos+0x253/0x320
[  515.620359][ T8871]  ksys_read+0x14b/0x260
[  515.620382][ T8871]  ? __pfx_ksys_read+0x10/0x10
[  515.620400][ T8871]  ? rcu_is_watching+0x15/0xb0
[  515.620430][ T8871]  ? do_syscall_64+0xbe/0x3b0
[  515.620450][ T8871]  do_syscall_64+0xfa/0x3b0
[  515.620465][ T8871]  ? lockdep_hardirqs_on+0x9c/0x150
[  515.620489][ T8871]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.620506][ T8871]  ? clear_bhb_loop+0x60/0xb0
[  515.620528][ T8871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.620545][ T8871] RIP: 0033:0x7fcf78b7eba9
[  515.620561][ T8871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  515.620574][ T8871] RSP: 002b:00007fcf76de6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  515.620593][ T8871] RAX: ffffffffffffffda RBX: 00007fcf78dc5fa0 RCX: 00007fcf78b7eba9
[  515.620606][ T8871] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  515.620616][ T8871] RBP: 00007fcf76de6090 R08: 0000000000000000 R09: 0000000000000000
[  515.620626][ T8871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  515.620636][ T8871] R13: 00007fcf78dc6038 R14: 00007fcf78dc5fa0 R15: 00007ffc2daa19c8
[  515.620666][ T8871]  </TASK>
[  516.556738][ T8876] capability: warning: `syz.1.717' uses 32-bit capabilities (legacy support in use)
[  517.068812][ T8885] FAULT_INJECTION: forcing a failure.
[  517.068812][ T8885] name failslab, interval 1, probability 0, space 0, times 0
[  517.068850][ T8885] CPU: 1 UID: 0 PID: 8885 Comm: syz.0.719 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  517.068876][ T8885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  517.068886][ T8885] Call Trace:
[  517.068894][ T8885]  <TASK>
[  517.068901][ T8885]  dump_stack_lvl+0x189/0x250
[  517.069049][ T8885]  ? __pfx____ratelimit+0x10/0x10
[  517.069075][ T8885]  ? __pfx_dump_stack_lvl+0x10/0x10
[  517.069107][ T8885]  ? __pfx__printk+0x10/0x10
[  517.069127][ T8885]  ? __pfx___might_resched+0x10/0x10
[  517.069146][ T8885]  ? fs_reclaim_acquire+0x7d/0x100
[  517.069174][ T8885]  should_fail_ex+0x46c/0x600
[  517.069211][ T8885]  should_failslab+0xa8/0x100
[  517.069238][ T8885]  __kmalloc_noprof+0xcb/0x430
[  517.069264][ T8885]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  517.069295][ T8885]  tomoyo_realpath_from_path+0xe3/0x5d0
[  517.069328][ T8885]  ? tomoyo_domain+0xda/0x130
[  517.069366][ T8885]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  517.069388][ T8885]  tomoyo_path_number_perm+0x1e8/0x5a0
[  517.069417][ T8885]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  517.069443][ T8885]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  517.069475][ T8885]  ? lockdep_hardirqs_on+0x9c/0x150
[  517.069509][ T8885]  ? __lock_acquire+0xab9/0xd20
[  517.069560][ T8885]  ? __fget_files+0x2a/0x420
[  517.069593][ T8885]  ? __fget_files+0x2a/0x420
[  517.069619][ T8885]  ? __fget_files+0x3a6/0x420
[  517.069642][ T8885]  ? __fget_files+0x2a/0x420
[  517.069675][ T8885]  security_file_ioctl+0xcb/0x2d0
[  517.069700][ T8885]  __se_sys_ioctl+0x47/0x170
[  517.069729][ T8885]  do_syscall_64+0xfa/0x3b0
[  517.069745][ T8885]  ? lockdep_hardirqs_on+0x9c/0x150
[  517.069774][ T8885]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.069794][ T8885]  ? clear_bhb_loop+0x60/0xb0
[  517.069817][ T8885]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.069840][ T8885] RIP: 0033:0x7fcf78b7eba9
[  517.069857][ T8885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  517.069946][ T8885] RSP: 002b:00007fcf76de6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  517.069965][ T8885] RAX: ffffffffffffffda RBX: 00007fcf78dc5fa0 RCX: 00007fcf78b7eba9
[  517.069984][ T8885] RDX: 0000200000001e80 RSI: 00000000c0cc5615 RDI: 0000000000000003
[  517.069995][ T8885] RBP: 00007fcf76de6090 R08: 0000000000000000 R09: 0000000000000000
[  517.070006][ T8885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  517.070017][ T8885] R13: 00007fcf78dc6038 R14: 00007fcf78dc5fa0 R15: 00007ffc2daa19c8
[  517.070052][ T8885]  </TASK>
[  517.070062][ T8885] ERROR: Out of memory at tomoyo_realpath_from_path.
[  517.888144][ T8894] CIFS: VFS: Malformed UNC in devname
[  519.296933][ T6708] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  519.508200][ T6708] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  519.508299][ T6708] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  519.508346][ T6708] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  519.508368][ T6708] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.592078][ T6708] usb 2-1: config 0 descriptor??
[  520.140188][ T6708] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x2
[  520.241801][ T6708] pyra 0003:1E7D:2CF6.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.1-1/input0
[  521.103469][ T6708] pyra 0003:1E7D:2CF6.0001: couldn't init struct pyra_device
[  521.103521][ T6708] pyra 0003:1E7D:2CF6.0001: couldn't install mouse
[  521.128025][ T6708] pyra 0003:1E7D:2CF6.0001: probe with driver pyra failed with error -71
[  521.188200][ T8916] hub 9-0:1.0: USB hub found
[  521.188541][ T8916] hub 9-0:1.0: 1 port detected
[  521.211140][ T6708] usb 2-1: USB disconnect, device number 2
[  521.674059][ T8914] fido_id[8914]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  525.039933][ T8954] hub 9-0:1.0: USB hub found
[  525.040844][ T8954] hub 9-0:1.0: 1 port detected
[  526.769233][ T8960] trusted_key: syz.1.740 sent an empty control message without MSG_MORE.
[  527.087254][ T8967] FAULT_INJECTION: forcing a failure.
[  527.087254][ T8967] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  527.087287][ T8967] CPU: 0 UID: 0 PID: 8967 Comm: syz.3.742 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  527.087307][ T8967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  527.087316][ T8967] Call Trace:
[  527.087323][ T8967]  <TASK>
[  527.087330][ T8967]  dump_stack_lvl+0x189/0x250
[  527.087359][ T8967]  ? __pfx____ratelimit+0x10/0x10
[  527.087382][ T8967]  ? __pfx_dump_stack_lvl+0x10/0x10
[  527.087405][ T8967]  ? __pfx__printk+0x10/0x10
[  527.087424][ T8967]  ? __might_fault+0xb0/0x130
[  527.087456][ T8967]  should_fail_ex+0x46c/0x600
[  527.087485][ T8967]  _copy_from_user+0x2d/0xb0
[  527.087505][ T8967]  do_sock_getsockopt+0x17d/0x450
[  527.087534][ T8967]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  527.087556][ T8967]  ? do_syscall_64+0x40/0x3b0
[  527.087571][ T8967]  ? __fget_files+0x3a6/0x420
[  527.087638][ T8967]  ? __fget_files+0x2a/0x420
[  527.087668][ T8967]  __x64_sys_getsockopt+0x1ab/0x250
[  527.087684][ T8967]  ? do_syscall_64+0x40/0x3b0
[  527.087701][ T8967]  ? do_syscall_64+0x40/0x3b0
[  527.087720][ T8967]  do_syscall_64+0xfa/0x3b0
[  527.087734][ T8967]  ? lockdep_hardirqs_on+0x9c/0x150
[  527.087757][ T8967]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.087773][ T8967]  ? clear_bhb_loop+0x60/0xb0
[  527.087794][ T8967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.087810][ T8967] RIP: 0033:0x7f1b273eeba9
[  527.087826][ T8967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  527.087840][ T8967] RSP: 002b:00007f1b2564e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  527.087864][ T8967] RAX: ffffffffffffffda RBX: 00007f1b27635fa0 RCX: 00007f1b273eeba9
[  527.087877][ T8967] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[  527.087894][ T8967] RBP: 00007f1b2564e090 R08: 00002000000000c0 R09: 0000000000000000
[  527.087905][ T8967] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  527.087917][ T8967] R13: 00007f1b27636038 R14: 00007f1b27635fa0 R15: 00007ffe06cc71d8
[  527.087945][ T8967]  </TASK>
[  527.156533][ T8960] block nbd1: NBD_DISCONNECT
[  527.159632][ T8960] block nbd1: Disconnected due to user request.
[  527.159659][ T8960] block nbd1: shutting down sockets
[  528.279175][ T8975] kvm: kvm [8974]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xbf0000bdd1
[  528.279229][ T8975] kvm: kvm [8974]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xbf0000fdd1
[  528.281746][ T8975] kvm: kvm [8974]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x7600006103
[  528.281790][ T8975] kvm: kvm [8974]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x7600002103
[  528.281887][ T8975] kvm: kvm [8974]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xb60000106b
[  528.281931][ T8975] kvm: kvm [8974]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xb60000506b
[  528.282028][ T8975] kvm: kvm [8974]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xb4000073aa
[  528.282071][ T8975] kvm: kvm [8974]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xb4000033aa
[  528.293321][ T8975] kvm: kvm [8974]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xb1000054bf
[  528.293371][ T8975] kvm: kvm [8974]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xb1000014bf
[  528.987098][ T8983] netlink: 132 bytes leftover after parsing attributes in process `syz.0.746'.
[  530.912422][ T9001] FAULT_INJECTION: forcing a failure.
[  530.912422][ T9001] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  530.912453][ T9001] CPU: 1 UID: 0 PID: 9001 Comm: syz.0.752 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  530.912474][ T9001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  530.912485][ T9001] Call Trace:
[  530.912492][ T9001]  <TASK>
[  530.912499][ T9001]  dump_stack_lvl+0x189/0x250
[  530.912537][ T9001]  ? __pfx____ratelimit+0x10/0x10
[  530.912562][ T9001]  ? __pfx_dump_stack_lvl+0x10/0x10
[  530.912585][ T9001]  ? __pfx__printk+0x10/0x10
[  530.912604][ T9001]  ? __might_fault+0xb0/0x130
[  530.912639][ T9001]  should_fail_ex+0x46c/0x600
[  530.912668][ T9001]  _copy_from_user+0x2d/0xb0
[  530.912690][ T9001]  __sys_bind+0x19f/0x3e0
[  530.912717][ T9001]  ? __pfx___sys_bind+0x10/0x10
[  530.912750][ T9001]  ? __pfx_ksys_write+0x10/0x10
[  530.912769][ T9001]  ? rcu_is_watching+0x15/0xb0
[  530.912801][ T9001]  __x64_sys_bind+0x7a/0x90
[  530.912824][ T9001]  do_syscall_64+0xfa/0x3b0
[  530.912840][ T9001]  ? lockdep_hardirqs_on+0x9c/0x150
[  530.912863][ T9001]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  530.912880][ T9001]  ? clear_bhb_loop+0x60/0xb0
[  530.912901][ T9001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  530.912918][ T9001] RIP: 0033:0x7fcf78b7eba9
[  530.912934][ T9001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  530.912947][ T9001] RSP: 002b:00007fcf76de6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  530.912965][ T9001] RAX: ffffffffffffffda RBX: 00007fcf78dc5fa0 RCX: 00007fcf78b7eba9
[  530.912978][ T9001] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000003
[  530.912989][ T9001] RBP: 00007fcf76de6090 R08: 0000000000000000 R09: 0000000000000000
[  530.913000][ T9001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  530.913010][ T9001] R13: 00007fcf78dc6038 R14: 00007fcf78dc5fa0 R15: 00007ffc2daa19c8
[  530.913039][ T9001]  </TASK>
[  531.734434][ T5842] Bluetooth: hci4: unexpected event for opcode 0x200f
[  533.027065][ T9013] netlink: 132 bytes leftover after parsing attributes in process `syz.2.754'.
[  534.087906][ T5842] Bluetooth: hci1: unexpected event for opcode 0x200f
[  535.665133][ T9031] block nbd2: Attempted send on invalid socket
[  535.665210][ T9031] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  535.665727][ T9031] block nbd2: Attempted send on invalid socket
[  535.665743][ T9031] I/O error, dev nbd2, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  535.665859][ T9031] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  535.749101][ T9031] block nbd2: Attempted send on invalid socket
[  535.749127][ T9031] I/O error, dev nbd2, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  535.749259][ T9031] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  535.786296][ T5842] Bluetooth: hci4: unexpected event for opcode 0x200f
[  535.797294][ T9031] block nbd2: Attempted send on invalid socket
[  535.797317][ T9031] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  535.804011][ T9031] block nbd2: Attempted send on invalid socket
[  535.804041][ T9031] I/O error, dev nbd2, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  535.804137][ T9031] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  535.804374][ T9031] block nbd2: Attempted send on invalid socket
[  535.804388][ T9031] I/O error, dev nbd2, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  535.804475][ T9031] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  535.805303][ T9031] block nbd2: Attempted send on invalid socket
[  535.805320][ T9031] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  535.805678][ T9031] block nbd2: Attempted send on invalid socket
[  535.805692][ T9031] I/O error, dev nbd2, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  535.805778][ T9031] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  535.805962][ T9031] block nbd2: Attempted send on invalid socket
[  535.805975][ T9031] I/O error, dev nbd2, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  535.806068][ T9031] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  535.821540][ T9031] block nbd2: Attempted send on invalid socket
[  535.821565][ T9031] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  535.821903][ T9031] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  535.822138][ T9031] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  535.822168][ T9031] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  536.858536][ T9040] FAULT_INJECTION: forcing a failure.
[  536.858536][ T9040] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  536.858574][ T9040] CPU: 1 UID: 0 PID: 9040 Comm: syz.0.762 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  536.858619][ T9040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  536.858641][ T9040] Call Trace:
[  536.858656][ T9040]  <TASK>
[  536.858671][ T9040]  dump_stack_lvl+0x189/0x250
[  536.858732][ T9040]  ? __pfx____ratelimit+0x10/0x10
[  536.858790][ T9040]  ? __pfx_dump_stack_lvl+0x10/0x10
[  536.858828][ T9040]  ? __pfx__printk+0x10/0x10
[  536.858847][ T9040]  ? __might_fault+0xb0/0x130
[  536.858881][ T9040]  should_fail_ex+0x46c/0x600
[  536.858910][ T9040]  _copy_from_user+0x2d/0xb0
[  536.858932][ T9040]  ___sys_sendmsg+0x158/0x2a0
[  536.858953][ T9040]  ? __pfx____sys_sendmsg+0x10/0x10
[  536.859006][ T9040]  ? __fget_files+0x2a/0x420
[  536.859056][ T9040]  ? __fget_files+0x3a6/0x420
[  536.859099][ T9040]  __x64_sys_sendmsg+0x1a1/0x260
[  536.859120][ T9040]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  536.859147][ T9040]  ? __pfx_ksys_write+0x10/0x10
[  536.859166][ T9040]  ? rcu_is_watching+0x15/0xb0
[  536.859222][ T9040]  ? do_syscall_64+0xbe/0x3b0
[  536.859243][ T9040]  do_syscall_64+0xfa/0x3b0
[  536.859258][ T9040]  ? lockdep_hardirqs_on+0x9c/0x150
[  536.859281][ T9040]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.859300][ T9040]  ? clear_bhb_loop+0x60/0xb0
[  536.859322][ T9040]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.859339][ T9040] RIP: 0033:0x7fcf78b7eba9
[  536.859355][ T9040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  536.859369][ T9040] RSP: 002b:00007fcf76de6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  536.859388][ T9040] RAX: ffffffffffffffda RBX: 00007fcf78dc5fa0 RCX: 00007fcf78b7eba9
[  536.859402][ T9040] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  536.859412][ T9040] RBP: 00007fcf76de6090 R08: 0000000000000000 R09: 0000000000000000
[  536.859423][ T9040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  536.859433][ T9040] R13: 00007fcf78dc6038 R14: 00007fcf78dc5fa0 R15: 00007ffc2daa19c8
[  536.859462][ T9040]  </TASK>
[  537.888186][    C1] vkms_vblank_simulate: vblank timer overrun
[  538.001315][ T9044] netlink: 8 bytes leftover after parsing attributes in process `syz.4.764'.
[  538.062572][ T9049] netlink: 124 bytes leftover after parsing attributes in process `syz.1.765'.
[  538.080672][ T9047] capability: warning: `syz.4.764' uses deprecated v2 capabilities in a way that may be insecure
[  538.150928][    C1] vkms_vblank_simulate: vblank timer overrun
[  538.440118][    C1] vkms_vblank_simulate: vblank timer overrun
[  538.741684][    C1] vkms_vblank_simulate: vblank timer overrun
[  539.342505][    C1] vkms_vblank_simulate: vblank timer overrun
[  539.623308][    C1] vkms_vblank_simulate: vblank timer overrun
[  539.630086][ T5842] Bluetooth: hci4: unexpected event for opcode 0x200f
[  539.821003][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.214915][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.630742][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.937985][    C1] vkms_vblank_simulate: vblank timer overrun
[  541.076401][ T6575] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  541.360162][    C1] vkms_vblank_simulate: vblank timer overrun
[  541.388942][    C1] vkms_vblank_simulate: vblank timer overrun
[  541.724563][    C1] vkms_vblank_simulate: vblank timer overrun
[  542.309619][ T6575] usb 5-1: config 0 interface 0 has no altsetting 0
[  542.309661][ T6575] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  542.309683][ T6575] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.338418][ T6575] usb 5-1: config 0 descriptor??
[  542.460547][ T9092] fuse: Unknown parameter 'rootmode$-��E�E>b��'
[  542.810166][ T6575] video4linux radio48: keene_cmd_main failed (-71)
[  542.810191][ T6575] radio-keene 5-1:0.0: V4L2 device registered as radio48
[  542.860396][ T6575] usb 5-1: USB disconnect, device number 2
[  544.259619][ T9102] overlay: Bad value for 'workdir'
[  544.957080][    C0] vkms_vblank_simulate: vblank timer overrun
[  545.114348][    C0] vkms_vblank_simulate: vblank timer overrun
[  545.257765][    C0] vkms_vblank_simulate: vblank timer overrun
[  545.625833][    C0] vkms_vblank_simulate: vblank timer overrun
[  545.998704][    C0] vkms_vblank_simulate: vblank timer overrun
[  546.821590][    C0] vkms_vblank_simulate: vblank timer overrun
[  547.446044][    C0] vkms_vblank_simulate: vblank timer overrun
[  548.113240][    C0] vkms_vblank_simulate: vblank timer overrun
[  549.902415][    C0] vkms_vblank_simulate: vblank timer overrun
[  550.645230][    C0] vkms_vblank_simulate: vblank timer overrun
[  551.459276][    C0] vkms_vblank_simulate: vblank timer overrun
[  551.669459][    C0] vkms_vblank_simulate: vblank timer overrun
[  552.743605][    C0] vkms_vblank_simulate: vblank timer overrun
[  553.787530][ T9226] FAULT_INJECTION: forcing a failure.
[  553.787530][ T9226] name failslab, interval 1, probability 0, space 0, times 0
[  553.787562][ T9226] CPU: 0 UID: 0 PID: 9226 Comm: syz.0.815 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  553.787582][ T9226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  553.787592][ T9226] Call Trace:
[  553.787598][ T9226]  <TASK>
[  553.787606][ T9226]  dump_stack_lvl+0x189/0x250
[  553.787635][ T9226]  ? __pfx____ratelimit+0x10/0x10
[  553.787660][ T9226]  ? __pfx_dump_stack_lvl+0x10/0x10
[  553.787682][ T9226]  ? __pfx__printk+0x10/0x10
[  553.787705][ T9226]  ? __pfx___might_resched+0x10/0x10
[  553.787727][ T9226]  should_fail_ex+0x46c/0x600
[  553.787755][ T9226]  ? getname_flags+0xb8/0x540
[  553.787777][ T9226]  should_failslab+0xa8/0x100
[  553.787799][ T9226]  ? getname_flags+0xb8/0x540
[  553.787820][ T9226]  kmem_cache_alloc_noprof+0x6e/0x310
[  553.787849][ T9226]  getname_flags+0xb8/0x540
[  553.787876][ T9226]  __x64_sys_link+0x5d/0x90
[  553.787899][ T9226]  do_syscall_64+0xfa/0x3b0
[  553.787915][ T9226]  ? lockdep_hardirqs_on+0x9c/0x150
[  553.787938][ T9226]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  553.787956][ T9226]  ? clear_bhb_loop+0x60/0xb0
[  553.787978][ T9226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  553.787995][ T9226] RIP: 0033:0x7fcf78b7eba9
[  553.788011][ T9226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  553.788026][ T9226] RSP: 002b:00007fcf76de6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[  553.788044][ T9226] RAX: ffffffffffffffda RBX: 00007fcf78dc5fa0 RCX: 00007fcf78b7eba9
[  553.788057][ T9226] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000200000000200
[  553.788067][ T9226] RBP: 00007fcf76de6090 R08: 0000000000000000 R09: 0000000000000000
[  553.788078][ T9226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  553.788087][ T9226] R13: 00007fcf78dc6038 R14: 00007fcf78dc5fa0 R15: 00007ffc2daa19c8
[  553.788115][ T9226]  </TASK>
[  555.102896][    C0] vkms_vblank_simulate: vblank timer overrun
[  555.775317][ T9240] kvm_pr_unimpl_wrmsr: 14 callbacks suppressed
[  555.775339][ T9240] kvm: kvm [9235]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[  555.885013][ T9240] kvm: kvm [9235]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[  555.904676][ T9240] kvm: kvm [9235]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4000
[  556.313791][ T9250] hub 9-0:1.0: USB hub found
[  556.326562][ T9250] hub 9-0:1.0: 1 port detected
[  556.809136][ T9252] kvm: kvm [9251]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x4002
[  556.809308][ T9252] kvm: kvm [9251]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x2
[  556.813899][ T9252] kvm: kvm [9251]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80
[  556.813947][ T9252] kvm: kvm [9251]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0x4080
[  556.824372][ T9252] kvm: kvm [9251]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x2
[  556.824421][ T9252] kvm: kvm [9251]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4002
[  556.837463][ T9252] kvm: kvm [9251]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x2
[  557.218703][ T7238] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  557.346487][ T7238] usb 2-1: device descriptor read/64, error -71
[  557.666579][ T7238] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  557.806740][ T7238] usb 2-1: device descriptor read/64, error -71
[  557.920558][ T7238] usb usb2-port1: attempt power cycle
[  558.316481][ T7238] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  558.339815][ T7238] usb 2-1: device descriptor read/8, error -71
[  558.596595][ T7238] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  558.617355][ T7238] usb 2-1: device descriptor read/8, error -71
[  558.737351][ T7238] usb usb2-port1: unable to enumerate USB device
[  560.826125][ T9295] FAULT_INJECTION: forcing a failure.
[  560.826125][ T9295] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  560.826317][ T9295] CPU: 0 UID: 0 PID: 9295 Comm: syz.0.833 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  560.826343][ T9295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  560.826352][ T9295] Call Trace:
[  560.826358][ T9295]  <TASK>
[  560.826366][ T9295]  dump_stack_lvl+0x189/0x250
[  560.826396][ T9295]  ? __pfx____ratelimit+0x10/0x10
[  560.826420][ T9295]  ? __pfx_dump_stack_lvl+0x10/0x10
[  560.826441][ T9295]  ? __pfx__printk+0x10/0x10
[  560.826459][ T9295]  ? __might_fault+0xb0/0x130
[  560.826494][ T9295]  should_fail_ex+0x46c/0x600
[  560.826522][ T9295]  _copy_from_user+0x2d/0xb0
[  560.826542][ T9295]  ___sys_sendmsg+0x158/0x2a0
[  560.826563][ T9295]  ? __pfx____sys_sendmsg+0x10/0x10
[  560.826609][ T9295]  ? __fget_files+0x2a/0x420
[  560.826636][ T9295]  ? __fget_files+0x3a6/0x420
[  560.826666][ T9295]  __sys_sendmmsg+0x22d/0x430
[  560.826687][ T9295]  ? __pfx___sys_sendmmsg+0x10/0x10
[  560.826710][ T9295]  ? preempt_schedule_irq+0xde/0x150
[  560.826757][ T9295]  __x64_sys_sendmmsg+0xa0/0xc0
[  560.826776][ T9295]  do_syscall_64+0xfa/0x3b0
[  560.826793][ T9295]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.826810][ T9295]  ? asm_sysvec_call_function_single+0x1a/0x20
[  560.826827][ T9295]  ? clear_bhb_loop+0x60/0xb0
[  560.826849][ T9295]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.826866][ T9295] RIP: 0033:0x7fcf78b7eba9
[  560.826882][ T9295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  560.826896][ T9295] RSP: 002b:00007fcf76dc5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  560.826915][ T9295] RAX: ffffffffffffffda RBX: 00007fcf78dc6090 RCX: 00007fcf78b7eba9
[  560.826927][ T9295] RDX: 0000000000000001 RSI: 0000200000000a80 RDI: 0000000000000004
[  560.826939][ T9295] RBP: 00007fcf76dc5090 R08: 0000000000000000 R09: 0000000000000000
[  560.826949][ T9295] R10: 000000000004c040 R11: 0000000000000246 R12: 0000000000000001
[  560.826960][ T9295] R13: 00007fcf78dc6128 R14: 00007fcf78dc6090 R15: 00007ffc2daa19c8
[  560.826989][ T9295]  </TASK>
[  563.040099][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  563.041372][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  564.490515][ T5842] Bluetooth: hci2: unexpected event for opcode 0x200f
[  564.840102][ T9322] overlayfs: missing 'lowerdir'
[  568.167315][ T9326] overlayfs: missing 'lowerdir'
[  570.665651][ T9355] syz.0.845 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  571.636602][ T7236] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  571.658154][ T9372] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  571.658187][ T9372] overlayfs: missing 'lowerdir'
[  571.792641][ T7236] usb 5-1: Using ep0 maxpacket: 8
[  571.797428][ T7236] usb 5-1: config 130 has an invalid interface number: 151 but max is 2
[  571.797456][ T7236] usb 5-1: config 130 has an invalid interface number: 190 but max is 2
[  571.797475][ T7236] usb 5-1: config 130 has an invalid descriptor of length 182, skipping remainder of the config
[  571.797492][ T7236] usb 5-1: config 130 has 2 interfaces, different from the descriptor's value: 3
[  571.797512][ T7236] usb 5-1: config 130 has no interface number 0
[  571.797527][ T7236] usb 5-1: config 130 has no interface number 1
[  571.797591][ T7236] usb 5-1: config 130 interface 151 altsetting 9 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  571.797615][ T7236] usb 5-1: config 130 interface 151 altsetting 9 has an endpoint descriptor with address 0x1C, changing to 0xC
[  571.797638][ T7236] usb 5-1: config 130 interface 151 altsetting 9 endpoint 0xC has invalid maxpacket 512, setting to 64
[  571.797662][ T7236] usb 5-1: config 130 interface 151 altsetting 9 bulk endpoint 0x4 has invalid maxpacket 64
[  571.797684][ T7236] usb 5-1: config 130 interface 151 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[  571.797705][ T7236] usb 5-1: config 130 interface 151 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[  571.797726][ T7236] usb 5-1: config 130 interface 151 altsetting 9 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  571.797750][ T7236] usb 5-1: config 130 interface 151 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  571.797770][ T7236] usb 5-1: config 130 interface 151 altsetting 9 has a duplicate endpoint with address 0x5, skipping
[  571.797791][ T7236] usb 5-1: config 130 interface 151 altsetting 9 has a duplicate endpoint with address 0xC, skipping
[  571.797825][ T7236] usb 5-1: config 130 interface 190 altsetting 128 has 0 endpoint descriptors, different from the interface descriptor's value: 10
[  571.797849][ T7236] usb 5-1: config 130 interface 151 has no altsetting 0
[  571.797865][ T7236] usb 5-1: config 130 interface 190 has no altsetting 0
[  571.802042][ T7236] usb 5-1: New USB device found, idVendor=0b05, idProduct=17a7, bcdDevice=c2.5f
[  571.802067][ T7236] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.802085][ T7236] usb 5-1: Product: ꡍ쩪籦䉰窵韘薻뿄ڱ涼᪋
[  571.802101][ T7236] usb 5-1: Manufacturer: 㡫캳膶﬚ᆲ鐴聍콪窔խ仂㶎ꐚ譏䥀郝쭙ﱹð珐蚒Ꮀ鄾䞠릆඿鵵啜䶱槰
[  571.802118][ T7236] usb 5-1: SerialNumber: ࠐ
[  571.814130][ T9370] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  571.815254][ T9370] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  572.275543][ T7236] usb 5-1: USB disconnect, device number 3
[  572.327722][ T9378] block nbd0: NBD_DISCONNECT
[  572.327834][ T9378] block nbd0: Disconnected due to user request.
[  572.327849][ T9378] block nbd0: shutting down sockets
[  572.767392][ T9380] kvm_pr_unimpl_wrmsr: 38 callbacks suppressed
[  572.767413][ T9380] kvm: kvm [9379]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x4002
[  572.767457][ T9380] kvm: kvm [9379]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x2
[  572.795335][ T9386] overlayfs: missing 'lowerdir'
[  572.860359][ T9380] kvm: kvm [9379]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80
[  572.860410][ T9380] kvm: kvm [9379]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0x4080
[  572.990428][ T9380] kvm: kvm [9379]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x2
[  572.990517][ T9380] kvm: kvm [9379]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4002
[  573.436536][ T7235] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  573.579052][ T9380] kvm: kvm [9379]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x2
[  573.580187][ T9380] kvm: kvm [9379]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4002
[  573.620676][ T9380] kvm: kvm [9379]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x2
[  573.620725][ T9380] kvm: kvm [9379]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4002
[  573.676448][ T7235] usb 3-1: Using ep0 maxpacket: 16
[  573.693623][ T7235] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  573.693648][ T7235] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  573.717831][ T7235] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  573.717866][ T7235] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.717886][ T7235] usb 3-1: Product: syz
[  573.717900][ T7235] usb 3-1: Manufacturer: syz
[  573.717913][ T7235] usb 3-1: SerialNumber: syz
[  575.290021][    C0] vkms_vblank_simulate: vblank timer overrun
[  575.560909][ T7235] usb 3-1: USB disconnect, device number 2
[  575.989253][    C0] vkms_vblank_simulate: vblank timer overrun
[  576.865451][    C0] vkms_vblank_simulate: vblank timer overrun
[  576.982555][ T6181] udevd[6181]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  577.026168][    C0] vkms_vblank_simulate: vblank timer overrun
[  577.304236][ T9421] block nbd2: NBD_DISCONNECT
[  577.304347][ T9421] block nbd2: Disconnected due to user request.
[  577.304363][ T9421] block nbd2: shutting down sockets
[  577.535147][ T9419] kvm_intel: kvm [9418]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x8a0000dff9
[  577.824654][ T9430] overlayfs: missing 'lowerdir'
[  579.026973][    C0] vkms_vblank_simulate: vblank timer overrun
[  579.529686][    C0] vkms_vblank_simulate: vblank timer overrun
[  581.197407][ T9479] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  581.197834][ T9479] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  581.256702][ T7235] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  581.257086][    C1] raw-gadget.0 gadget.2: ignoring, device is not running
[  582.008421][ T9480] block nbd1: NBD_DISCONNECT
[  582.008450][ T9480] block nbd1: Send disconnect failed -32
[  582.008480][ T9480] block nbd1: Disconnected due to user request.
[  582.008495][ T9480] block nbd1: shutting down sockets
[  582.056487][ T7235] usb 3-1: device descriptor read/64, error -32
[  582.296481][ T7235] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  582.572224][ T9487] FAULT_INJECTION: forcing a failure.
[  582.572224][ T9487] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  582.572255][ T9487] CPU: 1 UID: 0 PID: 9487 Comm: syz.1.880 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  582.572282][ T9487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  582.572293][ T9487] Call Trace:
[  582.572300][ T9487]  <TASK>
[  582.572307][ T9487]  dump_stack_lvl+0x189/0x250
[  582.572343][ T9487]  ? __pfx____ratelimit+0x10/0x10
[  582.572368][ T9487]  ? __pfx_dump_stack_lvl+0x10/0x10
[  582.572392][ T9487]  ? __pfx__printk+0x10/0x10
[  582.572424][ T9487]  should_fail_ex+0x46c/0x600
[  582.572454][ T9487]  strncpy_from_user+0x36/0x290
[  582.572483][ T9487]  getname_flags+0xf3/0x540
[  582.572512][ T9487]  do_sys_openat2+0xbc/0x1c0
[  582.572533][ T9487]  ? __pfx_do_sys_openat2+0x10/0x10
[  582.572552][ T9487]  ? ksys_write+0x230/0x260
[  582.572575][ T9487]  ? __pfx_ksys_write+0x10/0x10
[  582.572594][ T9487]  ? rcu_is_watching+0x15/0xb0
[  582.572622][ T9487]  __x64_sys_openat+0x138/0x170
[  582.572646][ T9487]  do_syscall_64+0xfa/0x3b0
[  582.572662][ T9487]  ? lockdep_hardirqs_on+0x9c/0x150
[  582.572685][ T9487]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.572703][ T9487]  ? clear_bhb_loop+0x60/0xb0
[  582.572725][ T9487]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.572742][ T9487] RIP: 0033:0x7fa3f57beba9
[  582.572759][ T9487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  582.572772][ T9487] RSP: 002b:00007fa3f3a1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  582.572791][ T9487] RAX: ffffffffffffffda RBX: 00007fa3f5a05fa0 RCX: 00007fa3f57beba9
[  582.572804][ T9487] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  582.572816][ T9487] RBP: 00007fa3f3a1e090 R08: 0000000000000000 R09: 0000000000000000
[  582.572827][ T9487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  582.572837][ T9487] R13: 00007fa3f5a06038 R14: 00007fa3f5a05fa0 R15: 00007ffd78be4008
[  582.572874][ T9487]  </TASK>
[  582.639874][ T7235] usb 3-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  582.639920][ T7235] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[  582.639945][ T7235] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  582.639970][ T7235] usb 3-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  582.640022][ T7235] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  582.640044][ T7235] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.494509][ T7235] ath6kl: Failed to submit usb control message: -71
[  583.494563][ T7235] ath6kl: unable to send the bmi data to the device: -71
[  583.494577][ T7235] ath6kl: Unable to send get target info: -71
[  583.498110][ T7235] ath6kl: Failed to init ath6kl core: -71
[  583.503034][ T7235] ath6kl_usb 3-1:4.0: probe with driver ath6kl_usb failed with error -71
[  583.951957][ T7235] usb 3-1: USB disconnect, device number 4
[  584.973301][ T9520] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  584.973329][ T9520] overlayfs: missing 'lowerdir'
[  585.287041][ T9525] block nbd0: NBD_DISCONNECT
[  585.287152][ T9525] block nbd0: Disconnected due to user request.
[  585.287167][ T9525] block nbd0: shutting down sockets
[  585.343024][ T9527] FAULT_INJECTION: forcing a failure.
[  585.343024][ T9527] name failslab, interval 1, probability 0, space 0, times 0
[  585.343056][ T9527] CPU: 1 UID: 0 PID: 9527 Comm: syz.2.891 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  585.343076][ T9527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  585.343086][ T9527] Call Trace:
[  585.343093][ T9527]  <TASK>
[  585.343101][ T9527]  dump_stack_lvl+0x189/0x250
[  585.343130][ T9527]  ? __pfx____ratelimit+0x10/0x10
[  585.343155][ T9527]  ? __pfx_dump_stack_lvl+0x10/0x10
[  585.343178][ T9527]  ? __pfx__printk+0x10/0x10
[  585.343203][ T9527]  ? __pfx___might_resched+0x10/0x10
[  585.343221][ T9527]  ? fs_reclaim_acquire+0x7d/0x100
[  585.343242][ T9527]  should_fail_ex+0x46c/0x600
[  585.343270][ T9527]  ? __alloc_skb+0x112/0x2d0
[  585.343292][ T9527]  should_failslab+0xa8/0x100
[  585.343316][ T9527]  ? __alloc_skb+0x112/0x2d0
[  585.343336][ T9527]  kmem_cache_alloc_node_noprof+0x77/0x330
[  585.343366][ T9527]  __alloc_skb+0x112/0x2d0
[  585.343393][ T9527]  netlink_sendmsg+0x5c6/0xb30
[  585.343428][ T9527]  ? __pfx_netlink_sendmsg+0x10/0x10
[  585.343459][ T9527]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  585.343476][ T9527]  ? __pfx_netlink_sendmsg+0x10/0x10
[  585.343499][ T9527]  __sock_sendmsg+0x21c/0x270
[  585.343524][ T9527]  ____sys_sendmsg+0x508/0x820
[  585.343548][ T9527]  ? __pfx_____sys_sendmsg+0x10/0x10
[  585.343575][ T9527]  ? import_iovec+0x74/0xa0
[  585.343600][ T9527]  ___sys_sendmsg+0x21f/0x2a0
[  585.343620][ T9527]  ? __pfx____sys_sendmsg+0x10/0x10
[  585.343675][ T9527]  ? __fget_files+0x2a/0x420
[  585.343696][ T9527]  ? __fget_files+0x3a6/0x420
[  585.343733][ T9527]  __x64_sys_sendmsg+0x1a1/0x260
[  585.343754][ T9527]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  585.343781][ T9527]  ? __pfx_ksys_write+0x10/0x10
[  585.343807][ T9527]  ? rcu_is_watching+0x15/0xb0
[  585.343837][ T9527]  ? do_syscall_64+0xbe/0x3b0
[  585.343857][ T9527]  do_syscall_64+0xfa/0x3b0
[  585.343872][ T9527]  ? lockdep_hardirqs_on+0x9c/0x150
[  585.343895][ T9527]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.343913][ T9527]  ? clear_bhb_loop+0x60/0xb0
[  585.343934][ T9527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.343951][ T9527] RIP: 0033:0x7f7f95c3eba9
[  585.343967][ T9527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  585.343980][ T9527] RSP: 002b:00007f7f93e9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  585.343999][ T9527] RAX: ffffffffffffffda RBX: 00007f7f95e85fa0 RCX: 00007f7f95c3eba9
[  585.344012][ T9527] RDX: 0000000000040000 RSI: 00002000000006c0 RDI: 0000000000000003
[  585.344023][ T9527] RBP: 00007f7f93e9e090 R08: 0000000000000000 R09: 0000000000000000
[  585.344034][ T9527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  585.344044][ T9527] R13: 00007f7f95e86038 R14: 00007f7f95e85fa0 R15: 00007ffc6cade2d8
[  585.344074][ T9527]  </TASK>
[  588.471670][ T9570] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  589.156483][ T9569] block nbd4: NBD_DISCONNECT
[  589.156593][ T9569] block nbd4: Disconnected due to user request.
[  589.156608][ T9569] block nbd4: shutting down sockets
[  589.366499][ T7237] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  589.439453][ T9576] FAULT_INJECTION: forcing a failure.
[  589.439453][ T9576] name failslab, interval 1, probability 0, space 0, times 0
[  589.439486][ T9576] CPU: 1 UID: 0 PID: 9576 Comm: syz.3.904 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  589.439507][ T9576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  589.439517][ T9576] Call Trace:
[  589.439524][ T9576]  <TASK>
[  589.439533][ T9576]  dump_stack_lvl+0x189/0x250
[  589.439562][ T9576]  ? __pfx____ratelimit+0x10/0x10
[  589.439589][ T9576]  ? __pfx_dump_stack_lvl+0x10/0x10
[  589.439614][ T9576]  ? __pfx__printk+0x10/0x10
[  589.439649][ T9576]  should_fail_ex+0x46c/0x600
[  589.439682][ T9576]  should_failslab+0xa8/0x100
[  589.439709][ T9576]  __kmalloc_cache_noprof+0x6e/0x320
[  589.439731][ T9576]  ? reuseport_alloc+0x13d/0x520
[  589.439760][ T9576]  ? reuseport_alloc+0x25/0x520
[  589.439780][ T9576]  reuseport_alloc+0x13d/0x520
[  589.439803][ T9576]  ? reuseport_alloc+0x25/0x520
[  589.439830][ T9576]  udp_lib_get_port+0xeee/0x1bc0
[  589.439883][ T9576]  ? __pfx_udp_lib_get_port+0x10/0x10
[  589.439903][ T9576]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  589.439932][ T9576]  ? rt_spin_unlock+0x65/0x80
[  589.439959][ T9576]  ? lock_sock_nested+0x5f/0x130
[  589.439978][ T9576]  ? udp_v4_get_port+0xb4/0x210
[  589.440003][ T9576]  __inet_bind+0x5d1/0xa90
[  589.440035][ T9576]  __sys_bind+0x2cc/0x3e0
[  589.440063][ T9576]  ? __pfx___sys_bind+0x10/0x10
[  589.440103][ T9576]  ? __pfx_ksys_write+0x10/0x10
[  589.440122][ T9576]  ? rcu_is_watching+0x15/0xb0
[  589.440159][ T9576]  __x64_sys_bind+0x7a/0x90
[  589.440184][ T9576]  do_syscall_64+0xfa/0x3b0
[  589.440200][ T9576]  ? lockdep_hardirqs_on+0x9c/0x150
[  589.440224][ T9576]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.440242][ T9576]  ? clear_bhb_loop+0x60/0xb0
[  589.440265][ T9576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.440282][ T9576] RIP: 0033:0x7f1b273eeba9
[  589.440297][ T9576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  589.440311][ T9576] RSP: 002b:00007f1b2564e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  589.440330][ T9576] RAX: ffffffffffffffda RBX: 00007f1b27635fa0 RCX: 00007f1b273eeba9
[  589.440343][ T9576] RDX: 0000000000000010 RSI: 0000200000000200 RDI: 0000000000000004
[  589.440354][ T9576] RBP: 00007f1b2564e090 R08: 0000000000000000 R09: 0000000000000000
[  589.440365][ T9576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  589.440382][ T9576] R13: 00007f1b27636038 R14: 00007f1b27635fa0 R15: 00007ffe06cc71d8
[  589.440417][ T9576]  </TASK>
[  589.518349][ T7237] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  589.518411][ T7237] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  589.520856][ T7237] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  589.520882][ T7237] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  589.520900][ T7237] usb 1-1: Product: syz
[  589.520913][ T7237] usb 1-1: Manufacturer: syz
[  589.520926][ T7237] usb 1-1: SerialNumber: syz
[  589.809999][ T9568] syz.0.903 uses obsolete (PF_INET,SOCK_PACKET)
[  590.213981][ T9580] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x5
[  591.366615][    T9] usb 1-1: USB disconnect, device number 2
[  592.987973][ T9600] program syz.3.912 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  593.494419][ T9609] =======================================================
[  593.494419][ T9609] WARNING: The mand mount option has been deprecated and
[  593.494419][ T9609]          and is ignored by this kernel. Remove the mand
[  593.494419][ T9609]          option from the mount to silence this warning.
[  593.494419][ T9609] =======================================================
[  593.541993][ T9609] ./file0: Can't open blockdev
[  594.252285][ T9605] block nbd4: shutting down sockets
[  595.396534][ T7239] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  595.556513][ T7239] usb 4-1: Using ep0 maxpacket: 8
[  595.559042][ T7239] usb 4-1: config 0 has an invalid interface number: 194 but max is 0
[  595.559067][ T7239] usb 4-1: config 0 has no interface number 0
[  595.590884][ T7239] usb 4-1: New USB device found, idVendor=0763, idProduct=1011, bcdDevice=b7.96
[  595.590913][ T7239] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.590931][ T7239] usb 4-1: Product: syz
[  595.590944][ T7239] usb 4-1: Manufacturer: syz
[  595.590957][ T7239] usb 4-1: SerialNumber: syz
[  595.654321][ T7239] usb 4-1: config 0 descriptor??
[  595.678243][    T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  595.705066][ T7239] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  595.846465][    T9] usb 2-1: Using ep0 maxpacket: 8
[  595.849668][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  595.855143][    T9] usb 2-1: config 17 has an invalid interface number: 8 but max is 1
[  595.855167][    T9] usb 2-1: config 17 has 1 interface, different from the descriptor's value: 2
[  595.855186][    T9] usb 2-1: config 17 has no interface number 0
[  595.855233][    T9] usb 2-1: config 17 interface 8 altsetting 6 endpoint 0x3 has an invalid bInterval 144, changing to 7
[  595.855258][    T9] usb 2-1: config 17 interface 8 altsetting 6 endpoint 0x3 has invalid maxpacket 57893, setting to 1024
[  595.855282][    T9] usb 2-1: config 17 interface 8 has no altsetting 0
[  596.059519][    T9] usb 2-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  596.059549][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  596.059568][    T9] usb 2-1: Product: syz
[  596.059581][    T9] usb 2-1: Manufacturer: syz
[  596.059595][    T9] usb 2-1: SerialNumber: syz
[  596.181121][ T9621] netlink: 'syz.3.919': attribute type 21 has an invalid length.
[  597.535575][    T9] usb 2-1: selecting invalid altsetting 0
[  597.535608][    T9] usb 2-1: 8:6 : no UAC_FORMAT_TYPE desc
[  597.535628][    T9] usb 2-1: selecting invalid altsetting 0
[  597.650242][ T7239] usb 4-1: USB disconnect, device number 2
[  597.769758][ T6259] udevd[6259]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.194/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  597.862843][    T9] usb 2-1: USB disconnect, device number 7
[  597.945031][ T9643] FAULT_INJECTION: forcing a failure.
[  597.945031][ T9643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  597.945064][ T9643] CPU: 0 UID: 0 PID: 9643 Comm: syz.2.927 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  597.945084][ T9643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  597.945094][ T9643] Call Trace:
[  597.945101][ T9643]  <TASK>
[  597.945109][ T9643]  dump_stack_lvl+0x189/0x250
[  597.945138][ T9643]  ? __pfx____ratelimit+0x10/0x10
[  597.945163][ T9643]  ? __pfx_dump_stack_lvl+0x10/0x10
[  597.945187][ T9643]  ? __pfx__printk+0x10/0x10
[  597.945219][ T9643]  should_fail_ex+0x46c/0x600
[  597.945249][ T9643]  _copy_from_user+0x2d/0xb0
[  597.945272][ T9643]  sctp_setsockopt+0x19f/0x1200
[  597.945298][ T9643]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  597.945323][ T9643]  do_sock_setsockopt+0x179/0x1b0
[  597.945353][ T9643]  __x64_sys_setsockopt+0x145/0x1b0
[  597.945384][ T9643]  do_syscall_64+0xfa/0x3b0
[  597.945400][ T9643]  ? lockdep_hardirqs_on+0x9c/0x150
[  597.945424][ T9643]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  597.945441][ T9643]  ? clear_bhb_loop+0x60/0xb0
[  597.945462][ T9643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  597.945478][ T9643] RIP: 0033:0x7f7f95c3eba9
[  597.945494][ T9643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  597.945508][ T9643] RSP: 002b:00007f7f93e9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  597.945527][ T9643] RAX: ffffffffffffffda RBX: 00007f7f95e85fa0 RCX: 00007f7f95c3eba9
[  597.945540][ T9643] RDX: 0000000000000064 RSI: 0000000000000084 RDI: 0000000000000003
[  597.945550][ T9643] RBP: 00007f7f93e9e090 R08: 000000000000001c R09: 0000000000000000
[  597.945561][ T9643] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  597.945572][ T9643] R13: 00007f7f95e86038 R14: 00007f7f95e85fa0 R15: 00007ffc6cade2d8
[  597.945602][ T9643]  </TASK>
[  598.648904][ T7236] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  599.009374][ T7236] usb 5-1: config 0 interface 0 has no altsetting 0
[  599.009414][ T7236] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  599.009436][ T7236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  599.020897][ T7236] usb 5-1: config 0 descriptor??
[  599.512082][ T7236] video4linux radio48: keene_cmd_main failed (-71)
[  599.512109][ T7236] radio-keene 5-1:0.0: V4L2 device registered as radio48
[  599.520905][ T7236] usb 5-1: USB disconnect, device number 4
[  601.779301][ T9673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.935'.
[  602.022059][ T9672] Bluetooth: MGMT ver 1.23
[  602.350391][ T9678] Invalid logical block size (-28425)
[  604.084570][ T9693] hub 9-0:1.0: USB hub found
[  604.093662][ T9693] hub 9-0:1.0: 1 port detected
[  604.096816][ T5842] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  605.567323][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  605.857339][ T9700] FAULT_INJECTION: forcing a failure.
[  605.857339][ T9700] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  605.857371][ T9700] CPU: 1 UID: 0 PID: 9700 Comm: syz.4.938 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  605.857392][ T9700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  605.857402][ T9700] Call Trace:
[  605.857409][ T9700]  <TASK>
[  605.857417][ T9700]  dump_stack_lvl+0x189/0x250
[  605.857443][ T9700]  ? __pfx____ratelimit+0x10/0x10
[  605.857466][ T9700]  ? __pfx_dump_stack_lvl+0x10/0x10
[  605.857489][ T9700]  ? __pfx__printk+0x10/0x10
[  605.857522][ T9700]  should_fail_ex+0x46c/0x600
[  605.857550][ T9700]  strncpy_from_user+0x36/0x290
[  605.857576][ T9700]  getname_flags+0xf3/0x540
[  605.857604][ T9700]  user_path_at+0x24/0x60
[  605.857622][ T9700]  vfs_open_tree+0x251/0x7d0
[  605.857640][ T9700]  ? fput+0xa0/0xd0
[  605.857659][ T9700]  ? __pfx_vfs_open_tree+0x10/0x10
[  605.857674][ T9700]  ? __pfx_ksys_write+0x10/0x10
[  605.857696][ T9700]  __x64_sys_open_tree+0x7d/0xf0
[  605.857717][ T9700]  do_syscall_64+0xfa/0x3b0
[  605.857732][ T9700]  ? lockdep_hardirqs_on+0x9c/0x150
[  605.857755][ T9700]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.857772][ T9700]  ? clear_bhb_loop+0x60/0xb0
[  605.857792][ T9700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.857807][ T9700] RIP: 0033:0x7f12dc6ceba9
[  605.857823][ T9700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  605.857836][ T9700] RSP: 002b:00007f12da8f4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac
[  605.857866][ T9700] RAX: ffffffffffffffda RBX: 00007f12dc916180 RCX: 00007f12dc6ceba9
[  605.857879][ T9700] RDX: 0000000000089901 RSI: 0000200000000640 RDI: ffffffffffffff9c
[  605.857890][ T9700] RBP: 00007f12da8f4090 R08: 0000000000000000 R09: 0000000000000000
[  605.857901][ T9700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  605.857917][ T9700] R13: 00007f12dc916218 R14: 00007f12dc916180 R15: 00007ffce3ab09c8
[  605.857946][ T9700]  </TASK>
[  606.316564][  T990] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  606.490808][  T990] usb 4-1: config 0 interface 0 has no altsetting 0
[  606.490849][  T990] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  606.490872][  T990] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.535546][  T990] usb 4-1: config 0 descriptor??
[  606.973031][  T990] video4linux radio48: keene_cmd_main failed (-71)
[  606.973058][  T990] radio-keene 4-1:0.0: V4L2 device registered as radio48
[  607.035455][  T990] usb 4-1: USB disconnect, device number 3
[  609.136640][ T6576] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  609.292826][ T6576] usb 3-1: New USB device found, idVendor=0547, idProduct=6801, bcdDevice=43.6f
[  609.292855][ T6576] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.292873][ T6576] usb 3-1: Product: syz
[  609.292887][ T6576] usb 3-1: Manufacturer: syz
[  609.293010][ T6576] usb 3-1: SerialNumber: syz
[  609.350821][ T6576] usb 3-1: config 0 descriptor??
[  609.365291][ T6576] gspca_main: touptek-2.14.0 probing 0547:6801
[  609.621487][ T7235] usb 3-1: USB disconnect, device number 5
[  611.115140][ T6708] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  611.220904][ T6708] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  611.222444][ T9745] netlink: 12 bytes leftover after parsing attributes in process `syz.2.954'.
[  612.656485][ T7237] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  612.813143][ T7237] usb 3-1: config 0 interface 0 has no altsetting 0
[  612.813191][ T7237] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  612.813214][ T7237] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.831012][ T7237] usb 3-1: config 0 descriptor??
[  613.038845][ T7237]  (null): keene_cmd_main failed (-71)
[  613.073511][ T7237] video4linux radio48: keene_cmd_main failed (-71)
[  613.073538][ T7237] radio-keene 3-1:0.0: V4L2 device registered as radio48
[  613.090407][ T7237] usb 3-1: USB disconnect, device number 6
[  615.195566][ T9783] hub 9-0:1.0: USB hub found
[  615.195906][ T9783] hub 9-0:1.0: 1 port detected
[  618.819291][    T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  618.969151][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  618.969193][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  618.969222][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.013951][    T9] usb 2-1: config 0 descriptor??
[  619.219330][    T9]  (null): keene_cmd_main failed (-71)
[  619.224406][    T9] video4linux radio48: keene_cmd_main failed (-71)
[  619.224431][    T9] radio-keene 2-1:0.0: V4L2 device registered as radio48
[  619.263083][    T9] usb 2-1: USB disconnect, device number 8
[  619.950994][ T9830] netlink: 4 bytes leftover after parsing attributes in process `syz.2.979'.
[  622.329619][ T9862] overlayfs: missing 'workdir'
[  623.169025][ T9859] block nbd0: shutting down sockets
[  623.754213][ T9873] block nbd3: NBD_DISCONNECT
[  623.866455][ T6708] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  624.029515][ T6708] usb 3-1: config 0 interface 0 has no altsetting 0
[  624.029557][ T6708] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  624.029580][ T6708] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  624.084377][ T6708] usb 3-1: config 0 descriptor??
[  624.322733][ T6708]  (null): keene_cmd_main failed (-71)
[  624.356502][ T6708] video4linux radio48: keene_cmd_main failed (-71)
[  624.356529][ T6708] radio-keene 3-1:0.0: V4L2 device registered as radio48
[  624.406899][ T6708] usb 3-1: USB disconnect, device number 7
[  624.432003][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  624.432079][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  627.300587][ T7236] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  627.344863][ T7236] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  628.070553][ T9911] hub 9-0:1.0: USB hub found
[  628.070900][ T9911] hub 9-0:1.0: 1 port detected
[  628.421818][ T9914] block nbd2: NBD_DISCONNECT
[  628.621100][ T6181] udevd[6181]: setting mode of /dev/hidraw0 to 020600 failed: No such file or directory
[  628.621307][ T6181] udevd[6181]: setting owner of /dev/hidraw0 to uid=0, gid=0 failed: No such file or directory
[  629.216501][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  629.366649][    T9] usb 3-1: Using ep0 maxpacket: 16
[  629.369505][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  629.371033][    T9] usb 3-1: config 1 has an invalid interface number: 206 but max is 0
[  629.371057][    T9] usb 3-1: config 1 has no interface number 0
[  629.375646][    T9] usb 3-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[  629.375673][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.375693][    T9] usb 3-1: Product: syz
[  629.375707][    T9] usb 3-1: Manufacturer: syz
[  629.375720][    T9] usb 3-1: SerialNumber: syz
[  629.661047][ T9917] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode balance-xor(2)
[  629.726801][    T9] uvcvideo 3-1:1.206: probe with driver uvcvideo failed with error -22
[  629.745739][    T9] usb 3-1: USB disconnect, device number 8
[  631.412424][ T9956] hub 9-0:1.0: USB hub found
[  631.412779][ T9956] hub 9-0:1.0: 1 port detected
[  632.378471][ T6576] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  632.437224][ T6576] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  632.440807][ T6708] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  632.444351][ T6708] hid-generic 0000:0000:0000.0005: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  633.730754][    C1] vkms_vblank_simulate: vblank timer overrun
[  634.625862][    C1] vkms_vblank_simulate: vblank timer overrun
[  634.704448][    C1] vkms_vblank_simulate: vblank timer overrun
[  635.060465][    C1] vkms_vblank_simulate: vblank timer overrun
[  635.206422][    C1] vkms_vblank_simulate: vblank timer overrun
[  635.315893][    C1] vkms_vblank_simulate: vblank timer overrun
[  635.856401][T10010] hub 9-0:1.0: USB hub found
[  635.858162][T10010] hub 9-0:1.0: 1 port detected
[  635.898841][T10012] warning: `syz.3.1027' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  636.098435][    C1] vkms_vblank_simulate: vblank timer overrun
[  636.370271][    C1] vkms_vblank_simulate: vblank timer overrun
[  636.496551][ T7236] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  636.669832][    C1] vkms_vblank_simulate: vblank timer overrun
[  636.750082][ T7236] usb 5-1: config 0 interface 0 has no altsetting 0
[  636.750125][ T7236] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  636.750150][ T7236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  636.812558][ T7236] usb 5-1: config 0 descriptor??
[  637.046252][ T7237] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  637.066119][ T7237] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  637.237644][ T7236] video4linux radio48: keene_cmd_main failed (-71)
[  637.237669][ T7236] radio-keene 5-1:0.0: V4L2 device registered as radio48
[  637.245816][ T7236] usb 5-1: USB disconnect, device number 5
[  637.628509][T10030] fido_id[10030]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  638.051589][    C1] vkms_vblank_simulate: vblank timer overrun
[  640.778680][T10061] batadv_slave_1: entered promiscuous mode
[  640.827201][T10061] netlink: 37548 bytes leftover after parsing attributes in process `syz.4.1043'.
[  641.436603][ T6708] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  641.606465][ T6708] usb 5-1: Using ep0 maxpacket: 32
[  641.609346][ T6708] usb 5-1: config 0 has an invalid interface number: 230 but max is 0
[  641.609372][ T6708] usb 5-1: config 0 has no interface number 0
[  641.609425][ T6708] usb 5-1: config 0 interface 230 has no altsetting 0
[  641.613019][ T6708] usb 5-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  641.613046][ T6708] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.613065][ T6708] usb 5-1: Product: syz
[  641.613079][ T6708] usb 5-1: Manufacturer: syz
[  641.613093][ T6708] usb 5-1: SerialNumber: syz
[  641.624838][ T6708] usb 5-1: config 0 descriptor??
[  641.639057][ T6708] ums-usbat 5-1:0.230: USB Mass Storage device detected
[  641.708319][ T6708] ums-usbat 5-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  641.877622][T10059] batadv_slave_1: left promiscuous mode
[  641.979091][ T6708] ums-usbat 5-1:0.230: probe with driver ums-usbat failed with error -5
[  642.030273][ T6708] usb 5-1: USB disconnect, device number 6
[  642.077415][T10077] block nbd0: NBD_DISCONNECT
[  642.077667][T10077] block nbd0: Disconnected due to user request.
[  642.077685][T10077] block nbd0: shutting down sockets
[  642.110209][ T6576] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  642.293761][ T6576] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  646.166925][T10128] block nbd4: NBD_DISCONNECT
[  646.167034][T10128] block nbd4: Disconnected due to user request.
[  646.167049][T10128] block nbd4: shutting down sockets
[  646.569784][T10130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1061'.
[  646.569991][T10130] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  647.628750][ T6708] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  647.656746][ T6708] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  647.837083][T10142] block nbd0: NBD_DISCONNECT
[  650.022088][ T3592] kworker/u8:14 (3592) used greatest stack depth: 12760 bytes left
[  653.056798][T10184] block nbd0: NBD_DISCONNECT
[  653.236170][T10185] kvm_pr_unimpl_wrmsr: 7 callbacks suppressed
[  653.236190][T10185] kvm: kvm [10182]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x8e01
[  653.236237][T10185] kvm: kvm [10182]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xce01
[  653.268125][T10185] kvm: kvm [10182]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1
[  653.268243][T10185] kvm: kvm [10182]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4001
[  656.892715][T10221] Invalid logical block size (-28425)
[  657.876561][ T6576] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  658.026543][ T6576] usb 3-1: Using ep0 maxpacket: 32
[  658.032172][ T6576] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 120, changing to 10
[  658.032201][ T6576] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8
[  658.032215][ T6576] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  658.034354][ T6576] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  658.034370][ T6576] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.034380][ T6576] usb 3-1: Product: М
[  658.034387][ T6576] usb 3-1: Manufacturer: ᠌
[  658.034394][ T6576] usb 3-1: SerialNumber: С
[  658.146523][  T990] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  658.388995][T10229] hub 9-0:1.0: USB hub found
[  658.389352][T10229] hub 9-0:1.0: 1 port detected
[  658.419457][  T990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.419475][  T990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  658.419488][  T990] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  658.419511][  T990] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  658.419592][  T990] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.491546][  T990] usb 2-1: config 0 descriptor??
[  659.094568][ T6576] cdc_ncm 3-1:1.0: bind() failure
[  659.194146][ T6576] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  659.194175][ T6576] cdc_ncm 3-1:1.1: bind() failure
[  659.235335][ T6576] usb 3-1: USB disconnect, device number 9
[  659.273524][  T990] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  659.408948][  T990] usb 2-1: USB disconnect, device number 9
[  659.782555][T10238] fido_id[10238]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  660.547641][T10255] block nbd0: NBD_DISCONNECT
[  660.547773][T10255] block nbd0: Disconnected due to user request.
[  660.547789][T10255] block nbd0: shutting down sockets
[  664.293829][ T7239] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  664.596450][ T7239] usb 4-1: Using ep0 maxpacket: 8
[  664.599183][ T7239] usb 4-1: config 5 has an invalid interface number: 52 but max is 1
[  664.599209][ T7239] usb 4-1: config 5 has an invalid interface number: 4 but max is 1
[  664.599227][ T7239] usb 4-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  664.599245][ T7239] usb 4-1: config 5 has no interface number 0
[  664.599260][ T7239] usb 4-1: config 5 has no interface number 1
[  664.599313][ T7239] usb 4-1: config 5 interface 52 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  664.599357][ T7239] usb 4-1: config 5 interface 4 altsetting 9 endpoint 0x5 has invalid wMaxPacketSize 0
[  664.599378][ T7239] usb 4-1: config 5 interface 4 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  664.599404][ T7239] usb 4-1: config 5 interface 52 has no altsetting 0
[  664.599422][ T7239] usb 4-1: config 5 interface 4 has no altsetting 0
[  664.602748][ T7239] usb 4-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=e2.5c
[  664.602775][ T7239] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.602794][ T7239] usb 4-1: Product: syz
[  664.602808][ T7239] usb 4-1: Manufacturer: syz
[  664.602821][ T7239] usb 4-1: SerialNumber: syz
[  665.408482][ T6708] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  665.575265][ T6708] usb 2-1: config 0 interface 0 has no altsetting 0
[  665.575308][ T6708] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  665.575331][ T6708] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.586727][ T7236] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  665.624271][ T6708] usb 2-1: config 0 descriptor??
[  665.775789][ T7236] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  666.052750][ T6708] video4linux radio48: keene_cmd_main failed (-71)
[  666.052779][ T6708] radio-keene 2-1:0.0: V4L2 device registered as radio48
[  666.090219][ T6708] usb 2-1: USB disconnect, device number 10
[  667.000191][ T7239] cytherm 4-1:5.52: Cypress thermometer device now attached
[  667.020322][ T7239] cytherm 4-1:5.4: Cypress thermometer device now attached
[  667.049337][ T7239] usb 4-1: USB disconnect, device number 4
[  667.050864][ T7239] cytherm 4-1:5.52: Cypress thermometer now disconnected
[  667.135755][ T7239] cytherm 4-1:5.4: Cypress thermometer now disconnected
[  667.400255][T10313] kvm: kvm [10311]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x8e01
[  667.400306][T10313] kvm: kvm [10311]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xce01
[  667.400407][T10313] kvm: kvm [10311]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1
[  667.400450][T10313] kvm: kvm [10311]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4001
[  669.171356][ T5842] block nbd4: Receive control failed (result -32)
[  669.190644][T10330] block nbd4: shutting down sockets
[  672.854635][ T5842] block nbd2: Receive control failed (result -32)
[  672.937654][ T6181] block nbd2: shutting down sockets
[  674.488506][T10391] block nbd4: NBD_DISCONNECT
[  674.488639][T10391] block nbd4: Disconnected due to user request.
[  674.488655][T10391] block nbd4: shutting down sockets
[  675.176825][ T9677] block nbd2: Receive control failed (result -32)
[  675.200122][T10395] block nbd2: shutting down sockets
[  675.947226][T10411] hub 9-0:1.0: USB hub found
[  675.950391][T10411] hub 9-0:1.0: 1 port detected
[  678.510221][ T9677] block nbd2: Receive control failed (result -32)
[  678.697526][T10422] block nbd2: shutting down sockets
[  679.884981][T10434] evm: overlay not supported
[  679.984617][   T37] audit: type=1804 audit(1757852555.867:2): pid=10437 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.1149" name="/newroot/237/bus/file0" dev="overlay" ino=1370 res=1 errno=0
[  679.984670][   T37] audit: type=1804 audit(1757852555.877:3): pid=10434 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.1150" name="/newroot/223/bus/file0" dev="overlay" ino=1350 res=1 errno=0
[  680.156543][ T6708] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  680.156736][ T5827] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  680.310066][ T6708] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  680.310096][ T6708] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  680.310133][ T6708] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  680.310154][ T6708] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.315483][ T5827] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  680.315511][ T5827] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  680.315549][ T5827] usb 3-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  680.315572][ T5827] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.402595][ T6708] usb 4-1: config 0 descriptor??
[  680.414398][ T5827] usb 3-1: config 0 descriptor??
[  680.630960][ T7234] usb 4-1: USB disconnect, device number 5
[  680.698254][ T7236] usb 3-1: USB disconnect, device number 10
[  681.003074][ T9677] block nbd0: Receive control failed (result -32)
[  681.007177][T10443] block nbd0: shutting down sockets
[  684.216919][T10464] block nbd0: shutting down sockets
[  685.863868][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  685.863944][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  686.586226][T10493] block nbd4: shutting down sockets
[  688.118707][T10507] kvm: kvm [10504]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xbf0000bdd1
[  688.118759][T10507] kvm: kvm [10504]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xbf0000fdd1
[  690.347903][T10527] block nbd4: shutting down sockets
[  691.110491][T10538] kvm: kvm [10536]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xbf0000bdd1
[  691.110544][T10538] kvm: kvm [10536]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xbf0000fdd1
[  691.149094][T10538] kvm: kvm [10536]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x7600006103
[  691.149149][T10538] kvm: kvm [10536]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x7600002103
[  691.149259][T10538] kvm: kvm [10536]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xb60000106b
[  691.149303][T10538] kvm: kvm [10536]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xb60000506b
[  691.149400][T10538] kvm: kvm [10536]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xb4000073aa
[  691.149445][T10538] kvm: kvm [10536]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xb4000033aa
[  691.639422][ T9677] block nbd1: Receive control failed (result -32)
[  691.650873][T10541] block nbd1: shutting down sockets
[  694.370937][   T37] audit: type=1804 audit(1757852570.367:4): pid=10574 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.1187" name="/newroot/232/bus/file0" dev="overlay" ino=1407 res=1 errno=0
[  695.112186][ T9677] Bluetooth: hci3: unexpected event for opcode 0x200f
[  697.131008][T10612] hub 9-0:1.0: USB hub found
[  697.134696][T10612] hub 9-0:1.0: 1 port detected
[  698.512786][ T6575] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  698.533647][ T6575] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  698.886002][ T7237] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  698.942801][ T7237] hid-generic 0000:0000:0000.000C: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  699.688193][   T37] audit: type=1804 audit(1757852575.687:5): pid=10637 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.1200" name="/newroot/245/bus/file0" dev="overlay" ino=1427 res=1 errno=0
[  701.793431][T10663] FAULT_INJECTION: forcing a failure.
[  701.793431][T10663] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  701.793466][T10663] CPU: 0 UID: 0 PID: 10663 Comm: syz.1.1206 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  701.793487][T10663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  701.793498][T10663] Call Trace:
[  701.793505][T10663]  <TASK>
[  701.793513][T10663]  dump_stack_lvl+0x189/0x250
[  701.793544][T10663]  ? __pfx____ratelimit+0x10/0x10
[  701.793569][T10663]  ? __pfx_dump_stack_lvl+0x10/0x10
[  701.793593][T10663]  ? __pfx__printk+0x10/0x10
[  701.793614][T10663]  ? __might_fault+0xb0/0x130
[  701.793649][T10663]  should_fail_ex+0x46c/0x600
[  701.793680][T10663]  _copy_to_iter+0x1de/0x1790
[  701.793697][T10663]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  701.793720][T10663]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  701.793739][T10663]  ? __lock_acquire+0xab9/0xd20
[  701.793773][T10663]  ? __pfx__copy_to_iter+0x10/0x10
[  701.793789][T10663]  ? anon_pipe_read+0x128/0x1040
[  701.793821][T10663]  ? __might_fault+0xb0/0x130
[  701.793845][T10663]  ? page_copy_sane+0x4e/0x280
[  701.793867][T10663]  copy_page_to_iter+0x10c/0x1c0
[  701.793897][T10663]  anon_pipe_read+0x4d7/0x1040
[  701.793919][T10663]  ? __lock_acquire+0xab9/0xd20
[  701.793969][T10663]  ? __pfx_anon_pipe_read+0x10/0x10
[  701.793998][T10663]  ? do_raw_spin_lock+0x121/0x290
[  701.794033][T10663]  vfs_read+0x560/0xa30
[  701.794064][T10663]  ? __pfx_vfs_read+0x10/0x10
[  701.794096][T10663]  ? __fget_files+0x2a/0x420
[  701.794130][T10663]  ksys_read+0x14b/0x260
[  701.794155][T10663]  ? __pfx_ksys_read+0x10/0x10
[  701.794172][T10663]  ? rcu_is_watching+0x15/0xb0
[  701.794204][T10663]  ? do_syscall_64+0xbe/0x3b0
[  701.794225][T10663]  do_syscall_64+0xfa/0x3b0
[  701.794240][T10663]  ? lockdep_hardirqs_on+0x9c/0x150
[  701.794264][T10663]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.794282][T10663]  ? clear_bhb_loop+0x60/0xb0
[  701.794304][T10663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.794322][T10663] RIP: 0033:0x7fa3f57beba9
[  701.794338][T10663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  701.794352][T10663] RSP: 002b:00007fa3f39dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  701.794372][T10663] RAX: ffffffffffffffda RBX: 00007fa3f5a06180 RCX: 00007fa3f57beba9
[  701.794386][T10663] RDX: 0000000000002020 RSI: 0000200000000980 RDI: 0000000000000005
[  701.794398][T10663] RBP: 00007fa3f39dc090 R08: 0000000000000000 R09: 0000000000000000
[  701.794409][T10663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  701.794420][T10663] R13: 00007fa3f5a06218 R14: 00007fa3f5a06180 R15: 00007ffd78be4008
[  701.794452][T10663]  </TASK>
[  701.933147][T10664] pim6reg1: entered allmulticast mode
[  702.063920][T10664] process 'syz.0.1207' launched './file0' with NULL argv: empty string added
[  703.885468][   T37] audit: type=1804 audit(1757852579.877:6): pid=10678 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.1212" name="/newroot/238/bus/file0" dev="overlay" ino=1449 res=1 errno=0
[  703.913880][ T6708] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  703.931131][ T6708] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  705.031849][T10696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1216'.
[  705.035436][T10696] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  706.305194][T10713] FAULT_INJECTION: forcing a failure.
[  706.305194][T10713] name failslab, interval 1, probability 0, space 0, times 0
[  706.305267][T10713] CPU: 0 UID: 0 PID: 10713 Comm: syz.2.1221 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  706.305289][T10713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  706.305300][T10713] Call Trace:
[  706.305308][T10713]  <TASK>
[  706.305316][T10713]  dump_stack_lvl+0x189/0x250
[  706.305344][T10713]  ? __pfx____ratelimit+0x10/0x10
[  706.305371][T10713]  ? __pfx_dump_stack_lvl+0x10/0x10
[  706.305402][T10713]  ? __pfx__printk+0x10/0x10
[  706.305428][T10713]  ? __pfx___might_resched+0x10/0x10
[  706.305446][T10713]  ? fs_reclaim_acquire+0x7d/0x100
[  706.305469][T10713]  should_fail_ex+0x46c/0x600
[  706.305498][T10713]  ? getname_flags+0xb8/0x540
[  706.305522][T10713]  should_failslab+0xa8/0x100
[  706.305546][T10713]  ? getname_flags+0xb8/0x540
[  706.305568][T10713]  kmem_cache_alloc_noprof+0x6e/0x310
[  706.305598][T10713]  getname_flags+0xb8/0x540
[  706.305621][T10713]  ? _copy_from_user+0x94/0xb0
[  706.305646][T10713]  user_path_at+0x24/0x60
[  706.305666][T10713]  __se_sys_mount+0x2d3/0x410
[  706.305688][T10713]  ? lockdep_hardirqs_on+0x9c/0x150
[  706.305718][T10713]  ? __pfx___se_sys_mount+0x10/0x10
[  706.305749][T10713]  ? __x64_sys_mount+0x20/0xc0
[  706.305775][T10713]  do_syscall_64+0xfa/0x3b0
[  706.305793][T10713]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  706.305811][T10713]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  706.305827][T10713]  ? clear_bhb_loop+0x60/0xb0
[  706.305849][T10713]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  706.305867][T10713] RIP: 0033:0x7f7f95c3eba9
[  706.305883][T10713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  706.305897][T10713] RSP: 002b:00007f7f93e5c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  706.305917][T10713] RAX: ffffffffffffffda RBX: 00007f7f95e86180 RCX: 00007f7f95c3eba9
[  706.305931][T10713] RDX: 0000200000000040 RSI: 0000200000000080 RDI: 0000000000000000
[  706.305943][T10713] RBP: 00007f7f93e5c090 R08: 0000000000000000 R09: 0000000000000000
[  706.305954][T10713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  706.305965][T10713] R13: 00007f7f95e86218 R14: 00007f7f95e86180 R15: 00007ffc6cade2d8
[  706.305997][T10713]  </TASK>
[  709.329765][   T37] audit: type=1804 audit(1757852585.317:7): pid=10733 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.1226" name="/newroot/252/bus/file0" dev="overlay" ino=1476 res=1 errno=0
[  709.607029][ T6575] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  709.780572][ T6575] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  709.780603][ T6575] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  709.780642][ T6575] usb 3-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  709.780663][ T6575] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.794356][ T6575] usb 3-1: config 0 descriptor??
[  710.003984][ T6575] usb 3-1: USB disconnect, device number 11
[  710.640092][T10752] hub 9-0:1.0: USB hub found
[  710.640451][T10752] hub 9-0:1.0: 1 port detected
[  711.338364][T10754] batadv_slave_1: entered promiscuous mode
[  711.439217][T10754] netlink: 37548 bytes leftover after parsing attributes in process `syz.4.1232'.
[  711.756511][ T7237] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  712.226786][ T7237] usb 5-1: Using ep0 maxpacket: 32
[  713.014084][ T7237] usb 5-1: config 0 has an invalid interface number: 230 but max is 0
[  713.014113][ T7237] usb 5-1: config 0 has no interface number 0
[  713.014165][ T7237] usb 5-1: config 0 interface 230 has no altsetting 0
[  713.060644][ T7237] usb 5-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  713.060675][ T7237] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.060695][ T7237] usb 5-1: Product: syz
[  713.060718][ T7237] usb 5-1: Manufacturer: syz
[  713.060732][ T7237] usb 5-1: SerialNumber: syz
[  713.102002][ T7237] usb 5-1: config 0 descriptor??
[  713.115593][ T7237] ums-usbat 5-1:0.230: USB Mass Storage device detected
[  713.181348][ T7237] ums-usbat 5-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  713.326971][T10753] batadv_slave_1: left promiscuous mode
[  713.411279][ T7237] ums-usbat 5-1:0.230: probe with driver ums-usbat failed with error -5
[  713.443913][ T7237] usb 5-1: USB disconnect, device number 7
[  715.726768][ T7237] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  715.868543][ T6708] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  715.896506][ T7237] usb 4-1: Using ep0 maxpacket: 8
[  715.924834][ T7237] usb 4-1: too many configurations: 128, using maximum allowed: 8
[  715.982191][ T7237] usb 4-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  715.982221][ T7237] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[  715.982242][ T7237] usb 4-1: Product: syz
[  715.982256][ T7237] usb 4-1: Manufacturer: syz
[  716.017197][ T6708] usb 5-1: Using ep0 maxpacket: 8
[  716.021280][ T6708] usb 5-1: config index 0 descriptor too short (expected 6427, got 27)
[  716.021306][ T6708] usb 5-1: config 0 has an invalid interface number: 21 but max is 0
[  716.021326][ T6708] usb 5-1: config 0 has no interface number 0
[  716.021375][ T6708] usb 5-1: config 0 interface 21 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  716.025641][ T6708] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  716.025669][ T6708] usb 5-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0
[  716.025688][ T6708] usb 5-1: Product: syz
[  716.025702][ T6708] usb 5-1: Manufacturer: syz
[  716.068871][ T6708] usb 5-1: config 0 descriptor??
[  716.106836][ T7237] usb 4-1: config 0 descriptor??
[  716.115682][ T7237] gspca_main: 2770:9120 too many config
[  716.317181][ T6708] usb 5-1: USB disconnect, device number 8
[  716.363371][    T9] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  716.412315][    T9] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  716.547144][ T7237] usb 4-1: USB disconnect, device number 6
[  716.709525][T10805] fido_id[10805]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  716.853982][T10810] hub 9-0:1.0: USB hub found
[  716.854350][T10810] hub 9-0:1.0: 1 port detected
[  717.980926][T10829] hub 9-0:1.0: USB hub found
[  717.984948][T10829] hub 9-0:1.0: 1 port detected
[  721.809310][T10476] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  721.867980][T10476] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  722.549704][T10857] fido_id[10857]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  724.946167][T10885] hub 9-0:1.0: USB hub found
[  724.946575][T10885] hub 9-0:1.0: 1 port detected
[  726.157605][ T7237] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  726.312575][ T7237] usb 2-1: device descriptor read/64, error -71
[  726.546475][ T7237] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  726.677982][ T7237] usb 2-1: device descriptor read/64, error -71
[  726.787367][ T7237] usb usb2-port1: attempt power cycle
[  726.844858][T10894] block nbd2: NBD_DISCONNECT
[  726.870859][T10894] block nbd2: Disconnected due to user request.
[  726.876330][T10894] block nbd2: shutting down sockets
[  727.076635][ T6576] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  727.166545][ T7237] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  727.189236][ T7237] usb 2-1: device descriptor read/8, error -71
[  727.240736][ T6576] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  727.240762][ T6576] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  727.240814][ T6576] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  727.240837][ T6576] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.299821][ T6576] usb 5-1: config 0 descriptor??
[  727.326582][ T6576] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  727.326932][ T6576] dvb-usb: bulk message failed: -22 (3/0)
[  727.359131][ T6576] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  727.361897][ T6576] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  727.361981][ T6576] usb 5-1: media controller created
[  727.399127][ T6576] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  727.447741][ T7237] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  727.550789][ T6576] dvb-usb: bulk message failed: -22 (6/0)
[  727.550926][ T6576] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  727.581085][ T6576] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input5
[  728.698331][ T7237] usb 2-1: device descriptor read/8, error -71
[  728.707747][ T6576] dvb-usb: schedule remote query interval to 150 msecs.
[  728.707769][ T6576] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  728.806936][ T7237] usb usb2-port1: unable to enumerate USB device
[  728.869872][T10476] dvb-usb: bulk message failed: -22 (1/0)
[  728.869921][T10476] dvb-usb: error while querying for an remote control event.
[  729.061870][T10476] dvb-usb: bulk message failed: -22 (1/0)
[  729.061894][T10476] dvb-usb: error while querying for an remote control event.
[  729.226544][T10476] dvb-usb: bulk message failed: -22 (1/0)
[  729.226575][T10476] dvb-usb: error while querying for an remote control event.
[  729.359510][T10900] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  729.360164][T10900] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  729.396482][ T7237] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  729.396564][T10476] dvb-usb: bulk message failed: -22 (1/0)
[  729.396590][T10476] dvb-usb: error while querying for an remote control event.
[  729.399612][ T7239] usb 5-1: USB disconnect, device number 9
[  729.556445][ T7237] usb 2-1: Using ep0 maxpacket: 8
[  729.566051][ T7237] usb 2-1: config index 0 descriptor too short (expected 6427, got 27)
[  729.566078][ T7237] usb 2-1: config 0 has an invalid interface number: 21 but max is 0
[  729.566098][ T7237] usb 2-1: config 0 has no interface number 0
[  729.566143][ T7237] usb 2-1: config 0 interface 21 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  729.572926][ T7237] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  729.572956][ T7237] usb 2-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0
[  729.572977][ T7237] usb 2-1: Product: syz
[  729.572991][ T7237] usb 2-1: Manufacturer: syz
[  729.598779][ T7237] usb 2-1: config 0 descriptor??
[  729.785971][T10918] block nbd3: NBD_DISCONNECT
[  729.786071][T10918] block nbd3: Disconnected due to user request.
[  729.786086][T10918] block nbd3: shutting down sockets
[  729.904537][ T7237] usb 2-1: USB disconnect, device number 15
[  729.951950][ T7239] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  731.886801][T10936] hub 9-0:1.0: USB hub found
[  731.889160][T10936] hub 9-0:1.0: 1 port detected
[  733.100525][T10476] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[  733.136851][T10476] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  733.510771][ T7239] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  733.656523][ T7239] usb 5-1: device descriptor read/64, error -71
[  733.896608][ T7239] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  733.977573][T10955] batadv_slave_1: entered promiscuous mode
[  734.000418][T10955] netlink: 37548 bytes leftover after parsing attributes in process `syz.2.1284'.
[  734.026530][ T7239] usb 5-1: device descriptor read/64, error -71
[  734.136945][ T7239] usb usb5-port1: attempt power cycle
[  734.236612][ T7237] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  734.386463][ T7237] usb 3-1: Using ep0 maxpacket: 32
[  734.389299][ T7237] usb 3-1: config 0 has an invalid interface number: 230 but max is 0
[  734.389324][ T7237] usb 3-1: config 0 has no interface number 0
[  734.389372][ T7237] usb 3-1: config 0 interface 230 has no altsetting 0
[  734.392462][ T7237] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  734.392490][ T7237] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  734.392510][ T7237] usb 3-1: Product: syz
[  734.392525][ T7237] usb 3-1: Manufacturer: syz
[  734.392539][ T7237] usb 3-1: SerialNumber: syz
[  734.408517][ T7237] usb 3-1: config 0 descriptor??
[  734.438179][ T7237] ums-usbat 3-1:0.230: USB Mass Storage device detected
[  734.476574][ T7239] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  734.481996][ T7237] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  734.497773][ T7239] usb 5-1: device descriptor read/8, error -71
[  734.642276][T10954] batadv_slave_1: left promiscuous mode
[  734.746543][ T7239] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  734.771083][ T7239] usb 5-1: device descriptor read/8, error -71
[  734.843737][ T7237] ums-usbat 3-1:0.230: probe with driver ums-usbat failed with error -5
[  734.880603][ T7239] usb usb5-port1: unable to enumerate USB device
[  735.137878][ T7237] usb 3-1: USB disconnect, device number 12
[  736.125629][ T6575] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  736.146866][ T6575] hid-generic 0000:0000:0000.0011: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  736.226629][T10476] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  736.366612][T10476] usb 2-1: device descriptor read/64, error -71
[  736.456731][ T6575] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  736.616573][ T6575] usb 5-1: Using ep0 maxpacket: 8
[  736.616747][T10476] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  736.634409][ T6575] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  736.634464][ T6575] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  736.634486][ T6575] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  736.648725][ T6575] usb 5-1: config 0 descriptor??
[  736.677152][ T6575] gspca_main: vc032x-2.14.0 probing 046d:0892
[  736.786878][T10476] usb 2-1: device descriptor read/64, error -71
[  736.900789][T10476] usb usb2-port1: attempt power cycle
[  737.084955][ T6575] gspca_vc032x: reg_w err -71
[  737.085062][ T6575] vc032x 5-1:0.0: probe with driver vc032x failed with error -71
[  737.111440][ T6575] usb 5-1: USB disconnect, device number 14
[  738.106655][T10476] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  738.141905][T10476] usb 2-1: device descriptor read/8, error -71
[  738.386507][T10476] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  738.406672][    T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  738.416484][T10476] usb 2-1: device descriptor read/8, error -71
[  738.537183][T10476] usb usb2-port1: unable to enumerate USB device
[  738.589469][    T9] usb 3-1: config 0 has an invalid interface number: 241 but max is 0
[  738.589498][    T9] usb 3-1: config 0 has no interface number 0
[  738.595618][    T9] usb 3-1: New USB device found, idVendor=ea6a, idProduct=daa1, bcdDevice=f1.60
[  738.595649][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  738.595671][    T9] usb 3-1: Product: syz
[  738.595685][    T9] usb 3-1: Manufacturer: syz
[  738.595698][    T9] usb 3-1: SerialNumber: syz
[  738.620880][    T9] usb 3-1: config 0 descriptor??
[  738.646284][    T9] usb 3-1: bad CDC descriptors
[  738.981033][ T7237] usb 3-1: USB disconnect, device number 13
[  739.196126][ T7237] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[  739.233562][ T7237] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  741.506558][    T9] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  741.688677][    T9] usb 3-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  741.688725][    T9] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[  741.688751][    T9] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  741.688777][    T9] usb 3-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  741.688825][    T9] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  741.688848][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  742.913241][    T9] ath6kl: Failed to submit usb control message: -110
[  742.913291][    T9] ath6kl: unable to send the bmi data to the device: -110
[  742.913305][    T9] ath6kl: Unable to send get target info: -110
[  743.779415][    T9] ath6kl: Failed to init ath6kl core: -110
[  743.780726][    T9] ath6kl_usb 3-1:4.0: probe with driver ath6kl_usb failed with error -110
[  743.832168][    T9] usb 3-1: USB disconnect, device number 14
[  745.239170][ T7234] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  745.387577][ T7234] usb 3-1: device descriptor read/64, error -71
[  745.581869][T11046] hub 9-0:1.0: USB hub found
[  745.605463][T11046] hub 9-0:1.0: 1 port detected
[  745.697192][ T7234] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  746.076466][ T7234] usb 3-1: device descriptor read/64, error -71
[  746.186954][ T7234] usb usb3-port1: attempt power cycle
[  746.566579][ T7234] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  746.587612][ T7234] usb 3-1: device descriptor read/8, error -71
[  746.836543][ T7234] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  746.914704][ T7234] usb 3-1: device descriptor read/8, error -71
[  746.921484][T11056] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1310'.
[  746.921588][T11056] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  747.076483][ T7234] usb usb3-port1: unable to enumerate USB device
[  747.304309][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  747.304356][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  747.642989][ T7237] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  747.674925][ T7237] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  748.240041][T11071] kvm_pr_unimpl_wrmsr: 128 callbacks suppressed
[  748.240061][T11071] kvm: kvm [11070]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x8e01
[  748.240107][T11071] kvm: kvm [11070]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xce01
[  748.240215][T11071] kvm: kvm [11070]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1
[  748.240257][T11071] kvm: kvm [11070]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4001
[  748.671691][T11077] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1315'.
[  750.819058][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  750.853773][ T9677] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  753.555723][T11126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1327'.
[  753.923281][T11127] kvm: kvm [11123]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  753.925809][T11127] kvm: kvm [11123]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xeca6
[  753.925855][T11127] kvm: kvm [11123]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xaca6
[  753.947875][T11127] kvm: kvm [11123]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0xbc37
[  753.947926][T11127] kvm: kvm [11123]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0xfc37
[  753.977033][T11127] kvm: kvm [11123]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xb6c7
[  753.977087][T11127] kvm: kvm [11123]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0xf6c7
[  753.977233][T11127] kvm: kvm [11123]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4000
[  753.977608][T11127] kvm: kvm [11123]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[  753.978066][T11127] kvm: kvm [11123]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4000
[  755.696903][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  755.696976][ T9677] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  755.969574][T11146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1333'.
[  758.481642][T11177] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1342'.
[  760.576498][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  760.576582][ T9677] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  761.899478][T11195] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1346'.
[  761.899661][T11195] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  765.539604][T11236] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1357'.
[  767.696594][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  767.696660][ T9677] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  773.386955][T11302] block nbd3: NBD_DISCONNECT
[  773.386982][T11302] block nbd3: Send disconnect failed -32
[  773.387013][T11302] block nbd3: Disconnected due to user request.
[  773.387027][T11302] block nbd3: shutting down sockets
[  774.583694][T11314] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1375'.
[  776.736499][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  776.989467][ T9677] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  777.726778][T11331] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1380'.
[  777.736624][T11331] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  778.143447][T11341] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1383'.
[  778.291146][T11342] hub 9-0:1.0: USB hub found
[  778.295652][T11342] hub 9-0:1.0: 1 port detected
[  778.932116][T11341] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  779.687246][T11351] block nbd1: NBD_DISCONNECT
[  779.687636][T11351] block nbd1: Disconnected due to user request.
[  779.687653][T11351] block nbd1: shutting down sockets
[  780.008323][T11362] batadv_slave_1: entered promiscuous mode
[  780.092659][T11365] netlink: 93564 bytes leftover after parsing attributes in process `syz.1.1390'.
[  780.093519][T11365] batadv_slave_1: left promiscuous mode
[  780.369029][ T7236] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  780.526497][ T7236] usb 2-1: Using ep0 maxpacket: 32
[  780.528890][ T7236] usb 2-1: config 0 has an invalid interface number: 230 but max is 0
[  780.528914][ T7236] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  780.528934][ T7236] usb 2-1: config 0 has no interface number 0
[  780.528977][ T7236] usb 2-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid wMaxPacketSize 0
[  780.528999][ T7236] usb 2-1: config 0 interface 230 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 0
[  780.529022][ T7236] usb 2-1: config 0 interface 230 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  780.529048][ T7236] usb 2-1: config 0 interface 230 has no altsetting 0
[  780.534295][ T7236] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  780.534321][ T7236] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.534339][ T7236] usb 2-1: Product: syz
[  780.534352][ T7236] usb 2-1: Manufacturer: syz
[  780.534366][ T7236] usb 2-1: SerialNumber: syz
[  780.648066][ T7236] usb 2-1: config 0 descriptor??
[  780.655106][ T7236] ums-usbat 2-1:0.230: USB Mass Storage device detected
[  780.694904][ T7236] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  780.912189][    T9] usb 2-1: USB disconnect, device number 20
[  783.206962][ T5922] hid-generic 0000:0000:0000.0014: unknown main item tag 0x0
[  783.210833][ T5922] hid-generic 0000:0000:0000.0014: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  783.613767][T11381] fido_id[11381]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  783.906943][T11389] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1396'.
[  783.907057][T11389] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  785.716764][T11401] block nbd3: NBD_DISCONNECT
[  785.720764][T11401] block nbd3: Disconnected due to user request.
[  785.722311][T11401] block nbd3: shutting down sockets
[  787.366769][T11423] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1405'.
[  788.100134][ T5907] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0
[  788.125702][ T5907] hid-generic 0000:0000:0000.0015: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  788.390961][T11439] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1411'.
[  788.394204][T11439] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  788.562140][T11440] kvm_pr_unimpl_wrmsr: 24 callbacks suppressed
[  788.562161][T11440] kvm: kvm [11436]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x7100006a86
[  794.027221][T11494] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1426'.
[  796.627712][ T5842] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  796.658370][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  797.216583][ T7237] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  797.467278][ T7237] usb 4-1: Using ep0 maxpacket: 16
[  797.828330][ T7237] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  797.828356][ T7237] usb 4-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config
[  797.828376][ T7237] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  797.828397][ T7237] usb 4-1: config 1 has no interface number 1
[  797.828443][ T7237] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  797.828485][ T7237] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 640, setting to 64
[  797.906628][ T7237] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  797.906658][ T7237] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  797.906678][ T7237] usb 4-1: Product: syz
[  797.906693][ T7237] usb 4-1: Manufacturer: syz
[  797.906707][ T7237] usb 4-1: SerialNumber: syz
[  797.916866][ T7239] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0
[  797.996615][ T7239] hid-generic 0000:0000:0000.0016: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  798.213767][T11513] 9pnet: p9_errstr2errno: server reported unknown error �@c�F	S����
[  798.403960][ T7237] usb 4-1: USB disconnect, device number 7
[  798.777274][T11528] hub 9-0:1.0: USB hub found
[  798.777639][T11528] hub 9-0:1.0: 1 port detected
[  799.512318][ T6258] udevd[6258]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  800.367778][ T7236] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  800.536725][ T7236] usb 4-1: Using ep0 maxpacket: 8
[  800.540015][ T7236] usb 4-1: unable to read config index 0 descriptor/start: -61
[  800.540051][ T7236] usb 4-1: can't read configurations, error -61
[  800.802874][ T7236] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  800.976591][ T7236] usb 4-1: Using ep0 maxpacket: 8
[  800.994522][ T7236] usb 4-1: unable to read config index 0 descriptor/start: -61
[  800.994570][ T7236] usb 4-1: can't read configurations, error -61
[  800.995004][ T7236] usb usb4-port1: attempt power cycle
[  802.236741][ T7236] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  802.372798][ T7236] usb 4-1: Using ep0 maxpacket: 8
[  802.393139][ T7236] usb 4-1: unable to read config index 0 descriptor/start: -61
[  802.393178][ T7236] usb 4-1: can't read configurations, error -61
[  802.536439][ T7236] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  802.559190][ T7236] usb 4-1: Using ep0 maxpacket: 8
[  802.562185][ T7236] usb 4-1: unable to read config index 0 descriptor/start: -61
[  802.562221][ T7236] usb 4-1: can't read configurations, error -61
[  802.565108][ T7236] usb usb4-port1: unable to enumerate USB device
[  804.068606][T11566] hub 9-0:1.0: USB hub found
[  804.068983][T11566] hub 9-0:1.0: 1 port detected
[  807.022252][ T7238] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  807.358262][ T7238] usb 4-1: device not accepting address 12, error -71
[  808.752394][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  808.752477][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  808.777720][ T7237] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  808.931871][ T7237] usb 3-1: unable to get BOS descriptor or descriptor too short
[  808.936217][ T7237] usb 3-1: config 11 has an invalid interface number: 79 but max is 0
[  808.936243][ T7237] usb 3-1: config 11 has no interface number 0
[  808.936289][ T7237] usb 3-1: config 11 interface 79 has no altsetting 0
[  808.971370][ T7237] usb 3-1: string descriptor 0 read error: -22
[  808.971519][ T7237] usb 3-1: New USB device found, idVendor=0424, idProduct=9906, bcdDevice=f0.06
[  808.971543][ T7237] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  809.019986][ T7237] smsc95xx v2.0.0
[  809.020009][ T7237] smsc95xx 3-1:11.79 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  809.020263][ T7237] smsc95xx 3-1:11.79: probe with driver smsc95xx failed with error -22
[  811.009507][ T7238] usb 3-1: USB disconnect, device number 19
[  813.455634][T11635] hub 9-0:1.0: USB hub found
[  813.460282][T11635] hub 9-0:1.0: 1 port detected
[  822.160671][T11713] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1483'.
[  822.160851][T11713] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  823.875845][T11723] block nbd3: NBD_DISCONNECT
[  823.875970][T11723] block nbd3: Disconnected due to user request.
[  823.875986][T11723] block nbd3: shutting down sockets
[  824.037485][T11722] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1487'.
[  824.040951][T11722] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  824.790355][   T37] audit: type=1804 audit(1757852700.787:8): pid=11729 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.1488" name="/newroot/282/bus/file0" dev="overlay" ino=1671 res=1 errno=0
[  824.846518][ T7239] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  824.996603][ T7239] usb 4-1: Using ep0 maxpacket: 8
[  824.999766][ T7239] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[  824.999793][ T7239] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  824.999814][ T7239] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  824.999833][ T7239] usb 4-1: config 0 has no interface number 0
[  824.999864][ T7239] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  824.999904][ T7239] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  824.999931][ T7239] usb 4-1: config 0 interface 255 has no altsetting 0
[  825.002450][ T7239] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  825.002492][ T7239] usb 4-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0
[  825.002512][ T7239] usb 4-1: Product: syz
[  825.002526][ T7239] usb 4-1: Manufacturer: syz
[  825.146153][ T7239] usb 4-1: config 0 descriptor??
[  825.165679][ T7236] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  825.319159][ T7236] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  825.319188][ T7236] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  825.319226][ T7236] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  825.319249][ T7236] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  825.426313][ T7236] usb 2-1: config 0 descriptor??
[  825.497737][ T7239] usb 4-1: USB disconnect, device number 14
[  825.702918][ T7236] usb 2-1: USB disconnect, device number 21
[  826.947510][T11753] tmpfs: Unknown parameter '00000000000000000000004';p�l܏Ƀ>q羿c�F-L��E%�Eͭ��W�X�ɫ`�p��1+���(BS��C���I�'
[  827.109135][T11753] IPVS: length: 1132164854 != 108687826008
[  827.366191][T11759] block nbd1: NBD_DISCONNECT
[  827.366298][T11759] block nbd1: Disconnected due to user request.
[  827.366313][T11759] block nbd1: shutting down sockets
[  829.256880][T11767] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1500'.
[  829.277123][T11767] ipvlan2: entered promiscuous mode
[  830.626042][T11782] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1501'.
[  830.626240][T11782] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  831.387566][T11795] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1506'.
[  831.982297][T11802] hub 9-0:1.0: USB hub found
[  831.991127][T11802] hub 9-0:1.0: 1 port detected
[  833.536518][ T9677] Bluetooth: hci2: command 0x0406 tx timeout
[  833.536599][ T5842] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  833.848855][T11588] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  833.996500][T11588] usb 5-1: Using ep0 maxpacket: 8
[  834.001457][T11588] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  834.001513][T11588] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  834.001536][T11588] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  834.065417][T11588] usb 5-1: config 0 descriptor??
[  834.105904][T11588] gspca_main: vc032x-2.14.0 probing 046d:0892
[  834.298712][T11588] gspca_vc032x: reg_r err -71
[  834.298808][T11588] vc032x 5-1:0.0: probe with driver vc032x failed with error -71
[  834.339994][T11588] usb 5-1: USB disconnect, device number 15
[  836.038640][T11817] kvm: kvm [11816]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[  836.112466][T11817] kvm: kvm [11816]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[  836.114583][T11817] kvm: kvm [11816]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4000
[  837.277626][T11835] batadv_slave_1: entered promiscuous mode
[  838.800173][ T7234] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  839.186435][ T7234] usb 4-1: Using ep0 maxpacket: 32
[  839.188877][ T7234] usb 4-1: config 0 has an invalid interface number: 230 but max is 0
[  839.188904][ T7234] usb 4-1: config 0 has no interface number 0
[  839.188952][ T7234] usb 4-1: config 0 interface 230 has no altsetting 0
[  839.193086][ T7234] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  839.193114][ T7234] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  839.193133][ T7234] usb 4-1: Product: syz
[  839.193147][ T7234] usb 4-1: Manufacturer: syz
[  839.193162][ T7234] usb 4-1: SerialNumber: syz
[  839.200068][ T7234] usb 4-1: config 0 descriptor??
[  839.277254][ T7234] ums-usbat 4-1:0.230: USB Mass Storage device detected
[  839.294703][ T7234] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  839.442706][T11834] batadv_slave_1: left promiscuous mode
[  839.515398][ T7234] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5
[  839.538766][ T7234] usb 4-1: USB disconnect, device number 15
[  841.811939][   T37] audit: type=1804 audit(1757852717.797:9): pid=11880 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.1532" name="/newroot/315/bus/file0" dev="overlay" ino=1839 res=1 errno=0
[  842.676216][T11889] kvm: kvm [11887]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x4002
[  842.676269][T11889] kvm: kvm [11887]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x2
[  842.689728][T11889] kvm: kvm [11887]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80
[  842.689782][T11889] kvm: kvm [11887]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0x4080
[  842.694321][T11889] kvm: kvm [11887]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x2
[  842.694367][T11889] kvm: kvm [11887]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4002
[  842.715183][T11889] kvm: kvm [11887]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x2
[  842.715237][T11889] kvm: kvm [11887]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4002
[  842.820824][T11889] kvm: kvm [11887]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x2
[  842.820877][T11889] kvm: kvm [11887]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4002
[  845.025494][T11911] batadv_slave_1: entered promiscuous mode
[  845.135449][T11911] netlink: 37548 bytes leftover after parsing attributes in process `syz.4.1540'.
[  845.886616][ T7238] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  846.077145][ T7238] usb 5-1: Using ep0 maxpacket: 32
[  846.079666][ T7238] usb 5-1: config 0 has an invalid interface number: 230 but max is 0
[  846.079691][ T7238] usb 5-1: config 0 has no interface number 0
[  846.079743][ T7238] usb 5-1: config 0 interface 230 has no altsetting 0
[  846.118469][ T7238] usb 5-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  846.118500][ T7238] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.118519][ T7238] usb 5-1: Product: syz
[  846.118534][ T7238] usb 5-1: Manufacturer: syz
[  846.118548][ T7238] usb 5-1: SerialNumber: syz
[  846.183302][ T7238] usb 5-1: config 0 descriptor??
[  846.226583][ T7238] ums-usbat 5-1:0.230: USB Mass Storage device detected
[  846.245619][ T7238] ums-usbat 5-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  846.518264][T11910] batadv_slave_1: left promiscuous mode
[  846.756524][ T7238] ums-usbat 5-1:0.230: probe with driver ums-usbat failed with error -5
[  846.769964][ T7238] usb 5-1: USB disconnect, device number 16
[  849.653262][T11588] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0
[  849.841185][T11588] hid-generic 0000:0000:0000.0017: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  850.291713][T11970] fido_id[11970]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  850.651070][T11972] kvm_pr_unimpl_wrmsr: 40 callbacks suppressed
[  850.651090][T11972] kvm: kvm [11971]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  850.655607][T11972] kvm: kvm [11971]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  853.273262][T12008] vlan2: entered promiscuous mode
[  853.273286][T12008] team0: entered promiscuous mode
[  853.273299][T12008] team_slave_0: entered promiscuous mode
[  853.273566][T12008] team_slave_1: entered promiscuous mode
[  853.274026][T12008] vlan2: entered allmulticast mode
[  853.274040][T12008] team0: entered allmulticast mode
[  853.274052][T12008] team_slave_0: entered allmulticast mode
[  853.274072][T12008] team_slave_1: entered allmulticast mode
[  854.932745][T11588] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  854.955797][T11588] hid-generic 0000:0000:0000.0018: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  855.984080][ T6575] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  856.036760][ T6575] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  856.259277][T12030] fido_id[12030]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  856.648268][T12040] netlink: 'syz.1.1574': attribute type 10 has an invalid length.
[  856.654091][T12040] bridge0: port 2(bridge_slave_1) entered disabled state
[  856.654726][T12040] bridge0: port 1(bridge_slave_0) entered disabled state
[  857.658863][T12040] bridge0: port 2(bridge_slave_1) entered blocking state
[  857.659042][T12040] bridge0: port 2(bridge_slave_1) entered forwarding state
[  857.662004][T12040] bridge0: port 1(bridge_slave_0) entered blocking state
[  857.662213][T12040] bridge0: port 1(bridge_slave_0) entered forwarding state
[  857.804001][T12040] bridge0: entered promiscuous mode
[  857.804172][T12040] bridge0: entered allmulticast mode
[  857.805616][T12040] team0: Port device bridge0 added
[  857.850581][T12038] fido_id[12038]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  858.037182][ T7238] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  858.187061][ T7238] usb 2-1: Using ep0 maxpacket: 32
[  858.191551][ T7238] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  858.191577][ T7238] usb 2-1: config 0 has no interface number 0
[  858.191626][ T7238] usb 2-1: config 0 interface 184 has no altsetting 0
[  858.195786][ T7238] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  858.195814][ T7238] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  858.195835][ T7238] usb 2-1: Product: syz
[  858.195850][ T7238] usb 2-1: Manufacturer: syz
[  858.195864][ T7238] usb 2-1: SerialNumber: syz
[  858.234704][T12048] kvm: kvm [12046]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  858.263081][T12048] kvm: kvm [12046]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  858.289647][ T7238] usb 2-1: config 0 descriptor??
[  858.293857][ T7238] smsc75xx v1.0.0
[  859.630238][ T7238] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  859.949308][T12066] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  860.107626][ T1181] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  860.112086][ T1181] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  860.112127][ T1181] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  860.112151][ T1181] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  860.773507][T12071] batadv_slave_1: entered promiscuous mode
[  860.884385][T12072] netlink: 93596 bytes leftover after parsing attributes in process `syz.2.1583'.
[  861.147070][ T7239] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  861.306703][T12040] Bluetooth: hci2: Opcode 0x0401 failed: -4
[  861.562085][T12079] hub 9-0:1.0: USB hub found
[  861.566302][T12079] hub 9-0:1.0: 1 port detected
[  862.366504][ T7239] usb 3-1: Using ep0 maxpacket: 32
[  862.391005][ T7238] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  862.391162][ T7238] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  862.391182][ T7238] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  862.391364][ T7239] usb 3-1: config 0 has an invalid interface number: 230 but max is 0
[  862.391385][ T7239] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  862.391403][ T7239] usb 3-1: config 0 has no interface number 0
[  862.391448][ T7239] usb 3-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid wMaxPacketSize 0
[  862.391469][ T7239] usb 3-1: config 0 interface 230 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 0
[  862.391491][ T7239] usb 3-1: config 0 interface 230 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  862.391516][ T7239] usb 3-1: config 0 interface 230 has no altsetting 0
[  862.391689][ T7238] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  862.392597][ T7238] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71
[  862.405131][ T7239] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  862.405160][ T7239] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  862.405179][ T7239] usb 3-1: Product: syz
[  862.405193][ T7239] usb 3-1: Manufacturer: syz
[  862.405206][ T7239] usb 3-1: SerialNumber: syz
[  862.406490][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  862.413092][ T7239] usb 3-1: config 0 descriptor??
[  862.413436][ T7238] usb 2-1: USB disconnect, device number 22
[  862.423765][ T7239] ums-usbat 3-1:0.230: USB Mass Storage device detected
[  863.040151][ T7239] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  863.132840][T12070] batadv_slave_1: left promiscuous mode
[  864.921166][ T7239] usb 3-1: USB disconnect, device number 20
[  867.066949][T12129] hub 9-0:1.0: USB hub found
[  867.087036][T12129] hub 9-0:1.0: 1 port detected
[  870.765546][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  870.765617][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  870.876744][T12150] block nbd2: NBD_DISCONNECT
[  870.879041][T12150] block nbd2: Disconnected due to user request.
[  870.880047][T12150] block nbd2: shutting down sockets
[  870.896566][ T7234] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  871.046444][ T7234] usb 5-1: Using ep0 maxpacket: 8
[  871.049018][ T7234] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  871.049075][ T7234] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  871.049098][ T7234] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  871.095858][T12164] netlink: 'syz.0.1609': attribute type 10 has an invalid length.
[  871.108260][ T7234] usb 5-1: config 0 descriptor??
[  871.111835][T12164] bridge0: port 2(bridge_slave_1) entered disabled state
[  871.112290][T12164] bridge0: port 1(bridge_slave_0) entered disabled state
[  871.158953][ T7234] gspca_main: vc032x-2.14.0 probing 046d:0892
[  871.249483][T12164] bridge0: port 2(bridge_slave_1) entered blocking state
[  871.249646][T12164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  871.250028][T12164] bridge0: port 1(bridge_slave_0) entered blocking state
[  871.250207][T12164] bridge0: port 1(bridge_slave_0) entered forwarding state
[  871.255178][T12164] team0: Port device bridge0 added
[  872.101173][ T7234] gspca_vc032x: reg_r err -110
[  872.101271][ T7234] vc032x 5-1:0.0: probe with driver vc032x failed with error -110
[  872.897547][T12179] hub 9-0:1.0: USB hub found
[  872.901650][T12179] hub 9-0:1.0: 1 port detected
[  873.624733][T12159] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
[  873.624757][T12159] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 12159, name: syz.4.1607
[  873.624775][T12159] preempt_count: 0, expected: 0
[  873.624784][T12159] RCU nest depth: 0, expected: 0
[  873.624806][T12159] 1 lock held by syz.4.1607/12159:
[  873.624818][T12159]  #0: ffff888027ce0058 (&dum_hcd->dum->lock){+.+.}-{3:3}, at: dummy_dequeue+0x164/0x480
[  873.624885][T12159] irq event stamp: 2656
[  873.624893][T12159] hardirqs last  enabled at (2655): [<ffffffff8afa63e3>] _raw_spin_unlock_irq+0x23/0x50
[  873.624928][T12159] hardirqs last disabled at (2656): [<ffffffff86fcb071>] dummy_dequeue+0x151/0x480
[  873.624953][T12159] softirqs last  enabled at (0): [<ffffffff81829bd9>] copy_process+0x979/0x3ae0
[  873.624983][T12159] softirqs last disabled at (0): [<0000000000000000>] 0x0
[  873.625008][T12159] CPU: 1 UID: 0 PID: 12159 Comm: syz.4.1607 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  873.625031][T12159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  873.625043][T12159] Call Trace:
[  873.625051][T12159]  <TASK>
[  873.625060][T12159]  dump_stack_lvl+0x189/0x250
[  873.625091][T12159]  ? __pfx_dump_stack_lvl+0x10/0x10
[  873.625124][T12159]  ? print_lock_name+0xde/0x100
[  873.625150][T12159]  __might_resched+0x44b/0x5d0
[  873.625179][T12159]  ? __pfx___might_resched+0x10/0x10
[  873.625200][T12159]  ? dummy_dequeue+0x164/0x480
[  873.625243][T12159]  rt_spin_lock+0xc7/0x2c0
[  873.625264][T12159]  ? _raw_spin_unlock_irq+0x23/0x50
[  873.625293][T12159]  ? __pfx_rt_spin_lock+0x10/0x10
[  873.625321][T12159]  ? rcu_is_watching+0x15/0xb0
[  873.625352][T12159]  dummy_dequeue+0x164/0x480
[  873.625382][T12159]  ? __pfx_dummy_dequeue+0x10/0x10
[  873.625403][T12159]  ? __pfx_schedule_timeout+0x10/0x10
[  873.625429][T12159]  ? __pfx___wait_for_common+0x10/0x10
[  873.625472][T12159]  usb_ep_dequeue+0x66/0x250
[  873.625498][T12159]  raw_process_ep0_io+0x435/0x980
[  873.625535][T12159]  raw_ioctl+0x22f6/0x3ba0
[  873.625564][T12159]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  873.625589][T12159]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  873.625617][T12159]  ? do_vfs_ioctl+0xbeb/0x1440
[  873.625643][T12159]  ? __pfx_raw_ioctl+0x10/0x10
[  873.625668][T12159]  ? __pfx_smack_log+0x10/0x10
[  873.625698][T12159]  ? smk_access+0x14c/0x4e0
[  873.625743][T12159]  ? smk_tskacc+0x2fc/0x370
[  873.625779][T12159]  ? smack_file_ioctl+0x24d/0x340
[  873.625803][T12159]  ? __pfx_smack_file_ioctl+0x10/0x10
[  873.625836][T12159]  ? __fget_files+0x2a/0x420
[  873.625861][T12159]  ? __fget_files+0x3a6/0x420
[  873.625885][T12159]  ? __fget_files+0x2a/0x420
[  873.625912][T12159]  ? bpf_lsm_file_ioctl+0x9/0x20
[  873.625935][T12159]  ? __pfx_raw_ioctl+0x10/0x10
[  873.625959][T12159]  __se_sys_ioctl+0xff/0x170
[  873.625980][T12159]  do_syscall_64+0xfa/0x3b0
[  873.626001][T12159]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.626019][T12159]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  873.626039][T12159]  ? clear_bhb_loop+0x60/0xb0
[  873.626064][T12159]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.626082][T12159] RIP: 0033:0x7f12dc6ce7ab
[  873.626101][T12159] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  873.626118][T12159] RSP: 002b:00007f12da933f60 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  873.626139][T12159] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f12dc6ce7ab
[  873.626154][T12159] RDX: 00007f12da933fe0 RSI: 0000000040085503 RDI: 0000000000000004
[  873.626167][T12159] RBP: 00007f12da933fe0 R08: 0000000000000003 R09: 0000000000000001
[  873.626179][T12159] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f12da933fe8
[  873.626192][T12159] R13: 0000000000000000 R14: 00007f12dc915fa0 R15: 00007ffce3ab09c8
[  873.626225][T12159]  </TASK>
[  874.744647][ T7239] usb 5-1: USB disconnect, device number 17