last executing test programs:

4m13.241388758s ago: executing program 1 (id=286):
socket$inet(0x2, 0x4000000000000001, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x400000, @empty}, 0x1c)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)

4m8.825990383s ago: executing program 1 (id=292):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="e2b400000200000000000000000000003d5ece05f4c31f147c403575509ce56de8e628a5a58d3f57736b4e8d697df97fc313f76191313745ba48070000000000000001ae53151a372defdaaef9d279880e3138c1b821197ab00e4c02888504b4c44d7ed1ea813141f33ae30b"], 0x10}}, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r1, &(0x7f0000000e40)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000c80), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0x2, &(0x7f0000000280)=@raw=[@map_idx={0x18, 0xb, 0x5, 0x0, 0x9}], &(0x7f00000003c0)='syzkaller\x00', 0x1000, 0x86, &(0x7f0000000400)=""/134, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a00)={0x0, 0x10, 0x4, 0x8}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000cc0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2], &(0x7f0000000d00)=[{0x0, 0x5, 0xd, 0x3}, {0x2, 0x4, 0x7, 0x2}, {0x0, 0x3, 0x10, 0x6}, {0x2, 0x4, 0x6, 0x7}, {0x0, 0x5, 0x3, 0xc}, {0x3, 0x5, 0x4, 0xc}, {0x3, 0x3, 0x5, 0x2}, {0x10000, 0x4, 0x6, 0x8}], 0x10, 0x80000000}, 0x94)
r3 = fanotify_init(0x8, 0x8000)
r4 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r3, 0x641, 0x48001018, r4, 0x0)
r5 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
r6 = socket$kcm(0x10, 0x3, 0x10)
recvmsg$kcm(r6, &(0x7f0000002780)={0x0, 0x0, 0x0}, 0x40000080)
sendmsg$kcm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)="1400000036000b635ef1681c717a3c4a0ed09a5ba32fbea87bc286ddb1fcb6592accac4a78f9e573e714ecf7afc45847ba7505da07e0760109600da2c5eac306ec9721289d1d6d1652cd0f70e77a0ca5e9a0a02022d57bf44b6bca33337a4e597759bd3eb024", 0x66}, {&(0x7f0000000300)="b6b8dec7089f10a7c26df3c9bcf01a10f56b7ec91b2df9f690847fc05ce77c5de4b0d2dbc6dcfaaf5210ce9c7d16956a71d3882d4fc8b0e5d960ef4f3f870f24b2c05a429a9d06f0a22c73c9a7018beb37265276c67533d9c65e45c71a303d57cc26e79331cbc74175547b16d4a55d4a7fcfcff3f92a8b1509ffee6bff869cdc46bea35ff9c4a0a14b97e34899b4a73a246eb38a8c917b6aaa595b1266904589e7e6e1205c3a", 0xa6}], 0x2}, 0x10)
open(&(0x7f0000000100)='./file1\x00', 0x210000, 0x14e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}}, 0x4)
sendfile(r5, r5, 0x0, 0x7f03)
recvmmsg(r1, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}, 0xa}], 0x1, 0x10162, 0x0)
readv(r1, &(0x7f00000005c0)=[{&(0x7f0000000640)=""/142, 0x8e}], 0x1)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="080000000400000004000000070000"], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r3, @ANYRES32=r10, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r11, 0x0, 0x1a5, 0x0, &(0x7f0000000700)="e02742e8680d85762f0800bd617ea6df170adffe8bc4c226384598b1b886bf6a52b09eb25617cd88cc6802fc9370cfe3ec27e9555b1bb0423d17f42af54311645e627b567b613e309d61bc81ccdd0881e5fbab213900e1758d9fb71efda4c13a8376a982b541b5a3c82f754d67bce7456e64ae4eaa8274b4e275d2d38dc702b569281684dafd0b1f1441cc3e3a0a12a5a2a1dcdfbf45e6a8170fb85a1689f1bedebddd32a89c3bc0466eb4659fec8b7b95557a1c6a16f25092a006fa06061bb6f6f9dc0244468e2b8c7b0e5fc41b70dfdef547b8e6eb82b5584f74e31f8a8761e218b5307f3c44de45b48df1f6ed407832ac8da48d089f9c9d2affa1a78bde91c259719d30ec5d5871e67581b0068e1bcca7e2a5cfe38cd4a4e2b1d806089b87fab93e3d3e962d0c0f7bc1a34c7ceca9bef620ee840d49dfe6aa0ff14956c38813616067641dc9246c79f117a31e049f25c6870a794f971a982dc645409fd0442e370352cf704d36e53f1c492ba80c4c482b3bd439489a4fd7cad0ba123a19586fdb4f3d53b6552ce7276c9065be1e0a476be5fad651b52695c7dbbc78fbd4d29d2c8a60dd", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4m7.356957118s ago: executing program 1 (id=298):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000400000000000000000000850000005000000085000000d000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}, {0xfffffffd}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2, [], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000)
write$bt_hci(r1, 0x0, 0x5)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r3, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000126bd7000ffdbdf2503000000080003000700000005000500000000bf387a35ee23ebe5020000e11f188a1bea303f91f30f571b000000000008000600040000000800060008000000060001000200000011262f9c7824951881eab84c068586a448387b28b128930243907f65e9c537b4"], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x8)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, &(0x7f0000000440)={0x1, 'gre0\x00', {}, 0x4})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
poll(0x0, 0x0, 0xffffffff)
ioctl$SYNC_IOC_MERGE(r0, 0xc0303e03, &(0x7f0000000200)={"0f3af676eea17380c7b820812acd137ecbeea02646eba4d3f150cb555ea4d157", 0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000240)={"70842ff20536af37efddf67c8dc00b67ef458f08982c107599f84fe2b9b46de2", r4})
r5 = syz_open_dev$I2C(&(0x7f0000000480), 0x0, 0x0)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000180)={&(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0}, {0x0, 0xb1f4, 0x0, 0x0}], 0x2})

4m6.317380847s ago: executing program 1 (id=303):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000ebffff9400000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4d, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000240)=""/131, 0x83}], 0x1, 0x300, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0xc)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
modify_ldt$write(0x1, &(0x7f0000000040)={0x8, 0x20000800, 0x1000, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000050000000600000008"], 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000400)='./file0/file0\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x10d041, 0x0)
umount2(&(0x7f0000000480)='./file0\x00', 0x2)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_open_dev$usbfs(0x0, 0x12, 0x80801)
ioctl$USBDEVFS_FREE_STREAMS(r5, 0x8008551d, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x8}, 0x18)

4m1.425650564s ago: executing program 1 (id=316):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000240)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="00000102000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x28, 0x1410, 0x1, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x24044836}, 0xc094)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000f0400000000005f"], 0x0, 0x28}, 0x20)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, r2, 0x1, 0x1, 0x2}, 0x50)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x4, 0x1, 0x80, r3, 0x0, '\x00', 0x0, r2, 0x0, 0x1}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r4, 0x58, &(0x7f0000000180)={0x0, <r5=>0x0}}, 0x10)
r6 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x2a803)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r6, 0xc10c5541, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000440)=ANY=[@ANYRESHEX=r6, @ANYBLOB="86b95c1fc4ed008f385283414e717584f85f73aac62dd1c1759fb641a79583d3da920460cacdcd254f28c10738c60f2ebf51365edb06fb77674629ecaa80520d8cd116088320f7ffbcc34824e37455b3b3391f4db1c62877c06cdf9bf20e3d90091abebcc9e4bbbb336762ced606e3be8c8a3f6b2929e04ec55c95e269a1787bea62862cefb42eee25ac2f3f16976145bab4401a8d998019ac0278cb87d4f596ba7ee3425bdb08b47f0fcce769bd002063f99012c2d15198a09c212d9416ad1dfae2c49660136f3e8db39d2508641594658396223904c817e7f1d7dadecd96790a92805cae033648439de53201214f8449ee610d4ecee61085746bd33c858cb7980b74cb1112ed71d05c", @ANYRES32=r5, @ANYRES8=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x8, 0x8}, 0x50)

3m59.57294172s ago: executing program 1 (id=319):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0b00000000010000fd0000000900000001"], 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0xb001, 0x4, 0x3d0, 0x1f8, 0x1f8, 0x0, 0x2e8, 0x2e8, 0x2e8, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x0, 0x35}}}, {{@uncond, 0xc0, 0x110, 0x0, {0x0, 0x1e03}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="3ff825ec284a", @mac=@broadcast, @private=0xa010102, @rand_addr=0x64010101, 0x5, 0x11}}}, {{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 'pim6reg0\x00', 'netpci0\x00'}, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x420)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$kcm(0x2, 0x200000000000001, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="04000000040000000400000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c310000951000000950074000000000031fb0d3a4231020004399d17d34e075fdcda533ab1aa71ab1d764152e6cb25dadc7ded5dbe11b62ac5ea9fca11027d19e93adb604a7d3deb92de3141e8ed7ac5b8902070213cdfdc5d6c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7965a2ba103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e603950c4f67581c92ef8a7e8ece17d5f5b169391ef409c39c263895739e3d702c128b35d5fc23469240c61e150e2bae385f9ac9b03c22b0f7050c166b835298c5911f1053a723aee89051c24e1900ab97fa52d2e06dce0248a829ed46a520db4c1432080bbf707ad2f8af8118ee7d434a960ed6be4455ba57cb06459b64689e77ce95823a5533f5b11118906fd2fc29b3697c637d3693d4b4aade6f9202e6cfa6d7507f88af38b6109ad8f82b1d600a5447831df835d7000000218b0222004f98a7a0caddc397d8414be912b4e7536fefd951fe23a56fbf9fc643c6604268b5ccc13b996aaed0a6f6470566c8f534e5d486b2141646b35fd4472be8195fd917446a8abb1c2cd5dc09e2d75ec00ede2841e497d5178cf9445c7bb11f3c5cfdcae8c476d3fb75cac727143f92798a44864b49366b6cf228d9bc1d99ab2104e3c2e17ec46fbce102c158ff3748f1eb90b83d8be0dfcefbeed222009b41ad34d8656daf41e23322e58d91811feffc39ec11b11cc611f6fbfd999c3bef10caa2e8692259d40d69ed3d85ec2813b007b8ce6384a28798f445ad7fc451865fe45a06977f7a785f8e97544aad1f844f2a4799944e0daf6d4c3a7d30b7d89781ca607048c50945c45d5a6f2c5145416176fd64c559e6a272b92c92052a9005aaa25d09613aba2e7d429ae40c249e7996e4bc213c24699889ea320c40f32dcdaa19893e17c57d7e8c51d5f320d99e8c2521c339c33bf6c41fde029061c088"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
syz_open_procfs$namespace(0x0, &(0x7f00000003c0)='ns/net\x00')
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x20}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x4}}]}}, 0x0, 0x5a}, 0x20)
socket$kcm(0x29, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000020000000064f58ed60d2370ebea27c97cbd00003b4e7d29b3a642dc1b6311a9845b64139f2af7e4061c1a4bcd7d744e6464c2c10e6666647ae1a25c2838e8fdd7937df20ee5f42cc6601cccefc581ce31202072403c8ee6b03c5c1a4fd7018622a3909d79f7624bf7cba8659b79d9d5ba0b5501057ed23862665c4497e80a5488e2a32cb4d52b5fef5a613a9ad497dfb1bb6cd261c5356f5cb0ce4fdfd165cd5b82c3edfcd5f75576ee50b3e3499078dc3c28ac98811b48ae67bd1c52d2c4596f18e6831924719e6135edd1f453a2d185c6ac0615470b"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x2, 0x10)
r1 = socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r1], 0x20)

3m58.901464662s ago: executing program 32 (id=319):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0b00000000010000fd0000000900000001"], 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0xb001, 0x4, 0x3d0, 0x1f8, 0x1f8, 0x0, 0x2e8, 0x2e8, 0x2e8, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x0, 0x35}}}, {{@uncond, 0xc0, 0x110, 0x0, {0x0, 0x1e03}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="3ff825ec284a", @mac=@broadcast, @private=0xa010102, @rand_addr=0x64010101, 0x5, 0x11}}}, {{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 'pim6reg0\x00', 'netpci0\x00'}, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x420)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$kcm(0x2, 0x200000000000001, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="04000000040000000400000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c310000951000000950074000000000031fb0d3a4231020004399d17d34e075fdcda533ab1aa71ab1d764152e6cb25dadc7ded5dbe11b62ac5ea9fca11027d19e93adb604a7d3deb92de3141e8ed7ac5b8902070213cdfdc5d6c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7965a2ba103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e603950c4f67581c92ef8a7e8ece17d5f5b169391ef409c39c263895739e3d702c128b35d5fc23469240c61e150e2bae385f9ac9b03c22b0f7050c166b835298c5911f1053a723aee89051c24e1900ab97fa52d2e06dce0248a829ed46a520db4c1432080bbf707ad2f8af8118ee7d434a960ed6be4455ba57cb06459b64689e77ce95823a5533f5b11118906fd2fc29b3697c637d3693d4b4aade6f9202e6cfa6d7507f88af38b6109ad8f82b1d600a5447831df835d7000000218b0222004f98a7a0caddc397d8414be912b4e7536fefd951fe23a56fbf9fc643c6604268b5ccc13b996aaed0a6f6470566c8f534e5d486b2141646b35fd4472be8195fd917446a8abb1c2cd5dc09e2d75ec00ede2841e497d5178cf9445c7bb11f3c5cfdcae8c476d3fb75cac727143f92798a44864b49366b6cf228d9bc1d99ab2104e3c2e17ec46fbce102c158ff3748f1eb90b83d8be0dfcefbeed222009b41ad34d8656daf41e23322e58d91811feffc39ec11b11cc611f6fbfd999c3bef10caa2e8692259d40d69ed3d85ec2813b007b8ce6384a28798f445ad7fc451865fe45a06977f7a785f8e97544aad1f844f2a4799944e0daf6d4c3a7d30b7d89781ca607048c50945c45d5a6f2c5145416176fd64c559e6a272b92c92052a9005aaa25d09613aba2e7d429ae40c249e7996e4bc213c24699889ea320c40f32dcdaa19893e17c57d7e8c51d5f320d99e8c2521c339c33bf6c41fde029061c088"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
syz_open_procfs$namespace(0x0, &(0x7f00000003c0)='ns/net\x00')
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x20}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x4}}]}}, 0x0, 0x5a}, 0x20)
socket$kcm(0x29, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000020000000064f58ed60d2370ebea27c97cbd00003b4e7d29b3a642dc1b6311a9845b64139f2af7e4061c1a4bcd7d744e6464c2c10e6666647ae1a25c2838e8fdd7937df20ee5f42cc6601cccefc581ce31202072403c8ee6b03c5c1a4fd7018622a3909d79f7624bf7cba8659b79d9d5ba0b5501057ed23862665c4497e80a5488e2a32cb4d52b5fef5a613a9ad497dfb1bb6cd261c5356f5cb0ce4fdfd165cd5b82c3edfcd5f75576ee50b3e3499078dc3c28ac98811b48ae67bd1c52d2c4596f18e6831924719e6135edd1f453a2d185c6ac0615470b"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x2, 0x10)
r1 = socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r1], 0x20)

3m41.943468561s ago: executing program 0 (id=373):
r0 = gettid()
exit(0x80000000)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
io_setup(0x8f0, &(0x7f0000002400)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}])
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f0000000200)={0x48, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff})
ioctl$USBDEVFS_GET_SPEED(r1, 0x551f)
ioprio_get$pid(0x2, r0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, 0x0, 0x8000)
r4 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x2804, 0x10100}, &(0x7f0000000540)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff56})
io_uring_enter(r4, 0x7a98, 0x0, 0x0, 0x0, 0x0)

3m39.359400856s ago: executing program 0 (id=378):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000029000000040000002e000000000000001803"], 0x58}, 0x8000)
pipe2$9p(&(0x7f0000000f80)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
dup(r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000180)=@framed={{}, [@map_idx={0x18, 0x7, 0x5, 0x0, 0xf}]}, &(0x7f0000000040)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r5, 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000000), 0xffffff6a)
sendfile(r5, r6, 0x0, 0xffffffff004)
close(r5)

3m37.240280832s ago: executing program 0 (id=380):
timerfd_create(0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r2, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x77}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x1d}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8004000}, 0x40004)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0xfb6e, 0x38c1, 0x4, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68) (async, rerun: 32)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1) (async, rerun: 32)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
io_uring_register$IORING_REGISTER_FILES(r4, 0x20, &(0x7f0000000000)=[r4], 0x1) (async, rerun: 64)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) (async, rerun: 64)
r6 = socket$kcm(0x2, 0x2, 0x0) (async)
unshare(0x22020600) (async)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r7, 0x1, 0x10, 0x0, 0x0)
setsockopt$sock_attach_bpf(r6, 0x1, 0xf, &(0x7f00000002c0), 0x161) (async, rerun: 32)
sendmsg$inet(r6, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x814) (async, rerun: 32)
setsockopt$sock_attach_bpf(r6, 0x1, 0x31, &(0x7f0000000640)=r5, 0x4) (async, rerun: 32)
setsockopt$sock_attach_bpf(r6, 0x1, 0x31, &(0x7f0000000000), 0x4) (rerun: 32)
sendmsg$nl_route(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r3, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10)

3m35.900832524s ago: executing program 0 (id=385):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffff82}, [@call={0x85, 0x0, 0x0, 0x41}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r3=>r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0xff58)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'gretap0\x00', &(0x7f00000000c0)={'syztnl1\x00', <r4=>0x0, 0xd7e6945344fb28d5, 0x7800, 0x7, 0x8, {{0x8, 0x4, 0x1, 0x12, 0x20, 0x64, 0x0, 0xb, 0x2f, 0x0, @broadcast, @empty, {[@ssrr={0x89, 0xb, 0xb9, [@dev={0xac, 0x14, 0x14, 0x30}, @dev={0xac, 0x14, 0x14, 0x40}]}, @noop]}}}}})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18006d2cd02910f64721b3566753410000000080", @ANYRES32=r2, @ANYRES16=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r6 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r6, &(0x7f0000000d40)=[{{&(0x7f0000000900)={0xa, 0x4e22, 0xf2, @local, 0x3511f3ff}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=[@pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @empty}}}}], 0x28}}], 0x1, 0x800)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r5, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (async)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x3, 0x8001}) (async)
r8 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r7, 0xc01c64a3, &(0x7f0000000040)={0x3, r9, 0x63, 0x80000001, 0xb, 0x1fd, 0x1})

3m35.069329996s ago: executing program 0 (id=387):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
ftruncate(r0, 0xa)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mincore(&(0x7f0000185000/0x3000)=nil, 0x3000, &(0x7f0000000240)=""/68)

3m34.854257666s ago: executing program 0 (id=391):
socket$inet_udplite(0x2, 0x2, 0x88)
openat$sequencer(0xffffffffffffff9c, 0x0, 0xaaa43, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010001fffffffffffdedbdf2500000000629b736b74501905ee1332c315322664d82e879699f2c5166ba2e617343ea66827ad7304e9e18091d2e2842210d74469d6befedebcbc2a5c178f31b3baec547585330d429a4b5eddfeb001f5578f1c539b69d081bdb5a2a6ab32e8848c8428fac901511dd5ef27f6fa2f3f46745cc292bcb910ca2ee72ea4cf851c2c34dc206bca2339f56c8274d8e6fe72759e7933170645943a886d10f51d7e4384818e4127ced936037672593d5fee02dff855b3b21358f2584934e182bcac2208a70e803fd635", @ANYRES32=0x0, @ANYBLOB="000000000000000008002000ff010000140012800a00010069706f696200000004000280"], 0x3c}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_COALESCE(r2, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000580)={0x28, r3, 0x4, 0x70bd2d, 0x25dfdbff, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0xffffffff, 0x42}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x20044090)
write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeffffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d00030000000080000000000000000000000700000000000000080000000000400005000000000000000204"], 0x78)
ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r4, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "75287ad1ee602ec4452a04ea7cdcd151bb2cd9893bc31f80718316d9bd3517076db9ad1f6a120d8be6d7f81cd81ec2757d0386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60)
r5 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0x92e1, 0x8, 0x3, 0x40000333}, &(0x7f0000000300)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, 0x0, 0x4000000)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x4, 0x0, 0x0, {0x3}}, [], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000a68daa40d35b7c315e04000000010902120001000000000904010000ef0401"], 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r9, &(0x7f0000000040)=[{&(0x7f0000000340)=""/240, 0xf0}], 0x1, 0x2, 0xffffffff)
getpid()

3m19.446623431s ago: executing program 33 (id=391):
socket$inet_udplite(0x2, 0x2, 0x88)
openat$sequencer(0xffffffffffffff9c, 0x0, 0xaaa43, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010001fffffffffffdedbdf2500000000629b736b74501905ee1332c315322664d82e879699f2c5166ba2e617343ea66827ad7304e9e18091d2e2842210d74469d6befedebcbc2a5c178f31b3baec547585330d429a4b5eddfeb001f5578f1c539b69d081bdb5a2a6ab32e8848c8428fac901511dd5ef27f6fa2f3f46745cc292bcb910ca2ee72ea4cf851c2c34dc206bca2339f56c8274d8e6fe72759e7933170645943a886d10f51d7e4384818e4127ced936037672593d5fee02dff855b3b21358f2584934e182bcac2208a70e803fd635", @ANYRES32=0x0, @ANYBLOB="000000000000000008002000ff010000140012800a00010069706f696200000004000280"], 0x3c}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_COALESCE(r2, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000580)={0x28, r3, 0x4, 0x70bd2d, 0x25dfdbff, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0xffffffff, 0x42}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x20044090)
write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeffffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d00030000000080000000000000000000000700000000000000080000000000400005000000000000000204"], 0x78)
ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r4, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "75287ad1ee602ec4452a04ea7cdcd151bb2cd9893bc31f80718316d9bd3517076db9ad1f6a120d8be6d7f81cd81ec2757d0386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60)
r5 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0x92e1, 0x8, 0x3, 0x40000333}, &(0x7f0000000300)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, 0x0, 0x4000000)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x4, 0x0, 0x0, {0x3}}, [], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000a68daa40d35b7c315e04000000010902120001000000000904010000ef0401"], 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r9, &(0x7f0000000040)=[{&(0x7f0000000340)=""/240, 0xf0}], 0x1, 0x2, 0xffffffff)
getpid()

2m59.334594091s ago: executing program 5 (id=473):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000)={0x79, 0x0, 0x56d})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="120100009cb5984071042903dadb000000010902120001000000000904"], 0x0)

2m55.104040333s ago: executing program 5 (id=482):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x14}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
symlink(0x0, &(0x7f0000000000)='./file1\x00')

2m53.856862847s ago: executing program 5 (id=484):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="c40000001900674c0000000004000000fc000000000000000000000000000002e0000002000000000000000000000000000000000000000002002000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0100000000000000000000000000000000000000000000000000000000000000000000400000000000008000000000000000000000000000fcffffffffffffff0000000000000000020000000002000000000000000000000000000000000000000400000000000000000000000000000a00100001"], 0xc4}}, 0x4c050)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)={0x2, 0x12, 0x9, 0x9, 0x2, 0x0, 0x70bd26, 0x25dfdbfb}, 0x10}}, 0x40010)

2m53.248171036s ago: executing program 5 (id=488):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000ebffff9400000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4d, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000240)=""/131, 0x83}], 0x1, 0x300, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0xc)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
modify_ldt$write(0x1, &(0x7f0000000040)={0x8, 0x20000800, 0x1000, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000050000000600000008"], 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(&(0x7f0000000400)='./file0/file0\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x10d041, 0x0)
umount2(&(0x7f0000000480)='./file0\x00', 0x2)

2m50.317590632s ago: executing program 5 (id=493):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020}, 0x2020)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000340)=0x2)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
mlock(&(0x7f0000002000/0x2000)=nil, 0x2000)
r6 = syz_open_dev$video4linux(&(0x7f0000000100), 0x5, 0x20000)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r6, 0xc040563d, &(0x7f0000000140)={0x0, 0x0, 0x103, 0x0, {0x8, 0x0, 0x9, 0x109a}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
socket$netlink(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x18b742, 0x0)
readv(r7, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/15, 0x2}, {&(0x7f0000000180)=""/172, 0x2000022c}], 0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000004000000000000000100000000800000a64080c0f88ba933f7a0e7f8", @ANYRES32=0x1, @ANYBLOB="ffffffff00"/17, @ANYRES32=0x0, @ANYRES32], 0x50)
dup2(0xffffffffffffffff, r0)

2m49.825585727s ago: executing program 5 (id=495):
r0 = socket$nl_route(0x10, 0x3, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a80)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x4d)
getdents(r2, 0x0, 0x0)
pipe(&(0x7f0000000540)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r4, 0x8)
r5 = accept4(r4, 0x0, 0x0, 0x0)
writev(r5, &(0x7f00000006c0)=[{&(0x7f0000000700)="dc", 0x1}], 0x1)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8)
sendmmsg$inet6(r5, &(0x7f0000001040)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000740)='y', 0x1}], 0x1}}], 0x1, 0x0)
close(r5)
splice(r1, 0x0, r3, 0x0, 0xffe, 0x8)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r3, 0xc1205531, &(0x7f0000000100)={0x8000, 0x2, 0xd1, 0x87c, '\x00', '\x00', '\x00', 0x7f, 0x0, 0xffffffff, 0x10, "0b4291e6af19b6dbeb26cb6720f29d7b"})
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000de96003704000000000000d65d0d83bade", @ANYRES32=0x0, @ANYBLOB="8b040400000000003800128008000100736974002c0002800800140000000000060008003f00000008000200ac1414aa05000900000000000600100000000000"], 0x58}}, 0x0)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r6 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r6, 0x84, 0x84, &(0x7f0000000000), 0x90)
listen(r6, 0x6)

2m48.785879352s ago: executing program 34 (id=495):
r0 = socket$nl_route(0x10, 0x3, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x880)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a80)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x4d)
getdents(r2, 0x0, 0x0)
pipe(&(0x7f0000000540)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r4, 0x8)
r5 = accept4(r4, 0x0, 0x0, 0x0)
writev(r5, &(0x7f00000006c0)=[{&(0x7f0000000700)="dc", 0x1}], 0x1)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8)
sendmmsg$inet6(r5, &(0x7f0000001040)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000740)='y', 0x1}], 0x1}}], 0x1, 0x0)
close(r5)
splice(r1, 0x0, r3, 0x0, 0xffe, 0x8)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r3, 0xc1205531, &(0x7f0000000100)={0x8000, 0x2, 0xd1, 0x87c, '\x00', '\x00', '\x00', 0x7f, 0x0, 0xffffffff, 0x10, "0b4291e6af19b6dbeb26cb6720f29d7b"})
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000de96003704000000000000d65d0d83bade", @ANYRES32=0x0, @ANYBLOB="8b040400000000003800128008000100736974002c0002800800140000000000060008003f00000008000200ac1414aa05000900000000000600100000000000"], 0x58}}, 0x0)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r6 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r6, 0x84, 0x84, &(0x7f0000000000), 0x90)
listen(r6, 0x6)

18.538016759s ago: executing program 7 (id=927):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000340)=@broute={'broute\x00', 0x20, 0x2, 0x12e, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000600], 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="000000000000000000000000e786000000000000f5ff000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000f000000000000000000000000000000000000000000000000fcffffff010000000500000042000000600368737230000000000000000000000000767863616e310000000000000000000076657468315f740f836f5f6261746164760070696d36726567310000000000000000a6ab96e43a6f0000ff0300000080c2000001ff00ff0000ff6e0000006e0000009e00000000000000000000000000000000000000000000000000000000000000000000000800000800000000fdffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000"]}, 0x1a6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$key(0xf, 0x3, 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0xfffffdac, &(0x7f0000000040)={&(0x7f0000000080)=@newtaction={0x48, 0x30, 0x1, 0x2000000, 0x0, {}, [{0x34, 0x1, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x810)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100004366b408c70b0800c84f0102030109022d00010000000009040000032eb47d000905f9ffffff00000009050f47f0"], 0x0)
syz_usb_ep_read(r6, 0xf, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000730109000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r7, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"], 0x0}, 0x94)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010000304a600000016000000d5fcf1d4", @ANYRES32=0x0, @ANYBLOB="1101020000000000240012800c0001006d6163766c616e00140002800800010008000000080003"], 0x4c}, 0x1, 0xba01}, 0x8810)

14.254170177s ago: executing program 3 (id=939):
r0 = syz_io_uring_setup(0x38a9, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3})
io_uring_enter(r0, 0x44fd, 0x3, 0x1, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r4 = gettid()
tkill(r4, 0x12)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
rt_sigsuspend(&(0x7f0000000040)={[0xfffffffffffbfefd]}, 0x8)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd)

13.861259339s ago: executing program 4 (id=940):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x20b400, 0x0) (async)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x20b400, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0) (async)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@verity_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fremovexattr(r0, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2000, 0x400, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
r2 = getgid()
fchownat(r0, &(0x7f0000000140)='./file0\x00', r1, r2, 0x800) (async)
fchownat(r0, &(0x7f0000000140)='./file0\x00', r1, r2, 0x800)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='pids.current\x00', 0x275a, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
close(r5) (async)
close(r5)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x66)
ioctl$KVM_SET_USER_MEMORY_REGION2(r5, 0x40a0ae49, &(0x7f0000000080)={0x0, 0x4, 0x3000, 0x2000, &(0x7f000060b000/0x2000)=nil, 0x8000, r3})
openat$cgroup_ro(r3, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0) (async)
openat$cgroup_ro(r3, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0)

13.257135057s ago: executing program 4 (id=942):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020}, 0x2020)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
mlock(&(0x7f0000002000/0x2000)=nil, 0x2000)
r4 = syz_open_dev$video4linux(&(0x7f0000000100), 0x5, 0x20000)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r4, 0xc040563d, &(0x7f0000000140)={0x0, 0x0, 0x103, 0x0, {0x8, 0x0, 0x9, 0x109a}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x18b742, 0x0)
readv(r5, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/15, 0x2}, {&(0x7f0000000180)=""/172, 0x2000022c}], 0x3)
connect$inet6(r0, &(0x7f0000001880)={0xa, 0x0, 0x9, @private0, 0x1}, 0x1c)
pipe2$9p(&(0x7f0000000040), 0x0)
dup2(0xffffffffffffffff, r0)

13.010399225s ago: executing program 7 (id=943):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$kcm(0x29, 0x5, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x109301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000001ac0)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x413a, 0x40, &(0x7f00000000c0)="5d1643d5ab", 0x5, 0x6, 0x75, 0x6, 0x8, 0x79, 0x0})
socket$kcm(0x29, 0x2, 0x0)
socket$kcm(0x29, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00')
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r3, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000c80)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x2e0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x3f0, 0x3d8, 0x3d8, 0x3f0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0x2e0, 0x4001, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x4001, 0x1, 0x3, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x1, 0xbe, {0x565159d7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000000600)={0x88}, 0x8)
recvmmsg(r3, &(0x7f0000005300)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000dc0)=""/72, 0x48}, 0x1}], 0x1, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c)
pread64(r2, &(0x7f0000000940)=""/231, 0xe7, 0x10000004)
setsockopt$inet_tcp_buf(r0, 0x6, 0xe, &(0x7f0000000040)="b400ea9f94d0457b27763305bdf11cdfe6349f1e4733bd06131cb6639d4c1da20b43ac6a596bd1e013b6c4d61f5976602a110b05a39e198433e551d779c06212f7d5f32fe091287222c81e623809c1804d6bb45ec350137cd1732fcbbf27d3fe23bf8bb13306416da3e16f4cd6b3b0d2cab4192e6c6a73305521822fcce91cfe547bb59f07ec2f5c33f9fd4f3f16721635dc787363fd7bd01554627cdd2c12ab93e9f2427ee6a00be2017caee65cc0b096eb42390944e8ac576a8cb0ddd8e5194085c58b61e17e5f4ed67057e42007956ad5ec2671a89af7a9", 0xd9)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000300190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

12.852187508s ago: executing program 3 (id=945):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0xb, &(0x7f00000005c0)=@framed={{}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xba}}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x8a, 0x8d, 0x1c, 0x40, 0x57c, 0x2200, 0x34b1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xe4, 0x0, 0x2, 0x55, 0xcd, 0x89, 0x0, [], [{{0x9, 0x5, 0xf, 0x8, 0x0, 0xfc, 0xd, 0x5}}, {{0x9, 0x5, 0x7, 0x4, 0x8, 0x4, 0x6, 0xf8}}]}}]}}]}}, 0x0)
pipe(&(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x2, 0x0)
vmsplice(r1, &(0x7f00000003c0), 0x1, 0xb)
ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f0000000280))
r2 = syz_open_dev$admmidi(0x0, 0x2, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x40045730, 0x0)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=<r3=>0x0, @ANYRES32, @ANYBLOB="010000000500"/28], 0x50)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000300)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000008c0))
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYRES64=r3], 0x68}}, 0x0)
r8 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r8, 0xc0045627, &(0x7f00000001c0)=0x2)
ioctl$VIDIOC_CREATE_BUFS(r8, 0xc100565c, &(0x7f0000000480)={0x1ff, 0x8, 0x2, {0x4, @vbi={0x5, 0xfff, 0x5, 0x44495658, [0x9, 0x9], [0x6, 0x2], 0x1}}, 0x9})
syz_open_dev$sndpcmp(&(0x7f0000001540), 0x1, 0x0)
syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2)
socket$nl_route(0x10, 0x3, 0x0)

12.417673372s ago: executing program 7 (id=947):
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0x8c1, 0x80, 0x20203143, 0x3, [0x2], [0x810003], [0x9a8a, 0x0, 0xffffffff, 0x46], [0x2, 0x0, 0x4]})
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl2\x00', &(0x7f00000000c0)={'syztnl0\x00', <r2=>0x0, 0x29, 0x33, 0x7, 0x6, 0x20, @mcast1, @local, 0x20, 0x20, 0x5, 0x6}})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec5000000f800000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r3}, 0x10)
r4 = syz_usb_connect(0x0, 0x3f, &(0x7f00000012c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109024a0001100000000904000003fe03010009cd8d1f00020000000905050200067e001009058b1e", @ANYRESHEX], 0x0)
syz_usb_control_io$printer(r4, 0x0, &(0x7f0000000100)={0x34, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r5, &(0x7f0000000180)='0', 0xfe64)
r6 = socket(0x10, 0x3, 0x0)
getsockopt$MRT(r1, 0x0, 0xcf, &(0x7f0000000300), &(0x7f0000000340)=0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r10, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r9])
ioctl$KVM_GET_VCPU_EVENTS(r10, 0x4048aecb, &(0x7f0000000080))
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10)
write(r6, &(0x7f00000002c0)="240000001e005f0214fffffffffffff80f000000000000000000000008000d40ff000000", 0x24)
ioctl$sock_SIOCETHTOOL(r1, 0x8993, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0})

11.240420402s ago: executing program 2 (id=948):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), r0)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r1, 0x701, 0x70bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0)
bpf$PROG_LOAD(0xc0, 0x0, 0x0)
unshare(0x2000000)

11.08970491s ago: executing program 6 (id=949):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0x4, 0x0, &(0x7f00000000c0))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1, 0x0, 0x0, 0x44}], 0x1, 0x0)
setsockopt$inet_sctp_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x9, 0x20, 0x8f, 0xff, 0x0, 0x0, 0x0, 0xc, 0x2, 0x0, 0x0, 0x0, 0x4, 0x5}, 0xe)
sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0)
recvfrom$rxrpc(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b8, 0xf0, 0x6c, 0x200, 0x0, 0x0, 0x1e8, 0x2e8, 0x2e8, 0x1e8, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@ipv6={@local, @local, [], [], 'ip6_vti0\x00', 'veth0\x00'}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@unspec=@connlabel={{0x28}, {0x0, 0x5}}]}, @common=@inet=@SET1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x318)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000e35e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000015000004c2a30b0114e6ad00015c98950000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYRES8, @ANYRES64=r1], 0x98}, 0x1, 0x0, 0x0, 0x24044091}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0xc, 0x42, 0x40, 0xc0, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r4}, 0x38)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014003000000035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r4, &(0x7f0000000080), &(0x7f0000000180)=""/40}, 0x20)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=@can_newroute={0x14c, 0x18, 0x1, 0x70bd2b, 0x0, {0x1d, 0x1, 0x3}, [@CGW_CS_CRC8={0x11e, 0x6, {0x2, 0x1, 0x6d, 0x0, 0x0, "71ec6d721744cd5200080000f8cfcad4c4ec6511ec028c5028564abce83afe16c93e15e556c2baed7f897fe841c155aab2a4b9f3052995cdf66a9c7922ff0300005b6c67281f1519cd7c32c2bf7563b9452575505da99ea128d37616896be8764a2c78edbad5bde7a5e405bdc893770338925f824bd24689c0d11a5568fc3aaa9ad0d7766d8ea8d3bf1006e3df494e2f373148ecb4adafdd39874e9808b118301f1e76054a64c6d243523f5de7b347f3b740e105d0ed18fae7289635301ebd8949268090b3bcd4cbed5f1cfe93cff41a9630802f96defe9e8ea850529827c5e301953a8abaafa1f121e590f74e28233f4129d4587eee87ec5d42c3ef0619022c", 0x3, "5c8d586b2a88d81866930fca15c8a95d29e5b2ea"}}, @CGW_MOD_SET={0x15, 0x4, {{{0x1, 0x1, 0x1}, 0x1, 0x0, 0x0, 0x0, "b5182384a022fbaa"}, 0x2}}]}, 0x14c}}, 0x0)
r7 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r7, &(0x7f0000001040)={&(0x7f00000009c0)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x24004010}, 0x4000000)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r8=>r1, {0x2}}, './file0\x00'})
openat$cgroup_ro(r8, &(0x7f00000000c0)='cpuacct.stat\x00', 0x0, 0x0)
ioctl$SG_GET_VERSION_NUM(r8, 0x2282, &(0x7f0000000100))

11.013245988s ago: executing program 2 (id=950):
r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002)
ioctl$CEC_S_MODE(r0, 0x40046109, &(0x7f0000000080)=0xd0) (async, rerun: 64)
r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002) (rerun: 64)
ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000100)) (async)
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cpuinfo\x00', 0x0, 0x0)
pread64(r2, &(0x7f0000000380)=""/85, 0x55, 0x81ffffffffffffc)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000140)={'ip6gre0\x00', <r3=>0x0, 0x2f, 0x25, 0x2, 0x7f, 0x52, @loopback, @private0, 0x7800, 0x40, 0x8, 0x2}}) (async)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r1}, 0x8) (async, rerun: 64)
r4 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') (rerun: 64)
preadv(r4, &(0x7f0000000000)=[{&(0x7f0000000400)=""/159, 0x9f}], 0x1, 0x105, 0x97e) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x1d7da8eb, 0x5, 0x0, 0x40012, 0x1, 0x2, '\x00', r3, r4, 0x3, 0x3, 0x400, 0xe}, 0x50) (async, rerun: 32)
r5 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x94, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x400, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) (rerun: 32)
syz_usb_control_io(r5, &(0x7f0000000040)={0x2c, &(0x7f0000000000)={0x0, 0x2, 0xa, {0xa, 0x3, "822500c302e9ce27"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

10.822961901s ago: executing program 2 (id=951):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'vlan0\x00', <r0=>0x0})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0xd, 0x3, 0x1, 0x6, 0x10, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x3}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)
syz_emit_ethernet(0x52, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x3)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_dev$admmidi(&(0x7f0000000080), 0x2, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x5)
capset(&(0x7f0000000080)={0x20071026}, 0x0)
writev(r4, &(0x7f0000000080)=[{&(0x7f0000000340)="480000001400191809004beafd0d3602028447000b4e230f02000500a2bc5603ca00000f7f89004e00200000000101ff05c00e03000200000000000100000000005839c97b910000", 0x48}], 0x1)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000001000370400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="8b04040000000000e400128009000100626f6e640000000014000280080003000500000000000400ff000000"], 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x90}, 0x1, 0x0, 0x0, 0x8000}, 0x44880)
unshare(0x26020580)
r6 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r6, 0x40096101, &(0x7f0000000100)={{}, 0x7})
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001000030500000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="15e3000000000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r0, @ANYBLOB="08000a000cf9592b5b58a336dbb0421c381ea4d452bb434452eda024b1ae6d0b874a3802292a95fb52de9717823112971076c5819563eb50a35b3546a523a828595f00b768d203a8ec2a9b7de5ec76ef29ca3f6985344851357bcd914f4fb2de5cea98a99f3047a4592e0216f800ec299132f3a4dc441dc60821e10672d366e81ae4563a7c", @ANYRES32=r0, @ANYBLOB], 0x44}}, 0x800)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000080000000600000001000093020000000029f51c05022b217b000000002e2e30302e5f0017be3d8b8a9c041ad47185896481385c2356461f7d597f2bc75fc3bdc06a2c0b23991b6872956d5b7d7fb0634396b30086c8043c1d56395fe170d78c84f18f21ea18715072249a5532649107a77c08feee5dae9c41fdb8e5fa9e175001933cd1365924f94cf07152ae13f5e2a6b0cb86eedbfa66c37acf414aabb578d899d7560df79428422782e4dea8e828235b"], 0x0, 0x38, 0x0, 0x1, 0x6}, 0x28)
timer_create(0x3, 0x0, &(0x7f0000044000))
getpid()

9.162135838s ago: executing program 7 (id=952):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1c, '\x00', 0x0, 0x2}, 0x94)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000080), 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
read$FUSE(r9, &(0x7f0000000640)={0x2020}, 0x2020)
r10 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x25b9, 0x56c4, 0x2, 0x215, 0x0, r9}, &(0x7f0000000040)=<r11=>0x0, &(0x7f0000000140)=<r12=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r8, 0x0, 0x0})
io_uring_enter(r10, 0x3516, 0x483, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r3, 0x0, 0x6}, 0x18)
ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000040))

9.155865853s ago: executing program 2 (id=953):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000340)=@broute={'broute\x00', 0x20, 0x2, 0x12e, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000600], 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="000000000000000000000000e786000000000000f5ff000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000f000000000000000000000000000000000000000000000000fcffffff010000000500000042000000600368737230000000000000000000000000767863616e310000000000000000000076657468315f740f836f5f6261746164760070696d36726567310000000000000000a6ab96e43a6f0000ff0300000080c2000001ff00ff0000ff6e0000006e0000009e00000000000000000000000000000000000000000000000000000000000000000000000800000800000000fdffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000"]}, 0x1a6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$key(0xf, 0x3, 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0xfffffdac, &(0x7f0000000040)={&(0x7f0000000080)=@newtaction={0x48, 0x30, 0x1, 0x2000000, 0x0, {}, [{0x34, 0x1, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x810)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100004366b408c70b0800c84f0102030109022d00010000000009040000032eb47d000905f9ffffff00000009050f47f0"], 0x0)
syz_usb_ep_read(r6, 0xf, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000730109000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r7, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"], 0x0}, 0x94)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010000304a600000016000000d5fcf1d4", @ANYRES32=0x0, @ANYBLOB="1101020000000000240012800c0001006d6163766c616e00140002800800010008000000080003"], 0x4c}, 0x1, 0xba01}, 0x8810)

9.101054567s ago: executing program 6 (id=954):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000080), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)={0x5, 0x8, 0xf1, {0x77359400}, {0x77359400}, {0x3}, 0x1, @can={{0x4, 0x1, 0x1, 0x1}, 0x5, 0x0, 0x0, 0x0, "1b34ba6b471f0adc"}}, 0x48}, 0x1, 0x0, 0x0, 0x2000c014}, 0x800)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x48850}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000540)={'vxcan0\x00'})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x6, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x3, 0x2}}, 0x48}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, r2)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_setup(0x6, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000600)={0x32}, 0x8)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)

6.40042685s ago: executing program 3 (id=955):
r0 = syz_io_uring_setup(0x38a9, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3})
io_uring_enter(r0, 0x44fd, 0x3, 0x1, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r4 = gettid()
tkill(r4, 0x12)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
rt_sigsuspend(&(0x7f0000000040)={[0xfffffffffffbfefd]}, 0x8)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd)

4.285459284s ago: executing program 6 (id=956):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x2c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0xa, [@ptr, @struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x8, [{0x6, 0x1, 0x3}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, 0x0, 0x0]}}, &(0x7f0000000380)=""/3, 0x46, 0x3, 0x1}, 0x28)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000080)={0x0, 0x1, 0x1d, 0x0, 0xde, &(0x7f00000002c0)="f10d1e2f404c9cc843147222969128f3c2c567d5e2dd1862c9759fc24f1e0a86e208ac52587d6ab52c4f7bed2f8c108390a65481f051dbf62aa07df84f11fefd57d7278e265d4ac9bd5dc66cf4e0501980bc0de66fe1e193cd642c07ea6cdefe08dd5d834a4d264b893009c5d882ba84ea8fef347a871e0614f0fd23f98927eb65a4d5edf74e95a23f4e4cb78ebe05012fd767bfb54bc4fd8226d4bb7dd31533d6397bca80b2ce8fb2e114c0cf4640cc4e86aa248914a16347e78e74ec38ee63bf38c14bd8b258914d76b41c2bdf645668e73fab76dc34da7a95f19cd9d3a88a1a98da2757517ee282399dcd81f87a31bceab418ec2b15ee8fdaac878cfb61450fcd00e8b1c00cbeb4662f87e6c9b5195184afc58e1b0558a497c2c1eb8f39ab18e98eeaf237258d8fcf35c7a4b9f28555c99f37d73b0fb98b1bb9c45b48c11848f68597575546e77283fa5c0407f9d84a970e1f5e45c73688e8cb4502610b6d6bbc51387067bb1d4e2571f32f19d33df1f0393aecbb9b020ca108030445e454d69b65a9a06fa661e8ba8bea65dd7a3fef1e451dcbd4404ab04ad9acce6996b0bf2781c32592f76995632ea3d0a5100cc91d8357e63da80ed54c85c5add62d1adc83d378800d34c6989e203af42501ab35559f804fdf543f7994474d1f165c1423f92df2d83452919d71d9d503f52e1e40fe14ff4d95e37b2700c77c2af94ed2a1781c465a6584ebe5e92c58e941a628205d7ff37eae9d10ab21c81cc40e8a90b4c42834d95606f07ea25c59645cc4a4e7399be93d9e26fa479d16994af56ee27a87dfb990fa0ec8ba081942577f6adbd7b5fd6ea92f6f5bcf838cb54b281beae568c64e6bfb0e0b4bfa0b62d72a54cd32d392341589c98492ede7c01139a0b5469d4391b85771c851878e379014c875fa2a1d56fb7b66d00266b2dafc63dad11617ad6c7a159dfda776b6cd8d1f82166ccd0df0a50625c5cec16b190faea418e926a0cea50c89323ede115d48685b18a9ccb74dff9f1449b796c219c31b10664f0a4397cee481948dc54cd60b24178ceb8bb8e23e9d31d4b8712d57a819280457bbc894b11b24965c3cc097c26ac59c584b9ca65bfcc9cbd2745e1891d7a56660e1a858a5d73feb875f3df3fb2864f378f36f9e100e318086703f352d0ce6df3dc261f23bbc81a933e56a9791c4272bcd2fa0cbe5a6e99ea2678fa53db8c47aa8d89daf2fb6ed24c1ff0b727f01416c6f952e54697153b2a20ebcf6f110d66db7c0be846b3b165853c8b58c7a04bff57fe6d41accc710fde40a4cea7f512d106b80c274ac4163d854fdc3b7e2f53c256825360cb1424c26e673bcb92f988ceed3be057d57602474eb3fb49a33e2ec950923608d89400e96d346e216a22cbc32b30f7657bda601fd03428127f73e5a008595280e6b0e2f31de67721a3fa2d5d6"})

4.130439242s ago: executing program 4 (id=957):
modify_ldt$write2(0x11, 0x0, 0x0)
modify_ldt$read(0x0, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x980, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
setgroups(0x0, 0x0)
lseek(r4, 0x9, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5, 0x0, 0x8}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r6 = add_key$user(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000480)="35cc22", 0x3, 0xffffffffffffffff)
r7 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r6, 0xffffffffffffffff, r7, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port1\x00', 0xe3, 0x1b1c27, 0x0, 0x1, 0x0, 0x0, 0x5})
r8 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x440000, 0x0)
r9 = dup3(r0, r8, 0x0)
read$FUSE(r9, &(0x7f0000006240)={0x2020}, 0x2020)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0))
socket$netlink(0x10, 0x3, 0x10)

4.041068015s ago: executing program 6 (id=958):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="e2b400000200000000000000000000003d5ece05f4c31f147c403575509ce56de8e628a5a58d3f57736b4e8d697df97fc313f76191313745ba48070000000000000001ae53151a372defdaaef9d279880e3138c1b821197ab00e4c02888504b4c44d7ed1ea813141f33ae30b"], 0x10}}, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r1, &(0x7f0000000e40)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000c80), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0x2, &(0x7f0000000280)=@raw=[@map_idx={0x18, 0xb, 0x5, 0x0, 0x9}], &(0x7f00000003c0)='syzkaller\x00', 0x1000, 0x86, &(0x7f0000000400)=""/134, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a00)={0x0, 0x10, 0x4, 0x8}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000cc0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2], &(0x7f0000000d00)=[{0x0, 0x5, 0xd, 0x3}, {0x2, 0x4, 0x7, 0x2}, {0x0, 0x3, 0x10, 0x6}, {0x2, 0x4, 0x6, 0x7}, {0x0, 0x5, 0x3, 0xc}, {0x3, 0x5, 0x4, 0xc}, {0x3, 0x3, 0x5, 0x2}, {0x10000, 0x4, 0x6, 0x8}], 0x10, 0x80000000}, 0x94)
r3 = fanotify_init(0x8, 0x8000)
r4 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r3, 0x641, 0x48001018, r4, 0x0)
r5 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
r6 = socket$kcm(0x10, 0x3, 0x10)
recvmsg$kcm(r6, &(0x7f0000002780)={0x0, 0x0, 0x0}, 0x40000080)
sendmsg$kcm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)="1400000036000b635ef1681c717a3c4a0ed09a5ba32fbea87bc286ddb1fcb6592accac4a78f9e573e714ecf7afc45847ba7505da07e0760109600da2c5eac306ec9721289d1d6d1652cd0f70e77a0ca5e9a0a02022d57bf44b6bca33337a4e597759bd3eb024", 0x66}, {&(0x7f0000000300)="b6b8dec7089f10a7c26df3c9bcf01a10f56b7ec91b2df9f690847fc05ce77c5de4b0d2dbc6dcfaaf5210ce9c7d16956a71d3882d4fc8b0e5d960ef4f3f870f24b2c05a429a9d06f0a22c73c9a7018beb37265276c67533d9c65e45c71a303d57cc26e79331cbc74175547b16d4a55d4a7fcfcff3f92a8b1509ffee6bff869cdc46bea35ff9c4a0a14b97e34899b4a73a246eb38a8c917b6aaa595b1266904589e7e6e1205c3a", 0xa6}], 0x2}, 0x10)
open(&(0x7f0000000100)='./file1\x00', 0x210000, 0x14e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}}, 0x4)
sendfile(r5, r5, 0x0, 0x7f03)
recvmmsg(r1, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}, 0xa}], 0x1, 0x10162, 0x0)
readv(r1, &(0x7f00000005c0)=[{&(0x7f0000000640)=""/142, 0x8e}], 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0800000004000000040000000700000000"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x0, 0x1a5, 0x0, &(0x7f0000000700)="e02742e8680d85762f0800bd617ea6df170adffe8bc4c226384598b1b886bf6a52b09eb25617cd88cc6802fc9370cfe3ec27e9555b1bb0423d17f42af54311645e627b567b613e309d61bc81ccdd0881e5fbab213900e1758d9fb71efda4c13a8376a982b541b5a3c82f754d67bce7456e64ae4eaa8274b4e275d2d38dc702b569281684dafd0b1f1441cc3e3a0a12a5a2a1dcdfbf45e6a8170fb85a1689f1bedebddd32a89c3bc0466eb4659fec8b7b95557a1c6a16f25092a006fa06061bb6f6f9dc0244468e2b8c7b0e5fc41b70dfdef547b8e6eb82b5584f74e31f8a8761e218b5307f3c44de45b48df1f6ed407832ac8da48d089f9c9d2affa1a78bde91c259719d30ec5d5871e67581b0068e1bcca7e2a5cfe38cd4a4e2b1d806089b87fab93e3d3e962d0c0f7bc1a34c7ceca9bef620ee840d49dfe6aa0ff14956c38813616067641dc9246c79f117a31e049f25c6870a794f971a982dc645409fd0442e370352cf704d36e53f1c492ba80c4c482b3bd439489a4fd7cad0ba123a19586fdb4f3d53b6552ce7276c9065be1e0a476be5fad651b52695c7dbbc78fbd4d29d2c8a60dd", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.430737653s ago: executing program 4 (id=959):
pipe2$9p(&(0x7f0000000f80)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, 0x0, 0x15)
r1 = dup(r0)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745"], 0xb0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000180)=@framed={{}, [@map_idx={0x18, 0x7, 0x5, 0x0, 0xf}]}, &(0x7f0000000040)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r5, 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000000), 0xffffff6a)
sendfile(r5, r6, 0x0, 0xffffffff004)
close(r5)

3.422293406s ago: executing program 3 (id=960):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'nr0\x00', 0x6132}) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000140)={'nr0\x00', 0x6132}) (async)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'nr0\x00', 0x6132}) (async)
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000000c0)={'syz_tun\x00', 0x400}) (async)
write$cgroup_subtree(r2, &(0x7f0000000000), 0xfe3a) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x4, 0x6, 0x7ffc1ffc}]}) (async)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

3.188016024s ago: executing program 7 (id=961):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x5422)
epoll_create1(0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8000000004, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000000c0)={0x1, @win={{0xffff, 0x8, 0x1, 0xe}, 0x1, 0x72e3c788, &(0x7f0000000300)={{0x80000001, 0x3, 0x401, 0x3}, &(0x7f0000000400)={{0x4, 0x2, 0x7, 0x2}, &(0x7f0000000200)={{0x2, 0x1000, 0xe5, 0xfffff5ee}}}}, 0x7, &(0x7f00000003c0)="4a067eae4b546a75e5cafd662d3b2beb587fe129e9b49472d6", 0x3}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="180200000300000000000000000000008500000087000000850000000700000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r4, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1700000000000000040100"/20, @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x26e1, 0x0)
close(r5)
socketpair$unix(0x1, 0x7, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r5, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\x00\x00\x00 '})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000fc0)={0x0, @in6={{0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, '\x00', 0x36}, 0x10000}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
sendto$inet6(r1, &(0x7f0000000440)="ab897331128a9573f0f8473ac0f1e06103a63861ce950ed02f1189bbc05fa771123ab2700db7d6a6b2a90a2d58b83f9cc848c05174b5c81a2fbf14670580c590f77ad54b3393d0b88620f698cec69a0c96589a804df3a2ce32940d65e2a89dedf1056d5bf09e4b6d962b3cd9f4662d45fdeac3af9782cc58ac593463c7c133c332eb0fb141d0643c305ab395825838529b114f4874d07de2364dd9ffb9c9493ad435125e74ef2ca7570ef548c131878f2895f016c7198008fbc8390d11b02a2ae98f768bca7551f211b12ee33482f841f3199a57ad31664b0c1767775d3317", 0xdf, 0x4040884, &(0x7f0000000280)={0xa, 0x5e24, 0x6, @empty, 0x7ff}, 0x1c)

2.035935872s ago: executing program 4 (id=962):
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ced4fbd44e24eb0d34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3a06d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796efea77aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece72f2090000f44a3210223fdae7ed04935c3c90941576aebc8619d73415cda2130f5011e4845505000001000000004f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c040035cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bf463261135e24d154114df1381b02a0dcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f884cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e1700000000000000000000000000000000000000000000000000000520500002952a93466ae595c6a8cda690d192a070886df42"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x88, 0x67, 0x0, 0x0)
sendmsg$inet(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000880)="8292a2b530", 0x5}], 0x1, &(0x7f0000000040)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x40}, @dev={0xac, 0x14, 0x14, 0x3a}}}}], 0x20}, 0x0)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000340)={0x1f, 0x1, @any, 0x2}, 0xe)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a726"], 0x26c0}}, 0x4010)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r4}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, &(0x7f0000000000), 0x4)

1.991602905s ago: executing program 2 (id=963):
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x30, 0x0, 0x0, 0x4db, 0x8, 0x0, {0x4, 0x40}, {0x0, 0x20000004}, {}, {0x3, 0x0, 0x1}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffc00, 0x0, 0x400, 0x0, 0x0, 0x21, 0x0, 0x0, 0x7})

1.480748843s ago: executing program 6 (id=964):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x4)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
shmctl$SHM_LOCK(0x0, 0xb)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
shutdown(r2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x228000, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, 0x0, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x40002)
socket$igmp6(0xa, 0x3, 0x2)
writev(r3, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0), 0x300}, {&(0x7f0000000900), 0x4000}], 0xe)

1.413217386s ago: executing program 3 (id=965):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x62ca3000)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000140)='xen_mc_entry_alloc\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
r1 = fsopen(&(0x7f0000000200)='btrfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x300, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r2 = creat(&(0x7f0000000000)='./file1\x00', 0x17c)
open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000f8000300"], 0x830200)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000009, 0x46031, 0xffffffffffffffff, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f00000007c0)={0x48, 0x2, r4})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000100)={0x28, 0x4, r4, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e})

1.412789772s ago: executing program 2 (id=966):
r0 = socket(0x10, 0x2, 0x0) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'tunl0\x00', <r1=>0x0}) (rerun: 32)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', <r2=>r1, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x7800, 0xfffffffc, 0xdc64}}) (async, rerun: 64)
r3 = gettid() (rerun: 64)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
read$alg(r0, &(0x7f0000000380)=""/233, 0xe9) (async)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x22803) (async, rerun: 64)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x80d11, 0x0) (rerun: 64)
dup3(r4, r5, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
r6 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000000)=0x7) (async)
syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) (async)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', r2, 0x29, 0x0, 0x6, 0x7f, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x0, 0x40, 0x6, 0x41}}) (async, rerun: 64)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'ip6_vti0\x00', r2, 0x0, 0x0, 0xff, 0x1000, 0xd, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, 0x7, 0x0, 0xfffffffc}}) (rerun: 64)

139.998594ms ago: executing program 3 (id=967):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020}, 0x2020)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
mlock(&(0x7f0000002000/0x2000)=nil, 0x2000)
r4 = syz_open_dev$video4linux(&(0x7f0000000100), 0x5, 0x20000)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r4, 0xc040563d, &(0x7f0000000140)={0x0, 0x0, 0x103, 0x0, {0x8, 0x0, 0x9, 0x109a}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x18b742, 0x0)
readv(r5, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/15, 0x2}, {&(0x7f0000000180)=""/172, 0x2000022c}], 0x3)
connect$inet6(r0, &(0x7f0000001880)={0xa, 0x0, 0x9, @private0, 0x1}, 0x1c)
pipe2$9p(&(0x7f0000000040), 0x0)
dup2(0xffffffffffffffff, r0)

99.902472ms ago: executing program 6 (id=968):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f8000000160001002bbd7000fedbdf250a010101000000000000000000000000fe8800000000000000000000000001014e2300004e2400000a0080201d000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa000004d5330000"], 0xf8}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0)
sendmsg$key(r1, &(0x7f0000000440)={0x900, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x2, 0x9, 0xfc, 0x0, 0x2, 0x0, 0x70bd28, 0x25dfdbfe}, 0x10}}, 0x40408c0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'pcl812\x00', [0x9e1, 0x2162, 0x0, 0x100000, 0x88d7, 0x8f, 0x1, 0x0, 0x1002, 0xffffffff, 0x200, 0x1, 0x344, 0x1, 0x7, 0x1, 0x8, 0x7, 0x9, 0xe, 0x100, 0x9, 0x7, 0x8, 0x5, 0x1, 0xb0c4, 0x7df, 0x2, 0x400007, 0x1]})

96.640486ms ago: executing program 7 (id=969):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x17ef, 0x6062, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x3, 0x4}}}}}]}}]}}, 0x0) (async)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="f1ff0000020605"], 0x14}, 0x1, 0x0, 0x0, 0x10000000}, 0xc081) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x4c42bb4f92, 0x0) (async)
shutdown(r4, 0x0)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e900232b8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000200)="c67f0d7df9", 0x4b}], 0x2)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f0000000200)={0x20, 0xe, 0x6, {0x6, 0x8, "0f65259b"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

0s ago: executing program 4 (id=970):
r0 = syz_io_uring_setup(0x38a9, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3})
io_uring_enter(r0, 0x44fd, 0x3, 0x1, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r4 = gettid()
tkill(r4, 0x12)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
rt_sigsuspend(&(0x7f0000000040)={[0xfffffffffffbfefd]}, 0x8)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd)

kernel console output (not intermixed with test programs):

ticast mode
[  264.480973][ T7575] wg1: entered allmulticast mode
[  264.486477][ T7575] wg2: entered allmulticast mode
[  264.491997][ T7575] veth0_to_bridge: entered allmulticast mode
[  264.499367][ T7575] veth1_to_bridge: entered allmulticast mode
[  264.506082][ T7575] veth0_to_bond: entered allmulticast mode
[  264.512593][ T7575] veth1_to_bond: entered allmulticast mode
[  264.519058][ T7575] veth0_to_team: entered allmulticast mode
[  264.525596][ T7575] veth1_to_team: entered allmulticast mode
[  264.532228][ T7575] veth0_to_batadv: entered allmulticast mode
[  264.538678][ T7575] batadv_slave_0: entered allmulticast mode
[  264.544906][ T7575] veth1_to_batadv: entered allmulticast mode
[  264.551373][ T7575] batadv_slave_1: entered allmulticast mode
[  264.558246][ T7575] xfrm0: entered allmulticast mode
[  264.564779][ T7575] veth0_to_hsr: entered allmulticast mode
[  264.570946][ T7575] hsr_slave_0: entered allmulticast mode
[  264.576996][ T7575] veth1_to_hsr: entered allmulticast mode
[  264.583066][ T7575] hsr_slave_1: entered allmulticast mode
[  264.589093][ T7575] hsr0: entered allmulticast mode
[  264.594474][ T7575] veth1_virt_wifi: entered allmulticast mode
[  264.600931][ T7575] veth0_virt_wifi: entered allmulticast mode
[  264.607354][ T7575] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  264.614776][ T7575] veth1_vlan: entered allmulticast mode
[  264.620769][ T7575] veth0_vlan: entered allmulticast mode
[  264.626772][ T7575] vlan0: entered allmulticast mode
[  264.632278][ T7575] vlan1: entered allmulticast mode
[  264.638140][ T7575] macvlan0: entered allmulticast mode
[  264.643857][ T7575] macvlan1: entered allmulticast mode
[  264.649864][ T7575] ipvlan0: entered allmulticast mode
[  264.655312][ T7575] ipvlan1: entered allmulticast mode
[  264.661391][ T7575] veth1_macvtap: entered allmulticast mode
[  264.668883][ T7575] veth0_macvtap: entered allmulticast mode
[  264.675141][ T7575] macvtap0: entered allmulticast mode
[  264.681096][ T7575] macsec0: entered allmulticast mode
[  264.686802][ T7575] geneve0: entered allmulticast mode
[  264.692594][ T7575] geneve1: entered allmulticast mode
[  264.698341][ T7575] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  264.706193][ T7575] netdevsim netdevsim4 netdevsim1: entered allmulticast mode
[  264.714130][ T7575] netdevsim netdevsim4 netdevsim2: entered allmulticast mode
[  264.721994][ T7575] netdevsim netdevsim4 netdevsim3: entered allmulticast mode
[  264.731537][ T7575] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode
[  264.739128][ T7575] mac80211_hwsim hwsim10 wlan1: entered allmulticast mode
[  264.746679][ T7575] veth2: entered allmulticast mode
[  264.752175][ T7575] veth3: entered allmulticast mode
[  264.757459][ T7575] veth4: entered allmulticast mode
[  264.763099][ T7575] veth5: entered allmulticast mode
[  264.769357][ T7575] veth6: entered allmulticast mode
[  264.774712][ T7575] veth7: entered allmulticast mode
[  266.049553][ T7597] FAULT_INJECTION: forcing a failure.
[  266.049553][ T7597] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  266.063004][ T7597] CPU: 1 UID: 0 PID: 7597 Comm: syz.4.451 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  266.063045][ T7597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  266.063057][ T7597] Call Trace:
[  266.063065][ T7597]  <TASK>
[  266.063073][ T7597]  dump_stack_lvl+0x189/0x250
[  266.063102][ T7597]  ? __pfx____ratelimit+0x10/0x10
[  266.063133][ T7597]  ? __pfx_dump_stack_lvl+0x10/0x10
[  266.063155][ T7597]  ? __pfx__printk+0x10/0x10
[  266.063181][ T7597]  ? __might_fault+0xb0/0x130
[  266.063223][ T7597]  should_fail_ex+0x414/0x560
[  266.063258][ T7597]  _copy_from_user+0x2d/0xb0
[  266.063282][ T7597]  netlink_setsockopt+0x1af/0x770
[  266.063315][ T7597]  ? __pfx_netlink_setsockopt+0x10/0x10
[  266.063346][ T7597]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  266.063383][ T7597]  ? __pfx_netlink_setsockopt+0x10/0x10
[  266.063409][ T7597]  do_sock_setsockopt+0x25a/0x3e0
[  266.063438][ T7597]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  266.063468][ T7597]  ? __fget_files+0x2a/0x420
[  266.063503][ T7597]  __x64_sys_setsockopt+0x18b/0x220
[  266.063535][ T7597]  do_syscall_64+0xfa/0x3b0
[  266.063557][ T7597]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.063576][ T7597]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  266.063595][ T7597]  ? clear_bhb_loop+0x60/0xb0
[  266.063620][ T7597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.063638][ T7597] RIP: 0033:0x7fa7b618e929
[  266.063656][ T7597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.063672][ T7597] RSP: 002b:00007fa7b7066038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  266.063694][ T7597] RAX: ffffffffffffffda RBX: 00007fa7b63b6160 RCX: 00007fa7b618e929
[  266.063708][ T7597] RDX: 0000000000000002 RSI: 000000000000010e RDI: 0000000000000005
[  266.063720][ T7597] RBP: 00007fa7b7066090 R08: 0000000000000004 R09: 0000000000000000
[  266.063732][ T7597] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  266.063744][ T7597] R13: 0000000000000000 R14: 00007fa7b63b6160 R15: 00007ffed66b7bd8
[  266.063776][ T7597]  </TASK>
[  266.066174][ T5840] Bluetooth: hci5: command tx timeout
[  266.547121][ T5842] vhci_hcd: vhci_device speed not set
[  266.562086][ T7499] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  266.688477][ T7499] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  266.746681][ T7601] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  266.796744][ T7499] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  266.930402][ T7499] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  268.403667][ T7616] audit_log_lost: 605 callbacks suppressed
[  268.403685][ T7616] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  268.428191][ T7616] audit: out of memory in audit_log_start
[  268.770324][ T7499] 8021q: adding VLAN 0 to HW filter on device bond0
[  268.817319][ T5927] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  268.900717][ T7628] netlink: 12 bytes leftover after parsing attributes in process `syz.5.459'.
[  268.922729][ T7499] 8021q: adding VLAN 0 to HW filter on device team0
[  269.053117][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.060580][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  269.215079][ T7632] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  269.229068][ T5927] usb 6-1: device descriptor read/64, error -71
[  269.234936][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.242674][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  269.717052][ T5927] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  269.940420][ T7499] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  270.007073][ T5927] usb 6-1: Using ep0 maxpacket: 32
[  270.148215][ T5927] usb 6-1: config index 0 descriptor too short (expected 8475, got 27)
[  270.910693][ T5927] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  271.050825][ T5927] usb 6-1: config 0 has no interface number 0
[  271.057209][ T5927] usb 6-1: config 0 interface 51 has no altsetting 0
[  271.066771][ T5927] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice= 4.6f
[  271.082066][ T5927] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.097580][ T5927] usb 6-1: Product: syz
[  271.101826][ T5927] usb 6-1: Manufacturer: syz
[  271.106434][ T5927] usb 6-1: SerialNumber: syz
[  271.168610][ T5927] usb 6-1: config 0 descriptor??
[  271.198831][ T5927] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  271.402152][ T5927] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  271.738161][    C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  272.408132][ T5927] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  272.467325][ T5927] usb 6-1: USB disconnect, device number 3
[  272.589147][ T5927] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  272.733890][ T5927] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  272.774387][ T7653] xt_bpf: check failed: parse error
[  272.808878][ T5927] quatech2 6-1:0.51: device disconnected
[  273.805027][ T7499] 8021q: adding VLAN 0 to HW filter on device batadv0
[  273.978239][   T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  274.187596][   T24] usb 5-1: Using ep0 maxpacket: 32
[  274.202441][   T24] usb 5-1: config 0 interface 0 has no altsetting 0
[  274.220178][   T24] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  274.250096][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.299104][   T24] usb 5-1: config 0 descriptor??
[  274.480094][ T7678] FAULT_INJECTION: forcing a failure.
[  274.480094][ T7678] name failslab, interval 1, probability 0, space 0, times 0
[  274.547048][ T7678] CPU: 0 UID: 0 PID: 7678 Comm: syz.3.470 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  274.547088][ T7678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  274.547100][ T7678] Call Trace:
[  274.547108][ T7678]  <TASK>
[  274.547117][ T7678]  dump_stack_lvl+0x189/0x250
[  274.547146][ T7678]  ? __pfx____ratelimit+0x10/0x10
[  274.547176][ T7678]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.547199][ T7678]  ? __pfx__printk+0x10/0x10
[  274.547232][ T7678]  ? ref_tracker_alloc+0x318/0x460
[  274.547265][ T7678]  should_fail_ex+0x414/0x560
[  274.547298][ T7678]  should_failslab+0xa8/0x100
[  274.547318][ T7678]  kmem_cache_alloc_noprof+0x73/0x3c0
[  274.547344][ T7678]  ? skb_clone+0x212/0x3a0
[  274.547376][ T7678]  skb_clone+0x212/0x3a0
[  274.547408][ T7678]  __netlink_deliver_tap+0x404/0x850
[  274.547448][ T7678]  ? netlink_deliver_tap+0x2e/0x1b0
[  274.547474][ T7678]  netlink_deliver_tap+0x19c/0x1b0
[  274.547498][ T7678]  netlink_unicast+0x72f/0x8d0
[  274.547532][ T7678]  netlink_sendmsg+0x805/0xb30
[  274.547568][ T7678]  ? __pfx_netlink_sendmsg+0x10/0x10
[  274.547602][ T7678]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  274.547629][ T7678]  ? __pfx_netlink_sendmsg+0x10/0x10
[  274.547654][ T7678]  __sock_sendmsg+0x219/0x270
[  274.547676][ T7678]  ____sys_sendmsg+0x505/0x830
[  274.547710][ T7678]  ? __pfx_____sys_sendmsg+0x10/0x10
[  274.547746][ T7678]  ? import_iovec+0x74/0xa0
[  274.547774][ T7678]  ___sys_sendmsg+0x21f/0x2a0
[  274.547800][ T7678]  ? __pfx____sys_sendmsg+0x10/0x10
[  274.547867][ T7678]  ? __fget_files+0x2a/0x420
[  274.547887][ T7678]  ? __fget_files+0x3a0/0x420
[  274.547919][ T7678]  __x64_sys_sendmsg+0x19b/0x260
[  274.547948][ T7678]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  274.547985][ T7678]  ? __pfx_ksys_write+0x10/0x10
[  274.548010][ T7678]  ? rcu_is_watching+0x15/0xb0
[  274.548040][ T7678]  ? do_syscall_64+0xbe/0x3b0
[  274.548077][ T7678]  do_syscall_64+0xfa/0x3b0
[  274.548095][ T7678]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.548123][ T7678]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.548143][ T7678]  ? clear_bhb_loop+0x60/0xb0
[  274.548168][ T7678]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.548187][ T7678] RIP: 0033:0x7f2b22d8e929
[  274.548206][ T7678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.548224][ T7678] RSP: 002b:00007f2b23c4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  274.548245][ T7678] RAX: ffffffffffffffda RBX: 00007f2b22fb5fa0 RCX: 00007f2b22d8e929
[  274.548259][ T7678] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  274.548272][ T7678] RBP: 00007f2b23c4a090 R08: 0000000000000000 R09: 0000000000000000
[  274.548284][ T7678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.548296][ T7678] R13: 0000000000000000 R14: 00007f2b22fb5fa0 R15: 00007ffd966211c8
[  274.548328][ T7678]  </TASK>
[  274.844100][ T7658] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  274.857470][   T24] corsair-cpro 0003:1B1C:0C10.0003: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.4-1/input0
[  275.159264][   T24] corsair-cpro 0003:1B1C:0C10.0003: probe with driver corsair-cpro failed with error -71
[  275.217455][   T24] usb 5-1: USB disconnect, device number 8
[  275.351550][ T7686] FAULT_INJECTION: forcing a failure.
[  275.351550][ T7686] name failslab, interval 1, probability 0, space 0, times 0
[  275.538741][ T7686] CPU: 1 UID: 0 PID: 7686 Comm: syz.4.472 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  275.538772][ T7686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  275.538784][ T7686] Call Trace:
[  275.538792][ T7686]  <TASK>
[  275.538802][ T7686]  dump_stack_lvl+0x189/0x250
[  275.538830][ T7686]  ? __pfx____ratelimit+0x10/0x10
[  275.538861][ T7686]  ? __pfx_dump_stack_lvl+0x10/0x10
[  275.538885][ T7686]  ? __pfx__printk+0x10/0x10
[  275.538914][ T7686]  ? __pfx___might_resched+0x10/0x10
[  275.538937][ T7686]  ? fs_reclaim_acquire+0x7d/0x100
[  275.538963][ T7686]  should_fail_ex+0x414/0x560
[  275.538996][ T7686]  should_failslab+0xa8/0x100
[  275.539013][ T7686]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  275.539037][ T7686]  ? __alloc_skb+0x112/0x2d0
[  275.539061][ T7686]  __alloc_skb+0x112/0x2d0
[  275.539090][ T7686]  alloc_skb_with_frags+0xca/0x890
[  275.539114][ T7686]  ? __might_fault+0xb0/0x130
[  275.539157][ T7686]  sock_alloc_send_pskb+0x857/0x990
[  275.539208][ T7686]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  275.539260][ T7686]  ? iov_iter_advance+0x8b/0x1c0
[  275.539285][ T7686]  tun_get_user+0x9c3/0x3ce0
[  275.539325][ T7686]  ? __might_fault+0xb0/0x130
[  275.539354][ T7686]  ? __pfx_tun_get_user+0x10/0x10
[  275.539383][ T7686]  ? __lock_acquire+0xab9/0xd20
[  275.539409][ T7686]  ? ref_tracker_alloc+0x318/0x460
[  275.539437][ T7686]  ? __lock_acquire+0xab9/0xd20
[  275.539458][ T7686]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  275.539500][ T7686]  ? tun_get+0x1c/0x2f0
[  275.539528][ T7686]  ? tun_get+0x1c/0x2f0
[  275.539548][ T7686]  ? tun_get+0x1c/0x2f0
[  275.539574][ T7686]  tun_chr_write_iter+0x113/0x200
[  275.539600][ T7686]  vfs_write+0x548/0xa90
[  275.539634][ T7686]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  275.539656][ T7686]  ? __pfx_vfs_write+0x10/0x10
[  275.539697][ T7686]  ? __fget_files+0x2a/0x420
[  275.539727][ T7686]  ksys_write+0x145/0x250
[  275.539756][ T7686]  ? __pfx_ksys_write+0x10/0x10
[  275.539781][ T7686]  ? rcu_is_watching+0x15/0xb0
[  275.539808][ T7686]  ? do_syscall_64+0xbe/0x3b0
[  275.539833][ T7686]  do_syscall_64+0xfa/0x3b0
[  275.539851][ T7686]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.539880][ T7686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.539900][ T7686]  ? clear_bhb_loop+0x60/0xb0
[  275.539924][ T7686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.539943][ T7686] RIP: 0033:0x7fa7b618e929
[  275.539962][ T7686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.539979][ T7686] RSP: 002b:00007fa7b70a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  275.540001][ T7686] RAX: ffffffffffffffda RBX: 00007fa7b63b5fa0 RCX: 00007fa7b618e929
[  275.540016][ T7686] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000003
[  275.540030][ T7686] RBP: 00007fa7b70a8090 R08: 0000000000000000 R09: 0000000000000000
[  275.540042][ T7686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  275.540054][ T7686] R13: 0000000000000000 R14: 00007fa7b63b5fa0 R15: 00007ffed66b7bd8
[  275.540087][ T7686]  </TASK>
[  276.556390][ T7693] netlink: 12 bytes leftover after parsing attributes in process `syz.2.474'.
[  276.847156][ T7697] netlink: 12 bytes leftover after parsing attributes in process `syz.3.476'.
[  276.862267][ T7499] veth0_vlan: entered promiscuous mode
[  276.967582][ T5975] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  277.580764][ T5975] usb 6-1: New USB device found, idVendor=0471, idProduct=0329, bcdDevice=db.da
[  277.601195][ T7701] macvlan2: entered promiscuous mode
[  277.617631][ T5975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.788011][ T5975] usb 6-1: config 0 descriptor??
[  277.801837][ T7701] macvlan2: entered allmulticast mode
[  277.807130][ T5975] pwc: Philips SPC 900NC USB webcam detected.
[  277.834527][ T7701] bond1: entered promiscuous mode
[  277.886330][ T7701] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  277.996746][ T7701] bond1: left promiscuous mode
[  278.036223][ T5975] pwc: Failed to set LED on/off time (-71)
[  278.054329][ T5975] pwc: send_video_command error -71
[  278.066321][ T5975] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  278.100784][ T5975] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[  278.208957][ T5975] usb 6-1: USB disconnect, device number 4
[  278.466738][ T7499] veth1_vlan: entered promiscuous mode
[  278.650497][ T7499] veth0_macvtap: entered promiscuous mode
[  278.781186][ T7499] veth1_macvtap: entered promiscuous mode
[  278.954395][ T7499] batman_adv: batadv0: Interface activated: batadv_slave_0
[  279.065390][ T7499] batman_adv: batadv0: Interface activated: batadv_slave_1
[  279.106096][ T7499] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  279.127571][ T7499] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  279.146874][ T7499] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  279.155963][ T7499] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  279.467859][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.500893][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  279.634801][ T7697] netlink: 20 bytes leftover after parsing attributes in process `syz.3.476'.
[  279.697221][ T7697] netlink: 24 bytes leftover after parsing attributes in process `syz.3.476'.
[  279.730180][ T1338] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.787168][ T1338] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  281.179966][ T7733] netlink: 12 bytes leftover after parsing attributes in process `syz.5.484'.
[  281.231275][   T30] audit: type=1326 audit(1751749877.313:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7734 comm="syz.3.486" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2b22d8e929 code=0x0
[  281.373131][ T7739] netlink: 8 bytes leftover after parsing attributes in process `syz.3.486'.
[  281.946623][   T30] audit: type=1326 audit(1751749877.913:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7737 comm="syz.6.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08eb8e929 code=0x7ffc0000
[  282.538905][   T30] audit: type=1326 audit(1751749877.913:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7737 comm="syz.6.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08eb8e929 code=0x7ffc0000
[  282.592536][   T30] audit: type=1326 audit(1751749877.923:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7737 comm="syz.6.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa08eb8e929 code=0x7ffc0000
[  282.657052][   T30] audit: type=1326 audit(1751749877.923:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7737 comm="syz.6.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08eb8e929 code=0x7ffc0000
[  282.747063][   T30] audit: type=1326 audit(1751749877.923:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7737 comm="syz.6.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08eb8e929 code=0x7ffc0000
[  282.889648][   T30] audit: type=1326 audit(1751749877.923:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7737 comm="syz.6.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fa08eb8e929 code=0x7ffc0000
[  282.971323][   T30] audit: type=1326 audit(1751749877.923:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7737 comm="syz.6.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08eb8e929 code=0x7ffc0000
[  283.067182][   T30] audit: type=1326 audit(1751749877.933:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7737 comm="syz.6.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08eb8e929 code=0x7ffc0000
[  283.151559][   T30] audit: type=1326 audit(1751749877.933:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7737 comm="syz.6.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa08eb8e929 code=0x7ffc0000
[  283.191728][ T7731] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  284.068251][ T7759] trusted_key: syz.6.491 sent an empty control message without MSG_MORE.
[  284.387205][ T5927] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  284.557219][ T5927] usb 7-1: device descriptor read/64, error -71
[  284.807238][ T5927] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  284.950354][ T7770] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0
[  284.967053][ T5927] usb 7-1: device descriptor read/64, error -71
[  285.211829][ T5927] usb usb7-port1: attempt power cycle
[  285.315446][ T1338] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.579953][ T1338] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.590675][ T5927] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  285.642197][ T5927] usb 7-1: device descriptor read/8, error -71
[  285.760026][ T1338] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.919125][ T5927] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  285.950299][ T1338] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.972413][ T5927] usb 7-1: device descriptor read/8, error -71
[  286.097435][ T5927] usb usb7-port1: unable to enumerate USB device
[  286.357406][ T1338] bridge_slave_1: left allmulticast mode
[  286.396487][ T1338] bridge_slave_1: left promiscuous mode
[  286.408167][ T1338] bridge0: port 2(bridge_slave_1) entered disabled state
[  287.599154][ T1338] bridge_slave_0: left allmulticast mode
[  287.646618][ T1338] bridge_slave_0: left promiscuous mode
[  287.646875][ T1338] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.927001][ T5842] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  288.006467][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  288.023319][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  288.031756][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  288.041754][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  288.054291][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  288.147015][ T5842] usb 7-1: Using ep0 maxpacket: 32
[  288.156359][ T5842] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  288.178961][ T5842] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  288.201893][ T5842] usb 7-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  288.217247][ T5842] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.241891][ T5842] usb 7-1: config 0 descriptor??
[  288.277549][  T979] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  288.450702][  T979] usb 4-1: Using ep0 maxpacket: 16
[  288.593625][  T979] usb 4-1: config 0 has an invalid interface number: 148 but max is 0
[  288.603790][  T979] usb 4-1: config 0 has no interface number 0
[  288.614813][  T979] usb 4-1: config 0 interface 148 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 32
[  288.638571][  T979] usb 4-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[  288.648409][  T979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.672829][  T979] usb 4-1: config 0 descriptor??
[  288.679801][ T7791] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  289.238569][ T7800] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  289.351679][ T7791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.379399][ T7791] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.528754][ T7806] trusted_key: encrypted_key: insufficient parameters specified
[  289.538104][ T1338] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  289.565822][ T1338] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  289.581864][ T1338] bond0 (unregistering): Released all slaves
[  289.709201][ T5975] usb 4-1: USB disconnect, device number 14
[  289.786709][ T5955] usb 1-1: USB disconnect, device number 9
[  290.077288][ T5848] Bluetooth: hci1: command tx timeout
[  290.446368][ T7815] random: crng reseeded on system resumption
[  290.612902][ T5842] usbhid 7-1:0.0: can't add hid device: -71
[  290.639025][ T5842] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  290.689368][ T5842] usb 7-1: USB disconnect, device number 6
[  290.929341][ T5975] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  291.889545][ T1338] hsr_slave_0: left promiscuous mode
[  291.897515][ T1338] hsr_slave_1: left promiscuous mode
[  291.905373][ T1338] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  292.168404][ T5848] Bluetooth: hci1: command tx timeout
[  292.220805][ T1338] batman_adv: batadv0: Removing interface: batadv_slave_0
[  292.235497][ T1338] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  292.267293][ T1338] batman_adv: batadv0: Removing interface: batadv_slave_1
[  292.549925][ T5975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  292.562008][ T5975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  292.572229][ T5975] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  292.581345][ T5975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  292.604652][ T5975] usb 4-1: config 0 descriptor??
[  294.237127][ T5848] Bluetooth: hci1: command tx timeout
[  294.386723][ T1338] veth1_macvtap: left promiscuous mode
[  294.475393][ T1338] veth0_macvtap: left promiscuous mode
[  294.573091][ T1338] veth1_vlan: left promiscuous mode
[  294.625507][ T1338] veth0_vlan: left promiscuous mode
[  294.993943][ T7849] FAULT_INJECTION: forcing a failure.
[  294.993943][ T7849] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  295.007587][ T7849] CPU: 0 UID: 0 PID: 7849 Comm: syz.4.515 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  295.007616][ T7849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  295.007628][ T7849] Call Trace:
[  295.007635][ T7849]  <TASK>
[  295.007644][ T7849]  dump_stack_lvl+0x189/0x250
[  295.007677][ T7849]  ? irqentry_exit+0x74/0x90
[  295.007700][ T7849]  ? __pfx_dump_stack_lvl+0x10/0x10
[  295.007743][ T7849]  should_fail_ex+0x414/0x560
[  295.007779][ T7849]  _copy_from_iter+0x1db/0x16f0
[  295.007814][ T7849]  ? __pfx__copy_from_iter+0x10/0x10
[  295.007838][ T7849]  ? __build_skb_around+0x257/0x3e0
[  295.007866][ T7849]  ? netlink_sendmsg+0x642/0xb30
[  295.007890][ T7849]  ? skb_put+0x11b/0x210
[  295.007918][ T7849]  netlink_sendmsg+0x6b2/0xb30
[  295.007941][ T7849]  ? lockdep_hardirqs_on+0x9c/0x150
[  295.007979][ T7849]  ? __pfx_netlink_sendmsg+0x10/0x10
[  295.008013][ T7849]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  295.008044][ T7849]  ? __pfx_netlink_sendmsg+0x10/0x10
[  295.008070][ T7849]  __sock_sendmsg+0x219/0x270
[  295.008093][ T7849]  ____sys_sendmsg+0x505/0x830
[  295.008125][ T7849]  ? __pfx_____sys_sendmsg+0x10/0x10
[  295.008163][ T7849]  ? import_iovec+0x74/0xa0
[  295.008189][ T7849]  ___sys_sendmsg+0x21f/0x2a0
[  295.008215][ T7849]  ? __pfx____sys_sendmsg+0x10/0x10
[  295.008255][ T7849]  ? rcu_is_watching+0x15/0xb0
[  295.008293][ T7849]  ? irqentry_exit+0x74/0x90
[  295.008331][ T7849]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  295.008367][ T7849]  __x64_sys_sendmsg+0x19b/0x260
[  295.008396][ T7849]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  295.008432][ T7849]  ? __pfx_ksys_write+0x10/0x10
[  295.008467][ T7849]  ? do_syscall_64+0xbe/0x3b0
[  295.008491][ T7849]  do_syscall_64+0xfa/0x3b0
[  295.008511][ T7849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.008530][ T7849]  ? asm_sysvec_call_function_single+0x1a/0x20
[  295.008549][ T7849]  ? clear_bhb_loop+0x60/0xb0
[  295.008572][ T7849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.008592][ T7849] RIP: 0033:0x7fa7b618e929
[  295.008610][ T7849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.008628][ T7849] RSP: 002b:00007fa7b7087038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  295.008650][ T7849] RAX: ffffffffffffffda RBX: 00007fa7b63b6080 RCX: 00007fa7b618e929
[  295.008665][ T7849] RDX: 0000000020000010 RSI: 0000200000000080 RDI: 0000000000000003
[  295.008679][ T7849] RBP: 00007fa7b7087090 R08: 0000000000000000 R09: 0000000000000000
[  295.008691][ T7849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  295.008703][ T7849] R13: 0000000000000000 R14: 00007fa7b63b6080 R15: 00007ffed66b7bd8
[  295.008736][ T7849]  </TASK>
[  295.743168][ T5975] uclogic 0003:256C:006D.0004: failed retrieving string descriptor #200: -71
[  295.752505][ T5975] uclogic 0003:256C:006D.0004: failed retrieving pen parameters: -71
[  295.761051][ T5975] uclogic 0003:256C:006D.0004: failed probing pen v2 parameters: -71
[  295.769255][ T5975] uclogic 0003:256C:006D.0004: failed probing parameters: -71
[  295.776967][ T5975] uclogic 0003:256C:006D.0004: probe with driver uclogic failed with error -71
[  295.790222][ T5975] usb 4-1: USB disconnect, device number 15
[  296.317218][ T5848] Bluetooth: hci1: command tx timeout
[  296.442828][ T1338] team0 (unregistering): Port device team_slave_1 removed
[  296.508845][ T1338] team0 (unregistering): Port device team_slave_0 removed
[  297.728719][ T7792] chnl_net:caif_netlink_parms(): no params data found
[  299.066341][ T7792] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.116675][ T7792] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.137163][ T7792] bridge_slave_0: entered allmulticast mode
[  299.165991][ T7792] bridge_slave_0: entered promiscuous mode
[  299.215369][ T7792] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.244913][ T7792] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.268025][ T7792] bridge_slave_1: entered allmulticast mode
[  299.289336][ T7792] bridge_slave_1: entered promiscuous mode
[  299.332109][ T7885] netlink: zone id is out of range
[  299.353889][ T7885] netlink: zone id is out of range
[  299.392020][ T7885] netlink: zone id is out of range
[  299.427296][ T7885] netlink: zone id is out of range
[  299.435577][ T7792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  299.457564][ T7885] netlink: zone id is out of range
[  299.462743][ T7885] netlink: zone id is out of range
[  299.482694][ T7792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  299.521117][ T7885] netlink: zone id is out of range
[  299.560753][ T7885] netlink: zone id is out of range
[  299.565923][ T7885] netlink: zone id is out of range
[  299.610015][ T1338] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.621012][ T7885] netlink: zone id is out of range
[  300.237211][ T7894] netlink: 'syz.6.528': attribute type 1 has an invalid length.
[  300.244928][ T7894] netlink: 224 bytes leftover after parsing attributes in process `syz.6.528'.
[  300.350030][ T1338] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.603626][ T7792] team0: Port device team_slave_0 added
[  300.696763][ T1338] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.590803][ T7792] team0: Port device team_slave_1 added
[  301.704063][ T7896] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  301.806294][ T1338] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.979824][ T7792] batman_adv: batadv0: Adding interface: batadv_slave_0
[  301.979847][ T7792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.979889][ T7792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  301.983304][ T7792] batman_adv: batadv0: Adding interface: batadv_slave_1
[  301.983323][ T7792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.983365][ T7792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  302.332272][ T7792] hsr_slave_0: entered promiscuous mode
[  302.333519][ T7792] hsr_slave_1: entered promiscuous mode
[  302.334322][ T7792] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  302.334370][ T7792] Cannot create hsr debugfs directory
[  302.774144][ T1338] bridge_slave_1: left allmulticast mode
[  302.780095][   T43] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  302.797792][ T1338] bridge_slave_1: left promiscuous mode
[  302.877305][ T1338] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.911933][ T1338] bridge_slave_0: left allmulticast mode
[  302.937449][ T1338] bridge_slave_0: left promiscuous mode
[  302.957540][ T1338] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.037370][   T43] usb 3-1: Using ep0 maxpacket: 32
[  303.057807][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.070588][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.082239][   T43] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  303.095515][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.521539][   T43] usb 3-1: config 0 descriptor??
[  303.540297][   T43] hub 3-1:0.0: USB hub found
[  303.549542][ T7926] netlink: 24 bytes leftover after parsing attributes in process `syz.6.538'.
[  303.935505][   T43] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  304.171810][   T43] usbhid 3-1:0.0: can't add hid device: -71
[  304.178200][   T43] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  304.248985][   T43] usb 3-1: USB disconnect, device number 18
[  304.401912][ T7931] net_ratelimit: 199 callbacks suppressed
[  304.401934][ T7931] netlink: set zone limit has 4 unknown bytes
[  306.302879][ T1338] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  306.325386][ T1338] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  306.360295][ T1338] bond0 (unregistering): Released all slaves
[  306.753795][ T7950] netlink: 52 bytes leftover after parsing attributes in process `syz.3.544'.
[  307.231770][ T7949] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  308.299194][ T7963] netlink: 'syz.6.550': attribute type 2 has an invalid length.
[  308.777019][   T24] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  308.791901][ T1338] hsr_slave_0: left promiscuous mode
[  308.824230][ T1338] hsr_slave_1: left promiscuous mode
[  308.851881][ T1338] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  308.939387][ T1338] batman_adv: batadv0: Removing interface: batadv_slave_0
[  308.961043][ T1338] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  308.969316][ T1338] batman_adv: batadv0: Removing interface: batadv_slave_1
[  309.157946][ T7977] netlink: 24 bytes leftover after parsing attributes in process `syz.4.553'.
[  309.178725][ T1338] veth1_macvtap: left promiscuous mode
[  309.184373][ T1338] veth0_macvtap: left promiscuous mode
[  309.230998][ T1338] veth1_vlan: left promiscuous mode
[  309.253092][ T1338] veth0_vlan: left promiscuous mode
[  310.292122][ T5975] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  310.502857][ T5975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  310.526503][ T5975] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  310.563661][ T5975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  310.637660][ T5975] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  310.657197][ T5975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.669084][ T5975] usb 4-1: Product: syz
[  310.681448][ T5975] usb 4-1: Manufacturer: syz
[  310.695782][ T5975] usb 4-1: SerialNumber: syz
[  310.724767][ T5975] usb 4-1: config 0 descriptor??
[  310.755185][ T7985] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  310.912990][ T7985] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  310.943323][ T5975] usb 4-1: ucan: probing device on interface #0
[  311.182938][ T5975] usb 4-1: ucan: could not read protocol version, ret=0
[  311.205802][ T5975] usb 4-1: ucan: probe failed; try to update the device firmware
[  311.247235][ T5926] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  311.958184][ T5926] usb 7-1: Using ep0 maxpacket: 8
[  311.981762][ T5926] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  312.117056][ T5926] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  312.157012][ T5926] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  312.171375][ T1338] team0 (unregistering): Port device team_slave_1 removed
[  312.197221][ T5926] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  312.216964][ T5926] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  312.247053][ T5926] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  312.316224][ T5926] usb 7-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  312.387263][ T5926] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.411092][ T5926] usb 7-1: Product: syz
[  312.423120][ T5926] usb 7-1: Manufacturer: syz
[  312.434442][ T5926] usb 7-1: SerialNumber: syz
[  312.434891][ T1338] team0 (unregistering): Port device team_slave_0 removed
[  312.450634][ T5926] usb 7-1: config 0 descriptor??
[  312.457874][ T7995] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  312.675795][ T7995] netlink: 8 bytes leftover after parsing attributes in process `syz.6.559'.
[  312.842463][ T5975] kernel write not supported for file /snd/seq (pid: 5975 comm: kworker/0:7)
[  313.141282][  T979] usb 4-1: USB disconnect, device number 16
[  313.253195][ T1338] smc: removing net device lo with user defined pnetid SYZ1
[  313.456041][ T7792] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  313.513758][ T7792] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  313.540146][ T7792] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  313.574625][ T7792] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  313.617885][ T8016] caif0: left allmulticast mode
[  313.711171][ T8019] ubi: mtd0 is already attached to ubi1
[  314.416974][ T5926] rc_core: IR keymap rc-snapstream-firefly not found
[  314.424283][ T5926] Registered IR keymap rc-empty
[  314.436072][ T5926] rc rc0: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  314.459618][ T5926] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input10
[  314.563783][ T5926] input: syz syz mouse as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input11
[  314.647560][ T5926] usb 7-1: USB disconnect, device number 7
[  314.653499][    C0] ati_remote 7-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19
[  314.737769][   T24] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  314.738492][ T5975] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  314.791672][ T7792] 8021q: adding VLAN 0 to HW filter on device bond0
[  314.833031][ T7792] 8021q: adding VLAN 0 to HW filter on device team0
[  314.849846][ T5970] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.857164][ T5970] bridge0: port 1(bridge_slave_0) entered forwarding state
[  314.921419][   T24] usb 3-1: config 8 has an invalid interface number: 177 but max is 0
[  314.929935][   T24] usb 3-1: config 8 has no interface number 0
[  314.936258][   T24] usb 3-1: config 8 interface 177 altsetting 9 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  314.948297][   T24] usb 3-1: config 8 interface 177 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0
[  314.958275][   T24] usb 3-1: config 8 interface 177 has no altsetting 0
[  314.969114][ T5975] usb 4-1: Using ep0 maxpacket: 8
[  314.970506][   T24] usb 3-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  314.998446][ T5975] usb 4-1: config 0 has an invalid interface number: 151 but max is 0
[  315.004316][   T24] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[  315.008882][ T1338] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.022123][ T1338] bridge0: port 2(bridge_slave_1) entered forwarding state
[  315.031565][ T5975] usb 4-1: config 0 has no interface number 0
[  315.039900][   T24] usb 3-1: Manufacturer: syz
[  315.043036][ T5975] usb 4-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xDE, changing to 0x8E
[  315.062800][ T8034] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  315.079138][ T5975] usb 4-1: config 0 interface 151 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  315.114387][ T5975] usb 4-1: New USB device found, idVendor=0711, idProduct=0900, bcdDevice=fa.6f
[  315.187869][ T8044] : entered promiscuous mode
[  315.205141][ T5975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.220916][ T5975] usb 4-1: Product: syz
[  315.406756][ T5975] usb 4-1: Manufacturer: syz
[  315.406779][ T5975] usb 4-1: SerialNumber: syz
[  315.422874][ T5975] usb 4-1: config 0 descriptor??
[  315.430965][ T5975] sisusb 4-1:0.151: Invalid USB2VGA device
[  315.442274][ T5975] sisusb 4-1:0.151: probe with driver sisusb failed with error -22
[  315.443433][ T8034] netlink: 8 bytes leftover after parsing attributes in process `syz.2.568'.
[  316.078023][ T8034] netlink: 8 bytes leftover after parsing attributes in process `syz.2.568'.
[  316.107019][ T7792] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  316.117378][ T5975] usb 4-1: USB disconnect, device number 17
[  316.354946][   T24] ir_toy 3-1:8.177: required endpoints not found
[  316.417277][   T24] usb 3-1: USB disconnect, device number 20
[  316.729635][ T8056] comedi comedi0: dt2817: I/O port conflict (0x4,5)
[  316.897502][ T8060] netlink: 24 bytes leftover after parsing attributes in process `syz.6.575'.
[  317.337109][ T5848] Bluetooth: hci4: Malformed Event: 0x2f
[  317.442467][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  317.449258][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  318.145512][ T7792] 8021q: adding VLAN 0 to HW filter on device batadv0
[  318.538106][ T5926] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  318.717086][ T5926] usb 4-1: Using ep0 maxpacket: 32
[  318.736807][ T5926] usb 4-1: config 0 interface 0 has no altsetting 0
[  318.771627][ T5926] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  318.818213][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.902124][ T5926] usb 4-1: config 0 descriptor??
[  319.368125][ T7792] veth0_vlan: entered promiscuous mode
[  319.458640][ T5926] corsair-cpro 0003:1B1C:0C10.0005: unknown main item tag 0x0
[  319.482258][ T7792] veth1_vlan: entered promiscuous mode
[  319.496722][ T5926] corsair-cpro 0003:1B1C:0C10.0005: unknown main item tag 0x0
[  320.027884][ T5926] corsair-cpro 0003:1B1C:0C10.0005: unknown main item tag 0x0
[  320.106975][ T5926] corsair-cpro 0003:1B1C:0C10.0005: unknown main item tag 0x0
[  320.114555][ T5926] corsair-cpro 0003:1B1C:0C10.0005: unknown main item tag 0x0
[  320.190207][ T5926] corsair-cpro 0003:1B1C:0C10.0005: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.3-1/input0
[  320.207698][ T7792] veth0_macvtap: entered promiscuous mode
[  320.222329][ T8091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  320.249110][ T7792] veth1_macvtap: entered promiscuous mode
[  320.258010][ T8091] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  320.344921][ T8093] netlink: 4 bytes leftover after parsing attributes in process `syz.6.582'.
[  320.359875][ T7792] batman_adv: batadv0: Interface activated: batadv_slave_0
[  320.421437][ T7792] batman_adv: batadv0: Interface activated: batadv_slave_1
[  320.491192][ T7792] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  320.518215][ T7792] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  320.537202][ T7792] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  320.556038][ T7792] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  320.621066][ T5926] corsair-cpro 0003:1B1C:0C10.0005: probe with driver corsair-cpro failed with error -110
[  321.969709][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.677317][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.757186][ T5927] usb 4-1: USB disconnect, device number 18
[  322.786481][ T5992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.835617][ T5992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  323.567009][  T979] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  324.677000][  T979] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  324.872442][  T979] usb 8-1: config 0 has no interface number 0
[  324.881321][  T979] usb 8-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  324.890466][  T979] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.903858][  T979] usb 8-1: config 0 descriptor??
[  324.911821][  T979] cp210x 8-1:0.1: cp210x converter detected
[  325.386463][  T979] cp210x 8-1:0.1: failed to get vendor val 0x000e size 3: -32
[  325.443031][ T8143] overlayfs: failed to resolve './file0': -2
[  325.469225][  T979] cp210x 8-1:0.1: failed to get vendor val 0x3711 size 2: -121
[  325.477748][  T979] cp210x 8-1:0.1: GPIO initialisation failed: -121
[  325.686005][  T979] usb 8-1: cp210x converter now attached to ttyUSB0
[  325.717200][ T8142] block device autoloading is deprecated and will be removed.
[  325.729590][ T8142] syz.4.594: attempt to access beyond end of device
[  325.729590][ T8142] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  325.956023][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  325.956043][   T30] audit: type=1326 audit(1751749922.043:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8149 comm="syz.2.598" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f49c638e929 code=0x0
[  326.026605][ T8155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  326.036446][ T8155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  326.865280][  T979] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  327.113664][  T979] usb 5-1: unable to get BOS descriptor or descriptor too short
[  327.125128][  T979] usb 5-1: config 1 interface 0 altsetting 64 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  327.148067][ T2152] usb 8-1: USB disconnect, device number 2
[  327.149244][  T979] usb 5-1: config 1 interface 0 has no altsetting 0
[  327.172770][ T2152] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  327.176817][  T979] usb 5-1: New USB device found, idVendor=0b05, idProduct=18c6, bcdDevice= 0.40
[  327.199421][  T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.221729][ T2152] cp210x 8-1:0.1: device disconnected
[  327.232185][  T979] usb 5-1: Product: syz
[  327.297027][  T979] usb 5-1: Manufacturer: syz
[  327.306129][  T979] usb 5-1: SerialNumber: syz
[  327.338743][ T8164] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  327.454835][ T8182] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  327.475118][ T8182] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  327.485902][ T8182] bond0: (slave ipvlan2): Error -95 calling set_mac_address
[  327.619583][  T979] usbhid 5-1:1.0: can't add hid device: -71
[  327.625755][  T979] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  327.652130][  T979] usb 5-1: USB disconnect, device number 9
[  327.689425][ T8188] ieee802154 phy0 wpan0: encryption failed: -22
[  327.697217][ T5975] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  327.702574][ T8189] netlink: 32 bytes leftover after parsing attributes in process `syz.6.611'.
[  327.714212][ T8189] netlink: 12 bytes leftover after parsing attributes in process `syz.6.611'.
[  327.724724][ T8189] netlink: 20 bytes leftover after parsing attributes in process `syz.6.611'.
[  327.919941][ T5975] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  327.944475][ T8195] netlink: 8 bytes leftover after parsing attributes in process `syz.3.614'.
[  327.953061][ T5975] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  327.981199][ T5975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.989461][ T5975] usb 3-1: Product: syz
[  327.993890][ T5975] usb 3-1: Manufacturer: syz
[  328.006223][ T5975] usb 3-1: SerialNumber: syz
[  328.182825][ T8199] FAULT_INJECTION: forcing a failure.
[  328.182825][ T8199] name failslab, interval 1, probability 0, space 0, times 0
[  328.226541][ T8199] CPU: 1 UID: 0 PID: 8199 Comm: syz.6.615 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  328.226573][ T8199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  328.226584][ T8199] Call Trace:
[  328.226592][ T8199]  <TASK>
[  328.226601][ T8199]  dump_stack_lvl+0x189/0x250
[  328.226640][ T8199]  ? __pfx____ratelimit+0x10/0x10
[  328.226671][ T8199]  ? __pfx_dump_stack_lvl+0x10/0x10
[  328.226694][ T8199]  ? __pfx__printk+0x10/0x10
[  328.226736][ T8199]  should_fail_ex+0x414/0x560
[  328.226780][ T8199]  should_failslab+0xa8/0x100
[  328.226802][ T8199]  kmem_cache_alloc_noprof+0x73/0x3c0
[  328.226830][ T8199]  ? skb_clone+0x212/0x3a0
[  328.226862][ T8199]  skb_clone+0x212/0x3a0
[  328.226899][ T8199]  __netlink_deliver_tap+0x404/0x850
[  328.226939][ T8199]  ? netlink_deliver_tap+0x2e/0x1b0
[  328.226965][ T8199]  netlink_deliver_tap+0x19c/0x1b0
[  328.226991][ T8199]  netlink_sendskb+0x68/0x140
[  328.227015][ T8199]  netlink_rcv_skb+0x28c/0x470
[  328.227047][ T8199]  ? __pfx_genl_rcv_msg+0x10/0x10
[  328.227079][ T8199]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  328.227125][ T8199]  ? down_read+0x1ad/0x2e0
[  328.227151][ T8199]  genl_rcv+0x28/0x40
[  328.227177][ T8199]  netlink_unicast+0x758/0x8d0
[  328.227213][ T8199]  netlink_sendmsg+0x805/0xb30
[  328.227251][ T8199]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.227286][ T8199]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  328.227314][ T8199]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.227339][ T8199]  __sock_sendmsg+0x219/0x270
[  328.227364][ T8199]  ____sys_sendmsg+0x505/0x830
[  328.227398][ T8199]  ? __pfx_____sys_sendmsg+0x10/0x10
[  328.227437][ T8199]  ? import_iovec+0x74/0xa0
[  328.227464][ T8199]  ___sys_sendmsg+0x21f/0x2a0
[  328.227494][ T8199]  ? __pfx____sys_sendmsg+0x10/0x10
[  328.227564][ T8199]  ? __fget_files+0x2a/0x420
[  328.227584][ T8199]  ? __fget_files+0x3a0/0x420
[  328.227615][ T8199]  __x64_sys_sendmsg+0x19b/0x260
[  328.227644][ T8199]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  328.227680][ T8199]  ? __pfx_ksys_write+0x10/0x10
[  328.227703][ T8199]  ? rcu_is_watching+0x15/0xb0
[  328.227729][ T8199]  ? do_syscall_64+0xbe/0x3b0
[  328.227752][ T8199]  do_syscall_64+0xfa/0x3b0
[  328.227778][ T8199]  ? lockdep_hardirqs_on+0x9c/0x150
[  328.227804][ T8199]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.227821][ T8199]  ? clear_bhb_loop+0x60/0xb0
[  328.227846][ T8199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.227864][ T8199] RIP: 0033:0x7fa08eb8e929
[  328.227881][ T8199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  328.227897][ T8199] RSP: 002b:00007fa08fa3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  328.227927][ T8199] RAX: ffffffffffffffda RBX: 00007fa08edb5fa0 RCX: 00007fa08eb8e929
[  328.227940][ T8199] RDX: 00000000000c2010 RSI: 0000200000000a00 RDI: 0000000000000003
[  328.227952][ T8199] RBP: 00007fa08fa3f090 R08: 0000000000000000 R09: 0000000000000000
[  328.227964][ T8199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.227974][ T8199] R13: 0000000000000000 R14: 00007fa08edb5fa0 R15: 00007fffac595408
[  328.228006][ T8199]  </TASK>
[  330.218969][ T8184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  330.233496][ T8184] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  330.484335][ T5975] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  330.491029][ T5975] cdc_ncm 3-1:1.0: setting rx_max = 16384
[  330.604979][ T8220] ubi: mtd0 is already attached to ubi1
[  331.133926][ T5975] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  331.315245][ T5975] usb 3-1: USB disconnect, device number 21
[  331.323516][ T5975] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP)
[  331.425906][ T8228] FAULT_INJECTION: forcing a failure.
[  331.425906][ T8228] name failslab, interval 1, probability 0, space 0, times 0
[  331.440964][ T8228] CPU: 0 UID: 0 PID: 8228 Comm: syz.3.623 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  331.440992][ T8228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  331.441004][ T8228] Call Trace:
[  331.441012][ T8228]  <TASK>
[  331.441021][ T8228]  dump_stack_lvl+0x189/0x250
[  331.441053][ T8228]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.441076][ T8228]  ? __pfx__printk+0x10/0x10
[  331.441106][ T8228]  ? fs_reclaim_acquire+0x7d/0x100
[  331.441135][ T8228]  should_fail_ex+0x414/0x560
[  331.441169][ T8228]  should_failslab+0xa8/0x100
[  331.441190][ T8228]  __kmalloc_cache_noprof+0x70/0x3d0
[  331.441216][ T8228]  ? binder_get_thread+0x1c8/0x6d0
[  331.441245][ T8228]  binder_get_thread+0x1c8/0x6d0
[  331.441275][ T8228]  binder_ioctl+0x273/0x19c0
[  331.441300][ T8228]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  331.441330][ T8228]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  331.441356][ T8228]  ? preempt_schedule_irq+0xb5/0x150
[  331.441384][ T8228]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  331.441417][ T8228]  ? __pfx_binder_ioctl+0x10/0x10
[  331.441437][ T8228]  ? smack_log+0xef/0x3f0
[  331.441463][ T8228]  ? __pfx_smack_log+0x10/0x10
[  331.441487][ T8228]  ? smk_access+0x14c/0x4e0
[  331.441515][ T8228]  ? rcu_is_watching+0x15/0xb0
[  331.441537][ T8228]  ? trace_irq_disable+0x37/0x110
[  331.441564][ T8228]  ? preempt_schedule_irq+0xde/0x150
[  331.441591][ T8228]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  331.441617][ T8228]  ? smack_file_ioctl+0x2a9/0x340
[  331.441652][ T8228]  ? irqentry_exit+0x74/0x90
[  331.441670][ T8228]  ? lockdep_hardirqs_on+0x9c/0x150
[  331.441710][ T8228]  ? __se_sys_ioctl+0x52/0x170
[  331.441740][ T8228]  ? __pfx_binder_ioctl+0x10/0x10
[  331.441763][ T8228]  __se_sys_ioctl+0xf9/0x170
[  331.441803][ T8228]  do_syscall_64+0xfa/0x3b0
[  331.441824][ T8228]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.441843][ T8228]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  331.441862][ T8228]  ? clear_bhb_loop+0x60/0xb0
[  331.441887][ T8228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.441906][ T8228] RIP: 0033:0x7f2b22d8e929
[  331.441926][ T8228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.441943][ T8228] RSP: 002b:00007f2b23c08038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  331.441965][ T8228] RAX: ffffffffffffffda RBX: 00007f2b22fb6160 RCX: 00007f2b22d8e929
[  331.441979][ T8228] RDX: 0000200000000000 RSI: 00000000c0306201 RDI: 0000000000000008
[  331.441992][ T8228] RBP: 00007f2b23c08090 R08: 0000000000000000 R09: 0000000000000000
[  331.442005][ T8228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.442016][ T8228] R13: 0000000000000000 R14: 00007f2b22fb6160 R15: 00007ffd966211c8
[  331.442047][ T8228]  </TASK>
[  331.442082][ T8228] binder: 8222:8228 ioctl c0306201 200000000000 returned -12
[  331.726656][ T5927] usb 8-1: new full-speed USB device number 3 using dummy_hcd
[  331.904283][ T5927] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  331.927217][ T5927] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  331.952225][ T5927] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  331.977800][ T8237] netlink: 20 bytes leftover after parsing attributes in process `syz.2.627'.
[  331.987036][ T5927] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.295533][ T5927] usb 8-1: usb_control_msg returned -32
[  332.301416][ T5927] usbtmc 8-1:16.0: can't read capabilities
[  332.317336][ T5842] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  333.459558][ T5842] usb 3-1: config index 0 descriptor too short (expected 9, got 0)
[  333.467936][ T5842] usb 3-1: can't read configurations, error -22
[  334.047148][ T5842] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  334.619878][ T5927] usb 8-1: USB disconnect, device number 3
[  334.739816][ T5842] usb 3-1: config index 0 descriptor too short (expected 9, got 0)
[  334.760116][ T5842] usb 3-1: can't read configurations, error -22
[  334.787201][ T5842] usb usb3-port1: attempt power cycle
[  335.097122][ T5975] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  335.299557][ T5975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  335.331681][ T8265] netlink: 28 bytes leftover after parsing attributes in process `syz.6.631'.
[  335.353632][ T5975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  335.402206][ T5975] usb 5-1: New USB device found, idVendor=2133, idProduct=0018, bcdDevice= 0.00
[  335.505869][   T24] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  335.766518][   T24] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  336.018187][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  336.071339][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  336.116620][   T24] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  336.179623][   T24] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  336.209453][ T5975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.226254][ T5975] usb 5-1: config 0 descriptor??
[  336.231125][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.272899][   T24] usb 8-1: config 0 descriptor??
[  336.680728][ T5975] viewsonic 0003:2133:0018.0006: item fetching failed at offset 5/7
[  336.717981][ T5975] viewsonic 0003:2133:0018.0006: probe with driver viewsonic failed with error -22
[  337.223145][   T24] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  337.326229][ T8272] netlink: 'syz.3.637': attribute type 8 has an invalid length.
[  337.350993][ T8272] netlink: 220 bytes leftover after parsing attributes in process `syz.3.637'.
[  337.362051][ T8272] netlink: 8 bytes leftover after parsing attributes in process `syz.3.637'.
[  338.327989][ T5975] usb 5-1: USB disconnect, device number 10
[  338.438292][  T979] usb 8-1: USB disconnect, device number 4
[  338.578110][ T8283] netlink: 24 bytes leftover after parsing attributes in process `syz.2.639'.
[  340.102575][ T8302] FAULT_INJECTION: forcing a failure.
[  340.102575][ T8302] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  340.865565][ T8302] CPU: 0 UID: 0 PID: 8302 Comm: syz.7.647 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  340.865597][ T8302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  340.865609][ T8302] Call Trace:
[  340.865617][ T8302]  <TASK>
[  340.865627][ T8302]  dump_stack_lvl+0x189/0x250
[  340.865656][ T8302]  ? __pfx____ratelimit+0x10/0x10
[  340.865687][ T8302]  ? __pfx_dump_stack_lvl+0x10/0x10
[  340.865711][ T8302]  ? __pfx__printk+0x10/0x10
[  340.865738][ T8302]  ? fs_reclaim_acquire+0x7d/0x100
[  340.865769][ T8302]  should_fail_ex+0x414/0x560
[  340.865804][ T8302]  prepare_alloc_pages+0x213/0x610
[  340.865835][ T8302]  __alloc_frozen_pages_noprof+0x123/0x370
[  340.865858][ T8302]  ? pfn_valid+0x125/0x4d0
[  340.865888][ T8302]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  340.865914][ T8302]  ? bvec_try_merge_page+0x424/0x6e0
[  340.865945][ T8302]  ? policy_nodemask+0x27c/0x720
[  340.865981][ T8302]  alloc_pages_mpol+0x232/0x4a0
[  340.866028][ T8302]  alloc_pages_noprof+0xa9/0x190
[  340.866061][ T8302]  blk_rq_map_user_iov+0xbc9/0x18c0
[  340.866103][ T8302]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  340.866124][ T8302]  ? blk_queue_enter+0xf3/0x7b0
[  340.866169][ T8302]  ? import_ubuf+0xfb/0x1d0
[  340.866194][ T8302]  blk_rq_map_user_io+0x252/0x3a0
[  340.866221][ T8302]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  340.866249][ T8302]  ? __lock_acquire+0xab9/0xd20
[  340.866283][ T8302]  ? rcu_is_watching+0x15/0xb0
[  340.866305][ T8302]  ? cap_capable+0x11f/0x460
[  340.866334][ T8302]  ? safesetid_security_capable+0xa9/0x1a0
[  340.866366][ T8302]  ? bpf_lsm_capable+0x9/0x20
[  340.866387][ T8302]  ? security_capable+0x7e/0x2e0
[  340.866417][ T8302]  sg_io+0x517/0x8a0
[  340.866455][ T8302]  scsi_ioctl+0x1399/0x1fb0
[  340.866489][ T8302]  ? __pfx_scsi_ioctl+0x10/0x10
[  340.866551][ T8302]  ? kasan_quarantine_put+0xdd/0x220
[  340.866580][ T8302]  ? __pfx___might_resched+0x10/0x10
[  340.866609][ T8302]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  340.866647][ T8302]  ? scsi_block_when_processing_errors+0x390/0x470
[  340.866677][ T8302]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  340.866707][ T8302]  ? __pfx_scsi_block_when_processing_errors+0x10/0x10
[  340.866758][ T8302]  sg_ioctl+0x1886/0x2230
[  340.866792][ T8302]  ? __pfx_sg_ioctl+0x10/0x10
[  340.866822][ T8302]  ? __fget_files+0x2a/0x420
[  340.866841][ T8302]  ? __fget_files+0x3a0/0x420
[  340.866859][ T8302]  ? __fget_files+0x2a/0x420
[  340.866886][ T8302]  ? bpf_lsm_file_ioctl+0x9/0x20
[  340.866906][ T8302]  ? __pfx_sg_ioctl+0x10/0x10
[  340.866927][ T8302]  __se_sys_ioctl+0xf9/0x170
[  340.866955][ T8302]  do_syscall_64+0xfa/0x3b0
[  340.866972][ T8302]  ? lockdep_hardirqs_on+0x9c/0x150
[  340.867008][ T8302]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.867027][ T8302]  ? clear_bhb_loop+0x60/0xb0
[  340.867049][ T8302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.867067][ T8302] RIP: 0033:0x7f7ef1b8e929
[  340.867086][ T8302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.867103][ T8302] RSP: 002b:00007f7ef2a13038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  340.867124][ T8302] RAX: ffffffffffffffda RBX: 00007f7ef1db5fa0 RCX: 00007f7ef1b8e929
[  340.867138][ T8302] RDX: 0000200000000000 RSI: 0000000000005393 RDI: 0000000000000003
[  340.867151][ T8302] RBP: 00007f7ef2a13090 R08: 0000000000000000 R09: 0000000000000000
[  340.867162][ T8302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  340.867173][ T8302] R13: 0000000000000000 R14: 00007f7ef1db5fa0 R15: 00007fff220a1318
[  340.867205][ T8302]  </TASK>
[  341.569169][ T8309] warning: `syz.3.649' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  342.678452][ T8319] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  342.833900][ T5975] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  342.854658][ T5975] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  345.348337][ T8341] Bluetooth: (null): Out-of-order packet arrived (4 != 0)
[  345.366299][   T12] Bluetooth: (null): Invalid header checksum
[  345.453348][ T7998] Bluetooth: (null): Invalid header checksum
[  345.565443][   T12] Bluetooth: (null): Invalid header checksum
[  345.587345][ T5842] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  345.687484][   T36] Bluetooth: (null): Invalid header checksum
[  345.780627][   T36] Bluetooth: (null): Invalid header checksum
[  345.797082][ T5842] usb 8-1: Using ep0 maxpacket: 32
[  345.897133][   T36] Bluetooth: (null): Invalid header checksum
[  345.907228][ T5842] usb 8-1: config 64 has an invalid interface number: 241 but max is 1
[  346.046727][ T5842] usb 8-1: config 64 has an invalid interface number: 186 but max is 1
[  346.061741][ T7998] Bluetooth: (null): Invalid header checksum
[  346.321217][ T5842] usb 8-1: config 64 has an invalid descriptor of length 0, skipping remainder of the config
[  346.345490][ T5842] usb 8-1: config 64 has no interface number 0
[  346.351900][ T5842] usb 8-1: config 64 has no interface number 1
[  346.361848][ T5842] usb 8-1: config 64 interface 186 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  346.399655][ T5842] usb 8-1: config 64 interface 241 has no altsetting 0
[  346.413634][ T5842] usb 8-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.04
[  346.423187][ T5842] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.431758][ T5842] usb 8-1: Product: syz
[  346.435994][ T5842] usb 8-1: Manufacturer: syz
[  346.440763][ T5842] usb 8-1: SerialNumber: syz
[  346.504086][ T5842] go7007 8-1:64.241: probe with driver go7007 failed with error -12
[  346.543246][ T5842] go7007 8-1:64.186: probe with driver go7007 failed with error -12
[  347.814441][ T5975] usb 8-1: USB disconnect, device number 5
[  347.958542][ T8374] netlink: 1088 bytes leftover after parsing attributes in process `syz.6.666'.
[  349.054403][ T5842] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  350.517909][ T5842] usb 4-1: Using ep0 maxpacket: 32
[  350.526573][ T5842] usb 4-1: unable to read config index 0 descriptor/start: -61
[  350.546245][ T5842] usb 4-1: can't read configurations, error -61
[  350.773481][ T8390] FAULT_INJECTION: forcing a failure.
[  350.773481][ T8390] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.320414][ T8390] CPU: 1 UID: 0 PID: 8390 Comm: syz.2.672 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  351.320446][ T8390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  351.320458][ T8390] Call Trace:
[  351.320466][ T8390]  <TASK>
[  351.320476][ T8390]  dump_stack_lvl+0x189/0x250
[  351.320504][ T8390]  ? __pfx____ratelimit+0x10/0x10
[  351.320532][ T8390]  ? __pfx_dump_stack_lvl+0x10/0x10
[  351.320553][ T8390]  ? __pfx__printk+0x10/0x10
[  351.320578][ T8390]  ? __might_fault+0xb0/0x130
[  351.320617][ T8390]  should_fail_ex+0x414/0x560
[  351.320651][ T8390]  _copy_from_user+0x2d/0xb0
[  351.320675][ T8390]  ___sys_sendmsg+0x158/0x2a0
[  351.320704][ T8390]  ? __pfx____sys_sendmsg+0x10/0x10
[  351.320785][ T8390]  __x64_sys_sendmsg+0x19b/0x260
[  351.320809][ T8390]  ? schedule+0x165/0x360
[  351.320839][ T8390]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  351.320874][ T8390]  ? rcu_is_watching+0x15/0xb0
[  351.320901][ T8390]  ? do_syscall_64+0xbe/0x3b0
[  351.320924][ T8390]  do_syscall_64+0xfa/0x3b0
[  351.320944][ T8390]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.320962][ T8390]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  351.320981][ T8390]  ? clear_bhb_loop+0x60/0xb0
[  351.321013][ T8390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.321031][ T8390] RIP: 0033:0x7f49c638e929
[  351.321049][ T8390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.321064][ T8390] RSP: 002b:00007f49c41f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  351.321085][ T8390] RAX: ffffffffffffffda RBX: 00007f49c65b5fa0 RCX: 00007f49c638e929
[  351.321099][ T8390] RDX: 0000000004008000 RSI: 0000200000000340 RDI: 0000000000000003
[  351.321112][ T8390] RBP: 00007f49c41f6090 R08: 0000000000000000 R09: 0000000000000000
[  351.321124][ T8390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.321134][ T8390] R13: 0000000000000000 R14: 00007f49c65b5fa0 R15: 00007ffdeefd8de8
[  351.321165][ T8390]  </TASK>
[  352.887023][ T5955] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  353.890063][ T5955] usb 8-1: Using ep0 maxpacket: 16
[  354.079618][   T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  354.118503][ T5955] usb 8-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  354.147888][ T5955] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.187214][ T5955] usb 8-1: Product: syz
[  354.191608][ T5955] usb 8-1: Manufacturer: syz
[  354.196321][ T5955] usb 8-1: SerialNumber: syz
[  354.242250][ T5955] r8152-cfgselector 8-1: Unknown version 0x0000
[  354.259087][ T5955] r8152-cfgselector 8-1: config 0 descriptor??
[  354.289315][   T24] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  354.310028][   T24] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  354.344623][   T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  354.369822][   T24] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  354.382839][   T24] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  354.396828][   T24] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  354.408469][   T24] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  354.417129][   T24] usb 5-1: Product: syz
[  354.417153][   T24] usb 5-1: Manufacturer: syz
[  354.424769][   T24] cdc_wdm 5-1:1.0: skipping garbage
[  354.451875][   T24] cdc_wdm 5-1:1.0: skipping garbage
[  354.466708][   T24] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  354.525952][   T24] cdc_wdm 5-1:1.0: Unknown control protocol
[  354.635873][   T24] usb 5-1: USB disconnect, device number 11
[  354.649153][ T8418] netlink: 76 bytes leftover after parsing attributes in process `syz.3.679'.
[  354.696169][ T5955] r8152-cfgselector 8-1: Unknown version 0x0000
[  354.703016][ T5955] r8152-cfgselector 8-1: bad CDC descriptors
[  354.744030][ T5955] r8152-cfgselector 8-1: USB disconnect, device number 6
[  355.920263][ T5927] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  356.140046][ T5927] usb 7-1: Using ep0 maxpacket: 32
[  356.229897][ T8443] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.687' resets device
[  359.347144][   T30] audit: type=1800 audit(1751749955.842:879): pid=8461 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.692" name="/" dev="9p" ino=2 res=0 errno=0
[  360.134556][ T5927] usb 7-1: unable to get BOS descriptor or descriptor too short
[  360.347725][ T8469] syzkaller1: entered promiscuous mode
[  360.353234][ T8469] syzkaller1: entered allmulticast mode
[  361.637018][ T5927] usb 7-1: unable to read config index 0 descriptor/start: -71
[  361.644676][ T5927] usb 7-1: can't read configurations, error -71
[  361.649036][ T8473] netlink: 24 bytes leftover after parsing attributes in process `syz.6.696'.
[  362.205215][ T8479] xt_CT: No such helper "syz0"
[  362.357446][ T5955] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  363.687022][ T5955] usb 8-1: Using ep0 maxpacket: 8
[  363.693928][ T5955] usb 8-1: config 148 has an invalid interface number: 144 but max is 0
[  363.737765][ T5955] usb 8-1: config 148 has no interface number 0
[  363.857681][ T5955] usb 8-1: config 148 interface 144 has no altsetting 0
[  364.204961][ T5955] usb 8-1: New USB device found, idVendor=03f0, idProduct=311d, bcdDevice=4a.a4
[  364.414762][ T5955] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.441371][ T5955] usb 8-1: Product: syz
[  364.445881][ T5955] usb 8-1: Manufacturer: syz
[  364.461093][ T5955] usb 8-1: SerialNumber: syz
[  364.517073][  T979] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  364.693371][  T979] usb 4-1: unable to get BOS descriptor or descriptor too short
[  364.719541][  T979] usb 4-1: not running at top speed; connect to a high speed hub
[  364.727366][ T5955] usb 8-1: USB disconnect, device number 7
[  364.748740][ T8499] FAULT_INJECTION: forcing a failure.
[  364.748740][ T8499] name failslab, interval 1, probability 0, space 0, times 0
[  364.763082][  T979] usb 4-1: config 253 has an invalid interface number: 140 but max is 0
[  364.773685][  T979] usb 4-1: config 253 has an invalid descriptor of length 204, skipping remainder of the config
[  364.777641][ T8499] CPU: 1 UID: 0 PID: 8499 Comm: syz.4.702 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  364.777668][ T8499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  364.777679][ T8499] Call Trace:
[  364.777687][ T8499]  <TASK>
[  364.777694][ T8499]  dump_stack_lvl+0x189/0x250
[  364.777720][ T8499]  ? __pfx____ratelimit+0x10/0x10
[  364.777748][ T8499]  ? __pfx_dump_stack_lvl+0x10/0x10
[  364.777768][ T8499]  ? __pfx__printk+0x10/0x10
[  364.777794][ T8499]  ? __pfx___might_resched+0x10/0x10
[  364.777813][ T8499]  ? fs_reclaim_acquire+0x7d/0x100
[  364.777838][ T8499]  should_fail_ex+0x414/0x560
[  364.777869][ T8499]  should_failslab+0xa8/0x100
[  364.777896][ T8499]  __kmalloc_noprof+0xcb/0x4f0
[  364.777920][ T8499]  ? tomoyo_encode+0x28b/0x550
[  364.777946][ T8499]  tomoyo_encode+0x28b/0x550
[  364.777972][ T8499]  tomoyo_realpath_from_path+0x58d/0x5d0
[  364.777993][ T8499]  ? tomoyo_domain+0xda/0x130
[  364.778020][ T8499]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  364.778046][ T8499]  tomoyo_path_number_perm+0x1e8/0x5a0
[  364.778074][ T8499]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  364.778118][ T8499]  ? __lock_acquire+0xab9/0xd20
[  364.778157][ T8499]  ? __fget_files+0x2a/0x420
[  364.778179][ T8499]  ? __fget_files+0x2a/0x420
[  364.778194][ T8499]  ? __fget_files+0x3a0/0x420
[  364.778210][ T8499]  ? __fget_files+0x2a/0x420
[  364.778231][ T8499]  security_file_ioctl+0xcb/0x2d0
[  364.778262][ T8499]  __se_sys_ioctl+0x47/0x170
[  364.778288][ T8499]  do_syscall_64+0xfa/0x3b0
[  364.778305][ T8499]  ? lockdep_hardirqs_on+0x9c/0x150
[  364.778331][ T8499]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.778348][ T8499]  ? clear_bhb_loop+0x60/0xb0
[  364.778370][ T8499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.778387][ T8499] RIP: 0033:0x7fa7b618e929
[  364.778405][ T8499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  364.778420][ T8499] RSP: 002b:00007fa7b70a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  364.778440][ T8499] RAX: ffffffffffffffda RBX: 00007fa7b63b5fa0 RCX: 00007fa7b618e929
[  364.778453][ T8499] RDX: 0000200000000100 RSI: 000000000000541b RDI: 0000000000000003
[  364.778464][ T8499] RBP: 00007fa7b70a8090 R08: 0000000000000000 R09: 0000000000000000
[  364.778475][ T8499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  364.778486][ T8499] R13: 0000000000000000 R14: 00007fa7b63b5fa0 R15: 00007ffed66b7bd8
[  364.778516][ T8499]  </TASK>
[  364.778536][ T8499] ERROR: Out of memory at tomoyo_realpath_from_path.
[  364.796990][  T979] usb 4-1: config 253 has no interface number 0
[  364.797050][  T979] usb 4-1: config 253 interface 140 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  365.101004][ T8500] syz.2.701: attempt to access beyond end of device
[  365.101004][ T8500] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  365.125862][  T979] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=3e.5b
[  365.154972][  T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.180525][  T979] usb 4-1: Product: syz
[  365.192759][  T979] usb 4-1: Manufacturer: syz
[  365.205239][  T979] usb 4-1: SerialNumber: syz
[  365.658271][ T8491] delete_channel: no stack
[  366.473514][  T979] usbtest 4-1:253.140: couldn't get endpoints, -22
[  366.499304][  T979] usbtest 4-1:253.140: probe with driver usbtest failed with error -22
[  366.510306][  T979] usb 4-1: USB disconnect, device number 21
[  366.701797][ T8513] program syz.4.706 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  367.371791][ T8524] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  373.410468][ T8540] loop3: detected capacity change from 0 to 1
[  373.691536][ T8550] netlink: 4 bytes leftover after parsing attributes in process `syz.7.716'.
[  374.125401][ T5839] Dev loop3: unable to read RDB block 1
[  374.174994][ T5839]  loop3: unable to read partition table
[  374.185685][ T5839] loop3: partition table beyond EOD, truncated
[  375.080859][ T8565] syz.7.722: attempt to access beyond end of device
[  375.080859][ T8565] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  376.969565][ T8582] veth0_to_team: entered promiscuous mode
[  376.975370][ T8582] veth0_to_team: entered allmulticast mode
[  377.198115][ T8587] FAULT_INJECTION: forcing a failure.
[  377.198115][ T8587] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  377.238159][ T8587] CPU: 0 UID: 0 PID: 8587 Comm: syz.6.730 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  377.238192][ T8587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  377.238204][ T8587] Call Trace:
[  377.238212][ T8587]  <TASK>
[  377.238220][ T8587]  dump_stack_lvl+0x189/0x250
[  377.238249][ T8587]  ? __pfx____ratelimit+0x10/0x10
[  377.238280][ T8587]  ? __pfx_dump_stack_lvl+0x10/0x10
[  377.238303][ T8587]  ? __pfx__printk+0x10/0x10
[  377.238329][ T8587]  ? __might_fault+0xb0/0x130
[  377.238372][ T8587]  should_fail_ex+0x414/0x560
[  377.238407][ T8587]  _copy_from_user+0x2d/0xb0
[  377.238432][ T8587]  ___sys_sendmsg+0x158/0x2a0
[  377.238462][ T8587]  ? __pfx____sys_sendmsg+0x10/0x10
[  377.238530][ T8587]  ? __fget_files+0x2a/0x420
[  377.238549][ T8587]  ? __fget_files+0x3a0/0x420
[  377.238581][ T8587]  __x64_sys_sendmsg+0x19b/0x260
[  377.238611][ T8587]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  377.238646][ T8587]  ? __pfx_ksys_write+0x10/0x10
[  377.238669][ T8587]  ? rcu_is_watching+0x15/0xb0
[  377.238697][ T8587]  ? do_syscall_64+0xbe/0x3b0
[  377.238721][ T8587]  do_syscall_64+0xfa/0x3b0
[  377.238738][ T8587]  ? lockdep_hardirqs_on+0x9c/0x150
[  377.238765][ T8587]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.238782][ T8587]  ? clear_bhb_loop+0x60/0xb0
[  377.238801][ T8587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.238815][ T8587] RIP: 0033:0x7fa08eb8e929
[  377.238830][ T8587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.238844][ T8587] RSP: 002b:00007fa08fa3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  377.238862][ T8587] RAX: ffffffffffffffda RBX: 00007fa08edb5fa0 RCX: 00007fa08eb8e929
[  377.238874][ T8587] RDX: 0000000004008000 RSI: 0000200000000340 RDI: 0000000000000003
[  377.238892][ T8587] RBP: 00007fa08fa3f090 R08: 0000000000000000 R09: 0000000000000000
[  377.238902][ T8587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.238911][ T8587] R13: 0000000000000000 R14: 00007fa08edb5fa0 R15: 00007fffac595408
[  377.238936][ T8587]  </TASK>
[  377.447636][    C0] vkms_vblank_simulate: vblank timer overrun
[  377.816761][ T8592] loop8: detected capacity change from 0 to 16384
[  377.949789][ T8599] fuse: Unknown parameter 'K��'
[  378.017873][ T8592] overlayfs: missing 'workdir'
[  378.817348][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  378.823841][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  379.404743][   T24] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  380.938965][ T5840] Bluetooth: hci5: command 0x0406 tx timeout
[  381.353011][   T24] usb 3-1: config 0 has an invalid descriptor of length 35, skipping remainder of the config
[  381.416975][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  381.514399][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  381.540017][   T24] usb 3-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  381.549472][ T5927] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  381.562511][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.582931][   T24] usb 3-1: Product: syz
[  381.597887][   T24] usb 3-1: Manufacturer: syz
[  381.616948][   T24] usb 3-1: SerialNumber: syz
[  381.639424][   T24] usb 3-1: config 0 descriptor??
[  381.714243][ T5927] usb 4-1: Using ep0 maxpacket: 32
[  381.736766][ T5927] usb 4-1: unable to get BOS descriptor or descriptor too short
[  381.768252][ T5927] usb 4-1: config 0 has an invalid interface number: 143 but max is 0
[  381.787217][ T5927] usb 4-1: config 0 has no interface number 0
[  381.793664][ T5927] usb 4-1: config 0 interface 143 altsetting 77 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  381.815139][ T8619] netlink: 4 bytes leftover after parsing attributes in process `syz.4.739'.
[  381.836996][ T5927] usb 4-1: config 0 interface 143 has no altsetting 0
[  381.860647][ T5927] usb 4-1: New USB device found, idVendor=13b1, idProduct=0041, bcdDevice=b0.69
[  381.862255][ T8604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  381.876512][ T5927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.905490][ T8604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  381.927046][ T5927] usb 4-1: Product: syz
[  381.931271][ T5927] usb 4-1: Manufacturer: syz
[  381.935897][ T5927] usb 4-1: SerialNumber: syz
[  381.975856][   T24] usb 3-1: Found UVC 34.00 device syz (8086:0b5b)
[  381.993745][   T24] usb 3-1: No valid video chain found.
[  382.024150][   T24] usb 3-1: USB disconnect, device number 25
[  382.466178][ T5927] r8152-cfgselector 4-1: Unknown version 0x0000
[  382.697255][ T5927] r8152-cfgselector 4-1: config 0 descriptor??
[  382.725512][ T5927] r8152-cfgselector 4-1: can't set config #0, error -71
[  382.755289][ T5927] r8152-cfgselector 4-1: USB disconnect, device number 22
[  382.933298][ T8625] netlink: 104 bytes leftover after parsing attributes in process `syz.3.741'.
[  383.257068][ T5927] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  383.475252][ T5927] usb 7-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01
[  383.516931][ T5927] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.577268][ T5927] usb 7-1: Product: syz
[  383.598895][ T5927] usb 7-1: Manufacturer: syz
[  383.603803][ T8634] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  383.629752][ T8634] bridge0: port 2(bridge_slave_1) entered disabled state
[  383.638988][ T8634] bridge0: port 1(bridge_slave_0) entered disabled state
[  384.337328][ T5927] usb 7-1: SerialNumber: syz
[  384.470498][ T5927] usb 7-1: config 0 descriptor??
[  384.494685][ T5927] go7007 7-1:0.0: Sensoray 2250 found
[  384.503812][ T5927] go7007 7-1:0.0: probe with driver go7007 failed with error -12
[  384.803142][ T5848] Bluetooth: hci4: unexpected cc 0x0c2d length: 69 > 4
[  384.819053][ T5842] usb 7-1: USB disconnect, device number 10
[  384.823835][ T5848] Bluetooth: hci4: unexpected event for opcode 0x0c2d
[  384.857610][ T8641] bond0: entered allmulticast mode
[  384.867513][ T8641] bond_slave_0: entered allmulticast mode
[  384.877051][ T8641] bond_slave_1: entered allmulticast mode
[  386.686076][ T8657] FAULT_INJECTION: forcing a failure.
[  386.686076][ T8657] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.707179][ T8657] CPU: 0 UID: 0 PID: 8657 Comm: syz.3.752 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  386.707211][ T8657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  386.707223][ T8657] Call Trace:
[  386.707232][ T8657]  <TASK>
[  386.707241][ T8657]  dump_stack_lvl+0x189/0x250
[  386.707269][ T8657]  ? __pfx____ratelimit+0x10/0x10
[  386.707301][ T8657]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.707324][ T8657]  ? __pfx__printk+0x10/0x10
[  386.707349][ T8657]  ? __might_fault+0xb0/0x130
[  386.707391][ T8657]  should_fail_ex+0x414/0x560
[  386.707427][ T8657]  _copy_from_user+0x2d/0xb0
[  386.707452][ T8657]  ___sys_sendmsg+0x158/0x2a0
[  386.707482][ T8657]  ? __pfx____sys_sendmsg+0x10/0x10
[  386.707550][ T8657]  ? __fget_files+0x2a/0x420
[  386.707568][ T8657]  ? __fget_files+0x3a0/0x420
[  386.707599][ T8657]  __x64_sys_sendmsg+0x19b/0x260
[  386.707629][ T8657]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  386.707666][ T8657]  ? __pfx_ksys_write+0x10/0x10
[  386.707692][ T8657]  ? rcu_is_watching+0x15/0xb0
[  386.707720][ T8657]  ? do_syscall_64+0xbe/0x3b0
[  386.707745][ T8657]  do_syscall_64+0xfa/0x3b0
[  386.707763][ T8657]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.707793][ T8657]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.707821][ T8657]  ? clear_bhb_loop+0x60/0xb0
[  386.707846][ T8657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.707865][ T8657] RIP: 0033:0x7f2b22d8e929
[  386.707884][ T8657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.707901][ T8657] RSP: 002b:00007f2b23c4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  386.707923][ T8657] RAX: ffffffffffffffda RBX: 00007f2b22fb5fa0 RCX: 00007f2b22d8e929
[  386.707944][ T8657] RDX: 0000000004048080 RSI: 0000200000000040 RDI: 0000000000000003
[  386.707958][ T8657] RBP: 00007f2b23c4a090 R08: 0000000000000000 R09: 0000000000000000
[  386.707970][ T8657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.707982][ T8657] R13: 0000000000000000 R14: 00007f2b22fb5fa0 R15: 00007ffd966211c8
[  386.708014][ T8657]  </TASK>
[  386.923849][    C0] vkms_vblank_simulate: vblank timer overrun
[  387.342803][ T8672] netlink: 12 bytes leftover after parsing attributes in process `syz.7.757'.
[  387.650319][ T8679] futex_wake_op: syz.3.755 tries to shift op by -1; fix this program
[  389.877731][ T5927] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  390.047086][ T5927] usb 5-1: Using ep0 maxpacket: 8
[  390.054387][ T5927] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  390.087378][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.104569][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  390.132293][ T5927] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  390.171836][ T5927] usb 5-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  390.196928][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.283511][ T5927] usb 5-1: config 0 descriptor??
[  390.429103][ T5842] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  390.444016][ T8709] Dead loop on virtual device ipvlan1, fix it urgently!
[  390.617212][ T5842] usb 3-1: Using ep0 maxpacket: 16
[  390.629485][ T5842] usb 3-1: unable to get BOS descriptor or descriptor too short
[  390.968905][ T8709] syz.3.767 (8709) used greatest stack depth: 10920 bytes left
[  390.989230][ T5927] hid (null): report_id 0 is invalid
[  391.016095][ T5927] redragon 0003:0C45:760B.0009: report_id 0 is invalid
[  391.038288][ T8689] netlink: 8 bytes leftover after parsing attributes in process `syz.4.761'.
[  391.052958][ T5927] redragon 0003:0C45:760B.0009: item 0 1 1 8 parsing failed
[  391.080153][ T5927] redragon 0003:0C45:760B.0009: probe with driver redragon failed with error -22
[  391.094896][ T5842] usb 3-1: config 8 has an invalid interface number: 132 but max is 0
[  391.108721][ T5842] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  391.122936][ T5842] usb 3-1: config 8 has no interface number 0
[  391.130656][ T5842] usb 3-1: config 8 interface 132 altsetting 252 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  391.144988][ T5842] usb 3-1: config 8 interface 132 has no altsetting 0
[  391.185053][ T5842] usb 3-1: New USB device found, idVendor=07cf, idProduct=1001, bcdDevice=8f.8b
[  391.230717][ T5842] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.260488][ T5842] usb 3-1: Product: syz
[  391.266773][ T5842] usb 3-1: Manufacturer: syz
[  391.289705][ T5842] usb 3-1: SerialNumber: syz
[  391.316006][ T5927] usb 5-1: USB disconnect, device number 12
[  391.323276][ T5926] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  391.577308][ T5926] usb 8-1: Using ep0 maxpacket: 32
[  391.589446][ T5926] usb 8-1: config 0 has an invalid interface number: 85 but max is 0
[  391.656015][ T5926] usb 8-1: config 0 has no interface number 0
[  391.759397][ T2152] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  391.774784][ T5926] usb 8-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  391.776609][ T8720] netlink: 16 bytes leftover after parsing attributes in process `syz.3.771'.
[  391.869212][ T5926] usb 8-1: config 0 interface 85 has no altsetting 0
[  391.947446][ T2152] usb 7-1: Using ep0 maxpacket: 8
[  391.996784][ T2152] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  392.292933][ T8720] team0: entered promiscuous mode
[  392.305506][ T2152] usb 7-1: config 0 has no interfaces?
[  392.311616][ T2152] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  392.317009][ T5926] usb 8-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  392.337009][ T5926] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.345526][ T8720] team_slave_0: entered promiscuous mode
[  392.354598][ T8720] team_slave_1: entered promiscuous mode
[  392.361848][ T5926] usb 8-1: Product: syz
[  392.366049][ T5926] usb 8-1: Manufacturer: syz
[  392.377125][ T2152] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.382035][ T8720] batadv_slave_1: entered promiscuous mode
[  392.392136][ T5926] usb 8-1: SerialNumber: syz
[  392.400202][ T5926] usb 8-1: config 0 descriptor??
[  392.437357][ T2152] usb 7-1: config 0 descriptor??
[  392.557952][ T5842] usb-storage 3-1:8.132: USB Mass Storage device detected
[  392.597891][ T5842] usb-storage 3-1:8.132: Quirks match for vid 07cf pid 1001: a
[  392.635095][ T5842] usb 3-1: USB disconnect, device number 26
[  392.677487][ T8717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  392.719075][ T8717] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  392.732185][ T5926] appletouch 8-1:0.85: Failed to read mode from device.
[  392.757190][ T5926] appletouch 8-1:0.85: probe with driver appletouch failed with error -5
[  392.793701][ T5926] usb 8-1: USB disconnect, device number 8
[  393.092289][ T8734] netlink: 20 bytes leftover after parsing attributes in process `syz.4.775'.
[  393.448676][ T2152] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  393.527062][ T5842] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  393.726983][ T2152] usb 5-1: Using ep0 maxpacket: 16
[  393.736334][ T2152] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  393.746064][ T2152] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.754222][ T2152] usb 5-1: Product: syz
[  393.758671][ T2152] usb 5-1: Manufacturer: syz
[  393.763286][ T2152] usb 5-1: SerialNumber: syz
[  393.773694][ T8750] Dead loop on virtual device ipvlan1, fix it urgently!
[  393.781320][ T2152] usb 5-1: config 0 descriptor??
[  393.787253][ T5842] usb 3-1: Using ep0 maxpacket: 32
[  393.796053][ T2152] visor 5-1:0.0: Sony Clie 3.5 converter detected
[  393.806584][ T5842] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  393.815860][ T5842] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.825174][ T5842] usb 3-1: Product: syz
[  393.832812][ T5842] usb 3-1: Manufacturer: syz
[  393.839128][ T5842] usb 3-1: SerialNumber: syz
[  393.846258][ T5842] usb 3-1: config 0 descriptor??
[  393.855961][ T5842] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  394.202952][ T8739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  394.206992][ T2152] usb 5-1: clie_3_5_startup: get interface number failed: -32
[  394.213268][ T8739] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  394.237733][ T2152] visor 5-1:0.0: probe with driver visor failed with error -32
[  394.258245][ T2152] usb 5-1: USB disconnect, device number 13
[  394.381808][ T5926] usb 7-1: USB disconnect, device number 11
[  397.139760][ T8789] netlink: 20 bytes leftover after parsing attributes in process `syz.6.790'.
[  398.017599][ T5842] gspca_stk1135: reg_w 0x300 err -71
[  398.036945][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[  398.043346][ T5842] gspca_stk1135: Sensor write failed
[  398.057018][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[  398.063394][ T5842] gspca_stk1135: Sensor write failed
[  398.781878][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[  398.788367][ T5842] gspca_stk1135: Sensor read failed
[  398.793614][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[  398.879767][ T5842] gspca_stk1135: Sensor read failed
[  398.885202][ T5842] gspca_stk1135: Detected sensor type unknown (0x0)
[  398.892429][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[  398.899257][ T5842] gspca_stk1135: Sensor read failed
[  398.905533][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[  398.919307][ T5842] gspca_stk1135: Sensor read failed
[  398.924575][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[  398.931049][ T5842] gspca_stk1135: Sensor write failed
[  398.936390][ T5842] gspca_stk1135: serial bus timeout: status=0x00
[  398.946522][ T5842] gspca_stk1135: Sensor write failed
[  398.952093][ T5842] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71
[  398.965530][ T5842] usb 3-1: USB disconnect, device number 27
[  399.089324][ T8794] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  399.095609][ T8794] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  399.146820][ T8794] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  399.152863][ T8794] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  399.160722][ T8794] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  399.166676][ T8794] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  399.174604][ T8794] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  399.180579][ T8794] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  399.190226][ T8794] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  399.412895][ T8806] netlink: 'syz.2.797': attribute type 10 has an invalid length.
[  400.077579][ T5842] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  400.282780][ T8806] netlink: 40 bytes leftover after parsing attributes in process `syz.2.797'.
[  400.295568][ T8806] dummy0: entered promiscuous mode
[  400.328045][ T8806] bridge0: port 3(dummy0) entered blocking state
[  400.368068][ T8806] bridge0: port 3(dummy0) entered disabled state
[  400.377796][ T8806] dummy0: entered allmulticast mode
[  400.407899][ T8806] bridge0: port 3(dummy0) entered blocking state
[  400.414542][ T8806] bridge0: port 3(dummy0) entered forwarding state
[  401.117152][ T5840] Bluetooth: hci3: command 0x0406 tx timeout
[  401.170518][ T5842] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  401.188238][ T5842] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  401.198190][ T5842] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  401.213336][ T5848] Bluetooth: hci5: command 0x0406 tx timeout
[  401.219501][ T5848] Bluetooth: hci4: command 0x0405 tx timeout
[  401.225627][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout
[  401.243432][ T8818] netlink: 'syz.4.798': attribute type 12 has an invalid length.
[  401.251228][ T8818] netlink: 112 bytes leftover after parsing attributes in process `syz.4.798'.
[  401.321104][ T5842] usb 7-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  401.371608][ T5842] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  401.448781][ T8821] syz.3.801: attempt to access beyond end of device
[  401.448781][ T8821] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  401.884285][ T5842] usb 7-1: config 0 descriptor??
[  402.021577][ T5842] usbhid 7-1:0.0: can't add hid device: -71
[  402.048397][ T5842] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  402.107177][ T5842] usb 7-1: USB disconnect, device number 12
[  402.517315][ T5926] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  402.929905][ T5926] usb 5-1: Using ep0 maxpacket: 16
[  403.604474][ T5851] Bluetooth: hci3: command 0x0406 tx timeout
[  403.610722][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout
[  403.622327][ T5851] Bluetooth: hci4: command 0x0405 tx timeout
[  403.628521][ T5851] Bluetooth: hci5: command 0x0406 tx timeout
[  403.640288][ T5926] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  403.802379][ T5842] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  403.847233][ T5926] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 32
[  404.161572][ T8855] lo speed is unknown, defaulting to 1000
[  404.168693][ T8855] lo speed is unknown, defaulting to 1000
[  404.185007][ T8855] lo speed is unknown, defaulting to 1000
[  404.230245][ T8855] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  404.330455][ T8855] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  404.521671][ T5926] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  404.546960][ T5926] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  404.559768][ T8855] lo speed is unknown, defaulting to 1000
[  404.568291][ T5926] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  404.568850][ T8855] lo speed is unknown, defaulting to 1000
[  404.591520][ T8855] lo speed is unknown, defaulting to 1000
[  404.599462][ T8855] lo speed is unknown, defaulting to 1000
[  404.609554][ T8855] lo speed is unknown, defaulting to 1000
[  404.616528][ T8855] lo speed is unknown, defaulting to 1000
[  404.653562][ T5926] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  404.674542][ T5842] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  404.697952][ T5842] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.708454][ T5842] usb 3-1: Product: syz
[  404.712889][ T5842] usb 3-1: Manufacturer: syz
[  404.712995][ T5926] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  404.720902][ T5842] usb 3-1: SerialNumber: syz
[  405.441129][ T5842] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  405.474442][ T5926] usb 5-1: SerialNumber: syz
[  405.696651][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout
[  405.885427][ T5926] usb 5-1: can't set config #1, error -71
[  405.894323][ T2152] usb 3-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed
[  405.940815][ T2152] usb 3-1: ath9k_htc: USB layer deinitialized
[  405.941155][ T5926] usb 5-1: USB disconnect, device number 14
[  405.966413][    T9] usb 3-1: USB disconnect, device number 28
[  406.071618][ T8867] bridge_slave_0: left allmulticast mode
[  406.078710][ T8867] bridge_slave_0: left promiscuous mode
[  406.097133][ T8867] bridge0: port 1(bridge_slave_0) entered disabled state
[  406.136267][ T8867] bridge_slave_1: left allmulticast mode
[  406.143324][ T8867] bridge_slave_1: left promiscuous mode
[  406.154458][ T8867] bridge0: port 2(bridge_slave_1) entered disabled state
[  406.185351][ T8867] bond0: (slave bond_slave_0): Releasing backup interface
[  406.205271][ T8867] bond0: (slave bond_slave_1): Releasing backup interface
[  406.255646][ T8867] team0: Port device team_slave_0 removed
[  406.277636][ T8867] team0: Port device team_slave_1 removed
[  406.287690][ T8867] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  406.295167][ T8867] batman_adv: batadv0: Removing interface: batadv_slave_0
[  406.304050][ T8867] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  406.312808][ T8867] batman_adv: batadv0: Removing interface: batadv_slave_1
[  406.404258][ T8876] netlink: 'syz.2.819': attribute type 13 has an invalid length.
[  406.521473][ T8880] netlink: 'syz.2.821': attribute type 10 has an invalid length.
[  406.535945][ T8880] netlink: 40 bytes leftover after parsing attributes in process `syz.2.821'.
[  406.567379][ T5926] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  406.742025][ T5926] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  406.752616][ T5926] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.764127][ T5926] usb 5-1: config 0 descriptor??
[  406.786764][ T5926] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  407.057649][ T5926] gp8psk: usb in 128 operation failed.
[  407.183442][ T8894] netlink: 120 bytes leftover after parsing attributes in process `syz.3.827'.
[  408.440503][ T5926] gp8psk: usb in 146 operation failed.
[  408.456472][ T5926] gp8psk: failed to get FW version
[  409.233679][ T5926] gp8psk: FPGA Version = 225
[  409.677081][ T5926] gp8psk: usb in 138 operation failed.
[  409.682625][ T5926] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  409.697039][ T5926] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  409.708874][ T5926] usb 5-1: USB disconnect, device number 15
[  409.864506][ T8909] sp0: Synchronizing with TNC
[  412.240323][ T8916] binder: 8901:8916 ioctl c018620c 200000000000 returned -22
[  412.249448][ T8916] netlink: 12 bytes leftover after parsing attributes in process `syz.6.828'.
[  412.258432][ T8916] netlink: 8 bytes leftover after parsing attributes in process `syz.6.828'.
[  413.344303][ T8921] openvswitch: netlink: nsh attribute has 99 unknown bytes.
[  413.707228][ T8932] netlink: 28 bytes leftover after parsing attributes in process `syz.2.836'.
[  414.061039][ T8941] netlink: 56 bytes leftover after parsing attributes in process `syz.3.839'.
[  414.351179][ T8948] Dead loop on virtual device ipvlan1, fix it urgently!
[  414.966946][  T979] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  415.196300][  T979] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  415.243316][  T979] usb 3-1: config 0 has no interfaces?
[  415.286010][  T979] usb 3-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.b6
[  415.437023][  T979] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.451340][  T979] usb 3-1: Product: syz
[  415.455693][  T979] usb 3-1: Manufacturer: syz
[  415.461553][  T979] usb 3-1: SerialNumber: syz
[  416.370403][  T979] usb 3-1: config 0 descriptor??
[  416.447372][ T8948] syz.3.840 (8948) used greatest stack depth: 10024 bytes left
[  416.574854][ T8970] netlink: 32 bytes leftover after parsing attributes in process `syz.4.847'.
[  416.668103][ T8970] netlink: 24 bytes leftover after parsing attributes in process `syz.4.847'.
[  416.748969][ T5935] usb 3-1: USB disconnect, device number 29
[  417.346498][ T8982] vlan2: entered promiscuous mode
[  417.382914][ T8982] vlan2: entered allmulticast mode
[  417.412788][ T8982] hsr_slave_1: entered allmulticast mode
[  417.465046][ T8986] netlink: 4 bytes leftover after parsing attributes in process `syz.6.852'.
[  418.191236][ T8993] syz.3.854: attempt to access beyond end of device
[  418.191236][ T8993] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  419.971944][ T9012] dummy0: entered promiscuous mode
[  419.988274][ T9012] dummy0: left allmulticast mode
[  420.014300][ T9015] netlink: 9896 bytes leftover after parsing attributes in process `syz.2.862'.
[  420.064255][ T9016] netlink: 8 bytes leftover after parsing attributes in process `syz.7.860'.
[  420.922622][ T9010] overlay: filesystem on ./bus not supported as upperdir
[  421.427005][  T979] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  421.507339][    T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  421.546948][ T5926] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  421.587927][  T979] usb 3-1: Using ep0 maxpacket: 16
[  421.595819][  T979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  421.612621][  T979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  421.623692][  T979] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  421.638134][  T979] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  421.649451][  T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.661377][  T979] usb 3-1: config 0 descriptor??
[  421.687119][    T9] usb 4-1: Using ep0 maxpacket: 32
[  421.694206][    T9] usb 4-1: config 0 has an invalid descriptor of length 64, skipping remainder of the config
[  421.704740][    T9] usb 4-1: config 0 interface 0 altsetting 128 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  421.718434][ T5926] usb 8-1: Using ep0 maxpacket: 16
[  421.723833][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  421.731382][    T9] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  421.742392][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.752216][ T5926] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  421.765188][ T5926] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  421.778844][    T9] usb 4-1: config 0 descriptor??
[  421.785562][ T5926] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  421.795579][ T5926] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.803014][ T9046] can0: slcan on ttyS3.
[  421.803863][ T5926] usb 8-1: Product: syz
[  421.829733][ T5926] usb 8-1: Manufacturer: syz
[  421.834512][ T5926] usb 8-1: SerialNumber: syz
[  421.889287][ T9046] can0 (unregistered): slcan off ttyS3.
[  422.064739][ T9035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.091034][  T979] shield 0003:0955:7214.000A: unknown main item tag 0x0
[  422.098883][ T9035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.106743][ T9032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.115569][  T979] shield 0003:0955:7214.000A: unknown main item tag 0x0
[  422.123722][ T9032] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.143130][  T979] shield 0003:0955:7214.000A: unknown main item tag 0x0
[  422.176631][  T979] shield 0003:0955:7214.000A: unknown main item tag 0x0
[  422.204053][  T979] shield 0003:0955:7214.000A: unknown main item tag 0x0
[  422.213522][ T9032] can0: slcan on ttyS3.
[  422.218717][ T5926] usb 8-1: 0:2 : does not exist
[  422.243410][  T979] input: HID 0955:7214 Haptics as /devices/virtual/input/input19
[  422.284151][ T9029] netlink: 'syz.2.867': attribute type 2 has an invalid length.
[  422.292052][ T9029] netlink: 244 bytes leftover after parsing attributes in process `syz.2.867'.
[  422.314428][    T9] usb 4-1: string descriptor 0 read error: -71
[  422.334658][ T5926] usb 8-1: USB disconnect, device number 9
[  422.351238][    T9] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  422.404225][    T9] usb 4-1: USB disconnect, device number 23
[  422.415982][ T9052] netlink: 'syz.6.873': attribute type 10 has an invalid length.
[  422.435107][ T9052] netlink: 40 bytes leftover after parsing attributes in process `syz.6.873'.
[  422.436148][  T979] shield 0003:0955:7214.000A: Registered Thunderstrike controller
[  422.454355][ T9043] can0 (unregistered): slcan off ttyS3.
[  422.463527][  T979] shield 0003:0955:7214.000A: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0
[  422.484929][ T9052] team0: Failed to send port change of device geneve0 via netlink (err -105)
[  422.503051][ T9052] team0: Failed to send options change via netlink (err -105)
[  422.511971][ T9052] team0: Port device geneve0 added
[  422.529585][ T5975] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  422.552180][  T979] usb 3-1: USB disconnect, device number 30
[  422.561906][ T5975] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  422.591315][ T5975] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  422.614049][ T5975] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  422.662573][ T9055] netlink: 'syz.6.874': attribute type 29 has an invalid length.
[  422.673317][ T9055] netlink: 'syz.6.874': attribute type 29 has an invalid length.
[  422.683869][ T9055] netlink: 52 bytes leftover after parsing attributes in process `syz.6.874'.
[  422.835233][ T9059] netlink: 8 bytes leftover after parsing attributes in process `syz.7.875'.
[  423.014501][ T9065] netlink: 'syz.3.878': attribute type 27 has an invalid length.
[  423.017129][ T5975] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  423.078667][ T9070] netlink: 56 bytes leftover after parsing attributes in process `syz.7.880'.
[  423.146255][ T9074] FAULT_INJECTION: forcing a failure.
[  423.146255][ T9074] name failslab, interval 1, probability 0, space 0, times 0
[  423.169128][ T9074] CPU: 1 UID: 0 PID: 9074 Comm: syz.3.881 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  423.169158][ T9074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  423.169169][ T9074] Call Trace:
[  423.169177][ T9074]  <TASK>
[  423.169186][ T9074]  dump_stack_lvl+0x189/0x250
[  423.169213][ T9074]  ? __pfx____ratelimit+0x10/0x10
[  423.169243][ T9074]  ? __pfx_dump_stack_lvl+0x10/0x10
[  423.169266][ T9074]  ? __pfx__printk+0x10/0x10
[  423.169291][ T9074]  ? __pfx___might_resched+0x10/0x10
[  423.169314][ T9074]  ? fs_reclaim_acquire+0x7d/0x100
[  423.169352][ T9074]  should_fail_ex+0x414/0x560
[  423.169386][ T9074]  should_failslab+0xa8/0x100
[  423.169405][ T9074]  __kmalloc_node_noprof+0xd1/0x4e0
[  423.169432][ T9074]  ? alloc_slab_obj_exts+0x39/0xa0
[  423.169463][ T9074]  alloc_slab_obj_exts+0x39/0xa0
[  423.169489][ T9074]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[  423.169543][ T9074]  kmem_cache_alloc_noprof+0x2bf/0x3c0
[  423.169569][ T9074]  ? ep_insert+0x424/0x17d0
[  423.169599][ T9074]  ep_insert+0x424/0x17d0
[  423.169639][ T9074]  ? __pfx_ep_insert+0x10/0x10
[  423.169665][ T9074]  ? __pfx___mutex_lock+0x10/0x10
[  423.169685][ T9074]  ? __fget_files+0x2a/0x420
[  423.169709][ T9074]  ? __fget_files+0x2a/0x420
[  423.169727][ T9074]  ? __fget_files+0x3a0/0x420
[  423.169744][ T9074]  ? __fget_files+0x2a/0x420
[  423.169773][ T9074]  do_epoll_ctl+0x7f4/0xe90
[  423.169811][ T9074]  __x64_sys_epoll_ctl+0x163/0x1a0
[  423.169851][ T9074]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  423.169876][ T9074]  ? rcu_is_watching+0x15/0xb0
[  423.169904][ T9074]  ? do_syscall_64+0xbe/0x3b0
[  423.169930][ T9074]  do_syscall_64+0xfa/0x3b0
[  423.169948][ T9074]  ? lockdep_hardirqs_on+0x9c/0x150
[  423.169976][ T9074]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.169996][ T9074]  ? clear_bhb_loop+0x60/0xb0
[  423.170021][ T9074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.170041][ T9074] RIP: 0033:0x7f2b22d8e929
[  423.170060][ T9074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  423.170078][ T9074] RSP: 002b:00007f2b23c4a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  423.170100][ T9074] RAX: ffffffffffffffda RBX: 00007f2b22fb5fa0 RCX: 00007f2b22d8e929
[  423.170114][ T9074] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000005
[  423.170126][ T9074] RBP: 00007f2b23c4a090 R08: 0000000000000000 R09: 0000000000000000
[  423.170138][ T9074] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  423.170150][ T9074] R13: 0000000000000000 R14: 00007f2b22fb5fa0 R15: 00007ffd966211c8
[  423.170183][ T9074]  </TASK>
[  423.187081][  T979] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  423.466945][ T5975] usb 7-1: Using ep0 maxpacket: 16
[  423.474076][ T5975] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  423.487121][ T5975] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.501005][ T5975] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  423.514097][ T5975] usb 7-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[  423.540167][ T5975] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.568482][ T5975] usb 7-1: config 0 descriptor??
[  423.607776][  T979] usb 3-1: Using ep0 maxpacket: 16
[  423.623273][  T979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  423.648401][ T9083] loop2: detected capacity change from 0 to 7
[  423.656946][  T979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.672368][ T9083] Dev loop2: unable to read RDB block 7
[  423.694155][ T9083]  loop2: unable to read partition table
[  423.700748][ T9083] loop2: partition table beyond EOD, truncated
[  423.701900][  T979] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  423.707197][ T9083] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  423.727558][ T9085] netlink: 8 bytes leftover after parsing attributes in process `syz.4.885'.
[  423.738346][ T9085] netlink: 32 bytes leftover after parsing attributes in process `syz.4.885'.
[  423.861545][ T2152] usb 8-1: new full-speed USB device number 10 using dummy_hcd
[  424.167801][ T2152] usb 8-1: config 0 has no interfaces?
[  424.200744][ T9057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  424.266886][ T2152] usb 8-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00
[  424.430038][ T9057] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  424.448053][ T2152] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.538261][ T2152] usb 8-1: config 0 descriptor??
[  424.645380][  T979] usb 3-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00
[  424.655539][  T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.667705][  T979] usb 3-1: config 0 descriptor??
[  424.693211][ T5975] hid-multitouch 0003:0457:07DA.000B: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.6-1/input0
[  424.884028][ T5935] usb 7-1: USB disconnect, device number 13
[  425.076431][ T2152] usb 8-1: USB disconnect, device number 10
[  425.124059][  T979] ryos 0003:1E7D:31CE.000C: unbalanced delimiter at end of report description
[  425.143541][  T979] ryos 0003:1E7D:31CE.000C: parse failed
[  425.154265][  T979] ryos 0003:1E7D:31CE.000C: probe with driver ryos failed with error -22
[  425.751177][  T979] usb 3-1: USB disconnect, device number 31
[  425.967677][ T9112] ip6t_srh: unknown srh invflags 4000
[  426.037332][ T9115] wg2: entered promiscuous mode
[  426.043476][ T9115] wg2: entered allmulticast mode
[  426.227470][ T5975] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  426.470092][ T5975] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  426.615539][ T5975] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  426.774235][ T5975] usb 8-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  426.814169][ T5975] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.893932][ T5975] usb 8-1: config 0 descriptor??
[  429.634418][ T5975] usbhid 8-1:0.0: can't add hid device: -71
[  429.651428][ T5975] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  429.696081][ T5975] usb 8-1: USB disconnect, device number 11
[  429.926974][  T979] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  430.220931][  T979] usb 4-1: Using ep0 maxpacket: 8
[  430.286948][  T979] usb 4-1: config 2 has an invalid interface number: 206 but max is 0
[  430.295460][  T979] usb 4-1: config 2 has no interface number 0
[  430.295915][ T9139] sg_write: process 607 (syz.2.902) changed security contexts after opening file descriptor, this is not allowed.
[  430.322276][  T979] usb 4-1: config 2 interface 206 has no altsetting 0
[  430.420330][  T979] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10b2, bcdDevice=b1.2a
[  430.459756][  T979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.865028][   T24] usb 4-1: USB disconnect, device number 24
[  432.177260][ T5840] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  432.312211][ T9156] netlink: 8 bytes leftover after parsing attributes in process `syz.6.905'.
[  433.169022][ T9163] netlink: 64 bytes leftover after parsing attributes in process `syz.2.909'.
[  433.766971][  T979] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  433.938911][  T979] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  433.961338][  T979] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.126976][  T979] usb 3-1: Product: syz
[  434.149047][  T979] usb 3-1: Manufacturer: syz
[  434.173845][  T979] usb 3-1: SerialNumber: syz
[  434.207187][  T979] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  434.287396][ T5975] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  434.722287][ T2152] usb 3-1: USB disconnect, device number 32
[  435.366938][ T5975] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  435.375152][ T5975] ath9k_htc: Failed to initialize the device
[  435.390027][ T2152] usb 3-1: ath9k_htc: USB layer deinitialized
[  435.777348][ T9203] can0: slcan on ttyS3.
[  435.786268][ T9203] bridge0: port 4(syz_tun) entered blocking state
[  435.793061][ T9203] bridge0: port 4(syz_tun) entered disabled state
[  435.799888][ T9203] syz_tun: entered allmulticast mode
[  435.807570][ T9203] syz_tun: entered promiscuous mode
[  435.813649][ T9203] bridge0: port 4(syz_tun) entered blocking state
[  435.820460][ T9203] bridge0: port 4(syz_tun) entered forwarding state
[  435.861129][ T9203] xt_CT: You must specify a L4 protocol and not use inversions on it
[  436.163447][ T9202] can0 (unregistered): slcan off ttyS3.
[  436.416097][ T9222] af_packet: tpacket_rcv: packet too big, clamped from 544 to 4294967272. macoff=96
[  436.643785][ T9228] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  437.321085][   T24] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  437.471773][ T9236] lo speed is unknown, defaulting to 1000
[  437.542808][   T24] usb 8-1: Using ep0 maxpacket: 8
[  437.568259][ T9241] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  437.569841][   T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  438.057100][   T24] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  438.074546][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  438.086448][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  438.140671][ T9238] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  438.146946][   T24] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  438.199191][   T24] usb 8-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  438.225797][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.247933][   T24] usb 8-1: Product: syz
[  438.265666][   T24] usb 8-1: Manufacturer: syz
[  438.306372][   T24] usb 8-1: SerialNumber: syz
[  438.455653][ T9238] kvm: pic: non byte read
[  438.530310][ T9238] kvm: pic: level sensitive irq not supported
[  438.548826][   T24] usb 8-1: config 0 descriptor??
[  438.563115][ T9230] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  438.567051][ T9238] kvm: pic: non byte read
[  438.573026][   T24] ati_remote 8-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints
[  440.242494][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  440.248987][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  440.309185][ T9258] netlink: 9896 bytes leftover after parsing attributes in process `syz.2.937'.
[  440.356361][ T9260] netlink: 24 bytes leftover after parsing attributes in process `syz.4.938'.
[  441.144201][    T9] usb 8-1: USB disconnect, device number 12
[  441.342104][ T9272] FAULT_INJECTION: forcing a failure.
[  441.342104][ T9272] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  441.367055][ T9272] CPU: 1 UID: 0 PID: 9272 Comm: syz.2.941 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  441.367086][ T9272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  441.367099][ T9272] Call Trace:
[  441.367107][ T9272]  <TASK>
[  441.367116][ T9272]  dump_stack_lvl+0x189/0x250
[  441.367146][ T9272]  ? __pfx____ratelimit+0x10/0x10
[  441.367175][ T9272]  ? __pfx_dump_stack_lvl+0x10/0x10
[  441.367198][ T9272]  ? __pfx__printk+0x10/0x10
[  441.367224][ T9272]  ? __might_fault+0xb0/0x130
[  441.367264][ T9272]  should_fail_ex+0x414/0x560
[  441.367300][ T9272]  _copy_from_user+0x2d/0xb0
[  441.367325][ T9272]  bpf_prog_test_run_xdp+0xd05/0x1000
[  441.367369][ T9272]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  441.367400][ T9272]  ? __fget_files+0x2a/0x420
[  441.367426][ T9272]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  441.367451][ T9272]  bpf_prog_test_run+0x2c7/0x340
[  441.367477][ T9272]  __sys_bpf+0x4a4/0x860
[  441.367519][ T9272]  ? __pfx___sys_bpf+0x10/0x10
[  441.367545][ T9272]  ? bpf_trace_run2+0x322/0x4b0
[  441.367598][ T9272]  ? rcu_is_watching+0x15/0xb0
[  441.367627][ T9272]  __x64_sys_bpf+0x7c/0x90
[  441.367656][ T9272]  do_syscall_64+0xfa/0x3b0
[  441.367675][ T9272]  ? lockdep_hardirqs_on+0x9c/0x150
[  441.367704][ T9272]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.367724][ T9272]  ? clear_bhb_loop+0x60/0xb0
[  441.367750][ T9272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.367768][ T9272] RIP: 0033:0x7f49c638e929
[  441.367787][ T9272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  441.367804][ T9272] RSP: 002b:00007f49c41f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  441.367826][ T9272] RAX: ffffffffffffffda RBX: 00007f49c65b5fa0 RCX: 00007f49c638e929
[  441.367841][ T9272] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  441.367854][ T9272] RBP: 00007f49c41f6090 R08: 0000000000000000 R09: 0000000000000000
[  441.367867][ T9272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  441.367879][ T9272] R13: 0000000000000000 R14: 00007f49c65b5fa0 R15: 00007ffdeefd8de8
[  441.367920][ T9272]  </TASK>
[  441.768368][ T9276] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  441.887734][ T9276] netlink: 'syz.7.943': attribute type 4 has an invalid length.
[  443.230305][ T5842] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  443.429017][ T5842] usb 4-1: config 0 has an invalid interface number: 228 but max is 0
[  443.446953][ T5842] usb 4-1: config 0 has no interface number 0
[  443.454060][ T5842] usb 4-1: config 0 interface 228 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  443.477610][ T5842] usb 4-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=34.b1
[  443.495904][ T5842] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.527291][ T5842] usb 4-1: Product: syz
[  443.547119][ T5842] usb 4-1: Manufacturer: syz
[  443.562402][ T5842] usb 4-1: SerialNumber: syz
[  443.588023][ T5842] usb 4-1: config 0 descriptor??
[  443.609644][ T5842] bfusb 4-1:0.228: probe with driver bfusb failed with error -5
[  444.812155][ T9308] netlink: 36 bytes leftover after parsing attributes in process `syz.2.951'.
[  444.814731][ T9301] netlink: 'syz.6.949': attribute type 21 has an invalid length.
[  444.887156][ T9308] QAT: Device 7 not found
[  444.973033][ T9301] netlink: 132 bytes leftover after parsing attributes in process `syz.6.949'.
[  445.878234][   T24] usb 4-1: USB disconnect, device number 25
[  450.565258][    T9] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  453.380294][ T9353] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-22)
[  453.413914][ T9353] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  454.623592][ T9364] ------------[ cut here ]------------
[  454.630569][ T9364] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/pcl812.c:1152:10
[  454.650859][ T9364] shift exponent 8546 is too large for 32-bit type 'int'
[  454.665967][ T9364] CPU: 0 UID: 0 PID: 9364 Comm: syz.6.968 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  454.666000][ T9364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  454.666013][ T9364] Call Trace:
[  454.666021][ T9364]  <TASK>
[  454.666031][ T9364]  dump_stack_lvl+0x189/0x250
[  454.666068][ T9364]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.666094][ T9364]  ? __pfx__printk+0x10/0x10
[  454.666138][ T9364]  ubsan_epilogue+0xa/0x40
[  454.666165][ T9364]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[  454.666225][ T9364]  pcl812_attach+0x1b9e/0x2300
[  454.666270][ T9364]  comedi_device_attach+0x51d/0x670
[  454.666300][ T9364]  comedi_unlocked_ioctl+0x686/0xf40
[  454.666340][ T9364]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  454.666386][ T9364]  ? __pfx_smack_log+0x10/0x10
[  454.666411][ T9364]  ? smk_access+0x14c/0x4e0
[  454.666442][ T9364]  ? smk_tskacc+0x2fc/0x370
[  454.666472][ T9364]  ? smack_file_ioctl+0x24a/0x340
[  454.666503][ T9364]  ? __pfx_smack_file_ioctl+0x10/0x10
[  454.666546][ T9364]  ? __fget_files+0x2a/0x420
[  454.666565][ T9364]  ? __fget_files+0x3a0/0x420
[  454.666585][ T9364]  ? __fget_files+0x2a/0x420
[  454.666611][ T9364]  ? bpf_lsm_file_ioctl+0x9/0x20
[  454.666633][ T9364]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  454.666662][ T9364]  __se_sys_ioctl+0xf9/0x170
[  454.666694][ T9364]  do_syscall_64+0xfa/0x3b0
[  454.666714][ T9364]  ? lockdep_hardirqs_on+0x9c/0x150
[  454.666746][ T9364]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.666767][ T9364]  ? clear_bhb_loop+0x60/0xb0
[  454.666794][ T9364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.666820][ T9364] RIP: 0033:0x7fa08eb8e929
[  454.666841][ T9364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.666859][ T9364] RSP: 002b:00007fa08fa3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  454.666882][ T9364] RAX: ffffffffffffffda RBX: 00007fa08edb5fa0 RCX: 00007fa08eb8e929
[  454.666898][ T9364] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000003
[  454.666912][ T9364] RBP: 00007fa08ec10b39 R08: 0000000000000000 R09: 0000000000000000
[  454.666925][ T9364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  454.666937][ T9364] R13: 0000000000000000 R14: 00007fa08edb5fa0 R15: 00007fffac595408
[  454.666970][ T9364]  </TASK>
[  454.932662][ T9364] ---[ end trace ]---
[  454.937788][ T9364] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[  454.945041][ T9364] CPU: 0 UID: 0 PID: 9364 Comm: syz.6.968 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[  454.956977][ T9364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  454.967081][ T9364] Call Trace:
[  454.970401][ T9364]  <TASK>
[  454.973371][ T9364]  dump_stack_lvl+0x99/0x250
[  454.978096][ T9364]  ? __asan_memcpy+0x40/0x70
[  454.982739][ T9364]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.988092][ T9364]  ? __pfx__printk+0x10/0x10
[  454.992764][ T9364]  panic+0x2db/0x790
[  454.996720][ T9364]  ? __pfx_panic+0x10/0x10
[  455.001228][ T9364]  ? _printk+0xcf/0x120
[  455.005441][ T9364]  ? __pfx__printk+0x10/0x10
[  455.010091][ T9364]  check_panic_on_warn+0x89/0xb0
[  455.015102][ T9364]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[  455.021612][ T9364]  pcl812_attach+0x1b9e/0x2300
[  455.026454][ T9364]  comedi_device_attach+0x51d/0x670
[  455.031705][ T9364]  comedi_unlocked_ioctl+0x686/0xf40
[  455.037060][ T9364]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  455.042940][ T9364]  ? __pfx_smack_log+0x10/0x10
[  455.047751][ T9364]  ? smk_access+0x14c/0x4e0
[  455.052317][ T9364]  ? smk_tskacc+0x2fc/0x370
[  455.056873][ T9364]  ? smack_file_ioctl+0x24a/0x340
[  455.061951][ T9364]  ? __pfx_smack_file_ioctl+0x10/0x10
[  455.067392][ T9364]  ? __fget_files+0x2a/0x420
[  455.072017][ T9364]  ? __fget_files+0x3a0/0x420
[  455.076769][ T9364]  ? __fget_files+0x2a/0x420
[  455.081402][ T9364]  ? bpf_lsm_file_ioctl+0x9/0x20
[  455.086568][ T9364]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  455.092418][ T9364]  __se_sys_ioctl+0xf9/0x170
[  455.097062][ T9364]  do_syscall_64+0xfa/0x3b0
[  455.101609][ T9364]  ? lockdep_hardirqs_on+0x9c/0x150
[  455.106857][ T9364]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.112964][ T9364]  ? clear_bhb_loop+0x60/0xb0
[  455.117687][ T9364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.124143][ T9364] RIP: 0033:0x7fa08eb8e929
[  455.128592][ T9364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.148230][ T9364] RSP: 002b:00007fa08fa3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  455.156686][ T9364] RAX: ffffffffffffffda RBX: 00007fa08edb5fa0 RCX: 00007fa08eb8e929
[  455.164751][ T9364] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000003
[  455.172731][ T9364] RBP: 00007fa08ec10b39 R08: 0000000000000000 R09: 0000000000000000
[  455.180725][ T9364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  455.188740][ T9364] R13: 0000000000000000 R14: 00007fa08edb5fa0 R15: 00007fffac595408
[  455.196775][ T9364]  </TASK>
[  455.199986][ T9364] Kernel Offset: disabled
[  455.204371][ T9364] Rebooting in 86400 seconds..