last executing test programs:

28.818491855s ago: executing program 4 (id=531):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSIFPFLAGS(r6, 0x8934, &(0x7f0000001ac0)={'vcan0\x00', 0x6})
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=r7, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r7, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)="bd", 0x1}], 0x1}}], 0x1, 0x41)

27.823605644s ago: executing program 4 (id=533):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
readv(r2, &(0x7f0000000140)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f00000001c0)={@dev}, &(0x7f0000000240)=0x14)
preadv(0xffffffffffffffff, &(0x7f0000003240)=[{&(0x7f0000002200)=""/4096, 0x1000}], 0x1, 0x8, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000180), 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(0x0, 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85512, &(0x7f0000000280)={{0x6, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x40000000000, 0xffffffffffffffff, 0xffffffefffffffff, 0x0, 0x4, 0x0, 0xfffffffffffffffd, 0x4, 0x0, 0x0, 0xfffffeffbfffffff, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x3, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x100200000, 0xb, 0x6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000, 0x1000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xe95, 0x10000, 0x7785, 0x0, 0x4, 0x4, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x2, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x1000000000, 0x0, 0x80000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x100, 0x81, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x2, 0x100000000000, 0x0, 0x3, 0x2, 0x0, 0x7, 0xc0c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffeffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x80]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_freezer_state(r5, &(0x7f00000000c0), 0x2, 0x0)
r7 = openat$cgroup_procs(r5, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r7, &(0x7f0000000180), 0x12)
write$cgroup_freezer_state(r6, &(0x7f0000000200)='THAWED\x00', 0x7)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x2, 0x2ff7afedf}, 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

26.00047282s ago: executing program 0 (id=537):
socket(0x18, 0x0, 0x0)
syz_io_uring_setup(0x139c, 0x0, 0x0, 0x0) (async)
r0 = syz_io_uring_setup(0x139c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/msg\x00', 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000280)={'ip_vti0\x00', &(0x7f0000000200)={'syztnl0\x00', 0x0, 0x10, 0x7, 0x1, 0x9, {{0x11, 0x4, 0x2, 0x2a, 0x44, 0x65, 0x0, 0xa, 0x29, 0x0, @empty, @broadcast, {[@rr={0x7, 0xf, 0xdd, [@multicast1, @local, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp_prespec={0x44, 0x14, 0x1, 0x3, 0xd, [{@empty, 0x3}, {@empty, 0x1}]}, @generic={0x83, 0x6, "5aae77a6"}, @ra={0x94, 0x4}]}}}}}) (async)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000280)={'ip_vti0\x00', &(0x7f0000000200)={'syztnl0\x00', 0x0, 0x10, 0x7, 0x1, 0x9, {{0x11, 0x4, 0x2, 0x2a, 0x44, 0x65, 0x0, 0xa, 0x29, 0x0, @empty, @broadcast, {[@rr={0x7, 0xf, 0xdd, [@multicast1, @local, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp_prespec={0x44, 0x14, 0x1, 0x3, 0xd, [{@empty, 0x3}, {@empty, 0x1}]}, @generic={0x83, 0x6, "5aae77a6"}, @ra={0x94, 0x4}]}}}}})
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x0) (async)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
mmap(&(0x7f000000b000/0x4000)=nil, 0x4000, 0x1000005, 0x8012, r3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r4, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0x1}], 0x1}}], 0x1, 0x24000050)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, &(0x7f0000000100)) (async)
ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, &(0x7f0000000100))
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140))
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff020000bfa300000000000007030000f0ffffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed000062030000000000001d440000000000007a0a00fe00ffffffc303000041000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffc93, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/xfrm_stat\x00')
read$FUSE(r6, &(0x7f0000000640)={0x2020}, 0x2020) (async)
read$FUSE(r6, &(0x7f0000000640)={0x2020}, 0x2020)
mkdirat(r6, &(0x7f0000000100)='./file0\x00', 0x108)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000340)={0xaa, 0x504})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8010, r0, 0x6a855000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)

25.375009492s ago: executing program 0 (id=538):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000100075c0000000e0a01020000000000000000010000000900020073797a3200000000090001"], 0xec}, 0x1, 0x0, 0x0, 0x44080}, 0x0)

25.305550472s ago: executing program 1 (id=539):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
userfaultfd(0x801)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r4, r1, 0x25, 0x2, @val=@iter={0x0}}, 0x20)
syz_emit_ethernet(0x2a, &(0x7f0000000340)=ANY=[], 0x0)

25.206812902s ago: executing program 0 (id=541):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000044000000090a090400000000000000000700000008000a4000ffec000900020073797a31000000000900010073797a300000000008000540000000310800084000000001140000001100010000000000000000000084"], 0x8c}}, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r3 = accept(r0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000300), &(0x7f00000002c0)=@tcp6=r3}, 0x47)
r5 = fcntl$getown(r2, 0x9)
timer_create(0x3, &(0x7f0000000000)={0x0, 0x2a, 0x4, @tid=r5}, 0x0)
recvmsg$kcm(r3, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x10100)

24.896675732s ago: executing program 1 (id=542):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x10)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, 0x0, &(0x7f0000000140))
pipe2$watch_queue(&(0x7f0000000000), 0x80)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000180)={0x3, 'netpci0\x00', {0x1}, 0x4})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01032757c38d085641a7260000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_open_dev$evdev(0x0, 0x3f, 0x822f01)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[], 0xa0}}, 0x0)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000006800019ef00000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[], 0x20}, 0x1, 0x7}, 0x0)
write$char_usb(r5, &(0x7f0000000040), 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)

23.762087336s ago: executing program 3 (id=544):
mkdirat(0xffffffffffffffff, 0x0, 0xb)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2a00, 0x180)
openat2(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)={0x301000, 0x80}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002600)=@delchain={0x520, 0x65, 0x2, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x8}, {0x0, 0x9}, {0x6}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @filter_kind_options=@f_route={{0xa}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x6, 0x22}}, @filter_kind_options=@f_route={{0xa}, {0x4cc, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x478, 0x6, [@m_bpf={0xf0, 0x16, 0x0, 0x0, {{0x8}, {0xc8, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_FD={0x8}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x2248, 0x3, 0x10000000, 0x9, 0xf85}}, @TCA_ACT_BPF_OPS={0x24, 0x4, [{0x6, 0x4, 0xb6, 0x6}, {0xaa6, 0x0, 0xff}, {0x8, 0x9a, 0x9}, {0x3, 0x4, 0x6, 0x1}]}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x5}, @TCA_ACT_BPF_FD={0x8}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x6}, @TCA_ACT_BPF_OPS={0x44, 0x4, [{0xe, 0x8f, 0x1, 0x1}, {0x3, 0x7, 0x4, 0xffff}, {0x2ee, 0x7, 0x9}, {0x2, 0x40, 0x3, 0x9}, {0x3, 0x94, 0xc, 0x20000}, {0x6, 0x4, 0xb3, 0x1}, {0x3, 0x51, 0x5, 0x8}, {0x5, 0x5, 0x2, 0x9}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1, 0x9, 0x0, 0x8000, 0x6}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_skbmod={0x9c, 0x6, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x8}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x8, 0x4, 0x3, 0x5d, 0x5}, 0xe}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @remote}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x5}]}, {0x2d, 0x6, "e7da3c8403fae38a6104e8deccdff1af0e8969df3c0c229b39997b184868614ac4430b321889325324"}, {0xc, 0x7, {0x0, 0xeb1aa48f20ecc78b}}, {0xc}}}, @m_skbmod={0x40, 0x12, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x4}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0xe}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_sample={0x12c, 0x2, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0xffffffff}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0xf3}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x7fffffff, 0x4, 0x10000000, 0x132, 0x3}}]}, {0xd5, 0x6, "5585e4978312153aa42f30e46602bd87be41196cb887f6a445019260145eacfc789e0591173e540ea96ddc89cde1312b24d81cd9cf9ddc2ac817e49647559a92bc68922da07ae74d412c68df8f1a425986d1e0fe379e9b66ed2aca073af3aad4e36109274822fbfa834d7a02b3e1fc01841581700abff25ebcfeb38bbb3ee3e0d75898ec65a1ca67c2f06a3b2b9f5eb067c4e21e0deedcf47e3db9cda23dca15b3e34e43e7d7cc1b9201d0e6d45497b608b28ca549f62ba829bfb392018f5c37ab8e7cc7f5221d33e148c986556da3dba5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ctinfo={0xf8, 0x4, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x2}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0xff}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0xfffffffb}]}, {0xb1, 0x6, "b44ebc8afbd2b83e8b5f7f3f7d0f9ec133319134ef3defd0e955c2de28a772eff360adf52781f6dd085cc36ec32f2fd717bf6376b7017fcf2c0d0b598e9ea4ab39c2de02997138177e36932b52ff37b506fcea3b7b6c60b4cc622b24ba03ba4191037d499b7d606770aff5b44285d9dc306ba939b169e30cc5732d7474a7eca83e8296f0b261eb3c36c6818ab676368e47f34f380c89aed92adf458308899021a4b195c89b32d822f9e62e8a2f"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x21bc45d1731da350}}}}, @m_nat={0x84, 0x9, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x63, 0x7fffffff, 0x3, 0x7fffffff, 0x10001}, @rand_addr=0x64010100, @remote, 0x0, 0x1}}]}, {0x31, 0x6, "fe35d39943ce91b09dd1f3de669aa5f77dd8fda92b8ff94b4d8703845cfc57e688cc3c24fe5cf2725c4c2562ec"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}]}, @TCA_ROUTE4_ACT={0x3c, 0x6, [@m_vlan={0x38, 0x13, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}, @TCA_ROUTE4_POLICE={0x4}]}}]}, 0x520}, 0x1, 0x0, 0x0, 0x81}, 0x8000)
r1 = socket(0x10, 0x803, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x3a1}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8)
write$dsp(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x19, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r5 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r6=>0x0}, &(0x7f0000cab000)=0xa)
setresuid(0x0, r6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000071102800000000001f010000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x6, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

23.683577476s ago: executing program 0 (id=545):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup(r0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0xe501, 0x3, 0x208, 0xb8, 0xa, 0x1000000, 0x0, 0x0, 0x170, 0x230, 0x230, 0x170, 0x223, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x20c49a, 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x20c49a, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268)
syz_usb_connect(0x0, 0x3d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100004e826d4094225a4241d10102030109022b00010400000009040000026964c200090504060000000000070556"], 0x0)
r2 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0), 0xc, &(0x7f0000000300)={&(0x7f0000000480)={0x398, r2, 0x300, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0xc4, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9197}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xbd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd88}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_SOCK={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffffe}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x200}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8000}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x671}]}, @TIPC_NLA_NODE={0x1a0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x40, 0x4, {'gcm(aes)\x00', 0x18, "5d0031d3efa79190b83a65167db7e0f3ffeb60cc14c7a86b"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0xf4, 0x3, "f49fdacfe26111a8eaac198c70091afb2ac6089d1625a4e44327635b777f1e63531b770f88b17221e19073129cf4afd598cf0801731cb567c81435d020d012c5a60de1c5f75622d625e425413b4b8a63d1d84698cccce4acd678988ae47fbf466a5edc3cbebb2516b0a70261c8c0a70181ba6cd30d0fe0dae3ddc8b874a5555a8872753407674e50a95746439475597da28334283cf68e6620452ce698314bbf9bf027cdb42b551464d44ddeb91e52ca6a191822747a768f1572af6df50dc43708f351d227f895a3ecf5fe76b14f509bf385735e16670a3233dab9cf75c0878f477e141d6191147b1c897f8736f39cce"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_KEY={0x4b, 0x4, {'gcm(aes)\x00', 0x23, "95be3ef8e5612445049a74d98fbc01c8c3f2cdc8423d187df2b6ba42d5d12cf677be57"}}]}, @TIPC_NLA_BEARER={0x3c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @broadcast}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xa}}}}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x400}]}, @TIPC_NLA_LINK={0x44, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x84}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_BEARER={0x38, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @broadcast}}, {0x14, 0x2, @in={0x2, 0x4e22, @rand_addr=0x64010102}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x40}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}]}]}, 0x398}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r2, 0x0, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4e}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x8001)
r3 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$sock_int(r5, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4)
shutdown(r4, 0x1)
recvmmsg(r5, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/26, 0x1a}, 0x3}], 0x1, 0x0, 0x0)
ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000180)={0x7, @sdr={0x3234564e, 0x581}})

22.938730448s ago: executing program 1 (id=547):
r0 = syz_usb_connect$uac1(0x2, 0xa5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029300030100000009040000000101"], 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, &(0x7f0000000080)={0x40, 0x5, 0x7e, {0x7e, 0x24, "30e2abf589ec78e733dce1ac4027dc9dd96fa00961bf41e35f43e51c0e0fdfc917c5fa9077cbf99974dcd25975acd4d08afa0b18cd80f4a5754ca90f05f988eb6b32c912fdb2ab1af715de18cae6d0a3a97f0648441888ff4fa31dcbd88d601879b6b0beb69a84e9a5eb21193c76f1c2d6e359b42c416470ddc24c02"}}, &(0x7f0000000140)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000002c0)={0x1c, &(0x7f00000001c0)={0x0, 0x10, 0x1a, "20dbdad4847cc12b52f5ed36684446566643c6247658fd9c8b02"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0xe}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x4}})

22.284030075s ago: executing program 4 (id=548):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x84}, 0x0)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x9003000000000000, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x178, 0x178, 0x178, 0x178, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond, 0x0, 0x158, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "d9d9e63590ab5471c46924e95540949f0cd7e2b0a94d71d9d944acb7f0a1297674a95b30cee19db4c1725572ba928385b1635c89b58ae9a0e1ea500b26f006da3fa8a134552f7980e92de5a784cd4f46e799e191835d7d5ea776f04bef524e22f0bb6ed4b00f44ceb936943e13fa1caa6b4b159c673db1efa9a08b1ddc74ce6c", 0x43, 0x3}}, @common=@inet=@socket3={{0x28}, 0x51}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f00000000c0)={@private1}, &(0x7f00000001c0)=0x14)
write(r0, &(0x7f0000000040)="0d000000010001", 0x7)
r7 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x138)
write$binfmt_elf64(r7, 0x0, 0x0)
mknodat$loop(r7, &(0x7f0000001600)='./file1\x00', 0x2000, 0x0)
read$alg(r7, &(0x7f0000000000)=""/46, 0x2e)
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r8, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0xf0, 0x1200, 0x0, 0xd968d5b908ac0cdc, 0x0, {}, {0x3}, {0x4, 0x0, 0x1}, {0x0, 0x0, 0xffe}, 0x0, 0x100, 0x0, 0xd613, 0x0, 0x91f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x1})
r9 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000008, 0x12, r9, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3, &(0x7f0000000080)=0xc, 0xb, 0x4)

21.257324154s ago: executing program 4 (id=550):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000001240)={0x1c, 0x7, 0x6, 0x101, 0xfffffc00, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004040}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000580)={'ip6tnl0\x00', 0x0, 0x29, 0xff, 0x2, 0x7, 0x7a, @private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x43}, 0x8000, 0x7eb89f77c15823af, 0x5, 0x8}})
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r3 = accept4(r2, &(0x7f00000000c0)=@hci, &(0x7f0000000140)=0x80, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r5, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x4000)
sendmsg$NL80211_CMD_ABORT_SCAN(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="000400e07f78d8", @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x40844}, 0x1001)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r7, 0x11b, 0x3, &(0x7f00000001c0)=0x200000, 0x4)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x15, 0x11, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {0x85, 0x0, 0x0, 0x8}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x6, 0x0, 0xb, 0xa}, {0xf}}, [@map_fd={0x18, 0x3, 0x1, 0x0, r9}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_usb_connect$uac1(0x0, 0x11d, &(0x7f0000000580)=ANY=[@ANYBLOB="12014103000000086b1d01014000010203010902"], &(0x7f00000007c0)={0x0, 0x0, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="050f050021"]})
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000080)=0x13)

21.161683082s ago: executing program 3 (id=551):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000440)=""/4095, 0xfff}], 0x1, 0x0, 0x4100}, 0x0)

21.10896805s ago: executing program 2 (id=552):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
userfaultfd(0x801)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r4, r1, 0x25, 0x2, @val=@iter={0x0}}, 0x20)
syz_emit_ethernet(0x2a, &(0x7f0000000340)=ANY=[], 0x0)

20.975560279s ago: executing program 3 (id=553):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r1 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r3}, 0x10)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$UDMABUF_CREATE_LIST(r4, 0x40087543, &(0x7f0000000c00)=ANY=[@ANYBLOB="dedd00f3f2a0"])
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x2)
close(r2)
execveat$binfmt(0xffffffffffffff9c, r1, 0x0, &(0x7f0000000880)={[], 0xf000}, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000000240)=[{0xe, 0x6c, 0xf, 0x3, @tick=0x7, {0x1, 0xe5}, {0x6a, 0x3}, @ext={0xe2, &(0x7f0000000100)="b3c523b9af7a98165d09bb7fb0d5661a6af4b6381deac3a6ed3b4a46b9a3c6b5b8a01cf3e95a0aed18c516cce74b0ec03ba9f0673e1d5fe6ffee12f0234ff31fd3952a16df39d9837eaa44dde89e9cdb9218958b2433fd6333e90d9a264c1f45c5efd9c145a169b375cb3865c7814f2cda01acffe72ac764c464be2c92658199cd51f502b8e0fdadc2d99458739dc892032aff1aa02dc83e505354d830f3e2b6d58d1f08818ea8e761e6adeeda588ef597ec48357eeab5751253d3d439257a7222ab050d27315b0e5d87d494d0810b75fd7f46e2a95c79ac4e7c179d03bdf6924a25"}}, {0x3, 0x8, 0x5, 0x8, @tick=0x8, {0x2, 0x4}, {0x9, 0x7}, @time=@tick=0x6}, {0x11, 0x7, 0x80, 0x3a, @time={0x7, 0x8}, {0x8, 0x8}, {0x4, 0x5}, @connect={{0x7, 0x7}, {0xc3, 0x2}}}, {0x10, 0x1, 0x1, 0x3, @time={0x5, 0x1}, {0x7, 0x82}, {0x0, 0x1}, @connect={{0x6, 0x7}, {0x0, 0x36}}}, {0x4, 0x9, 0x5, 0x7, @tick=0x37f9, {0xf8, 0x1}, {0x0, 0x7f}, @queue={0x40, {0x40, 0x3}}}, {0x8, 0x9b, 0x8, 0x7, @time={0x0, 0x1}, {0x80, 0x5}, {0x9, 0xa2}, @raw8={"e6364201bd33a395bdf965fb"}}, {0x30, 0x4, 0x4, 0x5, @tick=0x9, {0x8, 0x6}, {0x6, 0x6}, @quote={{0x0, 0x40}, 0x2, &(0x7f0000000200)={0x8, 0x5e, 0xff, 0x4, @tick=0xfffff001, {0x30, 0x4}, {0x4, 0x1}, @ext={0x1000, &(0x7f0000000a80)="352c3f7ed030c5c00cd53c62a44ec89e10fad0852be3d38ccc47c231471e7ec6ac03d44a916f5a3add7841a9cb043f386808a5805d576fe86a15e7b922aded8a5178733f415a20d2fb8f444cfe86c434186f269ea008366eeca23106ab8479092d2b55c6437b7a632c0a78c7c2a4de820c3bff6704d3cc9554b510ff1b1e1568497888bc9bf6939cc71607e7abc5f96f6e0bd6d23f3f18933d4047a5a0ba2da6e99295700704d0c3a386db24eb4d231aa14ecafca1faad953a81beb93ce469281c59ab7c9b0afc5fd09e7cedd5682d3f084a1373f76b2df04a894d22e32b231fb7f495740de7ca31dbc3920ca9573598bccdcb26bdfbfe61a86d2d87206d2e6bfb91f5f4119f4b1932e7107e88079a1babdf38f50abb54a9624e228d8454f5539f2f77d2645eb06f7620d8ed98a4338bd2699f274961cbcb7decec44c29317ba3df5e5b0ba8dbf1cd7b54a8c10b0f307d9acf8b0e52ed1cbf87dfab9921eec7b27b5fc6d979bbbe7a5f9b652213e4670435170a6dbb86a1ae4903413538441aec1c51708ab123b347e26acf688e10bcfaff7546143a0a02dde5c3490ff1d04d43c990e1676aa01baa9a2be03e05994052380e22e3595a3bc33e9b9d71b0b72b12b2efa0fd29f621a70bbb2275a92db0fdc9fcf279e15260d599118e6d8e74f64810a0847178d28275546cd8ea43b989e17243ea3b38664a0420c22c2d675f56f4ea2488ad85156fbe18efcc825caa0cee621e6cd0482358906a3d154f2aa4f4cdb9b9a1265795a3eb2be40ea77bc60a69820fec9395efb71c1999254dba5ef84e324dfdf40ffebc759b3e4bb52c873ef4c0e6a0ec9b4f8d0b92e409c904e3e2834192bc8e0aaefdda134df9f085abcfc76f83a28506b28872f682bfd719f05f274189b011636f24792253a001892bca9b66646755f1afba54965dfcea3756b5d48233696bc64729bbc22a83317c3521c446338af1fac19ed5ddaa969875a63c231794626a9b0f9d0c6abb17c7cfa8d7eed2b96fee29e35b6d081bacd456ffb2488655b6b1e32b2ee246079c4acd256bd6f57dc48862f2066679deb6d49d2e18231ac9445a7844907261d310e0ffa9097bd199eea8585e7917c9f4838ad8ff2bc27929d81d800e106278291a7bc20e95896ee0f927e936aa5c8ffe024159adc189b2e950cb10490d63554a53bac113eac52af4a9dda3f619434863a052980346f8142027cae14cd2bb8c9acc8a42a69ea086c0f36843554522cc4c264f3fdad5c2bedca9e8600db9fa80755c3a2a52bd75b143fe563e1026f347f6afd932f4cfa9f9c1700031f36d35b93f2f07f977d450a41d31cc58e306b19b7dc3a51033e7ad241d0cf4adb94bee7132dcaa7cecaa713a11f22de14cadd61fabe0401bda84f44053341111ed3b3dd7c7842ae513faa1bddc79f0cbe5f904a58f178e2b1a793577d6e52f387eac90925a1cbc6ded7050214dbcadb4b407cf1e0f54d1982acbcc5b8287189e7a0584d2ec7a2cb889fcf5bf7b93c97ff0e3a9840696a8e0b846a629f35261fa7bbc0eb968e845fae39f33cd9d1499315a4d2e357177bb1a2808d4e9a3922ef313a4322314f60d0c94f1b90670f07fee39ed3cf8a1d9f72f4774485a37f74afdf7406106dae392054a4467d2ab704fd82729d383a5c316992290efb3bf380e44fa95b22193bbcc6061f99090aabe0b5fcf0f0029c30823ebdc0b15e3509b4c6b46bd19ff856e4950e00b5720c69203a7363c32713109e69adc13fc0aea33558d05c5d039bfbd696be675fb68a7a935c0cc41c18bc4b1cb819af88cd527384047f5a1cb3f38b083c35ceecf68f2d8dff0c7447a4b28f29252aa0087e493a857ad41b0628a35c7247a70199e75cb60b0fbe9e70da07fb0c12c6ad2735b763d86e49ed329b1105163ce5c9f4c23fe7bb563f0d225ed603d85640306aa0d11f79cddd1dcbf01565277641393ea6ed84bea8d6c2b6e26b69fcf0c38577ad2ee9e807dfeac5566031dabf5c4c0e329535fe081a843d06f091c4d4fd6c3f75133768088d59a7f1dd750842a83e7bbe45d8cdbf46e3dee25d1e653dfa75a0db0c8659f58227a8b9ae64d4ada7a7c81e6d6b8ee91b069796625d49e2436b2ca23dabf02116120bcb7cd7b34394841c53ff9407165b3f90dd6e988e06e3b806fbcd8b7eb393e01fb00aaccab3355eb9c9a16f381234ea73d3902edd0c7bafa02dc65f776993cb5c5ad17c37f7f0d1b4aa9d6b189944b27c01e6a75d30f0f7459f1b9dc829e2717bed524aaa5e5270c904fc566f96ceda388a8d89e7c7e37820723092da4240081648ffa1cab72e45337f7c9bfac40e5a0fabe6627fa922fefef6ce5e0ea5492e0fe4aa0d35848f92e16e676a80e8151a8206c0cac0e644c6afad68bc54a5c3da70d39574f0720df1a819465cca7ead603dff095926aac3358d16f768c8fef989060f31beee2e8c160607eb13843d9356f632d74ed7c824ec2d6b9ee21b6e5e221604459b7d9d868ae8575a41a87393b34a4528ae40466da3805846807956c0b762aa182a5e95257dc110a6ae407aa383e2bbe18dea8874e6bdeed35536ed7d068a6c2a74c3ec0c3022ac97e79aebcc57f26f6b70e6e4b82f91634ed2c4e8f5a2b518fcbc3e1b974fadd019affad4edff8a38396f02c40dda3e1c78805beef0ea8e2b1695c61d95cf6fb09fbe91e7b788acc8d728c7f45736c37cb90115cfdf1582b20858aa27aabce65aadda6dcc44ba0917e0b720fb32b6c798d13fd8c9d548b6940bd606a5af3889ee95241293b2e63946d66dcb31a378917938c02aa89c7950526530cf68e301db7a9bb5109ec1b06c71792daeb1b403c434f0d41a642759ad5664b10d3415321fc3a19cea35f39b28079609707b09c5fffb8fc24a36cc3ba528bb30f0e884e962c631133fbf3a9e99bfc97d67590bc658cd97ffa3c2a14b3d9120b53a92303c042a59613f51f3159cecc97357075739d25f588808b0fdd8226f461fb37b69d58291f755e91f28857f23b18bc222d49e4b7a5b98628db50db095e404233723c6a3df8bb0938fd864be1e59f4a241cc35fd350f172725b314e37e440e20b7c60be161e7d19a5a815c16685a66889b1ef05b01f87503503ebfa75b618b15726cfbbbc4ef40d6a6a40ed2431ef39eea1ed0aab9807066539cc82e38e8a124f977d6f70e1533843902ab2436b5e4d9f266e2f7aad8a95b59cdd195167faeb23d4495722c9f71bc307faa5f6e21249852fac4df877ff541ae10636ebe7b877c7d6cb2de46585940f8970a3aae81e1dbb31e11ff592ef912394940adca7db7acf47011cd44e01c3d3719987e14dff87e5f7f5ea8a20d75cf9d740a1ae1884711dd913f902ca101fb9c63481e4b1d8765211ee92dc81170aca9d68a30974e1020e89f95aff1299b12051197c89122cf8d971ee0b57635c19d109562d0e8931de0af71eee2951caa02f47ca6844eee2bf3d9e6586e2f33acba8ffc3774132599821febccc075b1f24af04fc9f8e1cb634f224cab1733454a2ec7913239e9d9e41033ba8d804a7811571edc49910661af957c2f3b52b00f2a02644e845e2d8e600c84af4c3da48446769f13d6e875cd9faae4f30c2e446b783b9178353f6a4528ca488b84b275ab9288f39449a9442b47b81ff5fe2c17068302dd71e75c9fde514abfb5f98c9a0e3f97d3e9b5b227f82c6961f83446be18fb816491c7eee2c6ed2c93919e21493ff8aac2399d11b0ebf8c21ba3913b1fefeb37c8d70871d97c0e70e90a81b05fdc5130e747704af914b6692baef76346f1cc5eb4514e28e9475d62bdd3230b0fd875139126324e995bea2537e8444e3a1d255a00cc9f15ca6ea2a65cae68e966851dcbe3157b5a259ee8bb56bd36471c0d1480fffeff5edce6ee9b72e9f08ba2e3d8d9072b4f5193dd7b25dc69b7c39061a0360b32bfc7d61582665c88119c3a82a98484c064ecb99317fb2b750a4e351a8896b55fbb324a01e31117e0aed01d85421fdfa04b795d5de312e918353d33e512e525bcc28291e5504030f6ec0c414b8bbc0488961e1284b844b0a2aca464446a9965a57fcc31d5aa69aef76b60e630d42c000ff13510075f3f27587126a03f80a6bb26a75b8d3767752ecd82d7947930e4ced212b6f3bb57c28efb0adadf58ee8b7928f53ac8b1c1abd93d7c3c44622e04784ccf6308e2c5bce11b7cc61884a812879b4013d7e06dc8b7777971ef3b19c1be48eaea3252d3c3c546dc31fbd632c6a26d4512a935bfd15aec6c2770b820199196c79181ac7385b9529e66c06481e96f69fb38e4b1be2b97cb4c4de03a6394b3b1b60eb501085b4cb4f740d0e63d3980bb357812521536e7f7368000286479e67e579cfdae50055ec2f7e11668b409b011d93552416e17cd769980b6453c31c16e4dc9e4407bcc706b499d1b6c4eef0a88e7c3ac72913df3fddf5129abba0aac3c8ef49ad17f8f5cba25afcc5e6b66a5364e5b7a38d1a7caab0be6d232c8743a04cfec86d4f0876b2dfa99dd177b0d55b62fb195440517778887a5e91ff0c2752eda1c33f41a22a30d843b5440e393953f3bb12af50e594e7f3dc605102f6b4c24adf1fecfa3886b48b29860db73e299c6b9c46641c2bdce46f63b0d4d06190e12b83e275f9fea7f524fb3193d17d46be0bfb0d8de0e3059dc5ead3f3577120fa1b89594cfd6f613db19866a0595636152c7817c58a7650ab59e5dc6edb2204efb165b17fb0d6cf41d3e528d14a86377e6dc3482ec4ac2ef4e4d9ac5ee41bb3500636d13ce674a80853a2ae1567c4864813524df66a7d75481088420c5f0d2b06f75a056c36ebcb2fe4c146cb1426f6a686ed8f67de2976f0b8b42340e7d4a06f1afacb95e4bbbc000e93ecbe418ed30fd8761d2d615207d58393be568d37f96ebd441364d89b6b9242cece953b85567f4fb0cf2dd5dc9190f6e6a6b286ce4a387744bb8893535b1bfa5dd0585b7ea91f37f3a296645d255ed1f461291bf42b4ab7dac7fbe0351b8d820d694fbd97f41044d81efe80a7928fc8f941647418f203b44c7929e9aef4cd6a37732e748fead50b58f7601978d6d8c4c09c284c753ac4c3dfad44f1c6dabe6e69a33f8b4558e940ebf91d6cc68586145ae0bae2e3afa3e775ee0f67103158db50efe46d8b1253139471ed1f9fe16cdd21a6545eb2ffa1b8feb25e8c2f38c4bc1d96a5dfe718de6e787f26cfa56b3e97e4c3dd02a29eec2056c874683415966eca2abe8182e5ce02602ee277519325a809f840815da5b7ec66ca24ea3858cc6f555a73358de077dae81b4c78a7cb398755697a45e6491f5e995dd726dba843ebe3ac8d68f121af2e2ef848a3000e1bca67810cdf9f1ef61e0060f19edb0ff4f87fd5e8e9e15f9e45d12f185d57ad9407d09f584bd4eae1c2080750a0bae87ac37e3d4fadbd7ce5bec6ebda1f7e96f899ca887615294235b41b45f198902d52025ade53666611a6610a33b960ceab3a222f4e73a12c26846d3351f30c04bbba7145eec2282991bb9ef4f3cef26cae0743bf4447658e852dec6cd17f5c70dda30533d20faa84c82c19d0c43cd4dcca92aa988c61d7d4d6da341fe8200d8ef73f13c0c60e634a10fcbf68858d109728fa701b290eca44d2fbf4d39d05572f69e6c8462f600517a5b90a3a6d24925f806954b151b9805094d7c1e054523833d7bffade107da14c8cd00cedf12bf09dcc50f81f34846219503ca9e9c4dd046f101cafb715c28bb2aee76c2b2dd243a6a08398b6c66310e3500cd2694607b3b8e9e062c66"}}}}, {0x76, 0x9, 0xf6, 0x67, @time={0x76, 0x5}, {0x3, 0xfe}, {0x9, 0x7}, @note={0x5, 0x3, 0x4, 0x6a, 0x3df5}}], 0xe0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x0, 0x1})
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040))
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
syz_open_procfs(0x0, &(0x7f0000000040)='oom_score\x00')

20.939672317s ago: executing program 2 (id=554):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @exit], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000000)='debugfs\x00', 0x200000, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0xfffffeffffff7f7e, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
getsockopt$inet6_buf(r4, 0x29, 0x3d, &(0x7f0000000240)=""/139, &(0x7f0000000000)=0x8b)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = socket$nl_audit(0x10, 0x3, 0x9)
signalfd(r3, &(0x7f0000000340)={[0x1]}, 0x8)
sendmsg$AUDIT_USER_AVC(r6, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000005304000227bd7001fddbdf1129723009bedffa25cebb07"], 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x40024)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r7, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x6b, &(0x7f00000001c0)=[@cr4={0x1, 0x240900}], 0x1)
syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0xf51, 0x0, 0x0, @private2, @local, {[@routing={0x84}], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511948dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a70f3545d020454ded22f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc347d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e3231e8c285add5713592c76c062c3477beb55b279846f04f8d6a5ce2743c6a2020f0c5164953b8dca7e57239dc8a7f507bcf77767ab0b4602437171a09c8e80f5a165c4c37eaae386cfcb927dd1a935fa717fa1608792b34bafbc20cf11a678455894ede62788309ab7a7075535847a2b48260a613e521b01d75648263ad78e6176528dbf3e6c4e4d72066e617be5387183a51dd97d2e846c5d173b51e17a4c8d78a49c914cbe44236c52c78de45b44f9d80bc6f77c75135922a84579bce77baa71311889f5b7b90c5124b8298d5e9c81c442d60df00795854d3213a1ac254c8963c109f68b3ff5451c381f6fb56c116f86b71f988d1e9f732280cbf3d4e9791fefc4bdec5dc293fb77b02d5aab6bd8cd179b7e425126b7f78c0d004bc6470ecc2bbc422bd06a6bd8f717009509e6a88b01347b7a62b9dea6f7a7446a371f422499a6e66eeb6a7b0beb4a86a61f875a9bfe0f5d5f0d0e4c85852afaea97d74ebc80d6491a8a1c998c4b5bc34b3edaeba2df902cd5e14e016720e6c3c8b15287b2471c34251e26dc442720cd5d984e30b110b7370f233f865b9ac129fdf49ff02b303d7d4f91039d3bb58a9d64d7a72d8b8eba6b45a000370d4f0e9c0d411768441372e7112e5d4e7d70a9d6b428b8b85ee6209d6f73e7b024740c052166deeb843e4ab78d1d354d75a5827ff0d49d8964e75785f3594c7299c0917b48f3b2efb81a4c3a7d6e0f1cf50efe0360963c2e3ee390ed2a4c39f42e856eced0f2ee7beacd2ecbece493e911ca0460584323ea6d4a0c00864693c979cae38f0c5841bfaeebf609d1075163c120fea0bd0207d2dd07e5e2e0a5afe3efee0ee6bb9a926a8dba7a27a82c5421a5b20bfb5dbdef532a12435fcd899f15603209831711e0dcfaaf2104b2016f087fce44848c70b65a34b9be83df2064391fc5a8d169dc1943d226e57ab5ba06c656273d4efba73a8a61aae19df4d2445f3ce7e649af1b4ffc86106c9092ddd0aafeb45653d181cb32b06a1dd41573495f15c3b8c0019ba72a2eb163dfcbdbb235322ae27d7116af506f295c2424ab9191aa8ce0e4617b212af21983f8d2b19d7fdeec881f6fa448acc7c3e133b6f281583fad4467c05801e69f6ffc1ae2e1f54655534d884c2f8f60303da33ccbe47a293643edb61c7d9fad4e3e54028bc64be8e5b1da53446869b136660b8e96ff96c48641ece275967b27b291c5c240b3399b5b901b699227735f821938bc88ded45bada2b257b1a4bcab7ed6647f2027e5680c87329e9cfdba6bde2f2a9b676be016001702bebbabb2eae3eba01d6f49ab70245a4c5ef0e136b531e1843487b3f69c5b811217d6d2f5e71b47f40c28117bd09a88bb21887a06e2cc164d4281d0df47cbd5781f1524098d89ccae32f24c5f9d86469106685fdc683ad5e873030b621dc00354e0621106da90aca69bb53848dd57251a45bc1898aca9bc84c9a8d2f8aabeed888560771c8cb03aab02620430fec8e9740880790060ccbffd5b8edaa219ca61587eff1b1b03ae8af53059f121efdec8b3ee8aba06f494a5b4575bc848d5a9773d2346f75811cb82a078fc960c9bd374555d78b1b4ba0b438ef00e8aa75810ca5efc5c70936e2cb0e515912cb7f625a2130a9ad58f29e58ae6eac5c3f15f22f0163ee6dead6947c4390b92c8dfb146fec7bfc0b37e8ff2c9de90c30f2d8b5e334107f9835bc47fbc193c60ebd5ac4e677c7fd5b6261ff96e97c185c726ec02941bc2336946f181fd2aff43f0e95f06105a049fcb8e4e3738407d6356856f533f17fae281a3be9f2050ae3d19d1b8350d424087ac9b7875824a9b7e098775b53d6ec960fc052ecd165d17a7897de75f15316a072bb9ccf6ce1ec085bb5356c271b985a437a32f12308fc927410fd444bcded9859e7b8a3cfaaf29ebfb92cc7cbfad2559bbe4f90e189e8708e93827b221869cc78fa41fd5bcb6577b7dfe4c3927dc25a58aa84419f76e71d1f3c10cbb5e52ab2bebe0d39bdffda0fa1b55fe3a03683f882a82dd58498d62b101acd710fd436aa7409fe3cf5352dffb399d560323e14d564bdb3121b89c1f43fc9a892b799cd32f7ce2ededb868920b4547735ef0bf3e148251a4f65dddb7f96b2f33734522a8cffdc51520ac98926b3406e96618cf15a042a67239e755afc70ec6a9c99f8e08ec2946e5901364d85223a63d49572519137d93b6b0798e72acf9da120e706ee73367dec1450a68def886c149bcd734469e10b933899501011cd548e99d638821d5709fde050ab382d4896ecfd7999d40ea9c690c26d396545224c8f9e19705593df2688eb592e2476a0193f7054ab6f703d41c545a80bf285bbc7cc735bd306c9ea5eb64f40752fd4c741d9b6e03cd41b636ef8f5e810047a21c0b24c6fde1f2e98f2f27730c90d93af9e7564e4e209a61ff626b666fcc4f75f7d560da688169ff0af5e674a0b89a99fb54bb438a65f953c2db0faec2ce09cec33b6d25620b5a0393ac473fed48a38beaca5223997419876d571ce969b83b5b3ae54de83dd89fd92ed2a93c087828bef49a24ed1a97778c47fdc691a94fd5b437dfe494b5c6fadf499d9d15583b0439d3d5ecb61a32a2508a6960be6009accfd1d5d75a16dbc4121c6ef07bda12646792449c18a56e7aa3893f3f0e55a8e09ca64193dd29ea24ed8614ee8e717f046dd99a8e3750506655331125a502aa89c0d7e8e30c36a4be22cd911322695144d3bf034f38ef32d49431d50da583d08a3e4c5862483cdd52d031b12c89fdaafc3334e877e464134baece883d301193a9c27311a987d4dae82a061f48182cc747cd64441e88b68e26e4975f0fdde3129a9e6af80009962581d5349676df9c73b81514b175709d9193749660f480bd4009b528c1db4f76f42b6a175126603c39a374e890f871c97b2eebb4500451d827cc15497dc5ae89edc6f47f25db7efa4b4b2afbbb2ee543e3db8d20fe93faf300247f59075921e8b2f2a025af8a1d46f274e0c6cb4be0293c7c16c88e98d7d189e9733e4c0e3b96be4aa3fa6ecf42732e0b1432d38aeaf2330d92713cd5580ce42bfe47fb98fea64783de23f456300dd193008211a5ba408d32dedbf12aa8237a6e1a2c9890a2c1011855241fea186906a5139d1c300be57dc7ff493de80010520d10fc3eda0ee9cd413e075d3dc02258fdab567a16e43edbeecc366a69d8d75512f43a2b79cbb9132cdcd00c531730d05f1eabf66613d6e7ebb8c4c3f4f7efd415d41049786352808b22a3bde40121968af39c8f00296001662adc72b7963c8bafab4a496b50f3237a29d19ad4a51a62b1c77a04c14004734189cf7ec49e3d041a1e5658d080f09df77f39782e7133968c1f39ab3ae2a5f24a60073288f3c5825dafd614a379b8b905aaf961caa14ffa38de0d632918d31e4a9291b0f0789248e232e4276840a1ed0257300e522d83111dffd424b1b33148981e3794b2b649ba9174e6697bcc96049f4f3dcc7cf4ca97e2006ec8a146014bb49184632e4fb159a34b6530e959e60a6b4e0427cc697f14cfe6bb7a662a6f5012744f3cf2307abc19c58449864d98fcfebc5d598cd32a1c38c207896468fe8da75eb1edb1d6e7cb1eab671e4e92f139c81d79f15df2a2dc075acc982dec769e2f49aad0fdf594cb590e054616e4f4582b6c4a149ae45d844903ef68d211df2a180178e178b7c7a5012ccf8a1e677586588620365e6111f5192ecfdbd97e2284128de02e08ebc13d4bb4d114faa1e6c16c51c12da2c52d68f73640ce866ce4e794b9fafdc392c91c1f824bc301b3069a02b9c86d2ffac3ed63ddee130cbc248d6a3345d3f9553db78077072d569a6633f8bdbdb1a209a8be9b6830225994f9021b57ddd6a44e8ea40b205c6cf437f45bffaef053a5916dcc6de62ee02bdb8ce3acec8ad97fc95dab1307d254790c71f32e4678957cf0121dccabe73a03c6cacbcbdaad8801b04d9836555a982c357a06e2db7e9bf62aed8cdebbb7a71a2410b929015b61f16e54bffd038996a717b9c7cc3696d8a1205e8266bf782c3a45b0e31461d6a3ed62396088833f69248b24fbf6f81dcc08b98826c3bd2325ade54f614f2d4a153e3e3527d93978483f2bfeada6b64bc43f2a725c30e843d13e6ab34cfc38d488b3ef50cd04318fac1f89905f017644cfa2de058ad399871d1316264813c2289d0b6cfeddfbca36ce93fd4a1bfc93bb74453cfbb9c6ca22320ffc9cb0a3fff046a5678c066e617cd3ac024dfead04b99877f448b78208938585c7563efe815ff0cc47da5fff521d9730ddc89f4aeceadd06f2ea6b9ae72c9407aa550a0155db3b4bc6aaa382a30552f699cb6a1af9972a8ccc483f98952dfbde3d712ea8673eacdbb77490d833fc90f0f02e7c073d2917db70831496a88defc10667dc4c1b7399191bdc7857eb090e79c332bf9f71bb5377178e6232800c93d22318dc5ab8d5dfa2f074a6c23acb61c89f2f078ec91e9817e11a4c8295c19634b5ca2df74"}}}}}, 0x0)

19.880214219s ago: executing program 0 (id=555):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000044000000090a090400000000000000000700000008000a4000ffec000900020073797a31000000000900010073797a300000000008000540000000310800084000000001140000001100010000000000000000000084"], 0x8c}}, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r3 = accept(r0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000300), &(0x7f00000002c0)=@tcp6=r3}, 0x47)
r5 = fcntl$getown(r2, 0x9)
timer_create(0x3, &(0x7f0000000000)={0x0, 0x2a, 0x4, @tid=r5}, 0x0)
recvmsg$kcm(r3, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x10100)

19.769865239s ago: executing program 2 (id=556):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x10, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSIFPFLAGS(r6, 0x8934, &(0x7f0000001ac0)={'vcan0\x00', 0x6})
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=r7, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r7, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)="bd", 0x1}], 0x1}}], 0x1, 0x41)

19.746688983s ago: executing program 1 (id=557):
mkdirat(0xffffffffffffffff, 0x0, 0xb)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2a00, 0x180)
openat2(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)={0x301000, 0x80}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002600)=@delchain={0x520, 0x65, 0x2, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x8}, {0x0, 0x9}, {0x6}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @filter_kind_options=@f_route={{0xa}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x6, 0x22}}, @filter_kind_options=@f_route={{0xa}, {0x4cc, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x478, 0x6, [@m_bpf={0xf0, 0x16, 0x0, 0x0, {{0x8}, {0xc8, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_FD={0x8}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x2248, 0x3, 0x10000000, 0x9, 0xf85}}, @TCA_ACT_BPF_OPS={0x24, 0x4, [{0x6, 0x4, 0xb6, 0x6}, {0xaa6, 0x0, 0xff}, {0x8, 0x9a, 0x9}, {0x3, 0x4, 0x6, 0x1}]}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x5}, @TCA_ACT_BPF_FD={0x8}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x6}, @TCA_ACT_BPF_OPS={0x44, 0x4, [{0xe, 0x8f, 0x1, 0x1}, {0x3, 0x7, 0x4, 0xffff}, {0x2ee, 0x7, 0x9}, {0x2, 0x40, 0x3, 0x9}, {0x3, 0x94, 0xc, 0x20000}, {0x6, 0x4, 0xb3, 0x1}, {0x3, 0x51, 0x5, 0x8}, {0x5, 0x5, 0x2, 0x9}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1, 0x9, 0x0, 0x8000, 0x6}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_skbmod={0x9c, 0x6, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x8}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x8, 0x4, 0x3, 0x5d, 0x5}, 0xe}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @remote}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x5}]}, {0x2d, 0x6, "e7da3c8403fae38a6104e8deccdff1af0e8969df3c0c229b39997b184868614ac4430b321889325324"}, {0xc, 0x7, {0x0, 0xeb1aa48f20ecc78b}}, {0xc}}}, @m_skbmod={0x40, 0x12, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x4}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0xe}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_sample={0x12c, 0x2, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0xffffffff}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0xf3}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x7fffffff, 0x4, 0x10000000, 0x132, 0x3}}]}, {0xd5, 0x6, "5585e4978312153aa42f30e46602bd87be41196cb887f6a445019260145eacfc789e0591173e540ea96ddc89cde1312b24d81cd9cf9ddc2ac817e49647559a92bc68922da07ae74d412c68df8f1a425986d1e0fe379e9b66ed2aca073af3aad4e36109274822fbfa834d7a02b3e1fc01841581700abff25ebcfeb38bbb3ee3e0d75898ec65a1ca67c2f06a3b2b9f5eb067c4e21e0deedcf47e3db9cda23dca15b3e34e43e7d7cc1b9201d0e6d45497b608b28ca549f62ba829bfb392018f5c37ab8e7cc7f5221d33e148c986556da3dba5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ctinfo={0xf8, 0x4, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x2}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0xff}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0xfffffffb}]}, {0xb1, 0x6, "b44ebc8afbd2b83e8b5f7f3f7d0f9ec133319134ef3defd0e955c2de28a772eff360adf52781f6dd085cc36ec32f2fd717bf6376b7017fcf2c0d0b598e9ea4ab39c2de02997138177e36932b52ff37b506fcea3b7b6c60b4cc622b24ba03ba4191037d499b7d606770aff5b44285d9dc306ba939b169e30cc5732d7474a7eca83e8296f0b261eb3c36c6818ab676368e47f34f380c89aed92adf458308899021a4b195c89b32d822f9e62e8a2f"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x21bc45d1731da350}}}}, @m_nat={0x84, 0x9, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x63, 0x7fffffff, 0x3, 0x7fffffff, 0x10001}, @rand_addr=0x64010100, @remote, 0x0, 0x1}}]}, {0x31, 0x6, "fe35d39943ce91b09dd1f3de669aa5f77dd8fda92b8ff94b4d8703845cfc57e688cc3c24fe5cf2725c4c2562ec"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}]}, @TCA_ROUTE4_ACT={0x3c, 0x6, [@m_vlan={0x38, 0x13, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}, @TCA_ROUTE4_POLICE={0x4}]}}]}, 0x520}, 0x1, 0x0, 0x0, 0x81}, 0x8000)
r1 = socket(0x10, 0x803, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x3a1}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8)
write$dsp(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x19, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r5 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r6=>0x0}, &(0x7f0000cab000)=0xa)
setresuid(0x0, r6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000071102800000000001f010000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x6, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

18.679403871s ago: executing program 2 (id=558):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
sendmsg$IEEE802154_LLSEC_GETPARAMS(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="01002bbd7000fddbdf252400000008000200", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4840)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
dup2(r0, r3)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)

18.54990243s ago: executing program 3 (id=559):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x1100, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)

18.353046474s ago: executing program 0 (id=560):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000300000001000000", @ANYRES32, @ANYBLOB="0000000000000000020000009ce0670000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x48)
syz_usb_connect$hid(0x1, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x7c0, 0x1125, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8, 0x10, 0x6, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x2, 0x5, {0x9, 0x21, 0x2, 0x80, 0x1, {0x22, 0x772}}, {{{0x9, 0x5, 0x81, 0x3, 0x18, 0x7, 0x6, 0x8}}}}}]}}]}}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @local, 0x9}]}, &(0x7f00000002c0)=0x10) (async)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000001880)={r3, @in={{0x2, 0x4e24, @empty}}, [0x1000000000, 0x2, 0x100, 0x1, 0x2, 0x9, 0x8cfd, 0x9, 0x19, 0xa15, 0x3, 0xc, 0xfffffffffffffff5, 0x5, 0x7]}, &(0x7f0000000080)=0xfc) (async)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = syz_usb_connect$uac1(0x0, 0x11d, &(0x7f0000000580)=ANY=[@ANYBLOB="12014103000000086b1d01014000010203010902"], &(0x7f00000007c0)={0x0, 0x0, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="050f050021"]}) (async)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
dup(r6) (async)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYRESDEC=r5]) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x103000, 0x0)

18.016393019s ago: executing program 3 (id=561):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000100075c0000000e0a01020000000000000000010000000900020073797a3200000000090001007379"], 0xec}, 0x1, 0x0, 0x0, 0x44080}, 0x0)

17.158607531s ago: executing program 1 (id=562):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000500)={'team0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r2, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400], [0x0, 0x8, 0x0, 0x0, 0xf]}}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0x4}]}}]}, 0xac}}, 0x48004)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x27, 0x5, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="6c000000000101040000000000000000020000002c0001801400018008000100e000000108000200ac1414000c000280050001000000000006000340000400002400028014000300000000000000000108000200e00000010c00028005000100000000000800074000000000"], 0x6c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket(0x10, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000180)={'bond0\x00', &(0x7f0000000040)=@ethtool_pauseparam={0x26}})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x38, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)
ioctl$SIOCX25GFACILITIES(r1, 0x89e2, &(0x7f0000000580))
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ_RESET(r4, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000800)=ANY=[@ANYBLOB="b4010000150a01080000000000000000050000040900010073797a3100000000690008003c2560436a4ecee0e0008937b43c59b16838e3d8093fc0144094138f4d3f2e3eb27a8ca371e85e004d45ead228b90ba8ae5e42cd6117d7b8557bcb8bb909bdad9cd8c2227f6cc3946adb9fbad0f903345bca230bf42a572b8f3cd126dabea1309c01d16d300000000900020073797a30000000000800034000000002010108007577b3bbbd29a2932ad89eadbf27e5c285aa3eec19d65e8cefcabbac9a042c8b1c7cfd06a35d0cdd180f54e21255b81abb24622398bc3c76715e36fbc26faaf9794b1142148f394245d53e92576205c55df5e17d1c1e2c6bf9042e15552a172056eb5e08848f9853f5bb6620cb806e97413dfc57c5b19a2a7d2913a58614ad71e95ac990f9e78d7f4d43cb4785d64e1e072be74b622ce9e5519b3caf00c0c86acf6390559d089c141231b32f843e52bc6f462c209bed7ed0ec61cd826842701bbf4244404e1b8dc2a0445de0669ea0e9bf1161f6d49a8da8699bae278e8fbde6ed9fbb432320d5f3ecc54daae1860546fe2438778892ab021d0078e20000000800034000000006080003400000000549fdb38a4eb7127deee0ddb76f5bb3819c5c43ecf42cabf19a14691dd67cfa2d472ad171a0a25d20cc907fb70e989891ddae93419d71515beccbb8d692932ac533972d9557ffb6d830e135796bd7b208ac06fcf56e6fbe6f2553f79cd5880dd7c4ce8d6bf6c79a5a8e7278a6573a0c38a68ee8d7e23865cb571bfd2d8ba0f3c0a7dc12714d633e5f3d9291a0c42a074ed9fd746e2b514cea77d866fb32c4"], 0x1b4}, 0x1, 0x0, 0x0, 0x800}, 0x4040000)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="b568b579164440ef304400000000010104000000000000000002000000240002801409000000000100e000000108000200e00000010c00c62f4ae9010000000000080007400000000004000680"], 0x44}}, 0x0)

17.152826392s ago: executing program 2 (id=563):
r0 = syz_open_dev$video4linux(&(0x7f0000000100), 0x0, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000400)={0x980000, 0x0, 0xfdfdffff, 0xffffffffffffffff, 0x0, 0x0})

17.052965183s ago: executing program 2 (id=564):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
userfaultfd(0x801)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r4, r1, 0x25, 0x2, @val=@iter={0x0}}, 0x20)
syz_emit_ethernet(0x2a, &(0x7f0000000340)=ANY=[], 0x0)

17.05091037s ago: executing program 3 (id=565):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
syz_open_dev$evdev(&(0x7f0000000440), 0x0, 0x100)
socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = getpid()
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = syz_pidfd_open(r1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xe, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180000010000ffe80000000000000000850000042700000085000000a400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000000)={0x3, 0x835, 0x8000000000000000, 0x0, 0x0, 0x0, 0x48a7, 0x10000000}, 0x0, &(0x7f00000000c0)={0x3ff, 0xfff, 0x0, 0x8, 0x3, 0x0, 0x2, 0x100000000004}, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

16.876030855s ago: executing program 4 (id=566):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
open_tree(0xffffffffffffffff, 0x0, 0x89901)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2010000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000840)=@newtaction={0x84, 0x30, 0xffff, 0x0, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x84}}, 0x0)

16.873176125s ago: executing program 1 (id=567):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x37}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000005c0)={{0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0xfe, 0x9, 0x10}, {0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6, 0x0, 0xb}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x2, 0x0, 0x0, 0x3, 0x44, 0xfe, 0xfc}, {0x3000, 0x8000000, 0x0, 0x8, 0x0, 0xfe, 0x9, 0x0, 0x0, 0x0, 0x4}, {0x2000, 0x1, 0xd, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x3c, 0x0, 0xff}, {0x0, 0x3000, 0x0, 0x0, 0x0, 0x3, 0x2}, {0x0, 0x5000, 0xe, 0xfe}, {0xeeee8000, 0x0, 0x0, 0x0, 0x0, 0x8b, 0x0, 0xa, 0x26, 0x8}, {0xdddd0000}, {0xdddd1000, 0x8}, 0xddf8ffdb, 0x0, 0x80a0000, 0x2b, 0x0, 0x3800, 0x0, [0x0, 0x0, 0x1]})

15.697727701s ago: executing program 4 (id=568):
msgget$private(0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x10, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8848}, 0x80)

3.026404018s ago: executing program 32 (id=560):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000300000001000000", @ANYRES32, @ANYBLOB="0000000000000000020000009ce0670000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x48)
syz_usb_connect$hid(0x1, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x7c0, 0x1125, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8, 0x10, 0x6, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x2, 0x5, {0x9, 0x21, 0x2, 0x80, 0x1, {0x22, 0x772}}, {{{0x9, 0x5, 0x81, 0x3, 0x18, 0x7, 0x6, 0x8}}}}}]}}]}}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @local, 0x9}]}, &(0x7f00000002c0)=0x10) (async)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000001880)={r3, @in={{0x2, 0x4e24, @empty}}, [0x1000000000, 0x2, 0x100, 0x1, 0x2, 0x9, 0x8cfd, 0x9, 0x19, 0xa15, 0x3, 0xc, 0xfffffffffffffff5, 0x5, 0x7]}, &(0x7f0000000080)=0xfc) (async)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = syz_usb_connect$uac1(0x0, 0x11d, &(0x7f0000000580)=ANY=[@ANYBLOB="12014103000000086b1d01014000010203010902"], &(0x7f00000007c0)={0x0, 0x0, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="050f050021"]}) (async)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
dup(r6) (async)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYRESDEC=r5]) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x103000, 0x0)

1.986128841s ago: executing program 33 (id=564):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
userfaultfd(0x801)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r4, r1, 0x25, 0x2, @val=@iter={0x0}}, 0x20)
syz_emit_ethernet(0x2a, &(0x7f0000000340)=ANY=[], 0x0)

1.935966957s ago: executing program 34 (id=565):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
syz_open_dev$evdev(&(0x7f0000000440), 0x0, 0x100)
socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = getpid()
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = syz_pidfd_open(r1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xe, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180000010000ffe80000000000000000850000042700000085000000a400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000000)={0x3, 0x835, 0x8000000000000000, 0x0, 0x0, 0x0, 0x48a7, 0x10000000}, 0x0, &(0x7f00000000c0)={0x3ff, 0xfff, 0x0, 0x8, 0x3, 0x0, 0x2, 0x100000000004}, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

1.020743724s ago: executing program 35 (id=567):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x37}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000005c0)={{0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0xfe, 0x9, 0x10}, {0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6, 0x0, 0xb}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x2, 0x0, 0x0, 0x3, 0x44, 0xfe, 0xfc}, {0x3000, 0x8000000, 0x0, 0x8, 0x0, 0xfe, 0x9, 0x0, 0x0, 0x0, 0x4}, {0x2000, 0x1, 0xd, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x3c, 0x0, 0xff}, {0x0, 0x3000, 0x0, 0x0, 0x0, 0x3, 0x2}, {0x0, 0x5000, 0xe, 0xfe}, {0xeeee8000, 0x0, 0x0, 0x0, 0x0, 0x8b, 0x0, 0xa, 0x26, 0x8}, {0xdddd0000}, {0xdddd1000, 0x8}, 0xddf8ffdb, 0x0, 0x80a0000, 0x2b, 0x0, 0x3800, 0x0, [0x0, 0x0, 0x1]})

0s ago: executing program 36 (id=568):
msgget$private(0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x10, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8848}, 0x80)

kernel console output (not intermixed with test programs):

40!!!
[   96.499935][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.664988][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.133741][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.149952][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.283874][ T2893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.329266][ T2893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.422442][ T5943] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   97.658415][   T30] audit: type=1804 audit(1747921014.901:2): pid=5946 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.5" name="/newroot/0/file0" dev="tmpfs" ino=18 res=1 errno=0
[   98.356914][ T5946] ref_ctr_offset mismatch. inode: 0x12 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8
[   98.514100][ T5957] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'.
[   99.025886][ T5946] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1
[   99.037850][ T5946] ref_ctr decrement failed for inode: 0x12 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802a36bc00
[   99.052258][ T5946] uprobe: syz.4.5:5946 failed to unregister, leaking uprobe
[   99.853291][   T30] audit: type=1107 audit(1747921016.941:3): pid=5962 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  100.262472][ T1207] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  100.827802][ T1207] usb 1-1: Using ep0 maxpacket: 32
[  100.841514][ T1207] usb 1-1: too many configurations: 21, using maximum allowed: 8
[  100.877858][ T1207] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  100.924897][ T1207] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  101.041808][ T1207] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  101.510536][   T30] audit: type=1804 audit(1747921018.361:4): pid=5975 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.16" name="/newroot/2/file0" dev="tmpfs" ino=28 res=1 errno=0
[  101.565702][ T1207] usb 1-1: unable to read config index 3 descriptor/start: -71
[  101.583764][ T1207] usb 1-1: can't read configurations, error -71
[  102.588454][ T5975] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1
[  102.604019][ T5975] ref_ctr decrement failed for inode: 0x1c offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802a36b200
[  102.675107][ T5975] uprobe: syz.2.16:5975 failed to unregister, leaking uprobe
[  102.750896][ T5986] kvm: pic: non byte write
[  102.988209][ T5994] netlink: 24 bytes leftover after parsing attributes in process `syz.3.21'.
[  103.366861][ T5994] nbd: socks must be embedded in a SOCK_ITEM attr
[  103.679777][ T5987] udevd[5987]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  103.750692][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  104.436690][ T6009] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (4)
[  105.005941][ T6018] netlink: 24 bytes leftover after parsing attributes in process `syz.1.26'.
[  105.243848][ T6018] nbd: socks must be embedded in a SOCK_ITEM attr
[  105.304400][ T5987] block nbd64: NBD_DISCONNECT
[  106.005155][ T1207] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  107.664980][ T1207] usb 3-1: Using ep0 maxpacket: 32
[  108.069856][ T6051] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.33'.
[  108.087729][ T6051] netlink: zone id is out of range
[  108.093220][ T6051] netlink: zone id is out of range
[  108.098790][ T6051] netlink: zone id is out of range
[  108.104050][ T6051] netlink: zone id is out of range
[  108.109571][ T6051] netlink: get zone limit has 8 unknown bytes
[  108.733922][ T6051] 9pnet_fd: Insufficient options for proto=fd
[  110.637025][   T30] audit: type=1107 audit(1747921027.651:5): pid=6060 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  111.336829][ T1207] usb 3-1: too many configurations: 21, using maximum allowed: 8
[  111.535464][ T5959] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  111.710677][ T5959] usb 5-1: Using ep0 maxpacket: 32
[  111.763261][ T1207] usb 3-1: unable to read config index 0 descriptor/start: -71
[  111.767297][ T5959] usb 5-1: too many configurations: 21, using maximum allowed: 8
[  111.780913][ T1207] usb 3-1: can't read configurations, error -71
[  111.962988][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.009777][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.072988][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.146588][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.179757][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.200373][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.248811][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.287564][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.337288][ T5959] usb 5-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  112.374048][ T5959] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.405133][ T5959] usb 5-1: Product: syz
[  112.409425][ T5959] usb 5-1: Manufacturer: syz
[  112.414052][ T5959] usb 5-1: SerialNumber: syz
[  112.448971][ T5959] usb 5-1: config 0 descriptor??
[  112.506970][ T6083] loop6: detected capacity change from 0 to 524287999
[  112.516506][ T6083] Buffer I/O error on dev loop6, logical block 0, async page read
[  112.524607][ T6083] Buffer I/O error on dev loop6, logical block 0, async page read
[  112.532594][ T6083] Buffer I/O error on dev loop6, logical block 0, async page read
[  112.540711][ T6083] Buffer I/O error on dev loop6, logical block 0, async page read
[  112.548652][ T6083] Buffer I/O error on dev loop6, logical block 0, async page read
[  112.556643][ T6083] Buffer I/O error on dev loop6, logical block 0, async page read
[  112.564600][ T6083] Buffer I/O error on dev loop6, logical block 0, async page read
[  112.572566][ T6083] Buffer I/O error on dev loop6, logical block 0, async page read
[  112.582593][ T6083] ldm_validate_partition_table(): Disk read failed.
[  112.589407][ T6083] Buffer I/O error on dev loop6, logical block 0, async page read
[  112.597418][ T6083] Buffer I/O error on dev loop6, logical block 0, async page read
[  112.605534][ T6083] Dev loop6: unable to read RDB block 0
[  112.611784][ T6083]  loop6: unable to read partition table
[  112.617724][ T6083] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  112.797642][ T5959] usb 5-1: bad CDC descriptors
[  112.859253][ T5959] cdc_acm 5-1:0.0: Zero length descriptor references
[  112.873625][ T5959] cdc_acm 5-1:0.0: probe with driver cdc_acm failed with error -22
[  112.950909][ T5959] usb 5-1: USB disconnect, device number 2
[  113.163064][ T6087] syz.1.40 uses obsolete (PF_INET,SOCK_PACKET)
[  113.566236][ T6091] netlink: 32 bytes leftover after parsing attributes in process `syz.1.40'.
[  113.982622][ T6104] =======================================================
[  113.982622][ T6104] WARNING: The mand mount option has been deprecated and
[  113.982622][ T6104]          and is ignored by this kernel. Remove the mand
[  113.982622][ T6104]          option from the mount to silence this warning.
[  113.982622][ T6104] =======================================================
[  114.062982][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.099185][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.117796][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.156585][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.185105][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.225616][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.255779][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.286573][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.307326][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.351362][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.390841][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.451473][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.480169][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.503303][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.512901][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.525454][ T5959] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  114.554757][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.640211][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.671074][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.716547][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.725617][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.743781][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.781165][ T6104] overlay: Unknown parameter 'fsmagic'
[  114.786969][ T5959] usb 1-1: Using ep0 maxpacket: 32
[  114.799709][ T5959] usb 1-1: too many configurations: 21, using maximum allowed: 8
[  114.820692][ T6127] kvm: pic: non byte write
[  114.845904][ T5959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  114.857539][ T6126] loop6: detected capacity change from 0 to 524287999
[  114.865986][ T6126] ldm_validate_partition_table(): Disk read failed.
[  114.872840][ T6126] Dev loop6: unable to read RDB block 0
[  114.879033][ T6126]  loop6: unable to read partition table
[  114.884944][ T6126] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  115.065513][ T5959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.217046][ T5959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.437868][ T5959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.486973][ T5959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.563584][ T5959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.589104][ T5959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.603323][ T5959] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.621384][ T5959] usb 1-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  115.836614][ T6136] process 'syz.2.52' launched './file0' with NULL argv: empty string added
[  116.362034][ T5959] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.374936][ T5959] usb 1-1: Product: syz
[  116.379162][ T5959] usb 1-1: Manufacturer: syz
[  116.394034][ T5959] usb 1-1: SerialNumber: syz
[  116.596942][ T5959] usb 1-1: config 0 descriptor??
[  116.823293][ T5959] usb 1-1: bad CDC descriptors
[  116.831516][ T5959] cdc_acm 1-1:0.0: Zero length descriptor references
[  116.847242][ T5959] cdc_acm 1-1:0.0: probe with driver cdc_acm failed with error -22
[  116.890290][ T5959] usb 1-1: USB disconnect, device number 4
[  117.906812][ T6149] syz.1.53: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  117.921555][ T6149] CPU: 1 UID: 0 PID: 6149 Comm: syz.1.53 Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) 
[  117.921575][ T6149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  117.921590][ T6149] Call Trace:
[  117.921596][ T6149]  <TASK>
[  117.921605][ T6149]  dump_stack_lvl+0x189/0x250
[  117.921637][ T6149]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.921658][ T6149]  ? __pfx__printk+0x10/0x10
[  117.921682][ T6149]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  117.921707][ T6149]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  117.921739][ T6149]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  117.921765][ T6149]  warn_alloc+0x214/0x310
[  117.921785][ T6149]  ? __pfx_warn_alloc+0x10/0x10
[  117.921800][ T6149]  ? kasan_save_track+0x4f/0x80
[  117.921820][ T6149]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  117.921855][ T6149]  ? xskq_create+0x56/0x170
[  117.921872][ T6149]  ? __x64_sys_setsockopt+0x18b/0x220
[  117.921889][ T6149]  ? do_syscall_64+0xf6/0x210
[  117.921906][ T6149]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.921928][ T6149]  __vmalloc_node_range_noprof+0x125/0x12c0
[  117.921965][ T6149]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  117.921979][ T6149]  ? xskq_create+0x56/0x170
[  117.921997][ T6149]  ? __kasan_kmalloc+0x93/0xb0
[  117.922022][ T6149]  vmalloc_user_noprof+0x74/0x80
[  117.922036][ T6149]  ? xskq_create+0xbf/0x170
[  117.922052][ T6149]  xskq_create+0xbf/0x170
[  117.922070][ T6149]  xsk_init_queue+0xb0/0x110
[  117.922089][ T6149]  xsk_setsockopt+0x43f/0x710
[  117.922106][ T6149]  ? __pfx_xsk_setsockopt+0x10/0x10
[  117.922123][ T6149]  ? __lock_acquire+0xaac/0xd20
[  117.922147][ T6149]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  117.922162][ T6149]  ? __pfx_xsk_setsockopt+0x10/0x10
[  117.922179][ T6149]  do_sock_setsockopt+0x257/0x3e0
[  117.922199][ T6149]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  117.922216][ T6149]  ? __fget_files+0x2a/0x420
[  117.922232][ T6149]  ? __fget_files+0x3a0/0x420
[  117.922244][ T6149]  ? __fget_files+0x2a/0x420
[  117.922262][ T6149]  __x64_sys_setsockopt+0x18b/0x220
[  117.922285][ T6149]  do_syscall_64+0xf6/0x210
[  117.922305][ T6149]  ? clear_bhb_loop+0x60/0xb0
[  117.922322][ T6149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.922335][ T6149] RIP: 0033:0x7f15cb98e969
[  117.922353][ T6149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.922365][ T6149] RSP: 002b:00007f15c97b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  117.922380][ T6149] RAX: ffffffffffffffda RBX: 00007f15cbbb6160 RCX: 00007f15cb98e969
[  117.922390][ T6149] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[  117.922398][ T6149] RBP: 00007f15cba10ab1 R08: 0000000000000052 R09: 0000000000000000
[  117.922407][ T6149] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  117.922415][ T6149] R13: 0000000000000000 R14: 00007f15cbbb6160 R15: 00007fff0d2b4e98
[  117.922437][ T6149]  </TASK>
[  117.922446][ T6149] Mem-Info:
[  118.219913][ T6149] active_anon:260 inactive_anon:8273 isolated_anon:0
[  118.219913][ T6149]  active_file:6393 inactive_file:38456 isolated_file:0
[  118.219913][ T6149]  unevictable:768 dirty:42 writeback:0
[  118.219913][ T6149]  slab_reclaimable:10134 slab_unreclaimable:98154
[  118.219913][ T6149]  mapped:33504 shmem:4215 pagetables:955
[  118.219913][ T6149]  sec_pagetables:0 bounce:0
[  118.219913][ T6149]  kernel_misc_reclaimable:0
[  118.219913][ T6149]  free:1339408 free_pcp:592 free_cma:0
[  118.265075][ T6149] Node 0 active_anon:1040kB inactive_anon:33092kB active_file:25372kB inactive_file:153824kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:134016kB dirty:168kB writeback:0kB shmem:15324kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11180kB pagetables:3820kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  118.298855][ T6149] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  118.331598][ T6149] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  118.358693][ T6149] lowmem_reserve[]: 0 2504 2504 2504 2504
[  118.364463][ T6149] Node 0 DMA32 free:1430768kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:1036kB inactive_anon:33088kB active_file:25280kB inactive_file:153812kB unevictable:1536kB writepending:168kB present:3129332kB managed:2564568kB mlocked:0kB bounce:0kB free_pcp:1980kB local_pcp:1404kB free_cma:0kB
[  118.395114][ T6149] lowmem_reserve[]: 0 0 0 0 0
[  118.399831][ T6149] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:4kB active_file:92kB inactive_file:12kB unevictable:0kB writepending:0kB present:1048580kB managed:112kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  118.427945][ T6149] lowmem_reserve[]: 0 0 0 0 0
[  118.432667][ T6149] Node 1 Normal free:3911504kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:388kB local_pcp:0kB free_cma:0kB
[  118.461660][ T6149] lowmem_reserve[]: 0 0 0 0 0
[  118.466430][ T6149] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  118.479112][ T6149] Node 0 DMA32: 0*4kB 572*8kB (UE) 375*16kB (UE) 35*32kB (UME) 124*64kB (UME) 28*128kB (UME) 14*256kB (UME) 6*512kB (M) 8*1024kB (UM) 8*2048kB (UME) 336*4096kB (M) = 1430704kB
[  118.496691][ T6149] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  118.508189][ T6149] Node 1 Normal: 118*4kB (UE) 53*8kB (UME) 49*16kB (UME) 208*32kB (UME) 83*64kB (UME) 26*128kB (UM) 9*256kB (UME) 12*512kB (UME) 3*1024kB (UME) 4*2048kB (UE) 946*4096kB (M) = 3911504kB
[  118.528338][ T6149] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  118.538421][ T6149] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  118.547760][ T6149] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  118.557425][ T6149] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  118.566741][ T6149] 49060 total pagecache pages
[  118.571431][ T6149] 0 pages in swap cache
[  118.575601][ T6149] Free swap  = 124996kB
[  118.579745][ T6149] Total swap = 124996kB
[  118.583886][ T6149] 2097051 pages RAM
[  118.587719][ T6149] 0 pages HighMem/MovableOnly
[  118.592404][ T6149] 424250 pages reserved
[  118.596579][ T6149] 0 pages cma reserved
[  118.927631][ T6152] sock: sock_timestamping_bind_phc: sock not bind to device
[  120.307552][ T6161] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  120.452214][ T6161] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  121.194775][ T6161] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  121.228526][ T6161] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  121.436042][ T6161] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  121.458304][ T6161] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  121.591469][ T6188] kvm: pic: non byte write
[  121.621761][ T6161] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  121.661244][ T6161] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  122.216510][ T6161] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  122.227897][ T6161] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  122.590953][ T6200] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  123.033979][ T6210] netlink: 404 bytes leftover after parsing attributes in process `syz.3.71'.
[  123.045695][ T5959] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  123.114262][ T6210] netlink: 8 bytes leftover after parsing attributes in process `syz.3.71'.
[  123.124046][    T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  123.179748][ T6211] input: syz0 as /devices/virtual/input/input5
[  123.247689][ T5959] usb 2-1: unable to get BOS descriptor or descriptor too short
[  123.265994][ T5959] usb 2-1: not running at top speed; connect to a high speed hub
[  123.289426][ T5959] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  123.304392][ T5959] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  123.315252][    T9] usb 5-1: Using ep0 maxpacket: 32
[  123.324502][    T9] usb 5-1: too many configurations: 21, using maximum allowed: 8
[  123.338249][ T5959] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  123.347697][ T5959] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.358017][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  123.381277][ T5959] usb 2-1: Product: syz
[  123.386784][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  123.400143][ T5959] usb 2-1: Manufacturer: syz
[  123.404775][ T5959] usb 2-1: SerialNumber: syz
[  123.412104][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  123.431220][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  123.463413][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  123.507956][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  123.568015][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  123.604956][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  123.627089][    T9] usb 5-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  123.636778][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.664298][    T9] usb 5-1: Product: syz
[  123.679643][    T9] usb 5-1: Manufacturer: syz
[  123.698619][    T9] usb 5-1: SerialNumber: syz
[  123.740246][    T9] usb 5-1: config 0 descriptor??
[  123.889312][ T6225] netlink: 48 bytes leftover after parsing attributes in process `syz.2.74'.
[  123.947496][ T6223] netlink: 24 bytes leftover after parsing attributes in process `syz.0.72'.
[  123.967897][    T9] usb 5-1: bad CDC descriptors
[  123.987108][    T9] cdc_acm 5-1:0.0: Zero length descriptor references
[  123.993876][    T9] cdc_acm 5-1:0.0: probe with driver cdc_acm failed with error -22
[  124.017942][    T9] usb 5-1: USB disconnect, device number 3
[  124.391724][ T6234] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  124.404240][ T6234] Cannot find del_set index 0 as target
[  124.478651][ T6227] netlink: 24 bytes leftover after parsing attributes in process `syz.2.74'.
[  124.522578][ T6223] nbd: socks must be embedded in a SOCK_ITEM attr
[  124.571479][ T5987] block nbd64: NBD_DISCONNECT
[  124.752535][ T5959] usb 2-1: 0:2 : does not exist
[  124.884354][ T5959] usb 2-1: unit 4 not found!
[  124.994164][ T5959] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5)
[  125.040590][ T5959] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  125.385031][ T5959] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  125.419233][ T5959] usb 2-1: USB disconnect, device number 2
[  126.332596][ T5881] udevd[5881]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  126.389856][ T6249] sd 0:0:1:0: device reset
[  126.942314][ T6248] netlink: 'syz.3.79': attribute type 1 has an invalid length.
[  127.778123][ T6248] netlink: 'syz.3.79': attribute type 2 has an invalid length.
[  128.157763][ T6258] kvm: pic: non byte write
[  129.163436][   T30] audit: type=1804 audit(1747921046.411:6): pid=6268 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.83" name="/newroot/22/file0" dev="tmpfs" ino=132 res=1 errno=0
[  129.764417][ T6266] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1
[  129.774991][ T6266] ref_ctr decrement failed for inode: 0x84 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802361b200
[  129.786706][ T6266] uprobe: syz.3.83:6266 failed to unregister, leaking uprobe
[  130.265993][ T6287] netlink: 20 bytes leftover after parsing attributes in process `syz.4.89'.
[  130.421712][ T6287] netlink: 32 bytes leftover after parsing attributes in process `syz.4.89'.
[  130.506163][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  131.365409][    T9] usb 3-1: Using ep0 maxpacket: 32
[  131.381994][    T9] usb 3-1: too many configurations: 21, using maximum allowed: 8
[  131.435200][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  131.477115][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  131.510054][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  131.555204][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  131.716954][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  132.078794][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  132.105408][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  132.135998][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  132.168259][    T9] usb 3-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  132.184974][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.203330][    T9] usb 3-1: Product: syz
[  132.213365][    T9] usb 3-1: Manufacturer: syz
[  132.304856][    T9] usb 3-1: SerialNumber: syz
[  132.432424][ T6317] netlink: 184 bytes leftover after parsing attributes in process `syz.3.91'.
[  132.705837][    T9] usb 3-1: config 0 descriptor??
[  132.720968][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  132.728897][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  132.804156][ T6323] xt_socket: unknown flags 0x50
[  133.695847][    T9] usb 3-1: bad CDC descriptors
[  133.753778][    T9] cdc_acm 3-1:0.0: Zero length descriptor references
[  133.933898][    T9] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22
[  133.946612][    T9] usb 3-1: USB disconnect, device number 4
[  135.286460][ T6341] kvm: pic: non byte write
[  135.471473][ T6348] Zero length message leads to an empty skb
[  136.514936][    T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  136.918788][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  137.017222][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  137.391122][    T9] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  137.421745][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.471273][    T9] usb 1-1: config 0 descriptor??
[  137.908803][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  137.991275][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  138.423142][    T9] usb 1-1: USB disconnect, device number 5
[  139.115835][  T978] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  139.152374][ T6400] FAULT_INJECTION: forcing a failure.
[  139.152374][ T6400] name failslab, interval 1, probability 0, space 0, times 1
[  139.205032][ T6400] CPU: 0 UID: 0 PID: 6400 Comm: syz.4.109 Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) 
[  139.205060][ T6400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  139.205071][ T6400] Call Trace:
[  139.205079][ T6400]  <TASK>
[  139.205088][ T6400]  dump_stack_lvl+0x189/0x250
[  139.205136][ T6400]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.205162][ T6400]  ? __pfx__printk+0x10/0x10
[  139.205195][ T6400]  ? trace_fib_table_lookup+0x85/0x200
[  139.205228][ T6400]  should_fail_ex+0x414/0x560
[  139.205254][ T6400]  should_failslab+0xa8/0x100
[  139.205274][ T6400]  kmem_cache_alloc_noprof+0x73/0x3c0
[  139.205303][ T6400]  ? dst_alloc+0x105/0x170
[  139.205328][ T6400]  ? fib_lookup+0x76/0x440
[  139.205356][ T6400]  dst_alloc+0x105/0x170
[  139.205388][ T6400]  ip_route_output_key_hash_rcu+0x140d/0x2330
[  139.205426][ T6400]  ? ip_route_output_key_hash+0xde/0x2e0
[  139.205454][ T6400]  ip_route_output_key_hash+0x1b9/0x2e0
[  139.205483][ T6400]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  139.205526][ T6400]  ? __lock_acquire+0xaac/0xd20
[  139.205557][ T6400]  ip_route_output_flow+0x2a/0x150
[  139.205579][ T6400]  ? security_sk_classify_flow+0x70/0x180
[  139.205604][ T6400]  __ip4_datagram_connect+0x965/0x1230
[  139.205652][ T6400]  udp_connect+0x33/0x1f0
[  139.205678][ T6400]  __sys_connect+0x313/0x440
[  139.205700][ T6400]  ? __fget_files+0x3a0/0x420
[  139.205719][ T6400]  ? __pfx___sys_connect+0x10/0x10
[  139.205789][ T6400]  __x64_sys_connect+0x7a/0x90
[  139.205815][ T6400]  do_syscall_64+0xf6/0x210
[  139.205842][ T6400]  ? clear_bhb_loop+0x60/0xb0
[  139.205867][ T6400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.205886][ T6400] RIP: 0033:0x7f3f4eb8e969
[  139.205912][ T6400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.205928][ T6400] RSP: 002b:00007f3f4fa85038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  139.205949][ T6400] RAX: ffffffffffffffda RBX: 00007f3f4edb5fa0 RCX: 00007f3f4eb8e969
[  139.205964][ T6400] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000003
[  139.205976][ T6400] RBP: 00007f3f4fa85090 R08: 0000000000000000 R09: 0000000000000000
[  139.205988][ T6400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  139.205999][ T6400] R13: 0000000000000000 R14: 00007f3f4edb5fa0 R15: 00007ffc1bdf7148
[  139.206032][ T6400]  </TASK>
[  139.570351][  T978] usb 2-1: Using ep0 maxpacket: 32
[  139.578305][  T978] usb 2-1: too many configurations: 21, using maximum allowed: 8
[  139.587235][  T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.598432][  T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.611132][  T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.627384][  T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.641876][  T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.654100][  T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.666076][  T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.677258][  T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.690090][  T978] usb 2-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  139.699521][  T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.710387][  T978] usb 2-1: Product: syz
[  139.714600][  T978] usb 2-1: Manufacturer: syz
[  139.719730][  T978] usb 2-1: SerialNumber: syz
[  139.737092][  T978] usb 2-1: config 0 descriptor??
[  139.972387][  T978] usb 2-1: bad CDC descriptors
[  140.024718][  T978] cdc_acm 2-1:0.0: Zero length descriptor references
[  140.085137][  T978] cdc_acm 2-1:0.0: probe with driver cdc_acm failed with error -22
[  140.195057][  T978] usb 2-1: USB disconnect, device number 3
[  140.873174][ T1223] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  141.255457][ T1207] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  141.443398][ T6451] tipc: Started in network mode
[  141.464369][ T6451] tipc: Node identity 4, cluster identity 4711
[  141.486938][ T1207] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  141.508720][ T6451] tipc: Node number set to 4
[  141.516648][ T1207] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.528256][ T1207] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  141.537824][ T1207] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.563612][ T1207] usb 3-1: config 0 descriptor??
[  141.705017][   T95] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  141.755761][  T978] kernel write not supported for file /74/loginuid (pid: 978 comm: kworker/0:3)
[  141.875087][   T95] usb 5-1: Using ep0 maxpacket: 32
[  141.923525][   T95] usb 5-1: unable to read config index 0 descriptor/start: -61
[  141.956489][   T95] usb 5-1: can't read configurations, error -61
[  141.997081][ T1207] usbhid 3-1:0.0: can't add hid device: -71
[  142.016947][ T1207] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  142.054553][ T1207] usb 3-1: USB disconnect, device number 5
[  142.200682][ T6465] netlink: 4 bytes leftover after parsing attributes in process `syz.0.128'.
[  142.352013][   T95] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  142.954915][   T95] usb 5-1: Using ep0 maxpacket: 32
[  142.966115][   T95] usb 5-1: unable to read config index 0 descriptor/start: -61
[  142.973804][   T95] usb 5-1: can't read configurations, error -61
[  142.987063][   T95] usb usb5-port1: attempt power cycle
[  143.345304][   T95] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  143.387414][   T95] usb 5-1: Using ep0 maxpacket: 32
[  143.417479][   T95] usb 5-1: unable to read config index 0 descriptor/start: -61
[  143.425472][   T95] usb 5-1: can't read configurations, error -61
[  143.456458][ T6477] kvm: pic: non byte write
[  143.587750][   T95] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  143.619219][   T95] usb 5-1: Using ep0 maxpacket: 32
[  143.630542][   T95] usb 5-1: unable to read config index 0 descriptor/start: -61
[  143.647852][   T95] usb 5-1: can't read configurations, error -61
[  143.669278][   T95] usb usb5-port1: unable to enumerate USB device
[  143.733269][ T6482] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  143.764927][    T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  143.915044][    T9] usb 3-1: Using ep0 maxpacket: 32
[  143.922927][    T9] usb 3-1: too many configurations: 21, using maximum allowed: 8
[  143.932161][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.943661][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.955658][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.968035][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.980182][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.991333][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  144.002519][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  144.014562][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  144.030361][    T9] usb 3-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  144.039937][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.048028][    T9] usb 3-1: Product: syz
[  144.052570][    T9] usb 3-1: Manufacturer: syz
[  144.057453][    T9] usb 3-1: SerialNumber: syz
[  144.065256][ T5885] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  144.065433][    T9] usb 3-1: config 0 descriptor??
[  144.095020][   T95] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  144.229607][ T5885] usb 2-1: Using ep0 maxpacket: 16
[  144.237943][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  144.251814][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.287406][ T5885] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  144.301521][ T5885] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  144.301548][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.324049][ T5885] usb 2-1: config 0 descriptor??
[  144.325494][   T95] usb 4-1: unable to get BOS descriptor or descriptor too short
[  144.329373][   T95] usb 4-1: unable to read config index 0 descriptor/start: -71
[  144.329438][   T95] usb 4-1: can't read configurations, error -71
[  144.399692][    T9] usb 3-1: bad CDC descriptors
[  144.414297][ T6490] netlink: 8 bytes leftover after parsing attributes in process `syz.0.136'.
[  144.416187][    T9] cdc_acm 3-1:0.0: Zero length descriptor references
[  144.462456][    T9] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22
[  144.492171][ T6490] netlink: 'syz.0.136': attribute type 10 has an invalid length.
[  144.500361][ T6490] netlink: 40 bytes leftover after parsing attributes in process `syz.0.136'.
[  144.505057][    T9] usb 3-1: USB disconnect, device number 6
[  144.590646][ T6490] team0: Port device geneve0 added
[  144.768539][ T5885] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  144.793430][ T5885] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0001/input/input6
[  144.831469][ T6499] 9pnet_fd: Insufficient options for proto=fd
[  144.893185][ T5885] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  144.979937][ T6484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.016715][ T6484] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.173995][ T6505] netlink: 108 bytes leftover after parsing attributes in process `syz.3.140'.
[  145.183235][ T6505] block nbd0: Unsupported socket: shutdown callout must be supported.
[  145.508524][ T6509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.517565][ T6509] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  146.055972][ T6511] netlink: 92 bytes leftover after parsing attributes in process `syz.2.142'.
[  146.098473][ T1207] usb 2-1: reset high-speed USB device number 4 using dummy_hcd
[  146.347926][ T6519] kvm: pic: non byte write
[  146.388869][   T95] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  146.746102][   T95] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  146.757315][   T95] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  146.767260][   T95] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  146.777753][   T95] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.790018][   T95] usb 5-1: config 0 descriptor??
[  146.905194][ T6526] xt_socket: unknown flags 0x50
[  146.917880][ T6526] Bluetooth: MGMT ver 1.23
[  147.640246][ T6514] warning: `syz.4.145' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  147.794348][ T6527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  147.852962][ T6527] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.920046][ T1223] usb 2-1: USB disconnect, device number 4
[  149.350688][   T95] usbhid 5-1:0.0: can't add hid device: -71
[  149.370063][   T95] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  149.381397][   T95] usb 5-1: USB disconnect, device number 8
[  149.487352][ T6547] netlink: 8 bytes leftover after parsing attributes in process `syz.2.153'.
[  149.601971][ T6550] netlink: 'syz.2.153': attribute type 10 has an invalid length.
[  149.704978][ T6550] netlink: 40 bytes leftover after parsing attributes in process `syz.2.153'.
[  149.934631][ T1223] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  150.715109][   T30] audit: type=1107 audit(1747921067.381:7): pid=6548 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  152.764922][ T1223] usb 2-1: Using ep0 maxpacket: 32
[  152.839659][ T6550] team0: Port device geneve0 added
[  152.894989][ T1223] usb 2-1: too many configurations: 21, using maximum allowed: 8
[  152.974972][ T1223] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  152.998965][ T1223] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.176615][ T1223] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.210889][ T1223] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.211976][ T1223] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.212898][ T1223] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.213865][ T1223] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.256184][ T1223] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.259976][ T1223] usb 2-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  153.260006][ T1223] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.260027][ T1223] usb 2-1: Product: syz
[  153.260050][ T1223] usb 2-1: Manufacturer: syz
[  153.260066][ T1223] usb 2-1: SerialNumber: syz
[  153.264791][ T1223] usb 2-1: config 0 descriptor??
[  153.378429][ T6563] kvm: pic: non byte write
[  153.425098][ T6568] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  153.480847][ T1223] usb 2-1: bad CDC descriptors
[  153.503113][ T1223] cdc_acm 2-1:0.0: Zero length descriptor references
[  153.527132][ T1223] cdc_acm 2-1:0.0: probe with driver cdc_acm failed with error -22
[  153.545013][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  153.554957][ T1223] usb 2-1: USB disconnect, device number 5
[  153.708470][    T9] usb 1-1: Using ep0 maxpacket: 16
[  153.723922][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  153.739069][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  153.754144][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  154.222422][    T9] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  154.231709][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.244253][    T9] usb 1-1: config 0 descriptor??
[  154.274932][ T1207] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  154.445183][ T1207] usb 5-1: Using ep0 maxpacket: 16
[  154.466670][ T1207] usb 5-1: config 0 has an invalid interface number: 156 but max is 0
[  154.488147][ T1207] usb 5-1: config 0 has no interface number 0
[  154.507029][ T1207] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 7
[  154.635022][ T1207] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  154.659467][ T1207] usb 5-1: New USB device found, idVendor=08ca, idProduct=3103, bcdDevice= 1.00
[  154.672764][ T1207] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.687862][ T1207] usb 5-1: Product: syz
[  154.690393][    T9] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  154.692592][ T1207] usb 5-1: Manufacturer: syz
[  154.713072][ T1207] usb 5-1: SerialNumber: syz
[  154.779836][ T6592] netlink: 28 bytes leftover after parsing attributes in process `syz.2.167'.
[  155.090863][ T1207] usb 5-1: config 0 descriptor??
[  155.095666][ T6565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  155.278012][ T1207] usb-storage 5-1:0.156: USB Mass Storage device detected
[  155.279003][    T9] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0002/input/input7
[  155.303660][ T6565] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.463324][ T6574] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  155.472350][ T6574] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.768531][ T6597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  155.783281][ T6597] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  156.256647][ T1207] usb-storage 5-1:0.156: Quirks match for vid 08ca pid 3103: 20
[  156.306898][    T9] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  156.713776][    T9] usb 1-1: reset high-speed USB device number 6 using dummy_hcd
[  156.925547][ T1207] usb 5-1: USB disconnect, device number 9
[  157.354984][ T5912] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  157.527562][ T5912] usb 3-1: not running at top speed; connect to a high speed hub
[  157.562993][ T5912] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  157.579235][ T5912] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  157.589194][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.601483][ T6614] delete_channel: no stack
[  157.608160][ T5912] usb 3-1: Product: 釫䤹㢓�⓸㪗᫺⤇解�삭桱쿭簄�螎鼯몓
[  157.634192][ T5912] usb 3-1: Manufacturer: ј
[  157.639176][ T5912] usb 3-1: SerialNumber: �摕Œ�剭芸㊺檠◻੘鲡錒�涂씤䆼ꈉ뱰溴屑賔�䶎㷕ݲ䭂ᡱ륔�㕮騣ᘴ�퉇ᘠℕꎜЋښ䦂次⽉궎ሉ질ꡲㅺ顗曷�扺垱귌㋚呓럢畎ꀒꓩ붺㱆ᦲ鴂씎㓨Ꜣ�뙤�旽淌
[  158.876313][ T5912] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found
[  158.883174][ T5912] cdc_ncm 3-1:1.0: bind() failure
[  158.901321][   T95] usb 1-1: USB disconnect, device number 6
[  159.132081][ T5912] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  159.139026][ T5912] cdc_ncm 3-1:1.1: bind() failure
[  159.168063][ T5912] usb 3-1: USB disconnect, device number 7
[  159.466391][ T6632] FAULT_INJECTION: forcing a failure.
[  159.466391][ T6632] name failslab, interval 1, probability 0, space 0, times 0
[  159.475280][ T5959] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  159.485528][ T6632] CPU: 1 UID: 0 PID: 6632 Comm: syz.1.177 Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) 
[  159.485556][ T6632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.485569][ T6632] Call Trace:
[  159.485577][ T6632]  <TASK>
[  159.485586][ T6632]  dump_stack_lvl+0x189/0x250
[  159.485633][ T6632]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.485661][ T6632]  ? __pfx__printk+0x10/0x10
[  159.485699][ T6632]  ? __pfx___might_resched+0x10/0x10
[  159.485729][ T6632]  ? fs_reclaim_acquire+0x7d/0x100
[  159.485758][ T6632]  should_fail_ex+0x414/0x560
[  159.485785][ T6632]  should_failslab+0xa8/0x100
[  159.485824][ T6632]  __kmalloc_noprof+0xcb/0x4f0
[  159.485854][ T6632]  ? kfree+0x4d/0x440
[  159.485880][ T6632]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  159.485916][ T6632]  tomoyo_realpath_from_path+0xe3/0x5d0
[  159.485947][ T6632]  ? tomoyo_domain+0xda/0x130
[  159.485983][ T6632]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  159.486007][ T6632]  tomoyo_path_number_perm+0x1e8/0x5a0
[  159.486034][ T6632]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  159.486079][ T6632]  ? __lock_acquire+0xaac/0xd20
[  159.486129][ T6632]  ? __fget_files+0x2a/0x420
[  159.486154][ T6632]  ? __fget_files+0x3a0/0x420
[  159.486172][ T6632]  ? __fget_files+0x2a/0x420
[  159.486197][ T6632]  security_file_ioctl+0xcb/0x2d0
[  159.486225][ T6632]  __se_sys_ioctl+0x47/0x170
[  159.486256][ T6632]  do_syscall_64+0xf6/0x210
[  159.486285][ T6632]  ? clear_bhb_loop+0x60/0xb0
[  159.486312][ T6632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.486332][ T6632] RIP: 0033:0x7f15cb98e969
[  159.486351][ T6632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.486368][ T6632] RSP: 002b:00007f15c97f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  159.486390][ T6632] RAX: ffffffffffffffda RBX: 00007f15cbbb5fa0 RCX: 00007f15cb98e969
[  159.486406][ T6632] RDX: 0000200000000080 RSI: 0000000000008982 RDI: 0000000000000003
[  159.486418][ T6632] RBP: 00007f15c97f6090 R08: 0000000000000000 R09: 0000000000000000
[  159.486431][ T6632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.486444][ T6632] R13: 0000000000000000 R14: 00007f15cbbb5fa0 R15: 00007fff0d2b4e98
[  159.486477][ T6632]  </TASK>
[  159.486486][ T6632] ERROR: Out of memory at tomoyo_realpath_from_path.
[  159.555704][   T95] usb 1-1: new low-speed USB device number 7 using dummy_hcd
[  159.644938][ T5959] usb 5-1: Using ep0 maxpacket: 32
[  159.822990][ T5959] usb 5-1: too many configurations: 21, using maximum allowed: 8
[  159.832016][   T95] usb 1-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 1024, setting to 8
[  159.842959][   T95] usb 1-1: config 0 interface 0 has no altsetting 0
[  159.851527][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  159.862635][   T95] usb 1-1: New USB device found, idVendor=056e, idProduct=00ff, bcdDevice= 0.00
[  159.871918][   T95] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.881219][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  159.904613][   T95] usb 1-1: config 0 descriptor??
[  159.909667][ T5912] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  159.919304][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  159.930677][ T6629] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  159.946697][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  160.046201][ T5912] usb 4-1: device descriptor read/64, error -71
[  161.631196][ T5912] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  161.960426][ T6648] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.036894][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  162.089637][ T6648] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.411944][ T6648] Scaler: =================  START STATUS  =================
[  162.512290][ T6648] Scaler: ==================  END STATUS  ==================
[  165.035302][ T5959] usb 5-1: unable to read config index 5 descriptor/start: -71
[  165.043061][ T5959] usb 5-1: can't read configurations, error -71
[  165.657457][   T30] audit: type=1107 audit(1747921535.796:8): pid=6657 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  167.168442][ T6668] netlink: 24 bytes leftover after parsing attributes in process `syz.1.184'.
[  167.686252][ T6668] nbd: socks must be embedded in a SOCK_ITEM attr
[  167.835006][   T95] usbhid 1-1:0.0: can't add hid device: -71
[  167.841087][   T95] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  167.892276][ T5881] block nbd64: NBD_DISCONNECT
[  168.932737][   T95] usb 1-1: USB disconnect, device number 7
[  169.735046][   T30] audit: type=1804 audit(1747921539.926:9): pid=6695 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.190" name="/newroot/26/file0" dev="tmpfs" ino=153 res=1 errno=0
[  170.226020][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  170.253137][ T6695] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1
[  170.292613][ T6695] ref_ctr decrement failed for inode: 0x99 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802743c600
[  170.653810][   T30] audit: type=1107 audit(1747921540.846:10): pid=6698 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  171.126589][ T6695] uprobe: syz.1.190:6695 failed to unregister, leaking uprobe
[  171.486342][ T6705] netlink: 36 bytes leftover after parsing attributes in process `syz.3.192'.
[  172.126415][ T6707] netlink: 48 bytes leftover after parsing attributes in process `syz.4.193'.
[  172.221960][ T6707] netlink: 60 bytes leftover after parsing attributes in process `syz.4.193'.
[  172.232108][ T6707] netlink: 28 bytes leftover after parsing attributes in process `syz.4.193'.
[  172.246224][ T6709] capability: warning: `syz.3.195' uses deprecated v2 capabilities in a way that may be insecure
[  173.877896][ T6727] netlink: 24 bytes leftover after parsing attributes in process `syz.4.200'.
[  173.885000][ T1207] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  174.534944][   T95] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  174.588570][ T1207] usb 4-1: device descriptor read/64, error -71
[  174.874714][   T30] audit: type=1107 audit(1747921545.006:11): pid=6732 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  175.474975][   T95] usb 3-1: Using ep0 maxpacket: 32
[  175.488505][   T95] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.520486][ T1207] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  175.626960][ T6727] nbd: socks must be embedded in a SOCK_ITEM attr
[  175.640461][   T95] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.662910][ T5881] block nbd64: NBD_DISCONNECT
[  175.672192][   T95] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  175.694894][   T95] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.828239][ T1207] usb 4-1: device descriptor read/64, error -71
[  175.890151][   T95] usb 3-1: config 0 descriptor??
[  176.540742][ T1207] usb usb4-port1: attempt power cycle
[  176.751783][ T6745] fuseblk: Unknown parameter 'appraise'
[  177.342084][   T95] usbhid 3-1:0.0: can't add hid device: -71
[  177.371726][   T95] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  177.392054][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  177.483424][ T6759] netlink: 8 bytes leftover after parsing attributes in process `syz.3.207'.
[  177.494144][ T6759] netlink: 72 bytes leftover after parsing attributes in process `syz.3.207'.
[  177.635262][   T95] usb 3-1: USB disconnect, device number 8
[  179.440103][ T6783] netlink: 44 bytes leftover after parsing attributes in process `syz.0.213'.
[  180.898153][ T6794] FAULT_INJECTION: forcing a failure.
[  180.898153][ T6794] name fail_futex, interval 1, probability 0, space 0, times 1
[  180.979207][ T6794] CPU: 0 UID: 0 PID: 6794 Comm: syz.1.215 Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) 
[  180.979236][ T6794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  180.979247][ T6794] Call Trace:
[  180.979255][ T6794]  <TASK>
[  180.979263][ T6794]  dump_stack_lvl+0x189/0x250
[  180.979298][ T6794]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.979324][ T6794]  ? __pfx__printk+0x10/0x10
[  180.979350][ T6794]  ? pipe_wait_readable+0x240/0x410
[  180.979378][ T6794]  ? do_syscall_64+0xf6/0x210
[  180.979406][ T6794]  should_fail_ex+0x414/0x560
[  180.979423][ T6794]  get_futex_key+0x17d/0xe10
[  180.979454][ T6794]  ? look_up_lock_class+0x74/0x170
[  180.979474][ T6794]  ? __pfx_get_futex_key+0x10/0x10
[  180.979498][ T6794]  ? __lock_acquire+0xaac/0xd20
[  180.979521][ T6794]  futex_wake+0xf8/0x500
[  180.979542][ T6794]  ? __pfx_futex_wake+0x10/0x10
[  180.979570][ T6794]  do_futex+0x395/0x420
[  180.979588][ T6794]  ? __pfx_do_futex+0x10/0x10
[  180.979604][ T6794]  ? __might_fault+0xb0/0x130
[  180.979627][ T6794]  mm_release+0x188/0x390
[  180.979641][ T6794]  ? __pfx_mm_release+0x10/0x10
[  180.979652][ T6794]  ? lockdep_hardirqs_on+0x9c/0x150
[  180.979677][ T6794]  exit_mm+0xa8/0x2c0
[  180.979695][ T6794]  ? __pfx_exit_mm+0x10/0x10
[  180.979710][ T6794]  ? taskstats_exit+0x43c/0xa30
[  180.979724][ T6794]  ? do_exit+0x577/0x2550
[  180.979740][ T6794]  ? seccomp_filter_release+0xe3/0x120
[  180.979762][ T6794]  do_exit+0x859/0x2550
[  180.979784][ T6794]  ? do_raw_spin_lock+0x121/0x290
[  180.979799][ T6794]  ? __pfx_do_exit+0x10/0x10
[  180.979815][ T6794]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  180.979841][ T6794]  do_group_exit+0x21c/0x2d0
[  180.979857][ T6794]  ? lockdep_hardirqs_on+0x9c/0x150
[  180.979876][ T6794]  get_signal+0x125e/0x1310
[  180.979912][ T6794]  arch_do_signal_or_restart+0x95/0x780
[  180.979936][ T6794]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  180.979967][ T6794]  ? local_irq_enable_exit_to_user+0x5/0x10
[  180.979989][ T6794]  syscall_exit_to_user_mode+0x8b/0x120
[  180.980007][ T6794]  do_syscall_64+0x103/0x210
[  180.980026][ T6794]  ? clear_bhb_loop+0x60/0xb0
[  180.980055][ T6794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.980068][ T6794] RIP: 0033:0x7f15cb98e969
[  180.980080][ T6794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.980090][ T6794] RSP: 002b:00007f15c97d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  180.980104][ T6794] RAX: fffffffffffffe00 RBX: 00007f15cbbb6080 RCX: 00007f15cb98e969
[  180.980114][ T6794] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000006
[  180.980121][ T6794] RBP: 00007f15c97d5090 R08: ffffffffffff8000 R09: 0000000000000000
[  180.980130][ T6794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  180.980137][ T6794] R13: 0000000000000000 R14: 00007f15cbbb6080 R15: 00007fff0d2b4e98
[  180.980157][ T6794]  </TASK>
[  181.925027][   T95] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  182.125280][ T6809] netlink: 24 bytes leftover after parsing attributes in process `syz.2.220'.
[  182.194948][   T95] usb 1-1: Using ep0 maxpacket: 32
[  182.204208][   T95] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  182.404881][   T95] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  182.489632][   T95] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  182.499327][   T95] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.586141][   T95] usb 1-1: config 0 descriptor??
[  182.645937][ T6816] netlink: 'syz.3.221': attribute type 3 has an invalid length.
[  182.675744][ T6809] nbd: socks must be embedded in a SOCK_ITEM attr
[  182.713220][ T6813] netlink: 16 bytes leftover after parsing attributes in process `syz.3.221'.
[  183.772768][   T95] ft260 0003:0403:6030.0003: unknown main item tag 0x0
[  183.876139][   T95] ft260 0003:0403:6030.0003: chip code: 0000 0000
[  184.011821][ T6828] netlink: 8 bytes leftover after parsing attributes in process `syz.1.224'.
[  184.021594][ T6828] netlink: 48 bytes leftover after parsing attributes in process `syz.1.224'.
[  184.112954][   T95] ft260 0003:0403:6030.0003: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.0-1/input0
[  184.498890][   T95] ft260 0003:0403:6030.0003: failed to retrieve status: -32, no wakeup
[  184.552412][   T95] ft260 0003:0403:6030.0003: failed to retrieve status: -71
[  184.605155][   T95] ft260 0003:0403:6030.0003: failed to reset I2C controller: -71
[  184.632819][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  184.681569][   T95] usb 1-1: USB disconnect, device number 8
[  184.835327][    T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  185.005068][ T1207] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  185.067229][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.095261][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.110938][    T9] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  185.143933][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.171935][ T5959] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  185.312209][    T9] usb 4-1: config 0 descriptor??
[  185.408534][ T5959] usb 3-1: Using ep0 maxpacket: 32
[  185.469342][ T5959] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.483856][ T1207] usb 2-1: Using ep0 maxpacket: 32
[  185.497859][ T5959] usb 3-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  185.568112][ T5959] usb 3-1: config 0 interface 0 has no altsetting 0
[  185.607104][ T5959] usb 3-1: New USB device found, idVendor=258a, idProduct=0033, bcdDevice= 0.00
[  185.691626][ T5959] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.939017][ T5959] usb 3-1: config 0 descriptor??
[  186.058129][    T9] isku 0003:1E7D:319C.0004: unbalanced collection at end of report description
[  186.184251][    T9] isku 0003:1E7D:319C.0004: parse failed
[  186.318875][    T9] isku 0003:1E7D:319C.0004: probe with driver isku failed with error -22
[  186.669145][ T1207] usb 2-1: too many configurations: 21, using maximum allowed: 8
[  186.678702][ T1207] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  186.691348][ T1207] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  186.704331][ T1207] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  186.726110][ T1207] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  186.740889][ T1207] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  186.768643][ T1207] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  186.781058][ T1207] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  186.829308][ T1207] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  186.850347][ T1207] usb 2-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  186.880058][ T5959] glorious 0003:258A:0033.0005: unknown main item tag 0x0
[  186.881182][ T1207] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.895284][ T5959] glorious 0003:258A:0033.0005: unknown main item tag 0x0
[  186.895314][ T5959] glorious 0003:258A:0033.0005: unknown main item tag 0x0
[  186.895339][ T5959] glorious 0003:258A:0033.0005: unknown main item tag 0x0
[  186.895362][ T5959] glorious 0003:258A:0033.0005: unknown main item tag 0x0
[  186.902162][ T5959] glorious 0003:258A:0033.0005: hidraw0: USB HID vff.fc Device [Glorious Model D] on usb-dummy_hcd.2-1/input0
[  186.921505][ T1207] usb 2-1: Product: syz
[  186.954784][ T1207] usb 2-1: Manufacturer: syz
[  186.959663][ T1207] usb 2-1: SerialNumber: syz
[  186.979897][  T978] usb 4-1: USB disconnect, device number 10
[  187.001311][ T1207] usb 2-1: config 0 descriptor??
[  187.131052][ T6842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  187.142327][ T6842] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  187.235183][  T978] usb 3-1: USB disconnect, device number 9
[  187.376073][ T1207] usb 2-1: bad CDC descriptors
[  187.381526][ T1207] cdc_acm 2-1:0.0: Zero length descriptor references
[  187.388438][ T1207] cdc_acm 2-1:0.0: probe with driver cdc_acm failed with error -22
[  187.389658][ T6857] fido_id[6857]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  187.406981][ T1207] usb 2-1: USB disconnect, device number 6
[  188.372017][ T6869] netlink: 380 bytes leftover after parsing attributes in process `syz.3.237'.
[  188.528264][ T6872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.239'.
[  188.636128][ T6872] netlink: 48 bytes leftover after parsing attributes in process `syz.0.239'.
[  189.112811][ T6882] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  189.235181][   T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  189.648772][   T24] usb 2-1: Using ep0 maxpacket: 32
[  189.664334][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.665118][ T6889] sd 0:0:1:0: device reset
[  189.705342][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  190.824718][   T24] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  190.836810][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.889433][   T95] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  190.911907][   T24] usb 2-1: config 0 descriptor??
[  191.670743][   T95] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  191.684892][   T95] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  191.721419][   T95] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  191.750025][   T95] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.869968][   T95] usb 4-1: config 0 descriptor??
[  192.457316][   T95] isku 0003:1E7D:319C.0006: unbalanced collection at end of report description
[  192.534401][   T95] isku 0003:1E7D:319C.0006: parse failed
[  192.597194][   T95] isku 0003:1E7D:319C.0006: probe with driver isku failed with error -22
[  192.784779][   T24] ft260 0003:0403:6030.0007: unknown main item tag 0x0
[  192.870114][   T24] ft260 0003:0403:6030.0007: chip code: 0000 0000
[  192.880312][   T24] ft260 0003:0403:6030.0007: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0
[  192.909940][   T24] ft260 0003:0403:6030.0007: failed to retrieve status: -32, no wakeup
[  192.925385][  T978] usb 4-1: USB disconnect, device number 11
[  193.102597][   T24] ft260 0003:0403:6030.0007: failed to retrieve status: -71
[  193.131210][   T24] ft260 0003:0403:6030.0007: failed to reset I2C controller: -71
[  193.336128][ T6920] netlink: 8 bytes leftover after parsing attributes in process `syz.4.254'.
[  193.373541][ T6918] netlink: 380 bytes leftover after parsing attributes in process `syz.2.253'.
[  193.392943][   T24] usb 2-1: USB disconnect, device number 7
[  193.409781][ T6922] netlink: 'syz.4.254': attribute type 10 has an invalid length.
[  193.528944][ T6922] netlink: 40 bytes leftover after parsing attributes in process `syz.4.254'.
[  193.670034][ T6922] team0: Port device geneve0 added
[  194.476001][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.482355][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  195.314449][   T30] audit: type=1107 audit(1747921565.506:12): pid=6935 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  196.181362][ T6948] xt_socket: unknown flags 0x50
[  196.626483][  T978] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  196.931553][  T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  197.004930][  T978] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  197.032447][  T978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  197.045388][  T978] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  197.083447][  T978] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  198.040505][  T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.428362][  T978] usb 2-1: Product: syz
[  198.432607][  T978] usb 2-1: Manufacturer: syz
[  198.437340][  T978] usb 2-1: SerialNumber: syz
[  198.445233][  T978] usb 2-1: config 0 descriptor??
[  198.453581][  T978] garmin_gps 2-1:0.0: Garmin GPS usb/tty converter detected
[  198.463537][  T978] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8
[  198.480857][  T978] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8
[  198.689346][ T5959] usb 2-1: USB disconnect, device number 8
[  198.735061][ T5959] garmin_gps 2-1:0.0: device disconnected
[  198.809546][ T6960] netlink: 380 bytes leftover after parsing attributes in process `syz.4.265'.
[  198.951406][    T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  199.990959][  T978] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  200.024743][    T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  200.032993][    T9] usb 1-1: config 0 has no interface number 0
[  200.073743][    T9] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  200.097389][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.128790][    T9] usb 1-1: Product: syz
[  200.133005][    T9] usb 1-1: Manufacturer: syz
[  200.154917][  T978] usb 4-1: Using ep0 maxpacket: 32
[  200.178712][  T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  200.200380][    T9] usb 1-1: SerialNumber: syz
[  201.069295][    T9] usb 1-1: config 0 descriptor??
[  201.077163][  T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.264167][  T978] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  201.465011][  T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.611091][ T6980] netlink: 24 bytes leftover after parsing attributes in process `syz.1.271'.
[  201.686900][  T978] usb 4-1: config 0 descriptor??
[  201.926519][    T9] dvb_usb_ec168 1-1:0.1: probe with driver dvb_usb_ec168 failed with error -71
[  201.959218][    T9] usb 1-1: USB disconnect, device number 9
[  202.007760][ T6987] xt_socket: unknown flags 0x50
[  202.556505][  T978] usbhid 4-1:0.0: can't add hid device: -71
[  202.591855][  T978] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  202.617953][  T978] usb 4-1: USB disconnect, device number 12
[  202.668245][ T6980] nbd: socks must be embedded in a SOCK_ITEM attr
[  202.983328][ T6986] netlink: 24 bytes leftover after parsing attributes in process `syz.4.272'.
[  202.992727][ T6986] nbd: device at index 64 is going down
[  204.271946][ T5987] udevd[5987]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  204.797060][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  205.201652][ T7010] netlink: 380 bytes leftover after parsing attributes in process `syz.0.279'.
[  205.963856][ T5959] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  206.434918][ T5959] usb 4-1: Using ep0 maxpacket: 32
[  206.443233][ T5959] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.457860][ T5959] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.472246][ T5959] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  206.545137][ T5959] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.976578][ T5959] usb 4-1: config 0 descriptor??
[  206.994930][   T30] audit: type=1804 audit(1747921577.206:13): pid=7023 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.284" name="/newroot/69/file0" dev="tmpfs" ino=376 res=1 errno=0
[  207.171247][ T7022] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1
[  207.180723][ T7022] ref_ctr decrement failed for inode: 0x178 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888046b6a800
[  207.191925][ T7022] uprobe: syz.4.284:7022 failed to unregister, leaking uprobe
[  207.384136][ T7030] sd 0:0:1:0: device reset
[  207.447082][ T5959] ft260 0003:0403:6030.0008: unknown main item tag 0x0
[  207.521036][   T53] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  207.625704][ T7033] xt_socket: unknown flags 0x50
[  207.675027][   T53] usb 1-1: Using ep0 maxpacket: 32
[  207.738249][   T53] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  207.750905][   T53] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.972401][   T53] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  208.121609][   T53] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.185438][ T5959] ft260 0003:0403:6030.0008: chip code: 0000 0000
[  208.268744][ T5959] ft260 0003:0403:6030.0008: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0
[  208.269269][   T53] usb 1-1: config 0 descriptor??
[  208.478517][ T5959] ft260 0003:0403:6030.0008: failed to retrieve status: -32, no wakeup
[  208.505066][ T5959] ft260 0003:0403:6030.0008: failed to retrieve status: -71
[  208.516580][ T5959] ft260 0003:0403:6030.0008: failed to reset I2C controller: -71
[  209.408182][   T53] ft260 0003:0403:6030.0009: unknown main item tag 0x0
[  209.621979][   T53] ft260 0003:0403:6030.0009: chip code: 0000 0000
[  209.767624][   T53] ft260 0003:0403:6030.0009: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.0-1/input0
[  209.829920][ T5959] usb 4-1: USB disconnect, device number 13
[  209.973517][   T53] ft260 0003:0403:6030.0009: failed to retrieve status: -32, no wakeup
[  210.013649][   T53] ft260 0003:0403:6030.0009: failed to retrieve status: -71
[  210.034715][   T53] ft260 0003:0403:6030.0009: failed to reset I2C controller: -71
[  210.215300][   T53] usb 1-1: USB disconnect, device number 10
[  210.472681][ T7049] netlink: 24 bytes leftover after parsing attributes in process `syz.3.291'.
[  210.958798][ T7049] nbd: socks must be embedded in a SOCK_ITEM attr
[  211.642817][ T6037] block nbd64: NBD_DISCONNECT
[  211.900729][ T7053] netlink: 24 bytes leftover after parsing attributes in process `syz.4.293'.
[  211.909819][ T7053] nbd: device at index 64 is going down
[  213.142130][ T7073] netlink: 12 bytes leftover after parsing attributes in process `syz.2.297'.
[  213.443252][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  213.542293][ T7080] xt_socket: unknown flags 0x50
[  213.558239][ T1207] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  214.194332][ T1207] usb 4-1: config 0 has an invalid interface number: 151 but max is 2
[  214.214990][ T1207] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3
[  214.223905][ T1207] usb 4-1: config 0 has no interface number 0
[  214.234919][ T1207] usb 4-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10
[  214.259020][ T1207] usb 4-1: config 0 interface 151 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  214.283824][ T1207] usb 4-1: Dual-Role OTG device on HNP port
[  214.305025][ T1207] usb 4-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  214.371500][ T7086] sock: sock_timestamping_bind_phc: sock not bind to device
[  214.489204][ T1207] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.502849][ T1207] usb 4-1: Product: syz
[  214.510356][ T1207] usb 4-1: Manufacturer: syz
[  214.518193][ T1207] usb 4-1: SerialNumber: syz
[  214.536602][ T1207] usb 4-1: config 0 descriptor??
[  215.287288][ T7088] sp0: Synchronizing with TNC
[  215.332311][   T30] audit: type=1326 audit(1747921585.566:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.0.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  215.374932][ T1207] usb 4-1: USB disconnect, device number 14
[  215.436633][   T30] audit: type=1326 audit(1747921585.606:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.0.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  215.458227][    C1] vkms_vblank_simulate: vblank timer overrun
[  215.494752][ T7093] nfs: Unknown parameter ''
[  215.521789][ T6070] udevd[6070]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  216.757793][   T30] audit: type=1107 audit(1747921586.906:16): pid=7097 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  217.971413][   T30] audit: type=1804 audit(1747921587.916:17): pid=7109 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.308" name="/newroot/58/file0" dev="tmpfs" ino=323 res=1 errno=0
[  218.193079][ T7109] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1
[  218.202429][ T7109] ref_ctr decrement failed for inode: 0x143 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888034b41e00
[  218.205091][ T5959] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  218.902828][ T7109] uprobe: syz.2.308:7109 failed to unregister, leaking uprobe
[  219.194954][ T5959] usb 2-1: Using ep0 maxpacket: 32
[  219.230365][ T5959] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  219.252281][ T5959] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.275690][ T5959] usb 2-1: Product: syz
[  219.280063][ T5959] usb 2-1: Manufacturer: syz
[  219.284722][ T5959] usb 2-1: SerialNumber: syz
[  219.307612][ T5959] usb 2-1: config 0 descriptor??
[  219.787630][ T5959] airspy 2-1:0.0: Board ID: 00
[  219.792964][ T5959] airspy 2-1:0.0: Firmware version: 
[  220.681157][ T7126] sock: sock_timestamping_bind_phc: sock not bind to device
[  220.811710][ T7104] overlay: ./file0 is not a directory
[  221.763339][ T5959] airspy 2-1:0.0: usb_control_msg() failed -110 request 0e
[  221.780184][ T5959] airspy 2-1:0.0: Registered as swradio24
[  221.880671][ T5959] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  222.185757][ T7140] netlink: 24 bytes leftover after parsing attributes in process `syz.4.317'.
[  222.850176][ T7147] FAULT_INJECTION: forcing a failure.
[  222.850176][ T7147] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  222.863871][ T7147] CPU: 0 UID: 0 PID: 7147 Comm: syz.2.319 Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) 
[  222.863899][ T7147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  222.863910][ T7147] Call Trace:
[  222.863918][ T7147]  <TASK>
[  222.863927][ T7147]  dump_stack_lvl+0x189/0x250
[  222.863956][ T7147]  ? __lock_acquire+0xaac/0xd20
[  222.863986][ T7147]  ? __pfx_dump_stack_lvl+0x10/0x10
[  222.864013][ T7147]  ? __pfx__printk+0x10/0x10
[  222.864043][ T7147]  ? __might_fault+0xb0/0x130
[  222.864085][ T7147]  should_fail_ex+0x414/0x560
[  222.864111][ T7147]  _copy_from_user+0x2d/0xb0
[  222.864140][ T7147]  sk_setsockopt+0x280/0x2940
[  222.864168][ T7147]  ? rcu_read_lock_any_held+0xb3/0x120
[  222.864200][ T7147]  ? __pfx_sk_setsockopt+0x10/0x10
[  222.864226][ T7147]  ? vfs_write+0x8d8/0xa90
[  222.864269][ T7147]  ? __lock_acquire+0xaac/0xd20
[  222.864302][ T7147]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  222.864328][ T7147]  do_sock_setsockopt+0x201/0x3e0
[  222.864358][ T7147]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  222.864381][ T7147]  ? __fget_files+0x2a/0x420
[  222.864404][ T7147]  ? __fget_files+0x3a0/0x420
[  222.864421][ T7147]  ? __fget_files+0x2a/0x420
[  222.864447][ T7147]  __x64_sys_setsockopt+0x18b/0x220
[  222.864480][ T7147]  do_syscall_64+0xf6/0x210
[  222.864506][ T7147]  ? asm_sysvec_call_function_single+0x1a/0x20
[  222.864526][ T7147]  ? clear_bhb_loop+0x60/0xb0
[  222.864550][ T7147]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.864569][ T7147] RIP: 0033:0x7f34f118e969
[  222.864587][ T7147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  222.864603][ T7147] RSP: 002b:00007f34f208a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  222.864622][ T7147] RAX: ffffffffffffffda RBX: 00007f34f13b6160 RCX: 00007f34f118e969
[  222.864637][ T7147] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000004
[  222.864648][ T7147] RBP: 00007f34f208a090 R08: 0000000000000010 R09: 0000000000000000
[  222.864660][ T7147] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[  222.864672][ T7147] R13: 0000000000000000 R14: 00007f34f13b6160 R15: 00007ffe78ad0448
[  222.864709][ T7147]  </TASK>
[  223.535479][ T5959] usb 2-1: USB disconnect, device number 9
[  223.558482][ T7140] nbd: socks must be embedded in a SOCK_ITEM attr
[  226.566452][   T30] audit: type=1107 audit(1747921596.746:18): pid=7159 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  227.569963][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  228.408749][ T7174] sock: sock_timestamping_bind_phc: sock not bind to device
[  229.622973][ T7198] netlink: 12 bytes leftover after parsing attributes in process `syz.3.330'.
[  232.049317][ T7229] sock: sock_timestamping_bind_phc: sock not bind to device
[  232.768808][ T5959] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  232.925033][ T5959] usb 2-1: Using ep0 maxpacket: 16
[  232.944024][ T5959] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  233.008634][ T5959] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  233.028651][ T5959] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  233.042776][ T5959] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.109142][ T5959] usb 2-1: config 0 descriptor??
[  233.326125][ T7222] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  233.363558][ T7222] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.588534][   T30] audit: type=1804 audit(1747921603.796:19): pid=7248 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.345" name="/newroot/70/file0" dev="tmpfs" ino=385 res=1 errno=0
[  233.591896][   T53] usb 2-1: USB disconnect, device number 10
[  233.829442][ T7252] netlink: 12 bytes leftover after parsing attributes in process `syz.0.344'.
[  234.694051][ T7248] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1
[  234.703969][ T7248] ref_ctr decrement failed for inode: 0x181 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff8880330f4600
[  234.736544][ T7248] uprobe: syz.2.345:7248 failed to unregister, leaking uprobe
[  235.554970][   T30] audit: type=1804 audit(1747921605.786:20): pid=7259 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.348" name="/newroot/84/file0" dev="tmpfs" ino=453 res=1 errno=0
[  236.193802][ T7258] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1
[  236.762867][ T7258] ref_ctr decrement failed for inode: 0x1c5 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff8880330f3c00
[  236.773978][ T7258] uprobe: syz.4.348:7258 failed to unregister, leaking uprobe
[  236.908899][ T7277] sock: sock_timestamping_bind_phc: sock not bind to device
[  237.159294][ T7284] netlink: 8 bytes leftover after parsing attributes in process `syz.4.353'.
[  238.575435][ T7303] netlink: 24 bytes leftover after parsing attributes in process `syz.2.358'.
[  238.765037][  T978] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  239.145656][ T7303] nbd: socks must be embedded in a SOCK_ITEM attr
[  239.216370][  T978] usb 5-1: Using ep0 maxpacket: 32
[  239.243331][ T7308] loop6: detected capacity change from 0 to 524287999
[  239.257573][ T7308] buffer_io_error: 24 callbacks suppressed
[  239.257613][ T7308] Buffer I/O error on dev loop6, logical block 0, async page read
[  239.272612][ T7308] Buffer I/O error on dev loop6, logical block 0, async page read
[  239.281853][ T7308] Buffer I/O error on dev loop6, logical block 0, async page read
[  239.291241][ T7308] Buffer I/O error on dev loop6, logical block 0, async page read
[  239.300321][ T7308] Buffer I/O error on dev loop6, logical block 0, async page read
[  239.310418][ T7308] Buffer I/O error on dev loop6, logical block 0, async page read
[  239.319524][ T7308] Buffer I/O error on dev loop6, logical block 0, async page read
[  239.328809][ T7308] Buffer I/O error on dev loop6, logical block 0, async page read
[  239.337431][ T7308] ldm_validate_partition_table(): Disk read failed.
[  239.344595][ T7308] Buffer I/O error on dev loop6, logical block 0, async page read
[  239.359299][ T7308] Buffer I/O error on dev loop6, logical block 0, async page read
[  239.369884][ T7308] Dev loop6: unable to read RDB block 0
[  239.380324][ T7308]  loop6: unable to read partition table
[  239.389284][ T7308] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  239.719561][  T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  239.737046][  T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  239.784895][  T978] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  239.823144][  T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.996707][  T978] usb 5-1: config 0 descriptor??
[  240.245302][ T5959] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  240.277949][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  240.304980][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  240.469678][  T978] ft260 0003:0403:6030.000A: unknown main item tag 0x0
[  240.664901][ T5959] usb 2-1: device descriptor read/64, error -71
[  240.789267][  T978] ft260 0003:0403:6030.000A: chip code: 0000 0000
[  241.302565][  T978] ft260 0003:0403:6030.000A: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.4-1/input0
[  241.335239][ T5959] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  241.355767][ T7320] netlink: 4 bytes leftover after parsing attributes in process `syz.2.362'.
[  241.475024][ T5959] usb 2-1: device descriptor read/64, error -71
[  241.522628][  T978] ft260 0003:0403:6030.000A: failed to retrieve status: -32, no wakeup
[  241.552614][  T978] ft260 0003:0403:6030.000A: failed to retrieve status: -71
[  241.579312][  T978] ft260 0003:0403:6030.000A: failed to reset I2C controller: -71
[  241.635834][ T5959] usb usb2-port1: attempt power cycle
[  241.643807][  T978] usb 5-1: USB disconnect, device number 12
[  241.864464][ T7329] sock: sock_timestamping_bind_phc: sock not bind to device
[  242.025264][ T5959] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  242.058339][ T5959] usb 2-1: device descriptor read/8, error -71
[  242.880707][ T5959] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  243.175753][ T7345] netlink: 8 bytes leftover after parsing attributes in process `syz.0.367'.
[  243.257869][ T5959] usb 2-1: device not accepting address 14, error -71
[  243.277171][ T5959] usb usb2-port1: unable to enumerate USB device
[  243.415830][ T7348] netlink: 12 bytes leftover after parsing attributes in process `syz.1.370'.
[  244.010998][ T7349] netlink: 24 bytes leftover after parsing attributes in process `syz.2.371'.
[  244.767427][ T7349] nbd: socks must be embedded in a SOCK_ITEM attr
[  245.169819][   T30] audit: type=1804 audit(1747921615.236:21): pid=7360 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.375" name="/newroot/88/file0" dev="tmpfs" ino=475 res=1 errno=0
[  246.044488][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  246.098618][ T7360] ref_ctr_offset mismatch. inode: 0x1db offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8
[  246.154475][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  246.225068][ T5912] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  246.240362][ T7360] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1
[  246.289708][ T7373] sock: sock_timestamping_bind_phc: sock not bind to device
[  246.345347][ T7360] ref_ctr decrement failed for inode: 0x1db offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88807e6f4600
[  246.395515][ T7360] uprobe: syz.4.375:7360 failed to unregister, leaking uprobe
[  246.484878][ T5912] usb 2-1: Using ep0 maxpacket: 8
[  246.531293][ T7360] uprobe: syz.4.375:7360 failed to unregister, leaking uprobe
[  246.555859][ T5912] usb 2-1: config 0 has an invalid interface number: 20 but max is 0
[  246.564082][ T5912] usb 2-1: config 0 has no interface number 0
[  246.608006][ T7360] uprobe: syz.4.375:7360 failed to unregister, leaking uprobe
[  246.728453][ T5912] usb 2-1: New USB device found, idVendor=19d2, idProduct=1288, bcdDevice=2e.49
[  246.838437][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.909334][ T5912] usb 2-1: Product: syz
[  246.913561][ T5912] usb 2-1: Manufacturer: syz
[  246.935268][ T5912] usb 2-1: SerialNumber: syz
[  246.950188][ T5912] usb 2-1: config 0 descriptor??
[  246.987788][ T5912] option 2-1:0.20: GSM modem (1-port) converter detected
[  247.189471][ T5885] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  247.190783][ T7357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.210589][ T7357] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.446313][ T7357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  248.512174][ T7357] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.544985][ T5885] usb 3-1: Using ep0 maxpacket: 32
[  248.587864][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.613982][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  248.634717][ T5885] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  249.048069][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.082235][ T5885] usb 3-1: config 0 descriptor??
[  249.154379][ T7396] kvm: pic: non byte write
[  249.384638][ T7404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.384'.
[  249.827843][ T5885] ft260 0003:0403:6030.000B: unknown main item tag 0x0
[  249.905823][ T5885] ft260 0003:0403:6030.000B: chip code: 0000 0000
[  249.961589][ T5912] usb 2-1: USB disconnect, device number 15
[  249.972600][ T5912] option 2-1:0.20: device disconnected
[  250.111478][ T5885] ft260 0003:0403:6030.000B: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.2-1/input0
[  250.176425][ T7412] netlink: 'syz.4.386': attribute type 3 has an invalid length.
[  250.197701][ T7414] Invalid source name
[  250.201881][ T7414] UBIFS error (pid: 7414): cannot open "./file0", error -22
[  250.279634][ T7414] netlink: 16 bytes leftover after parsing attributes in process `syz.3.388'.
[  250.629810][ T5885] ft260 0003:0403:6030.000B: failed to retrieve status: -32, no wakeup
[  250.682764][ T7412] netlink: 16 bytes leftover after parsing attributes in process `syz.4.386'.
[  250.760756][ T5885] ft260 0003:0403:6030.000B: failed to retrieve status: -71
[  250.793794][ T5885] ft260 0003:0403:6030.000B: failed to reset I2C controller: -71
[  250.852779][ T5885] usb 3-1: USB disconnect, device number 10
[  250.879936][ T7413] netlink: 24 bytes leftover after parsing attributes in process `syz.0.387'.
[  250.915962][ T7413] nbd: socks must be embedded in a SOCK_ITEM attr
[  251.071294][ T7424] sock: sock_timestamping_bind_phc: sock not bind to device
[  251.176787][ T7430] netlink: 12 bytes leftover after parsing attributes in process `syz.4.391'.
[  252.030692][ T7160] udevd[7160]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  252.101931][ T5881] udevd[5881]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  253.863448][ T7455] netlink: 92 bytes leftover after parsing attributes in process `syz.1.399'.
[  256.107934][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  256.114582][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  256.805680][ T7472] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  256.813397][ T7472] IPv6: NLM_F_CREATE should be set when creating new route
[  256.821146][ T7472] IPv6: NLM_F_CREATE should be set when creating new route
[  256.828542][ T7472] IPv6: NLM_F_CREATE should be set when creating new route
[  257.112854][ T1223] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  257.736909][ T7483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.404'.
[  257.976054][ T7484] netlink: 8 bytes leftover after parsing attributes in process `syz.4.405'.
[  258.019471][ T7486] sock: sock_timestamping_bind_phc: sock not bind to device
[  258.037272][ T7491] netlink: 'syz.4.405': attribute type 10 has an invalid length.
[  258.081663][ T7491] netlink: 40 bytes leftover after parsing attributes in process `syz.4.405'.
[  258.122373][ T7494] netlink: 'syz.2.408': attribute type 3 has an invalid length.
[  258.148213][ T1223] usb 3-1: device not accepting address 11, error -71
[  258.219022][ T7492] netlink: 16 bytes leftover after parsing attributes in process `syz.2.408'.
[  258.305494][ T5885] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  258.664862][ T5885] usb 1-1: Using ep0 maxpacket: 32
[  258.707864][ T7510] xt_socket: unknown flags 0x50
[  258.914521][ T5885] usb 1-1: too many configurations: 21, using maximum allowed: 8
[  259.082693][ T5885] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  259.350883][ T5885] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  259.376132][ T5885] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  259.387822][ T5885] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  259.405912][ T5885] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  259.417721][ T5885] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  259.458397][ T5885] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  259.481538][ T7512] netlink: 92 bytes leftover after parsing attributes in process `syz.2.414'.
[  259.491931][ T5885] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  259.550367][ T5885] usb 1-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  259.574876][ T5885] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.597392][ T5885] usb 1-1: Product: syz
[  259.622916][ T5885] usb 1-1: Manufacturer: syz
[  259.627686][ T5885] usb 1-1: SerialNumber: syz
[  259.646223][ T5885] usb 1-1: config 0 descriptor??
[  259.791031][ T7519] netlink: 12 bytes leftover after parsing attributes in process `syz.2.416'.
[  260.465948][ T5885] usb 1-1: bad CDC descriptors
[  260.471426][ T5885] cdc_acm 1-1:0.0: Zero length descriptor references
[  260.478232][ T5885] cdc_acm 1-1:0.0: probe with driver cdc_acm failed with error -22
[  260.526274][ T5885] usb 1-1: USB disconnect, device number 11
[  260.888210][ T7531] netlink: 12 bytes leftover after parsing attributes in process `syz.0.419'.
[  260.985972][ T5912] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  261.285778][ T5912] usb 3-1: Using ep0 maxpacket: 32
[  261.460420][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  261.519346][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  261.534846][ T5912] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  261.559474][ T7501] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  261.560133][ T7534] sock: sock_timestamping_bind_phc: sock not bind to device
[  261.601813][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.644072][ T5912] usb 3-1: config 0 descriptor??
[  261.824555][ T7540] IPVS: length: 24 != 16106127384
[  261.924153][ T7550] netlink: 92 bytes leftover after parsing attributes in process `syz.1.426'.
[  262.052703][  T978] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  262.723616][ T5912] ft260 0003:0403:6030.000C: unknown main item tag 0x0
[  262.787934][ T5912] ft260 0003:0403:6030.000C: failed to retrieve chip version
[  262.807540][ T5912] ft260 0003:0403:6030.000C: probe with driver ft260 failed with error -32
[  262.894877][  T978] usb 1-1: Using ep0 maxpacket: 16
[  262.903162][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  262.916539][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  262.941891][  T978] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  263.065131][ T5885] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  263.905643][  T978] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  263.914987][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.927285][  T978] usb 1-1: config 0 descriptor??
[  263.987350][ T5885] usb 5-1: Using ep0 maxpacket: 32
[  263.996796][ T5885] usb 5-1: too many configurations: 21, using maximum allowed: 8
[  264.477237][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  264.481421][  T978] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  264.615497][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  264.621926][  T978] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.000D/input/input8
[  264.647946][ T7575] sock: sock_timestamping_bind_phc: sock not bind to device
[  264.656165][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  264.679220][ T7543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  264.688783][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  264.690164][    T9] usb 3-1: USB disconnect, device number 13
[  264.711068][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  264.725990][ T7543] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  264.735521][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  264.776252][  T978] microsoft 0003:045E:07DA.000D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  264.776930][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  265.022531][ T7581] netlink: 12 bytes leftover after parsing attributes in process `syz.3.434'.
[  265.062733][ T7582] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  265.071704][ T7582] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  265.248058][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  265.353865][ T5885] usb 5-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  265.379563][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.438404][ T5885] usb 5-1: Product: syz
[  265.536470][ T7588] netlink: 92 bytes leftover after parsing attributes in process `syz.2.437'.
[  265.673964][ T5885] usb 5-1: Manufacturer: syz
[  265.684898][ T5885] usb 5-1: SerialNumber: syz
[  265.706290][ T5885] usb 5-1: config 0 descriptor??
[  266.363962][    T9] usb 1-1: reset high-speed USB device number 12 using dummy_hcd
[  266.575549][ T5885] usb 5-1: bad CDC descriptors
[  266.603089][ T5885] cdc_acm 5-1:0.0: Zero length descriptor references
[  266.670379][ T5885] cdc_acm 5-1:0.0: probe with driver cdc_acm failed with error -22
[  266.886093][ T5885] usb 5-1: USB disconnect, device number 13
[  267.226870][  T978] usb 1-1: USB disconnect, device number 12
[  267.594301][   T30] audit: type=1804 audit(1747921637.836:22): pid=7620 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.444" name="/newroot/89/file0" dev="tmpfs" ino=482 res=1 errno=0
[  267.614628][    C0] vkms_vblank_simulate: vblank timer overrun
[  267.825773][ T7622] sock: sock_timestamping_bind_phc: sock not bind to device
[  268.129347][ T7627] netlink: 92 bytes leftover after parsing attributes in process `syz.3.448'.
[  268.246319][ T7629] netlink: 24 bytes leftover after parsing attributes in process `syz.1.447'.
[  269.575392][  T978] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  270.004481][  T978] usb 1-1: Using ep0 maxpacket: 16
[  270.163839][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  270.175003][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  270.215295][  T978] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  270.217543][ T7629] nbd: socks must be embedded in a SOCK_ITEM attr
[  270.267400][ T5881] block nbd64: NBD_DISCONNECT
[  270.274283][  T978] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  270.454957][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.656863][ T7648] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  270.721521][ T7648] mmap: syz.3.453 (7648) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  271.311088][  T978] usb 1-1: config 0 descriptor??
[  271.354877][    T9] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  271.478989][  T978] usbhid 1-1:0.0: can't add hid device: -71
[  271.501311][  T978] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  271.543631][    T9] usb 3-1: Using ep0 maxpacket: 32
[  271.575748][    T9] usb 3-1: too many configurations: 21, using maximum allowed: 8
[  271.609150][  T978] usb 1-1: USB disconnect, device number 13
[  271.645908][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  271.740742][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  271.750494][ T7655] fuse: Bad value for 'group_id'
[  271.801300][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  271.808048][ T7655] fuse: Bad value for 'group_id'
[  271.867916][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  271.958959][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  272.155643][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  272.180786][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  272.200121][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  272.224617][    T9] usb 3-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  272.350259][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.438326][    T9] usb 3-1: Product: syz
[  272.465117][    T9] usb 3-1: Manufacturer: syz
[  272.481278][ T7669] sock: sock_timestamping_bind_phc: sock not bind to device
[  272.492447][    T9] usb 3-1: SerialNumber: syz
[  272.520634][    T9] usb 3-1: config 0 descriptor??
[  272.758980][    T9] usb 3-1: bad CDC descriptors
[  272.759344][ T7678] netlink: 92 bytes leftover after parsing attributes in process `syz.3.461'.
[  272.790835][    T9] cdc_acm 3-1:0.0: Zero length descriptor references
[  272.809273][    T9] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22
[  272.838426][    T9] usb 3-1: USB disconnect, device number 14
[  273.136086][ T7683] netlink: 'syz.3.464': attribute type 3 has an invalid length.
[  273.163852][ T7687] netlink: 'syz.1.465': attribute type 3 has an invalid length.
[  273.190562][ T7683] netlink: 16 bytes leftover after parsing attributes in process `syz.3.464'.
[  273.218395][ T7684] netlink: 16 bytes leftover after parsing attributes in process `syz.1.465'.
[  273.281114][ T7689] FAULT_INJECTION: forcing a failure.
[  273.281114][ T7689] name failslab, interval 1, probability 0, space 0, times 0
[  273.294693][ T7689] CPU: 1 UID: 0 PID: 7689 Comm: syz.3.467 Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) 
[  273.294721][ T7689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  273.294733][ T7689] Call Trace:
[  273.294741][ T7689]  <TASK>
[  273.294754][ T7689]  dump_stack_lvl+0x189/0x250
[  273.294789][ T7689]  ? __pfx_dump_stack_lvl+0x10/0x10
[  273.294815][ T7689]  ? __pfx__printk+0x10/0x10
[  273.294850][ T7689]  ? __pfx___might_resched+0x10/0x10
[  273.294876][ T7689]  ? fs_reclaim_acquire+0x7d/0x100
[  273.294902][ T7689]  should_fail_ex+0x414/0x560
[  273.294927][ T7689]  should_failslab+0xa8/0x100
[  273.294946][ T7689]  __kmalloc_noprof+0xcb/0x4f0
[  273.294973][ T7689]  ? kfree+0x4d/0x440
[  273.294997][ T7689]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  273.295028][ T7689]  tomoyo_realpath_from_path+0xe3/0x5d0
[  273.295057][ T7689]  ? tomoyo_domain+0xda/0x130
[  273.295089][ T7689]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  273.295112][ T7689]  tomoyo_path_number_perm+0x1e8/0x5a0
[  273.295137][ T7689]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  273.295177][ T7689]  ? __lock_acquire+0xaac/0xd20
[  273.295223][ T7689]  ? __fget_files+0x2a/0x420
[  273.295245][ T7689]  ? __fget_files+0x3a0/0x420
[  273.295262][ T7689]  ? __fget_files+0x2a/0x420
[  273.295284][ T7689]  security_file_ioctl+0xcb/0x2d0
[  273.295309][ T7689]  __se_sys_ioctl+0x47/0x170
[  273.295337][ T7689]  do_syscall_64+0xf6/0x210
[  273.295365][ T7689]  ? clear_bhb_loop+0x60/0xb0
[  273.295389][ T7689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.295408][ T7689] RIP: 0033:0x7fedb998e969
[  273.295425][ T7689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  273.295442][ T7689] RSP: 002b:00007fedba77f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  273.295470][ T7689] RAX: ffffffffffffffda RBX: 00007fedb9bb5fa0 RCX: 00007fedb998e969
[  273.295484][ T7689] RDX: 0000200000000240 RSI: 00000000000089e1 RDI: 0000000000000005
[  273.295497][ T7689] RBP: 00007fedba77f090 R08: 0000000000000000 R09: 0000000000000000
[  273.295509][ T7689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  273.295520][ T7689] R13: 0000000000000000 R14: 00007fedb9bb5fa0 R15: 00007ffc6ea405e8
[  273.295551][ T7689]  </TASK>
[  273.537284][ T7689] ERROR: Out of memory at tomoyo_realpath_from_path.
[  273.570434][ T5885] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  273.795676][ T5885] usb 1-1: Using ep0 maxpacket: 32
[  273.818854][ T5885] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  273.854307][ T5885] usb 1-1: config 0 has no interface number 0
[  273.922815][ T5885] usb 1-1: config 0 interface 184 has no altsetting 0
[  274.591726][ T5885] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  274.732765][ T5885] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.754964][ T5885] usb 1-1: Product: syz
[  274.759325][ T5885] usb 1-1: Manufacturer: syz
[  274.764156][ T5885] usb 1-1: SerialNumber: syz
[  274.827021][ T7709] netlink: 8 bytes leftover after parsing attributes in process `syz.3.472'.
[  274.950327][ T5885] usb 1-1: config 0 descriptor??
[  275.104694][ T5885] smsc75xx v1.0.0
[  275.486346][ T7717] netlink: 72 bytes leftover after parsing attributes in process `syz.1.474'.
[  275.651245][ T5885] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  275.685341][ T5885] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  275.746036][ T5885] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  275.784343][ T7720] netlink: 92 bytes leftover after parsing attributes in process `syz.2.475'.
[  275.797009][ T5885] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  275.877294][ T5885] usb 1-1: USB disconnect, device number 14
[  275.941445][ T7724] netlink: 'syz.4.478': attribute type 3 has an invalid length.
[  275.996108][ T7724] netlink: 16 bytes leftover after parsing attributes in process `syz.4.478'.
[  276.215212][ T5959] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  276.394866][ T5959] usb 4-1: Using ep0 maxpacket: 32
[  276.400953][ T5959] usb 4-1: too many configurations: 21, using maximum allowed: 8
[  276.413665][ T5959] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  276.456003][ T5959] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  276.488026][ T5959] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  276.539586][ T5959] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  276.570981][ T5959] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  276.780044][ T5959] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  277.163620][ T5959] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  277.217570][ T5959] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  277.232792][ T7747] netlink: 8 bytes leftover after parsing attributes in process `syz.0.485'.
[  277.257901][ T5959] usb 4-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  277.303069][ T5959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.347360][   T30] audit: type=1326 audit(1747921647.596:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7749 comm="syz.4.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4eb8e969 code=0x7ffc0000
[  277.468392][ T5959] usb 4-1: Product: syz
[  277.506564][   T30] audit: type=1326 audit(1747921647.626:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7749 comm="syz.4.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4eb8e969 code=0x7ffc0000
[  277.534835][ T5959] usb 4-1: Manufacturer: syz
[  277.564373][ T5959] usb 4-1: SerialNumber: syz
[  277.585127][   T30] audit: type=1326 audit(1747921647.626:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7749 comm="syz.4.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=453 compat=0 ip=0x7f3f4eb8e969 code=0x7ffc0000
[  277.606733][   T30] audit: type=1326 audit(1747921647.626:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7749 comm="syz.4.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4eb8e969 code=0x7ffc0000
[  277.637005][ T5959] usb 4-1: config 0 descriptor??
[  277.660365][   T30] audit: type=1326 audit(1747921647.626:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7749 comm="syz.4.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4eb8e969 code=0x7ffc0000
[  277.684813][   T30] audit: type=1326 audit(1747921647.626:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7749 comm="syz.4.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3f4eb8e969 code=0x7ffc0000
[  277.711145][   T30] audit: type=1326 audit(1747921647.626:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7749 comm="syz.4.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4eb8e969 code=0x7ffc0000
[  277.766000][   T30] audit: type=1326 audit(1747921647.626:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7749 comm="syz.4.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4eb8e969 code=0x7ffc0000
[  277.785195][ T5885] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  277.813907][ T7758] netlink: 60 bytes leftover after parsing attributes in process `syz.2.488'.
[  277.827700][   T30] audit: type=1326 audit(1747921647.626:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7749 comm="syz.4.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3f4eb8e969 code=0x7ffc0000
[  277.850524][   T30] audit: type=1326 audit(1747921647.626:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7749 comm="syz.4.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f4eb8e969 code=0x7ffc0000
[  277.878075][ T5959] usb 4-1: bad CDC descriptors
[  277.884702][ T5959] cdc_acm 4-1:0.0: Zero length descriptor references
[  277.897822][ T5959] cdc_acm 4-1:0.0: probe with driver cdc_acm failed with error -22
[  277.935120][ T5885] usb 2-1: device descriptor read/64, error -71
[  277.971801][ T5959] usb 4-1: USB disconnect, device number 15
[  278.072072][   T53] hid-generic C990:0003:0000.000E: unknown main item tag 0x0
[  278.083515][   T53] hid-generic C990:0003:0000.000E: unknown main item tag 0x0
[  278.130315][   T53] hid-generic C990:0003:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  278.174898][ T5885] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  278.308481][ T5885] usb 2-1: device descriptor read/64, error -71
[  278.593283][ T5885] usb usb2-port1: attempt power cycle
[  278.840156][ T7776] netlink: 'syz.2.494': attribute type 3 has an invalid length.
[  278.861872][ T7776] netlink: 16 bytes leftover after parsing attributes in process `syz.2.494'.
[  278.920411][ T7778] fuse: Unknown parameter '00000000000000000004'
[  278.935782][ T7778] Invalid source name
[  278.941064][ T7778] UBIFS error (pid: 7778): cannot open "./file0", error -22
[  279.055474][ T5885] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  279.344062][ T7782] netlink: 24 bytes leftover after parsing attributes in process `syz.2.496'.
[  279.618136][ T5885] usb 2-1: device descriptor read/8, error -71
[  279.636075][ T7782] nbd: socks must be embedded in a SOCK_ITEM attr
[  279.760498][ T7786] fuse: Bad value for 'group_id'
[  279.770660][ T7786] fuse: Bad value for 'group_id'
[  280.314960][ T5885] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  280.359145][ T5885] usb 2-1: device descriptor read/8, error -71
[  280.554982][ T5885] usb usb2-port1: unable to enumerate USB device
[  281.937847][ T7817] loop2: detected capacity change from 0 to 7
[  281.962640][ T7817] Dev loop2: unable to read RDB block 7
[  281.971917][ T7817]  loop2: unable to read partition table
[  281.977946][ T7817] loop2: partition table beyond EOD, truncated
[  281.984160][ T7817] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  282.685065][ T7824] netlink: 8 bytes leftover after parsing attributes in process `syz.3.508'.
[  282.794894][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  282.794913][   T30] audit: type=1326 audit(1747921653.036:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7821 comm="syz.0.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  282.873664][   T30] audit: type=1326 audit(1747921653.036:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7821 comm="syz.0.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  282.912622][   T30] audit: type=1326 audit(1747921653.036:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7821 comm="syz.0.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=453 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  282.993260][ T7837] netlink: 8 bytes leftover after parsing attributes in process `syz.4.512'.
[  283.064190][   T30] audit: type=1326 audit(1747921653.036:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7821 comm="syz.0.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  283.500682][   T30] audit: type=1326 audit(1747921653.036:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7821 comm="syz.0.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  283.522322][ T1207] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  283.550175][   T30] audit: type=1326 audit(1747921653.036:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7821 comm="syz.0.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  283.600047][   T30] audit: type=1326 audit(1747921653.036:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7821 comm="syz.0.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  283.645591][   T30] audit: type=1326 audit(1747921653.036:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7821 comm="syz.0.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  283.670327][   T30] audit: type=1326 audit(1747921653.036:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7821 comm="syz.0.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  283.726739][ T1207] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  283.756341][ T1207] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  283.775102][   T30] audit: type=1326 audit(1747921653.036:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7821 comm="syz.0.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb6d8e969 code=0x7ffc0000
[  283.815312][ T1207] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  283.824523][ T1207] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  283.835815][ T1207] usb 3-1: SerialNumber: syz
[  283.853629][ T1207] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  283.866408][ T7849] netlink: 72 bytes leftover after parsing attributes in process `syz.1.515'.
[  283.876206][ T1207] usb-storage 3-1:1.0: USB Mass Storage device detected
[  283.980201][ T1207] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  284.414236][ T1207] scsi host1: usb-storage 3-1:1.0
[  284.881606][ T5884] usb 3-1: USB disconnect, device number 15
[  286.388623][ T7871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.520'.
[  286.865511][ T7879] kvm: pic: non byte write
[  287.072616][ T7889] sg_write: data in/out 476/14 bytes for SCSI command 0x0-- guessing data in;
[  287.072616][ T7889]    program syz.1.525 not setting count and/or reply_len properly
[  287.107332][ T7890] netlink: 48 bytes leftover after parsing attributes in process `syz.3.524'.
[  287.586102][    T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  287.715103][ T5959] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  287.747010][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  287.758642][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  287.768854][    T9] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  287.778210][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.791256][    T9] usb 3-1: config 0 descriptor??
[  287.874916][ T5959] usb 4-1: Using ep0 maxpacket: 8
[  287.884523][ T5959] usb 4-1: config 252 has an invalid interface number: 104 but max is 0
[  287.912787][ T5959] usb 4-1: config 252 has no interface number 0
[  287.924903][ T5959] usb 4-1: config 252 interface 104 has no altsetting 0
[  287.937931][ T5959] usb 4-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice= b.c7
[  287.956138][ T5959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.970595][ T5959] usb 4-1: Product: syz
[  287.975425][ T5959] usb 4-1: Manufacturer: syz
[  287.982633][ T5959] usb 4-1: SerialNumber: syz
[  288.001240][ T5959] gspca_main: spca501-2.14.0 probing 0497:c001
[  288.198151][ T5959] gspca_spca501: reg write: error -71
[  288.210357][ T5959] spca501 4-1:252.104: Reg write failed for 0x02,0x07,0x05
[  288.221163][    T9] isku 0003:1E7D:319C.000F: unbalanced collection at end of report description
[  288.234501][ T5959] spca501 4-1:252.104: probe with driver spca501 failed with error -22
[  288.243847][    T9] isku 0003:1E7D:319C.000F: parse failed
[  288.253874][    T9] isku 0003:1E7D:319C.000F: probe with driver isku failed with error -22
[  288.269203][ T5959] usb 4-1: USB disconnect, device number 16
[  288.948720][ T7911] fuse: Bad value for 'fd'
[  288.976630][    T9] Process accounting resumed
[  289.083083][    T9] usb 3-1: USB disconnect, device number 16
[  289.094873][ T5884] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  289.181338][ T7913] netlink: 8 bytes leftover after parsing attributes in process `syz.3.532'.
[  289.302452][ T5884] usb 2-1: Using ep0 maxpacket: 32
[  289.313184][ T5884] usb 2-1: config 0 interface 0 has no altsetting 0
[  289.363525][ T5884] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  290.251404][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.824467][ T5884] usb 2-1: config 0 descriptor??
[  290.854036][ T5884] gspca_main: sunplus-2.14.0 probing 041e:400b
[  291.375721][ T5884] gspca_sunplus: reg_w_riv err -110
[  291.381964][ T5884] sunplus 2-1:0.0: probe with driver sunplus failed with error -110
[  291.531731][    T9] usb 2-1: USB disconnect, device number 20
[  291.589503][ T7935] netlink: 48 bytes leftover after parsing attributes in process `syz.0.538'.
[  291.796064][ T7946] kvm: pic: non byte write
[  291.824703][ T7950] netlink: 12 bytes leftover after parsing attributes in process `syz.2.540'.
[  294.530153][ T7961] netlink: 24 bytes leftover after parsing attributes in process `syz.3.544'.
[  294.545024][ T5912] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  294.561013][ T7961] nbd: socks must be embedded in a SOCK_ITEM attr
[  294.774183][ T5912] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  294.795542][ T5912] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  294.804876][ T1223] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  294.877894][ T7975] xt_socket: unknown flags 0x50
[  295.475319][ T5912] usb 1-1: config 4 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  295.485057][ T5912] usb 1-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x56, changing to 0x6
[  295.496955][ T5912] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  295.668994][ T5912] usb 1-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  295.684073][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.735588][ T5912] usb 1-1: Product: syz
[  295.739829][ T5912] usb 1-1: Manufacturer: syz
[  295.752885][ T5912] usb 1-1: SerialNumber: syz
[  295.771041][ T5912] usb 1-1: ucan: probing device on interface #0
[  295.786897][ T1223] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  295.790355][ T5912] usb 1-1: ucan: invalid endpoint configuration
[  295.807640][ T1223] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  295.825825][ T1223] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  295.835477][ T1223] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.843735][ T1223] usb 2-1: Product: syz
[  295.853332][ T1223] usb 2-1: Manufacturer: syz
[  295.858641][ T5912] usb 1-1: ucan: probe failed; try to update the device firmware
[  295.864480][ T1223] usb 2-1: SerialNumber: syz
[  295.987520][ T5884] usb 1-1: USB disconnect, device number 15
[  296.150024][ T5885] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  296.391926][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  296.391968][   T30] audit: type=1107 audit(1747921666.596:91): pid=7990 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  296.935706][ T1223] usb 2-1: cannot find UAC_HEADER
[  296.945022][ T5885] usb 5-1: Using ep0 maxpacket: 8
[  296.992460][ T1223] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  297.004800][ T1223] usb 2-1: USB disconnect, device number 21
[  297.077753][ T5885] usb 5-1: config index 0 descriptor too short (expected 65321, got 267)
[  297.134423][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  297.159683][ T5885] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  297.375238][ T5885] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  297.384431][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.392698][ T5885] usb 5-1: Product: syz
[  297.401358][ T5885] usb 5-1: Manufacturer: syz
[  297.406273][ T5885] usb 5-1: SerialNumber: syz
[  297.413265][ T5885] usb 5-1: config 0 descriptor??
[  298.341066][    T9] usb 5-1: USB disconnect, device number 14
[  298.384795][ T8004] netlink: 24 bytes leftover after parsing attributes in process `syz.1.557'.
[  298.660380][ T8004] nbd: socks must be embedded in a SOCK_ITEM attr
[  299.185268][    T9] usb 1-1: new low-speed USB device number 16 using dummy_hcd
[  299.618770][ T8018] netlink: 48 bytes leftover after parsing attributes in process `syz.3.561'.
[  299.771154][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  299.793510][    T9] usb 1-1: config 1 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 24, setting to 8
[  299.828621][    T9] usb 1-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  299.860051][    T9] usb 1-1: config 1 interface 0 has no altsetting 0
[  299.883252][    T9] usb 1-1: string descriptor 0 read error: -22
[  299.889426][ T8030] netlink: 'syz.1.562': attribute type 3 has an invalid length.
[  299.899457][    T9] usb 1-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.40
[  299.900451][ T8027] netlink: 16 bytes leftover after parsing attributes in process `syz.1.562'.
[  299.912290][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.952537][ T8015] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  305.018042][    T9] usbhid 1-1:1.0: can't add hid device: -32
[  305.024138][    T9] usbhid 1-1:1.0: probe with driver usbhid failed with error -32
[  317.020325][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  317.029338][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  378.461015][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  378.467576][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  439.898211][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  439.904543][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  450.775291][   T31] INFO: task kworker/0:4:5912 blocked for more than 143 seconds.
[  450.783057][   T31]       Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0
[  450.790736][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  450.799459][   T31] task:kworker/0:4     state:D stack:22536 pid:5912  tgid:5912  ppid:2      task_flags:0x4208060 flags:0x00004000
[  450.811539][   T31] Workqueue: events rfkill_sync_work
[  450.816879][   T31] Call Trace:
[  450.820166][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  450.823230][   T31]  __schedule+0x168f/0x4c70
[  450.827837][   T31]  ? __lock_acquire+0xaac/0xd20
[  450.832748][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  450.838176][   T31]  ? schedule+0x165/0x360
[  450.842532][   T31]  ? __pfx___schedule+0x10/0x10
[  450.847491][   T31]  ? schedule+0x91/0x360
[  450.851757][   T31]  schedule+0x165/0x360
[  450.856046][   T31]  schedule_preempt_disabled+0x13/0x30
[  450.861539][   T31]  __mutex_lock+0x724/0xe80
[  450.866172][   T31]  ? __mutex_lock+0x51b/0xe80
[  450.870893][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[  450.876259][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  450.894736][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  450.899989][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  450.921506][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  450.960457][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  450.970207][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[  450.975697][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  450.981856][   T31]  rfkill_set_block+0x1d2/0x440
[  450.991420][   T31]  rfkill_sync_work+0x114/0x200
[  450.996370][   T31]  ? process_scheduled_works+0x9ec/0x17a0
[  451.002134][   T31]  process_scheduled_works+0xade/0x17a0
[  451.008350][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  451.014391][   T31]  worker_thread+0x8a0/0xda0
[  451.019160][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  451.025573][   T31]  ? __kthread_parkme+0x7b/0x200
[  451.030535][   T31]  kthread+0x711/0x8a0
[  451.034606][   T31]  ? __pfx_worker_thread+0x10/0x10
[  451.039775][   T31]  ? __pfx_kthread+0x10/0x10
[  451.044383][   T31]  ? __pfx_kthread+0x10/0x10
[  451.049180][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  451.054380][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  451.059600][   T31]  ? __pfx_kthread+0x10/0x10
[  451.064201][   T31]  ret_from_fork+0x4b/0x80
[  451.068671][   T31]  ? __pfx_kthread+0x10/0x10
[  451.073279][   T31]  ret_from_fork_asm+0x1a/0x30
[  451.078094][   T31]  </TASK>
[  451.081126][   T31] INFO: task kworker/0:6:5959 blocked for more than 143 seconds.
[  451.088897][   T31]       Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0
[  451.096650][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  451.105407][   T31] task:kworker/0:6     state:D stack:20648 pid:5959  tgid:5959  ppid:2      task_flags:0x4208060 flags:0x00004000
[  451.117497][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  451.124205][   T31] Call Trace:
[  451.127499][   T31]  <TASK>
[  451.130433][   T31]  __schedule+0x168f/0x4c70
[  451.135034][   T31]  ? __lock_acquire+0xaac/0xd20
[  451.139916][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  451.145363][   T31]  ? schedule+0x165/0x360
[  451.149721][   T31]  ? __pfx___schedule+0x10/0x10
[  451.154583][   T31]  ? schedule+0x91/0x360
[  451.158869][   T31]  schedule+0x165/0x360
[  451.163057][   T31]  schedule_preempt_disabled+0x13/0x30
[  451.168616][   T31]  __mutex_lock+0x724/0xe80
[  451.173154][   T31]  ? __mutex_lock+0x51b/0xe80
[  451.177945][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  451.184250][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  451.189313][   T31]  ? process_scheduled_works+0x9ec/0x17a0
[  451.195082][   T31]  ? process_scheduled_works+0x9ec/0x17a0
[  451.200818][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[  451.206914][   T31]  ? process_scheduled_works+0x9ec/0x17a0
[  451.212733][   T31]  process_scheduled_works+0xade/0x17a0
[  451.218354][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  451.224367][   T31]  worker_thread+0x8a0/0xda0
[  451.229023][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  451.235434][   T31]  ? __kthread_parkme+0x7b/0x200
[  451.240396][   T31]  kthread+0x711/0x8a0
[  451.244473][   T31]  ? __pfx_worker_thread+0x10/0x10
[  451.249628][   T31]  ? __pfx_kthread+0x10/0x10
[  451.254232][   T31]  ? __pfx_kthread+0x10/0x10
[  451.258971][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  451.264189][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  451.269420][   T31]  ? __pfx_kthread+0x10/0x10
[  451.274005][   T31]  ret_from_fork+0x4b/0x80
[  451.278464][   T31]  ? __pfx_kthread+0x10/0x10
[  451.283089][   T31]  ret_from_fork_asm+0x1a/0x30
[  451.287913][   T31]  </TASK>
[  451.291027][   T31] INFO: task syz.0.560:8015 blocked for more than 143 seconds.
[  451.298633][   T31]       Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0
[  451.306299][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  451.315004][   T31] task:syz.0.560       state:D stack:27288 pid:8015  tgid:8013  ppid:5825   task_flags:0x400140 flags:0x00000004
[  451.326975][   T31] Call Trace:
[  451.330251][   T31]  <TASK>
[  451.333182][   T31]  __schedule+0x168f/0x4c70
[  451.337862][   T31]  ? schedule+0x165/0x360
[  451.342233][   T31]  ? __pfx___schedule+0x10/0x10
[  451.347177][   T31]  ? schedule+0x91/0x360
[  451.351442][   T31]  schedule+0x165/0x360
[  451.355645][   T31]  schedule_preempt_disabled+0x13/0x30
[  451.361114][   T31]  __mutex_lock+0x724/0xe80
[  451.365666][   T31]  ? __mutex_lock+0x51b/0xe80
[  451.370366][   T31]  ? misc_open+0x51/0x330
[  451.374748][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  451.379830][   T31]  misc_open+0x51/0x330
[  451.384012][   T31]  chrdev_open+0x4c9/0x5e0
[  451.388461][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  451.393397][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  451.398372][   T31]  do_dentry_open+0xdf3/0x1970
[  451.403167][   T31]  vfs_open+0x3b/0x340
[  451.407268][   T31]  ? path_openat+0x2ecd/0x3830
[  451.412033][   T31]  path_openat+0x2ee5/0x3830
[  451.416668][   T31]  ? arch_stack_walk+0xfc/0x150
[  451.421554][   T31]  ? futex_wait_queue+0x31/0x200
[  451.426522][   T31]  ? __pfx_path_openat+0x10/0x10
[  451.431459][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.437620][   T31]  do_filp_open+0x1fa/0x410
[  451.442141][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  451.447219][   T31]  ? _raw_spin_unlock+0x28/0x50
[  451.452065][   T31]  ? alloc_fd+0x64c/0x6c0
[  451.456457][   T31]  do_sys_openat2+0x121/0x1c0
[  451.461166][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  451.466400][   T31]  ? rcu_is_watching+0x15/0xb0
[  451.471204][   T31]  __x64_sys_openat+0x138/0x170
[  451.476117][   T31]  do_syscall_64+0xf6/0x210
[  451.480661][   T31]  ? clear_bhb_loop+0x60/0xb0
[  451.485442][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.491352][   T31] RIP: 0033:0x7f8fb6d8e969
[  451.495791][   T31] RSP: 002b:00007f8fb7b42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  451.504203][   T31] RAX: ffffffffffffffda RBX: 00007f8fb6fb5fa0 RCX: 00007f8fb6d8e969
[  451.512215][   T31] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  451.520217][   T31] RBP: 00007f8fb6e10ab1 R08: 0000000000000000 R09: 0000000000000000
[  451.528249][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  451.536252][   T31] R13: 0000000000000000 R14: 00007f8fb6fb5fa0 R15: 00007ffd79e2d238
[  451.544243][   T31]  </TASK>
[  451.547321][   T31] INFO: task syz.2.564:8021 blocked for more than 144 seconds.
[  451.561649][   T31]       Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0
[  451.572783][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  451.581600][   T31] task:syz.2.564       state:D stack:27096 pid:8021  tgid:8021  ppid:5827   task_flags:0x400040 flags:0x00004004
[  451.594564][   T31] Call Trace:
[  451.597925][   T31]  <TASK>
[  451.600899][   T31]  __schedule+0x168f/0x4c70
[  451.605531][   T31]  ? validate_chain+0x897/0x2140
[  451.610480][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  451.615793][   T31]  ? schedule+0x165/0x360
[  451.620169][   T31]  ? __pfx___schedule+0x10/0x10
[  451.626144][   T31]  ? schedule+0x91/0x360
[  451.630415][   T31]  schedule+0x165/0x360
[  451.634574][   T31]  schedule_timeout+0x9a/0x270
[  451.639365][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  451.644851][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  451.650069][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  451.655437][   T31]  ? wait_for_completion+0x267/0x5d0
[  451.660727][   T31]  wait_for_completion+0x2bf/0x5d0
[  451.666139][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  451.671825][   T31]  ? __flush_work+0xd2/0xbc0
[  451.676518][   T31]  ? __flush_work+0xd2/0xbc0
[  451.681132][   T31]  __flush_work+0x9b9/0xbc0
[  451.685765][   T31]  ? __flush_work+0xd2/0xbc0
[  451.690360][   T31]  ? __pfx___flush_work+0x10/0x10
[  451.695516][   T31]  ? __pfx_wq_barrier_func+0x10/0x10
[  451.700856][   T31]  ? __pfx___cancel_work+0x10/0x10
[  451.706032][   T31]  ? nfc_genl_device_removed+0x23c/0x330
[  451.711699][   T31]  __cancel_work_sync+0xbe/0x110
[  451.716678][   T31]  rfkill_unregister+0x92/0x220
[  451.721538][   T31]  nfc_unregister_device+0x96/0x2a0
[  451.726803][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  451.732543][   T31]  virtual_ncidev_close+0x56/0x90
[  451.737802][   T31]  __fput+0x449/0xa70
[  451.741821][   T31]  task_work_run+0x1d4/0x260
[  451.746485][   T31]  ? __pfx_task_work_run+0x10/0x10
[  451.751648][   T31]  resume_user_mode_work+0x5e/0x80
[  451.756965][   T31]  syscall_exit_to_user_mode+0x9a/0x120
[  451.762540][   T31]  do_syscall_64+0x103/0x210
[  451.767179][   T31]  ? clear_bhb_loop+0x60/0xb0
[  451.771859][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.777945][   T31] RIP: 0033:0x7f34f118e969
[  451.782358][   T31] RSP: 002b:00007ffe78ad05a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  451.790814][   T31] RAX: 0000000000000000 RBX: 00000000000492fe RCX: 00007f34f118e969
[  451.798810][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  451.806839][   T31] RBP: 00007f34f13b7ba0 R08: 0000000000000001 R09: 0000001678ad089f
[  451.815015][   T31] R10: 00007f34f1000000 R11: 0000000000000246 R12: 00007f34f13b5fac
[  451.823003][   T31] R13: 00007f34f13b5fa0 R14: ffffffffffffffff R15: 00007ffe78ad06c0
[  451.831043][   T31]  </TASK>
[  451.834106][   T31] INFO: task syz.3.565:8029 blocked for more than 144 seconds.
[  451.841729][   T31]       Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0
[  451.849407][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  451.858145][   T31] task:syz.3.565       state:D stack:28112 pid:8029  tgid:8028  ppid:5823   task_flags:0x400040 flags:0x00000004
[  451.870138][   T31] Call Trace:
[  451.873416][   T31]  <TASK>
[  451.876409][   T31]  __schedule+0x168f/0x4c70
[  451.880963][   T31]  ? __pfx_preempt_schedule_notrace+0x10/0x10
[  451.887318][   T31]  ? schedule+0x165/0x360
[  451.891672][   T31]  ? __pfx___schedule+0x10/0x10
[  451.896609][   T31]  ? schedule+0x91/0x360
[  451.900876][   T31]  schedule+0x165/0x360
[  451.905083][   T31]  schedule_preempt_disabled+0x13/0x30
[  451.910543][   T31]  __mutex_lock+0x724/0xe80
[  451.915090][   T31]  ? __mutex_lock+0x51b/0xe80
[  451.919790][   T31]  ? rfkill_fop_open+0x12d/0x820
[  451.924785][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  451.929845][   T31]  ? __raw_spin_lock_init+0x45/0x100
[  451.935177][   T31]  ? __init_waitqueue_head+0xa9/0x150
[  451.940553][   T31]  rfkill_fop_open+0x12d/0x820
[  451.945410][   T31]  ? __pfx_rfkill_fop_open+0x10/0x10
[  451.950715][   T31]  misc_open+0x2bc/0x330
[  451.955020][   T31]  chrdev_open+0x4c9/0x5e0
[  451.959476][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  451.964412][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  451.969377][   T31]  do_dentry_open+0xdf3/0x1970
[  451.974153][   T31]  vfs_open+0x3b/0x340
[  451.978686][   T31]  ? path_openat+0x2ecd/0x3830
[  451.983484][   T31]  path_openat+0x2ee5/0x3830
[  451.988406][   T31]  ? arch_stack_walk+0xfc/0x150
[  451.993311][   T31]  ? __pfx_path_openat+0x10/0x10
[  451.998435][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.004525][   T31]  do_filp_open+0x1fa/0x410
[  452.009062][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  452.014100][   T31]  ? _raw_spin_unlock+0x28/0x50
[  452.019034][   T31]  ? alloc_fd+0x64c/0x6c0
[  452.023398][   T31]  do_sys_openat2+0x121/0x1c0
[  452.028112][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  452.033308][   T31]  ? exc_page_fault+0x68/0x110
[  452.038095][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[  452.043390][   T31]  __x64_sys_openat+0x138/0x170
[  452.048319][   T31]  do_syscall_64+0xf6/0x210
[  452.053000][   T31]  ? clear_bhb_loop+0x60/0xb0
[  452.057798][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.063704][   T31] RIP: 0033:0x7fedb998e969
[  452.068167][   T31] RSP: 002b:00007fedba77f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  452.076630][   T31] RAX: ffffffffffffffda RBX: 00007fedb9bb5fa0 RCX: 00007fedb998e969
[  452.084623][   T31] RDX: 0000000000000801 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  452.092672][   T31] RBP: 00007fedb9a10ab1 R08: 0000000000000000 R09: 0000000000000000
[  452.100720][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  452.108931][   T31] R13: 0000000000000001 R14: 00007fedb9bb5fa0 R15: 00007ffc6ea405e8
[  452.116966][   T31]  </TASK>
[  452.120050][   T31] INFO: task syz.1.567:8039 blocked for more than 144 seconds.
[  452.127812][   T31]       Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0
[  452.135665][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  452.144357][   T31] task:syz.1.567       state:D stack:28104 pid:8039  tgid:8037  ppid:5826   task_flags:0x400040 flags:0x00000004
[  452.156432][   T31] Call Trace:
[  452.159714][   T31]  <TASK>
[  452.162646][   T31]  __schedule+0x168f/0x4c70
[  452.167217][   T31]  ? __kasan_slab_free+0x62/0x70
[  452.172174][   T31]  ? security_file_open+0xb1/0x270
[  452.177331][   T31]  ? schedule+0x165/0x360
[  452.181657][   T31]  ? __pfx___schedule+0x10/0x10
[  452.186541][   T31]  ? schedule+0x91/0x360
[  452.190784][   T31]  schedule+0x165/0x360
[  452.194985][   T31]  schedule_preempt_disabled+0x13/0x30
[  452.200464][   T31]  __mutex_lock+0x724/0xe80
[  452.205020][   T31]  ? __mutex_lock+0x51b/0xe80
[  452.209712][   T31]  ? misc_open+0x51/0x330
[  452.214061][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  452.219338][   T31]  misc_open+0x51/0x330
[  452.223505][   T31]  chrdev_open+0x4c9/0x5e0
[  452.227983][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  452.232942][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  452.237916][   T31]  do_dentry_open+0xdf3/0x1970
[  452.242696][   T31]  vfs_open+0x3b/0x340
[  452.246790][   T31]  ? path_openat+0x2ecd/0x3830
[  452.251560][   T31]  path_openat+0x2ee5/0x3830
[  452.256212][   T31]  ? arch_stack_walk+0xfc/0x150
[  452.261103][   T31]  ? __pfx_path_openat+0x10/0x10
[  452.266095][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.272192][   T31]  do_filp_open+0x1fa/0x410
[  452.276774][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  452.281840][   T31]  ? _raw_spin_unlock+0x28/0x50
[  452.286749][   T31]  ? alloc_fd+0x64c/0x6c0
[  452.291123][   T31]  do_sys_openat2+0x121/0x1c0
[  452.295845][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  452.301047][   T31]  ? exc_page_fault+0x68/0x110
[  452.305858][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[  452.311172][   T31]  __x64_sys_openat+0x138/0x170
[  452.316088][   T31]  do_syscall_64+0xf6/0x210
[  452.320616][   T31]  ? clear_bhb_loop+0x60/0xb0
[  452.325533][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.331458][   T31] RIP: 0033:0x7f15cb98e969
[  452.335997][   T31] RSP: 002b:00007f15c97f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  452.344439][   T31] RAX: ffffffffffffffda RBX: 00007f15cbbb5fa0 RCX: 00007f15cb98e969
[  452.352458][   T31] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[  452.360481][   T31] RBP: 00007f15cba10ab1 R08: 0000000000000000 R09: 0000000000000000
[  452.368471][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  452.376474][   T31] R13: 0000000000000001 R14: 00007f15cbbb5fa0 R15: 00007fff0d2b4e98
[  452.384546][   T31]  </TASK>
[  452.387654][   T31] INFO: task syz.4.568:8043 blocked for more than 144 seconds.
[  452.397067][   T31]       Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0
[  452.404735][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  452.413408][   T31] task:syz.4.568       state:D stack:28104 pid:8043  tgid:8042  ppid:5837   task_flags:0x400040 flags:0x00000004
[  452.425371][   T31] Call Trace:
[  452.428644][   T31]  <TASK>
[  452.431578][   T31]  __schedule+0x168f/0x4c70
[  452.436345][   T31]  ? __kasan_slab_free+0x62/0x70
[  452.441313][   T31]  ? security_file_open+0xb1/0x270
[  452.446476][   T31]  ? schedule+0x165/0x360
[  452.450807][   T31]  ? __pfx___schedule+0x10/0x10
[  452.455710][   T31]  ? schedule+0x91/0x360
[  452.459972][   T31]  schedule+0x165/0x360
[  452.464124][   T31]  schedule_preempt_disabled+0x13/0x30
[  452.469659][   T31]  __mutex_lock+0x724/0xe80
[  452.474208][   T31]  ? __mutex_lock+0x51b/0xe80
[  452.478919][   T31]  ? misc_open+0x51/0x330
[  452.483256][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  452.488342][   T31]  misc_open+0x51/0x330
[  452.492501][   T31]  chrdev_open+0x4c9/0x5e0
[  452.496976][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  452.501938][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  452.506920][   T31]  do_dentry_open+0xdf3/0x1970
[  452.511694][   T31]  vfs_open+0x3b/0x340
[  452.515781][   T31]  ? path_openat+0x2ecd/0x3830
[  452.520544][   T31]  path_openat+0x2ee5/0x3830
[  452.525191][   T31]  ? arch_stack_walk+0xfc/0x150
[  452.530076][   T31]  ? futex_wait_queue+0x31/0x200
[  452.535061][   T31]  ? __pfx_path_openat+0x10/0x10
[  452.540009][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.546271][   T31]  do_filp_open+0x1fa/0x410
[  452.550780][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  452.556910][   T31]  ? _raw_spin_unlock+0x28/0x50
[  452.561785][   T31]  ? alloc_fd+0x64c/0x6c0
[  452.566171][   T31]  do_sys_openat2+0x121/0x1c0
[  452.570850][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  452.576090][   T31]  ? rcu_is_watching+0x15/0xb0
[  452.580863][   T31]  __x64_sys_openat+0x138/0x170
[  452.585801][   T31]  do_syscall_64+0xf6/0x210
[  452.590320][   T31]  ? clear_bhb_loop+0x60/0xb0
[  452.595021][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.600904][   T31] RIP: 0033:0x7f3f4eb8e969
[  452.605380][   T31] RSP: 002b:00007f3f4fa85038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  452.613813][   T31] RAX: ffffffffffffffda RBX: 00007f3f4edb5fa0 RCX: 00007f3f4eb8e969
[  452.621844][   T31] RDX: 0000000000000000 RSI: 0000200000000240 RDI: ffffffffffffff9c
[  452.629868][   T31] RBP: 00007f3f4ec10ab1 R08: 0000000000000000 R09: 0000000000000000
[  452.637855][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  452.645879][   T31] R13: 0000000000000000 R14: 00007f3f4edb5fa0 R15: 00007ffc1bdf7148
[  452.653891][   T31]  </TASK>
[  452.657120][   T31] 
[  452.657120][   T31] Showing all locks held in the system:
[  452.664951][   T31] 1 lock held by khungtaskd/31:
[  452.669823][   T31]  #0: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  452.679880][   T31] 2 locks held by kworker/u8:4/62:
[  452.685078][   T31] 2 locks held by getty/5587:
[  452.689761][   T31]  #0: ffff88814dd800a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  452.699740][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  452.709984][   T31] 1 lock held by syz-executor/5823:
[  452.715274][   T31]  #0: ffffffff8f5bc5c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  452.725519][   T31] 4 locks held by kworker/0:4/5912:
[  452.730735][   T31]  #0: ffff88801a080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0
[  452.741773][   T31]  #1: ffffc900053a7c60 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0
[  452.754209][   T31]  #2: ffffffff8f5bc5c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200
[  452.764283][   T31]  #3: ffff88805e2ca100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  452.774151][   T31] 3 locks held by kworker/0:6/5959:
[  452.779460][   T31]  #0: ffff88801a080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0
[  452.790539][   T31]  #1: ffffc90005587c60 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0
[  452.804138][   T31]  #2: ffffffff8f5bc5c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  452.815567][   T31] 1 lock held by syz.0.560/8015:
[  452.820527][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  452.829035][   T31] 1 lock held by syz.2.564/8021:
[  452.833980][   T31]  #0: ffff88805e2ca100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  452.843788][   T31] 2 locks held by syz.3.565/8029:
[  452.848864][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  452.857440][   T31]  #1: ffffffff8f5bc5c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[  452.867491][   T31] 1 lock held by syz.1.567/8039:
[  452.872416][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  452.881141][   T31] 1 lock held by syz.4.568/8043:
[  452.886116][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  452.894617][   T31] 1 lock held by syz-executor/8050:
[  452.899938][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  452.908542][   T31] 1 lock held by syz-executor/8053:
[  452.913734][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  452.922243][   T31] 1 lock held by syz-executor/8054:
[  452.927491][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  452.936051][   T31] 1 lock held by syz-executor/8056:
[  452.941270][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  452.949814][   T31] 1 lock held by syz-executor/8058:
[  452.955084][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  452.963606][   T31] 1 lock held by syz-executor/8063:
[  452.968831][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  452.977354][   T31] 1 lock held by syz-executor/8065:
[  452.982548][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  452.991184][   T31] 1 lock held by syz-executor/8069:
[  452.996430][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  453.004925][   T31] 1 lock held by syz-executor/8070:
[  453.010140][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  453.018692][   T31] 1 lock held by syz-executor/8072:
[  453.023884][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  453.032736][   T31] 1 lock held by syz-executor/8078:
[  453.038132][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  453.046748][   T31] 1 lock held by syz-executor/8079:
[  453.052075][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  453.060621][   T31] 1 lock held by syz-executor/8082:
[  453.065889][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  453.074408][   T31] 1 lock held by syz-executor/8083:
[  453.079698][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  453.088219][   T31] 1 lock held by syz-executor/8085:
[  453.093446][   T31]  #0: ffffffff8e7a0e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  453.102121][   T31] 
[  453.104463][   T31] =============================================
[  453.104463][   T31] 
[  453.112970][   T31] NMI backtrace for cpu 0
[  453.112986][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) 
[  453.113002][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  453.113011][   T31] Call Trace:
[  453.113017][   T31]  <TASK>
[  453.113024][   T31]  dump_stack_lvl+0x189/0x250
[  453.113045][   T31]  ? __wake_up_klogd+0xd9/0x110
[  453.113062][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  453.113086][   T31]  ? __pfx__printk+0x10/0x10
[  453.113116][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  453.113133][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  453.113145][   T31]  ? _printk+0xcf/0x120
[  453.113169][   T31]  ? __pfx__printk+0x10/0x10
[  453.113192][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  453.113207][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  453.113223][   T31]  watchdog+0xfee/0x1030
[  453.113242][   T31]  ? watchdog+0x1de/0x1030
[  453.113264][   T31]  kthread+0x711/0x8a0
[  453.113282][   T31]  ? __pfx_watchdog+0x10/0x10
[  453.113297][   T31]  ? __pfx_kthread+0x10/0x10
[  453.113314][   T31]  ? __pfx_kthread+0x10/0x10
[  453.113329][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  453.113344][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  453.113361][   T31]  ? __pfx_kthread+0x10/0x10
[  453.113376][   T31]  ret_from_fork+0x4b/0x80
[  453.113388][   T31]  ? __pfx_kthread+0x10/0x10
[  453.113403][   T31]  ret_from_fork_asm+0x1a/0x30
[  453.113435][   T31]  </TASK>
[  453.113439][   T31] Sending NMI from CPU 0 to CPUs 1:
[  453.260674][    C1] NMI backtrace for cpu 1
[  453.260690][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) 
[  453.260710][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  453.260721][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  453.260747][    C1] Code: 43 d4 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d a3 9f 18 00 f3 0f 1e fa fb f4 <e9> 18 d4 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  453.260761][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  453.260777][    C1] RAX: 060a6395142a9d00 RBX: ffffffff81977028 RCX: 060a6395142a9d00
[  453.260790][    C1] RDX: 0000000000000001 RSI: ffffffff8d73ac7a RDI: ffffffff8bc120c0
[  453.260801][    C1] RBP: ffffc90000197f20 R08: ffff8880b8932b5b R09: 1ffff1101712656b
[  453.260814][    C1] R10: dffffc0000000000 R11: ffffed101712656c R12: ffffffff8f7e0970
[  453.260826][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110038d8b40
[  453.260837][    C1] FS:  0000000000000000(0000) GS:ffff8881261f6000(0000) knlGS:0000000000000000
[  453.260851][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  453.260862][    C1] CR2: 000055b020d2f168 CR3: 000000000dd38000 CR4: 00000000003526f0
[  453.260877][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  453.260887][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  453.260897][    C1] Call Trace:
[  453.260903][    C1]  <TASK>
[  453.260909][    C1]  default_idle+0x13/0x20
[  453.260932][    C1]  default_idle_call+0x74/0xb0
[  453.260956][    C1]  do_idle+0x1e8/0x510
[  453.260984][    C1]  ? __pfx_do_idle+0x10/0x10
[  453.261017][    C1]  cpu_startup_entry+0x44/0x60
[  453.261042][    C1]  start_secondary+0x101/0x110
[  453.261067][    C1]  common_startup_64+0x13e/0x147
[  453.261097][    C1]  </TASK>
[  453.261725][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  453.446342][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(full) 
[  453.458144][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  453.468195][   T31] Call Trace:
[  453.471491][   T31]  <TASK>
[  453.474423][   T31]  dump_stack_lvl+0x99/0x250
[  453.479031][   T31]  ? __asan_memcpy+0x40/0x70
[  453.483623][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  453.488820][   T31]  ? __pfx__printk+0x10/0x10
[  453.493444][   T31]  panic+0x2db/0x790
[  453.497353][   T31]  ? __pfx_panic+0x10/0x10
[  453.501767][   T31]  ? tick_nohz_tick_stopped+0x86/0xb0
[  453.507167][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  453.512551][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  453.518712][   T31]  watchdog+0x102d/0x1030
[  453.523050][   T31]  ? watchdog+0x1de/0x1030
[  453.527494][   T31]  kthread+0x711/0x8a0
[  453.531568][   T31]  ? __pfx_watchdog+0x10/0x10
[  453.536254][   T31]  ? __pfx_kthread+0x10/0x10
[  453.540854][   T31]  ? __pfx_kthread+0x10/0x10
[  453.545452][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  453.550653][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  453.555854][   T31]  ? __pfx_kthread+0x10/0x10
[  453.560455][   T31]  ret_from_fork+0x4b/0x80
[  453.564874][   T31]  ? __pfx_kthread+0x10/0x10
[  453.569468][   T31]  ret_from_fork_asm+0x1a/0x30
[  453.574255][   T31]  </TASK>
[  453.577412][   T31] Kernel Offset: disabled
[  453.581831][   T31] Rebooting in 86400 seconds..