last executing test programs:

7m39.540197003s ago: executing program 3 (id=129):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket(0x200000100000011, 0x3, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
sched_setscheduler(0x0, 0x2, 0x0)
statx(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x100, 0x8, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0})
statx(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0})
r2 = getgid()
setresgid(r0, r1, r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x25817000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)

7m34.083956871s ago: executing program 3 (id=138):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x2b, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80)

7m33.768707759s ago: executing program 3 (id=140):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000300), 0x1)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000340)={{0x7, 0xf7}, 0x1, 0x6, 0x2, {0x9, 0xc}, 0x7, 0x3a})
r1 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x5000, @empty}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="08001efbb07d586e", 0x8}, {&(0x7f00000001c0)="877ba26b4957606fb1e825155fdfd219a2e8852392b2a954ba3ca6a6b5d0196756af9d11b41e44527c82e6b6c4fa06b841a84e241cf4bea99ae1acfa07f4c1cc4c06552c51f0603fd5292b74f8981d3816a65292c9dc797ce027eac497a4cb85d44b5d44de727e037b8f6c2634f69f06c242271b572ce5942312154aa74c63ae7fcfa1b518cba69f51b8177d56ef01c3515eb9d9f84afcefc435ec2cc0427a66af12dd9cde0b06821e10dcd511e8be474460c24b7e3d9c3543ae26e6a34782fa47d4923e4c60000000", 0xffe7}], 0x2, 0x0, 0x0, 0x60000000}, 0x4)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141b82, 0x0)
write$cgroup_int(r2, &(0x7f0000000000)=0x800, 0x12)

7m33.56356232s ago: executing program 3 (id=142):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000640)=0x8)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x400, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}})
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r1 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000002c0)={'gre0\x00', &(0x7f00000003c0)={'syztnl0\x00', <r2=>0x0, 0x20, 0x20, 0x5, 0x2, {{0x48, 0x4, 0x0, 0x8, 0x120, 0x64, 0x0, 0x6, 0x2f, 0x0, @local, @local, {[@end, @cipso={0x86, 0x66, 0x3, [{0x5, 0xe, "c9fc8fab6eef95a1da0338ed"}, {0x5, 0x9, "e30a5d647c89b8"}, {0x6, 0x8, "36722ec0198c"}, {0x1, 0xb, "bf77bb93ad42bc0a35"}, {0x0, 0xf, "1e71f2193d9407eeb53267bfbe"}, {0x2, 0x5, "7dcc1c"}, {0x1, 0x5, "73810c"}, {0x6, 0xb, "c37279205d7a5c14d0"}, {0x2, 0x12, "cf58541512f81918dca52686aff2c31f"}]}, @timestamp_addr={0x44, 0x34, 0x54, 0x1, 0x8, [{@remote, 0x4}, {@private=0xa010100, 0x80000000}, {@local, 0x9}, {@remote, 0x6}, {@loopback, 0x6}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x50000}]}, @noop, @timestamp_addr={0x44, 0x3c, 0xdf, 0x1, 0x5, [{@empty, 0x3}, {@rand_addr=0x64010101, 0xffff}, {@local, 0x8}, {@dev={0xac, 0x14, 0x14, 0x10}, 0xfffffff6}, {@multicast1, 0x4}, {@private=0xa010100, 0x7}, {@loopback, 0x10000}]}, @timestamp_addr={0x44, 0x14, 0xc, 0x1, 0x2, [{@broadcast, 0x10001}, {@empty, 0x7}]}, @end, @lsrr={0x83, 0x1f, 0x82, [@dev={0xac, 0x14, 0x14, 0x2a}, @loopback, @multicast2, @loopback, @empty, @dev={0xac, 0x14, 0x14, 0x3c}, @empty]}]}}}}})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x18)
creat(&(0x7f0000000080)='./bus\x00', 0x0)
mkdir(0x0, 0x0)
pipe2$9p(&(0x7f0000001900)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
r6 = dup(r5)
mount$9p_fd(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000040), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@noxattr}, {@nodevmap}, {@msize={'msize', 0x3d, 0x10001}}, {@directio}, {@access_client}, {@noextend}], [], 0x6b}})
r7 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000340), 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x70, '\x00', r2, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='kfree\x00', r9}, 0x10)
ppoll(&(0x7f0000000000)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x51, &(0x7f0000000040), &(0x7f0000000080)={[0xfffffffffffffffb]}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r8}, 0x10)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r10, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001580)={0x28, 0x2, 0x3, 0x101, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x23}}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x54e}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40041}, 0x40010)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', <r11=>0x0})
r12 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$nl_route_sched(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0xdc, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r11, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x88, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x19, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x24, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x2c2a1f44}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x4, 0x6, 0x100, 0x5d, 0x0, 0x7ff, 0x1fe}}, {0x4}}]}]}, 0xdc}}, 0x0)

7m32.409546324s ago: executing program 3 (id=147):
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x7ffff000, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x446102)
dup(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0xa, 0x7, 0x2, 0x4}, 0x50)
r6 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$tcp_congestion(r6, &(0x7f0000000100)='reno\x00', 0x5)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@cgroup=r8, r7, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20)
write$tcp_congestion(r6, &(0x7f0000000300)='reno\x00', 0x5)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup=r8, r7, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20)
r9 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r9, 0x11b, 0x2, &(0x7f0000000180)=0x200000, 0x4)
socket(0x40000000015, 0x5, 0x0)

7m31.157698029s ago: executing program 3 (id=154):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r8 = accept4(r7, 0x0, 0x0, 0x80800)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="100000000f1400042dbd7000fbc9df25ed79d95b869fc8d0e9b15014e15f166008786e43735e6ea89ef54cd4ec15cbfe0934ed41d6c6408705223bfd1bd82d37dae3cf0fb081d81a8bc967c7d3089e07f098a1aff155e7fdd522d7682af468fedea0655674408e712accf76a67cb74497739ce13889d6d9e0215d6623415ede1e760d69dfa74c9a555934a1a9ed854f53b6fee6d632c6014012b4a0be776bb4ab7a1"], 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x4004)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01004000000000000203440000000800", @ANYRESDEC=r9, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140002"], 0x4c}}, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(r8, &(0x7f00000005c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="03007ee4cd73968b6bfcf7c7080000", @ANYRES16=r9, @ANYBLOB="000428bd7000fbdbdf25340000000c009900260300000b0000001d003400bc25e817b6c6ff93aa6ddf447ac43e153869aaa0ba5d3ef10a00000008001f010d00000008001f01080000000600fd00030000001400fe006b57e31b500b462812210e73a80249d50f003400216afec51f101d3ff27d3a00240034007539734874c015a0d8f36e728c7b12536d550a9d90e60f74859e132f777078b008001f0101010000"], 0xa8}, 0x1, 0x0, 0x0, 0x4048010}, 0x800)
sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r5, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x4c, r9, 0x100, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x81}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x6}, @NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x4000800)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RADAR_DETECT(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)={0x1c, r10, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000084)
ioctl$vim2m_VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000180)=@userptr={0xfffffffc, 0x1, 0x4, 0x40, 0x40000004, {0x0, 0xea60}, {0x1, 0x2, 0x3, 0x4, 0x4, 0x9, "745f1c28"}, 0x675, 0x2, {0x0}, 0x10000})
r11 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r11, 0x4c0a, &(0x7f0000001ac0)={r3, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0xfffffffc, 0xd, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4c594b1b3d741d417c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea97772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200", [0x3, 0xffffffffffffffff]}})

7m30.7147123s ago: executing program 32 (id=154):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r8 = accept4(r7, 0x0, 0x0, 0x80800)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="100000000f1400042dbd7000fbc9df25ed79d95b869fc8d0e9b15014e15f166008786e43735e6ea89ef54cd4ec15cbfe0934ed41d6c6408705223bfd1bd82d37dae3cf0fb081d81a8bc967c7d3089e07f098a1aff155e7fdd522d7682af468fedea0655674408e712accf76a67cb74497739ce13889d6d9e0215d6623415ede1e760d69dfa74c9a555934a1a9ed854f53b6fee6d632c6014012b4a0be776bb4ab7a1"], 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x4004)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01004000000000000203440000000800", @ANYRESDEC=r9, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140002"], 0x4c}}, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(r8, &(0x7f00000005c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="03007ee4cd73968b6bfcf7c7080000", @ANYRES16=r9, @ANYBLOB="000428bd7000fbdbdf25340000000c009900260300000b0000001d003400bc25e817b6c6ff93aa6ddf447ac43e153869aaa0ba5d3ef10a00000008001f010d00000008001f01080000000600fd00030000001400fe006b57e31b500b462812210e73a80249d50f003400216afec51f101d3ff27d3a00240034007539734874c015a0d8f36e728c7b12536d550a9d90e60f74859e132f777078b008001f0101010000"], 0xa8}, 0x1, 0x0, 0x0, 0x4048010}, 0x800)
sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r5, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x4c, r9, 0x100, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x81}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x6}, @NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x4000800)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RADAR_DETECT(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)={0x1c, r10, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000084)
ioctl$vim2m_VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000180)=@userptr={0xfffffffc, 0x1, 0x4, 0x40, 0x40000004, {0x0, 0xea60}, {0x1, 0x2, 0x3, 0x4, 0x4, 0x9, "745f1c28"}, 0x675, 0x2, {0x0}, 0x10000})
r11 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r11, 0x4c0a, &(0x7f0000001ac0)={r3, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0xfffffffc, 0xd, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4c594b1b3d741d417c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea97772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200", [0x3, 0xffffffffffffffff]}})

6m36.219925785s ago: executing program 5 (id=271):
r0 = socket$inet6(0xa, 0x1, 0x84)
bind$inet6(r0, 0x0, 0x0)
shutdown(r0, 0x0)
setsockopt$sock_linger(r0, 0x1, 0xd, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x10)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@mcast1}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
connect$bt_rfcomm(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x2, 0x0)
futex(0x0, 0x80000000000b, 0x0, 0x0, 0xfffffffffffffffc, 0x0)
sendto$inet6(r0, &(0x7f0000000100)="bc", 0x1, 0x4, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @loopback={0x900}, 0x1}, 0x1c)
close(r0)

6m32.603704677s ago: executing program 5 (id=274):
r0 = socket(0xb, 0x3, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x2c0800, 0x0)
syz_emit_vhci(&(0x7f0000002480)=ANY=[], 0x9)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x7c5, 0x0, 0x3, 0xd59f80, 0x4, 0x5, 0xb, 0xb, 0x5, 0x720, 0xae, 0x7, 0x5, 0xa, 0x13, {0xffffffff, 0x7}, 0x3, 0xec}})
futex(0x0, 0xb, 0x2, 0x0, 0x0, 0x2)
timer_create(0x0, 0x0, 0x0)
r4 = socket$caif_seqpacket(0x25, 0x5, 0x3)
setsockopt$CAIFSO_REQ_PARAM(r4, 0x116, 0x80, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440))
sendmsg$BATADV_CMD_SET_MESH(r1, 0x0, 0x22000004)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000380)="b9ff0300600d698cff9e14f086dd", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xd1, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
write(r0, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0003000000", 0x41d)

6m30.914444513s ago: executing program 5 (id=281):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xaa9, 0x9}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904008100000000020000000000000800040001000000", 0x24) (fail_nth: 3)

6m29.599890578s ago: executing program 5 (id=285):
mount(&(0x7f0000000000)=@sg0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='ntfs\x00', 0x17520115c2cefebb, &(0x7f0000000100)='\x00')
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x50)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000040)}, 0x20)

6m29.407849066s ago: executing program 5 (id=287):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r4, 0x89b0, &(0x7f00000000c0)={'wlan1\x00', &(0x7f0000000080)})
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10)
listen(r5, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000380)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @broadcast}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x1}}}}}}, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000280)=@generic={&(0x7f0000000100)='./file0\x00'}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f00000002c0), 0x644b00, 0x0)
mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x4001, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)={0x2a, 0x4, 0x0, {0x1, 0xffffffffffdfffff, 0x2, 0x0, [0x0, 0x0]}}, 0x2a)

6m28.039913667s ago: executing program 5 (id=291):
r0 = socket(0xb, 0x3, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x2c0800, 0x0)
syz_emit_vhci(&(0x7f0000002480)=ANY=[], 0x9)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x7c5, 0x0, 0x3, 0xd59f80, 0x4, 0x5, 0xb, 0xb, 0x5, 0x720, 0xae, 0x7, 0x5, 0xa, 0x13, {0xffffffff, 0x7}, 0x3, 0xec}})
futex(0x0, 0xb, 0x2, 0x0, 0x0, 0x2)
timer_create(0x0, 0x0, 0x0)
r4 = socket$caif_seqpacket(0x25, 0x5, 0x3)
setsockopt$CAIFSO_REQ_PARAM(r4, 0x116, 0x80, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440))
sendmsg$BATADV_CMD_SET_MESH(r1, 0x0, 0x22000004)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000380)="b9ff0300600d698cff9e14f086dd", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xd1, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
write(r0, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0003000000", 0x41d)

6m12.536917146s ago: executing program 33 (id=291):
r0 = socket(0xb, 0x3, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x2c0800, 0x0)
syz_emit_vhci(&(0x7f0000002480)=ANY=[], 0x9)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x7c5, 0x0, 0x3, 0xd59f80, 0x4, 0x5, 0xb, 0xb, 0x5, 0x720, 0xae, 0x7, 0x5, 0xa, 0x13, {0xffffffff, 0x7}, 0x3, 0xec}})
futex(0x0, 0xb, 0x2, 0x0, 0x0, 0x2)
timer_create(0x0, 0x0, 0x0)
r4 = socket$caif_seqpacket(0x25, 0x5, 0x3)
setsockopt$CAIFSO_REQ_PARAM(r4, 0x116, 0x80, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440))
sendmsg$BATADV_CMD_SET_MESH(r1, 0x0, 0x22000004)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000380)="b9ff0300600d698cff9e14f086dd", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xd1, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
write(r0, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0003000000", 0x41d)

22.619971441s ago: executing program 6 (id=1370):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280)='fusectl\x00', 0x4001, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1230023, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$dsp(0xffffffffffffff9c, 0x0, 0xa0842, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x76, 0x0, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000002200)=@generic={0x0}, 0x18)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

19.075112002s ago: executing program 0 (id=1382):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0xc, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)
statx(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x2000, 0x20, &(0x7f0000000280))

18.868101897s ago: executing program 0 (id=1386):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="1546010000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r1, @ANYBLOB="0a01000000bbbbbbbbbb0000"], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010102e983bc20570511201c7c010203010902129ba686c73e3411000102088001090488"], &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0})

18.858306547s ago: executing program 6 (id=1387):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0xfffffffffffffdbe, &(0x7f00000003c0)=0x6)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f00000000000600000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x58, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
sendmsg$nl_route_sched(r4, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000900)=@delqdisc={0xc0, 0x25, 0x300, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff2}, {0x480bd72125a0c189, 0xa}, {0xffe0, 0x10}}, [@TCA_STAB={0x94, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x9, 0x9a1, 0x3ff, 0x2, 0x1, 0x1a, 0x8}}, {0x14, 0x2, [0x3d, 0x8, 0xeba8, 0xd, 0x5, 0x9, 0x6806, 0x5]}}, {{0x1c, 0x1, {0x2, 0x3, 0x9, 0x2, 0x2, 0x401, 0x9, 0x7}}, {0x12, 0x2, [0x2, 0x4, 0x8, 0xfff8, 0x6, 0x7, 0x6]}}, {{0x1c, 0x1, {0xa3, 0x3a, 0x4, 0x8, 0x2, 0x4, 0xb2, 0x7}}, {0x12, 0x2, [0x7ff, 0x7fff, 0xad, 0x0, 0xf94, 0x7, 0x7]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}]}, 0xc0}, 0x1, 0x0, 0x0, 0x10}, 0x880)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000000c0)='veno\x00', 0x5)
syz_open_procfs(0x0, &(0x7f0000000580)='net/tcp6\x00')
ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000000080)={0x0, 0x1, 0x3, '\x00', &(0x7f0000000040)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x0, 0x0, &(0x7f0000000640)='syzkaller\x00', 0xfffffff6, 0x78, &(0x7f0000000180)=""/120, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x5, 0x9, 0x2a211361, 0x86}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000780)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f00000007c0)=[{0x0, 0x5, 0x3, 0x3}, {0x0, 0x4, 0xd, 0x6}, {0x3, 0x1, 0xf, 0x4}, {0x4, 0x2, 0x3, 0x1}, {0x1, 0x4, 0xc, 0x4}, {0x1, 0x3, 0xc, 0x4}]}, 0x94)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
socketpair(0x22, 0x80803, 0x0, &(0x7f0000000400))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000200000a38000000090a000000000000000000000900000908000a40000000000900020073797a310000000008000540000000000800084000000003140000001100d2456005a4f94e3e02b9ff92c0dc"], 0x60}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)

17.452594377s ago: executing program 6 (id=1395):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="190000000400000008000000080000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

16.128417032s ago: executing program 0 (id=1398):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280)='fusectl\x00', 0x4001, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1230023, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$dsp(0xffffffffffffff9c, 0x0, 0xa0842, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x76, 0x0, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000002200)=@generic={0x0}, 0x18)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

14.826109835s ago: executing program 1 (id=1401):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x2f126000)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r4, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x8)
cachestat(r2, &(0x7f0000000180)={0xff}, &(0x7f0000002280), 0x0)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b30000005c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000001000000e8e187f63af5cbc371c494e9d809ff070000", @ANYRES32=r6, @ANYBLOB="0000000000000000660000000000000018000000000000000000000000000000950000000000000097030000040000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x94)
write$UHID_CREATE(r0, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000940)=""/3, 0x3, 0x0, 0x4, 0x34, 0xe, 0xc08}}, 0x120)
syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
syz_io_uring_setup(0x110, &(0x7f0000002600)={0x0, 0x4b87, 0x10, 0x1}, &(0x7f0000000140), &(0x7f00000025c0))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89a0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r7, 0x0, 0xd2, &(0x7f0000000000)={@empty, @empty, 0x0, "daf86eed51d59c3b227a93fc7264db425e9d015e14f17c0900497e00b3bb00", 0x7, 0x6, 0xffffff9d, 0xffffe6df}, 0x3c)
syz_emit_ethernet(0x17a, &(0x7f0000000b40)={@multicast, @link_local, @void, {@ipv4={0x800, @tcp={{0x12, 0x4, 0x0, 0x3, 0x16c, 0x68, 0x0, 0x6, 0x6, 0x0, @private=0xa010101, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@lsrr={0x83, 0xb, 0x96, [@remote, @remote]}, @timestamp={0x44, 0x28, 0xfd, 0x0, 0x6, [0x8000, 0x78, 0xffff, 0x6, 0x2, 0xfffffff8, 0x800, 0x81, 0xb]}]}}, {{0x4e24, 0x4e23, 0x41424344, 0x41424344, 0x1, 0x0, 0xa, 0x80, 0x9, 0x0, 0x6, {[@exp_fastopen={0xfe, 0x11, 0xf989, "fd357b00b9307614cb42af6214"}]}}, {"22102afc78542ec522eb583ea4d9793fe0acdc26a4a58cb3ca51a705bdadf5066f01798c6e0d364c51521c69df399eff14b6572bc3f7916017396e07d09d853d0d4d331273829aa4e6ad7d0ae364b68397bb0b7e3ce085042093d365dd1b39be55575925c4b14df6175832192bbb43378827ef6d7b2d0da65ca43b6e09d4c07986640a1c4fb68bb7295340b01bcce748fcebb9d109434bbb472d3103fa8f119dee31dcb713f16f642f24be2d7c4c15e0614e7cab97281caa4fd37ae73668d11f83689117b8ffdfcf0bdf1d1a880df1e1614c0530a60a9a4624174233bc74198f80c0c782d6954e04f57556b0d7f2c235ae9efad05be9dba3ce18370a"}}}}}}, 0x0)

12.875405652s ago: executing program 1 (id=1405):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYRES8], 0xc0}}, 0x0)

12.256598781s ago: executing program 1 (id=1407):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x14}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="400100001000010000000000000000000a010102000000000000100000000000ac1414bb00000000000000000000000000000a00002016000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000001000004d26c000000ac1414aa000000000000000000000000000000000000000003000000000000000000000000000000010000000000000000000000000000000000000000000000000001000400000000000000000000000000000000000000feffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000a0001002000000000000000480003006c7a6a6800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080016"], 0x140}}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000200), 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat(0xffffffffffffff9c, 0x0, 0x1ab)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz0\x00', {0xfff7, 0xc, 0x100, 0x81}, 0x1d, [0x7b, 0xb7e2, 0x3, 0x9, 0x100, 0x3, 0x1, 0x7, 0x9, 0x2, 0x7, 0xa, 0x3, 0x0, 0x7f, 0xd, 0x7fff, 0x6, 0x6, 0x5, 0x5, 0x6, 0x7, 0x6, 0xff, 0x2, 0xfffff5ee, 0x401, 0x0, 0xfc75, 0x8, 0x9, 0x4, 0x2, 0xffffffff, 0x81, 0xfffff765, 0x2, 0x3, 0xfffffff9, 0xa, 0x2, 0x5, 0x0, 0x3ff, 0x6, 0x7, 0x4c, 0xfffffffd, 0x80, 0x8, 0x8, 0x9, 0x7, 0x8000101, 0xc3c, 0x1733, 0x7fff, 0x7ffc, 0x1, 0x6, 0x5, 0x1, 0x4], [0x8, 0x3, 0x8, 0x8, 0x0, 0x8, 0x4, 0x0, 0x25, 0x10, 0x6, 0x7, 0x8, 0xe62, 0xffffff73, 0x1000, 0x6, 0x13e5, 0x3, 0x3, 0x1000, 0x7, 0x1, 0x3b40, 0x4, 0x1000, 0x5, 0x7fff, 0x8, 0x5a, 0x1, 0x7fffffff, 0x6995, 0x1, 0x80000000, 0x8, 0xdaa, 0x5, 0x2, 0x76c4, 0xfffffffd, 0x7, 0x4, 0x10000, 0xd, 0x2, 0x9, 0x10, 0x4000e, 0x9, 0x7, 0xa, 0x9, 0x3, 0x8, 0x3, 0x2, 0x3a6, 0x27f8, 0xc0d, 0xfffffffd, 0xb, 0xc, 0xfffffffb], [0xa3, 0x6, 0x6, 0x9, 0x1003, 0x0, 0x80000000, 0x5, 0x7f, 0xa, 0x100, 0x1000, 0xf1, 0x6, 0xc, 0x10000, 0x72, 0xb, 0x633, 0xd, 0x7, 0x6, 0x80000000, 0x6, 0x0, 0x7, 0x8, 0x2ef3adcb, 0x10, 0x2, 0x8, 0x8, 0x74, 0x4, 0x7, 0x7ff, 0xfffffff2, 0x63, 0x7, 0x2, 0x3, 0x3, 0x200, 0xfffffffd, 0xffffffff, 0xa1, 0x0, 0x9d, 0x7, 0xa8a, 0x2, 0x6, 0x77, 0x8, 0x1ff, 0x7, 0x7, 0x2, 0x0, 0x2, 0x8, 0x2, 0x3, 0x5], [0x6, 0x4, 0x5, 0x8000, 0x493e, 0x3, 0x35ff4447, 0x7, 0x5, 0x4, 0x7fff, 0x5, 0x5, 0x3ff, 0x3, 0xffff0000, 0x9, 0xf7df, 0x2, 0x10, 0x8, 0x2, 0xff, 0x6, 0x4, 0x4, 0x0, 0x0, 0x7, 0x4e6, 0x8, 0x6, 0x5ef, 0x8000, 0xc, 0x4, 0x401, 0x1, 0x5, 0x0, 0x9a8, 0x99f, 0x231, 0x3ff, 0x8, 0x1, 0xffff0001, 0x1, 0x1, 0x10, 0x8, 0x5396, 0x6161, 0x9, 0x101, 0x1ff, 0x8, 0x431, 0x6, 0x5, 0x4, 0x7b, 0x7fc, 0x9]}, 0x45c)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="30000000190001000000000000000000021800000000ff000000000008000100ac1414000c00090008"], 0x30}}, 0x0)
timer_create(0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

11.268926502s ago: executing program 4 (id=1408):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000580)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r1, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
sendmmsg(0xffffffffffffffff, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000280)="9b379b5282aad7ad", 0x8}], 0x1}}], 0x1, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = eventfd2(0x0, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r4, 0x4018aebd, &(0x7f0000000040)={0x2, r5})
ioctl$KVM_HYPERV_EVENTFD(r4, 0x4018aebd, &(0x7f0000000100)={0x2, r5})

10.902568606s ago: executing program 0 (id=1410):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044940, &(0x7f0000001fc0))
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000380)={'team_slave_1\x00', &(0x7f0000000280)=@ethtool_eee={0x44, 0x9c, 0x4, 0xfffffffe, 0xf14, 0xfff, 0x0, 0xa, [0x7, 0xfffffffd]}})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000200), 0x4)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}])
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x3, 0x7, 0x2, 0x17d, 0x4, 0x10, 0xf1, 0x6, 0x15b4, 0x5, 0xfffffffffffffffc, 0x9, 0x2, 0x6, 0x40, 0xbdb], 0xffff1001, 0x368182})
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x3)
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000003c0)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000045000000040000000fa2"], 0x45})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x8000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1a, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="18020000fcffffef0000000000000000850000003600000018010000646c6c25737fc17eea6a209b8200000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000180000085000000060000009500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="178d048604bf0bfb1945d7430008", 0x0, 0x501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYBLOB="cddc64d8a054383e925562c0ba6b08be0b199bf2bcda019ef5760b5214e096a465e1631b4d613ef5bcfdbc4c93ac88fe7ffbc521611c2aaac250a38bc340ff25fae0242c6ceb5ff51e47e75fd7d8573910b21a4c7e4210e59f95f38b33e3eaa91561c0a83455ace9b79b86a1c3668437eedbf72f52e049efde0f240d6e3787a5649d94323ec51b759bd25623", @ANYRESHEX=r7], 0x28}, 0x1, 0x0, 0x0, 0x4841}, 0x20008800)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
socket(0x10, 0x803, 0x0)
write(0xffffffffffffffff, &(0x7f0000000180)="2f4f6f3ec5dcc07db9552c846b38cff8defeb3aa25d49be85c", 0x19)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r8, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r9, {0x2, 0x0, @local}, 0x2}}, 0x2e)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000880)=ANY=[@ANYRES8=r7, @ANYRES32=r7, @ANYRESDEC=r7, @ANYRESDEC=r5], 0xfc}, 0x1, 0x0, 0x0, 0x20044040}, 0x0)
connect$inet6(r9, &(0x7f00000000c0)={0xa, 0x4e22, 0x81, @mcast2, 0x5}, 0x1c)
r11 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r11, &(0x7f00000005c0)=@pppol2tpv3={0x18, 0x1, {0x0, r9, {0x2, 0x4e22, @remote}, 0x2, 0x4, 0x3, 0x3}}, 0x2e)

10.880586835s ago: executing program 6 (id=1411):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x1, 0x0, 0x661, 0x2, 0x2}})
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="d4000000020103000000000000000000020000050800170000000000b80001802c00018014000300fe80000000000000000000000000002514000400fe88000000000000000000000000000106000340000300002c00018014000300fe80000000000000000000000000002414000400fe8000000000000000000000000000122c00018014000300fe8000000000000000000000000000bb14000400c800000000000000000000000000003b1400018008000100ffffffff080002000000000006000340000400000c0002"], 0xd4}, 0x1, 0x0, 0x0, 0x24000880}, 0x40000)
sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000190000042dbd550000080000808080020002fef20105000008000200ac1414bb"], 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x0)

10.785289378s ago: executing program 4 (id=1413):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
socket(0x1d, 0x2, 0x6)
socket$key(0xf, 0x3, 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0xc7}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc86a00", "4617a9f6040839230fb7fead776dd8dc", "c6db0872", "a44a883fca4400"}, 0x28)
recvmmsg(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f00000000c0)}, 0xa}], 0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_io_uring_setup(0x88f, &(0x7f00000001c0)={0x0, 0xaee2, 0x10, 0xffffffff, 0x19}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x300000000000000, 0x2, 0x3, 0xfffffffffffffffd, 0x0, 0x8}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x18, 0x0, 0x9, 0x466, 0xffffffffffffffff}, 0x0, 0x0)

7.803869099s ago: executing program 6 (id=1414):
r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0)
close(r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = fsopen(&(0x7f0000000300)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x100000000000000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r5, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={&(0x7f0000001340)={0x14, 0x7, 0x1, 0x201, 0x0, 0x0, {0x2, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
dup(r6)

7.669870136s ago: executing program 2 (id=1415):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x80109, "fa02946a000000001dda524f03000000000000000000003673000000002000"})
ppoll(&(0x7f0000000100), 0x0, &(0x7f0000000200), &(0x7f0000000280)={[0x2]}, 0x8)

7.598152921s ago: executing program 4 (id=1416):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xa, 0x4d091, r0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0xb8f1, 0x1, 0xffffffee, 0x1c3}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000500)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x48, 0x0, 0x10000, 0x3, 0x0, 0x1, 0x0, 0x1, {0x3}})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)
fcntl$addseals(r0, 0x409, 0xa)
r7 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000280)=0x15)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r9}})
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0)

7.527842585s ago: executing program 2 (id=1417):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0xc)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = syz_io_uring_setup(0x228f, &(0x7f00000002c0)={0x0, 0x2737, 0x40, 0x2, 0x223}, &(0x7f00000003c0), &(0x7f0000000480))
r4 = syz_io_uring_setup(0x710c, &(0x7f0000000180)={0x0, 0xffffffff, 0x30c0, 0x1, 0x18b, 0x0, r3}, &(0x7f0000000100), &(0x7f0000000140))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
ioctl$MEDIA_IOC_DEVICE_INFO(0xffffffffffffffff, 0xc1007c00, &(0x7f0000000580))
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000280)='autofs\x00', 0x0, &(0x7f0000000400))
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, 0x0, &(0x7f0000000080)='sysfs\x00', 0xce3a60fe95cde724, 0x0)
rename(&(0x7f0000000240)='./file1/file0\x00', &(0x7f0000000f00)='./file0\x00')
r5 = epoll_create(0xaf2)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)={0xe000200f})
epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r4, &(0x7f0000000000)={0x11})
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='\f\x00\x00\x00', @ANYRES16=r7, @ANYRESHEX, @ANYRES32=0x0, @ANYRESHEX=0x0], 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x8004)

7.527176591s ago: executing program 0 (id=1418):
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x1, 0x8000, 0xd9}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007"], 0x50)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r5, &(0x7f0000000000), 0xd)
ioctl$NBD_SET_SOCK(r4, 0xab00, 0xffffffffffffffff)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_ADD(r6, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c80)={0x34, r7, 0x1, 0x70bd25, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @private=0xa010101}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000010}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f00000000c0), r6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f0000000080)={0x1, '='}, 0x2)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r1, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r9 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000040)={0xfffe, 0x6}, 0x4)
setsockopt$packet_fanout_data(r9, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0xff, 0xfffff034}, {0x40, 0x4, 0x0, 0x40000}, {0x6, 0x0, 0x20, 0xfffffffd}]}, 0x10)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)

7.272082086s ago: executing program 1 (id=1419):
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x1, 0x8000, 0xd9}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007"], 0x50)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r5, &(0x7f0000000000), 0xd)
ioctl$NBD_SET_SOCK(r4, 0xab00, 0xffffffffffffffff)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_ADD(r6, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c80)={0x34, 0x0, 0x1, 0x70bd25, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @private=0xa010101}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000010}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f00000000c0), r6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f0000000080)={0x1, '='}, 0x2)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r1, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r8 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r8, 0x107, 0x12, &(0x7f0000000040)={0xfffe, 0x6}, 0x4)
setsockopt$packet_fanout_data(r8, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0xff, 0xfffff034}, {0x40, 0x4, 0x0, 0x40000}, {0x6, 0x0, 0x20, 0xfffffffd}]}, 0x10)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)

5.711271064s ago: executing program 4 (id=1420):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000"], 0xdc}}, 0x0)

5.522819514s ago: executing program 2 (id=1421):
socket$kcm(0xf, 0x3, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket(0x2b, 0x1, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_pressure(r4, &(0x7f0000000040)='cpu.pressure\x00', 0x2, 0x0)
r5 = syz_open_dev$sndpcmc(&(0x7f0000000580), 0x1, 0x101000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@fwd={0x2}]}, {0x0, [0x2e, 0x2e, 0xcdbe01d79ea30125]}}, 0x0, 0x29, 0x0, 0x1}, 0x28)
ioctl$SNDRV_PCM_IOCTL_REWIND(r5, 0x40084146, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r6, 0x560f, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000046c0), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)

4.726999618s ago: executing program 4 (id=1422):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x168)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000001140)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x8, 0x6, 0x2000000008000, 0x200000000000000, 0x3, 0x3, 0x6, 0x2, 0x7})

3.90249193s ago: executing program 0 (id=1423):
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xfffffffffffffffa, 0x88}, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x5e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000340), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r2, 0xc2604111, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r4 = userfaultfd(0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_percpu\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = socket(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000ec0)=@raw={'raw\x00', 0xc08, 0x3, 0x440, 0x310, 0x5002004a, 0xb, 0x310, 0xea13, 0x3a8, 0x3c8, 0x3c8, 0x3a8, 0x3c8, 0x3, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 'bridge0\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x5c, 0x3, 0x2}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}, {0x4}, {}, {}, {0x0, 0x0, 0x5e}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x4}, {}, {0x4, 0x8}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x7f}, {0x0, 0x4}, {}, {}, {}, {0xfffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}]}}, @common=@inet=@socket3={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4a0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})

3.832075107s ago: executing program 4 (id=1424):
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x2000000, 0x12, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
rt_sigqueueinfo(r2, 0xb, &(0x7f0000000340)={0x23, 0x7fff, 0x8000})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000b40)={'dummy0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000069000010000000004000050018010000696c6c2500000000002020207b1af8ff00000000bfa1000000000000070100fef7ffffffb702000008000000b703000000400005850000000800000095"], &(0x7f0000000040)='syzkaller\x00', 0x9, 0xfcc, &(0x7f0000001e00)=""/4044, 0x100, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94)

3.587389507s ago: executing program 2 (id=1425):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000200)={0x34, r4, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_RINGS_TX={0x8}, @ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x34}}, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000000)={{0x0, 0xeeef0000, 0xe, 0x0, 0x81, 0x4, 0xa, 0x4e, 0x0, 0x7, 0x6, 0x1}, {0x5000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0xfd, 0x2, 0x1, 0x6, 0xf, 0x8, 0x6, 0x2}, {0xffff1000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x2, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x0, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xe6e60000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x4, 0x3, 0x8, 0x5, 0x4e}, {0x4, 0x7}, {0x6000, 0x5}, 0x10, 0x0, 0x0, 0x40, 0x7, 0x1000, 0xeeef0000, [0x5, 0x8001, 0x8]})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0x10, 0x0, 0x8, 0x2, 0x1, 0x4, 0x0, 0x4, 0x9, 0x10}, {0xcccff001, 0x0, 0xc, 0x0, 0x0, 0x0, 0x2, 0x1, 0x7, 0x4}, {0xeeee8000, 0xdddd0000, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xffff1000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4, 0x8}, {0xeeee8000, 0x3000, 0xb, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x5000, 0xd000, 0x0, 0x7, 0xc, 0x0, 0x2, 0x0, 0x4, 0x10, 0x80}, {0xdddd1000, 0x100000, 0x9, 0x6, 0x0, 0x0, 0x2, 0x4, 0x10}, {0x8080000, 0x3000, 0x0, 0x1, 0x7f, 0x4, 0x0, 0x1a, 0x26, 0x0, 0xff}, {0x80ac000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x1, 0x70, 0x0, 0xdd00, 0x5000, [0xfffffffffffffffc, 0x0, 0x1, 0xfffffffffffffffc]})
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r5 = socket(0x80000000000000a, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000040)={'tunl0\x00', 0x0, 0x40, 0x40, 0x7, 0x10, {{0x5, 0x4, 0x2, 0x9, 0x14, 0x64, 0x0, 0xd, 0x29, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x35}}}}})
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000084, 0x0, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r9 = dup3(r8, r7, 0x0)
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r10, 0x10000400000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r10, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000280)={@fd={0x66642a85, 0x0, r9}, @flat=@handle={0x73682a85, 0x1, 0x1}, @fda={0x66646185, 0x5, 0x1, 0x18}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r6, 0xc0305710, &(0x7f00000001c0)={0x0, 0x9, 0xa, 0x0, 0x66})
socket$nl_route(0x10, 0x3, 0x0)

3.503560924s ago: executing program 6 (id=1426):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
ioctl$PTP_EXTTS_REQUEST(r0, 0x40103d02, &(0x7f0000000080)={0x5, 0x10})
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffffb}]})
rt_sigsuspend(0xffffffffffffffff, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x2b, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000440)='block_bio_complete\x00', r2, 0x0, 0x8}, 0x18)
write$cgroup_int(r1, &(0x7f0000000040)=0x1c8, 0x12)
syz_usb_connect(0x0, 0x3bf, &(0x7f0000000440)=ANY=[@ANYBLOB="120100004af96b40b822276082d2010203010902ad0301000000000904b90010020a00000905"], 0x0)

1.291152561s ago: executing program 1 (id=1427):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x80109, "fa02946a000000001dda524f03000000000000000000003673000000002000"})
ppoll(&(0x7f0000000100), 0x0, &(0x7f0000000200), &(0x7f0000000280)={[0x2]}, 0x8)

184.945234ms ago: executing program 2 (id=1428):
bpf$MAP_CREATE(0x0, 0x0, 0x13)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
syz_emit_ethernet(0x75, &(0x7f0000000300)=ANY=[], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
r0 = socket(0x10, 0x5, 0x3ff)
getsockname$packet(r0, 0x0, &(0x7f0000000200))
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/disk', 0x169a82, 0x18c)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x420, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x350, 0xffffffff, 0xffffffff, 0x350, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x250, 0x280, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18, 0x20}, {0x8}}}, @common=@inet=@set4={{0x50}, {{0xffffffffffffffff, 0x3, 0x5}, {{0xa0}, 0x1}, {{0x3fffffff80000000}, 0x4}, 0x8}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x480)
syslog(0x2, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, &(0x7f0000000340))
mkdir(&(0x7f0000000140)='./file0\x00', 0xe8)
mount(&(0x7f0000000200)=@nullb, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='hpfs\x00', 0x321021d, 0x0) (fail_nth: 1)

86.0016ms ago: executing program 1 (id=1429):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000140), 0x10)
newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x1000)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="e5ffffff02000000660000002300000016000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff4e}, 0x23)
quotactl_fd$Q_GETINFO(r1, 0xffffffff80000502, r2, &(0x7f0000000280))
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$cgroup_procs(r4, 0x0, 0x2, 0x0)
epoll_pwait2(r4, &(0x7f0000000300)=[{}, {}], 0x2, &(0x7f0000000340), &(0x7f0000000380)={[0xfff]}, 0x8)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x6)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r6 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r6, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r8}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x28}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0)
sendto$inet(r5, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0xf0b, 0x70bd29, 0x25dfdbfc, {0x60, 0x0, 0x0, 0x0, {0x7, 0xfff2}, {0xfff1, 0xc}, {0x1, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FLOW_MODE={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44045}, 0x10004)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10)

0s ago: executing program 2 (id=1430):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "fc7771", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x2}}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

 3-1: Manufacturer: syz
[  311.631760][  T978] usb 3-1: SerialNumber: syz
[  311.757623][ T5881] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  311.856552][  T978] usb 3-1: USB disconnect, device number 9
[  311.940230][ T5881] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  311.973386][ T5881] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid maxpacket 262, setting to 64
[  311.984685][ T5881] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  311.996011][ T5881] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  312.014978][ T5881] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  312.024593][ T5881] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  312.036573][ T5881] usb 7-1: Manufacturer: syz
[  312.045670][ T5881] usb 7-1: config 0 descriptor??
[  312.058479][ T8102] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22
[  312.926805][ T8123] netlink: 20 bytes leftover after parsing attributes in process `syz.4.519'.
[  312.948425][ T8123] netlink: 20 bytes leftover after parsing attributes in process `syz.4.519'.
[  313.337898][ T5895] usb 7-1: USB disconnect, device number 4
[  313.506049][ T8130] netlink: 24 bytes leftover after parsing attributes in process `syz.2.522'.
[  313.668653][ T5881] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  314.064332][ T5881] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  314.263179][ T5881] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  314.274172][ T5881] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  314.289888][ T5881] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  314.300324][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  314.309043][ T5881] usb 1-1: SerialNumber: syz
[  314.390257][ T8140] bridge2: entered promiscuous mode
[  314.906265][ T8154] ieee802154 phy1 wpan1: encryption failed: -90
[  314.968518][ T8155] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  314.987771][ T8155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  314.997529][ T8155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  315.017886][ T8155] overlay: Unknown parameter '\
'
[  316.539376][ T8165] sctp: failed to load transform for md5: -4
[  316.857075][ T8176] netlink: 60 bytes leftover after parsing attributes in process `syz.1.527'.
[  316.942765][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  317.099168][ T5881] usbtest 1-1:1.0: Linux user mode ISO test driver
[  317.298266][ T5881] usbtest 1-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  317.319201][ T5881] usb 1-1: USB disconnect, device number 10
[  318.921791][ T8199] mkiss: ax0: crc mode is auto.
[  318.940302][ T8203] netlink: 24 bytes leftover after parsing attributes in process `syz.1.539'.
[  321.505065][ T8227] macvlan2: entered allmulticast mode
[  322.861655][ T8247] netlink: 60 bytes leftover after parsing attributes in process `syz.1.549'.
[  324.178556][ T8259] 
@ÿ: renamed from veth0_vlan (while UP)
[  324.496243][ T8260] xt_l2tp: v2 doesn't support IP mode
[  324.979463][ T8267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.557'.
[  325.033012][ T8267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.557'.
[  325.191158][ T8269] netlink: 24 bytes leftover after parsing attributes in process `syz.2.559'.
[  326.808706][ T8273] netlink: 4 bytes leftover after parsing attributes in process `syz.6.560'.
[  326.840486][ T8273] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  326.922349][ T8285] netlink: 28 bytes leftover after parsing attributes in process `syz.1.565'.
[  326.938861][ T8285] netlink: 28 bytes leftover after parsing attributes in process `syz.1.565'.
[  327.074992][ T8273] batman_adv: batadv0: Removing interface: batadv_slave_0
[  327.998926][ T8273] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  328.322145][ T8273] batman_adv: batadv0: Removing interface: batadv_slave_1
[  329.719252][ T8321] netlink: 60 bytes leftover after parsing attributes in process `syz.1.568'.
[  330.260114][ T8325] netlink: 8 bytes leftover after parsing attributes in process `syz.4.573'.
[  333.177538][ T5818] Bluetooth: hci1: command 0x0406 tx timeout
[  333.177645][ T8330] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  334.051459][    C1] wlan1: beacon TX faster than countdown (channel/color switch) completion
[  334.076610][ T8330] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  334.136891][ T8330] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  334.143518][ T8330] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  334.155804][ T8330] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  334.162054][ T8330] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  334.173845][ T8330] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  334.180275][ T8330] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  334.188609][ T8330] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  334.194618][ T8330] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  334.203114][ T8330] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  334.382628][ T8378] netlink: 5128 bytes leftover after parsing attributes in process `syz.6.582'.
[  334.441391][ T8378] netlink: 5128 bytes leftover after parsing attributes in process `syz.6.582'.
[  334.451392][ T8378] netlink: 584 bytes leftover after parsing attributes in process `syz.6.582'.
[  334.507879][   T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  334.698278][ T5895] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  334.935581][ T5895] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  335.010153][ T5895] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  335.105119][ T5895] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  335.184383][ T5895] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  335.257441][ T5818] Bluetooth: hci1: command 0x0406 tx timeout
[  335.266010][ T5895] usb 7-1: SerialNumber: syz
[  335.738033][ T8402] netlink: 60 bytes leftover after parsing attributes in process `syz.4.586'.
[  335.810631][ T5895] usb 7-1: 0:2 : does not exist
[  335.815631][ T5895] usb 7-1: unit 255 not found!
[  335.879285][ T5895] usb 7-1: USB disconnect, device number 5
[  335.887729][ T8407] netlink: 40 bytes leftover after parsing attributes in process `syz.2.590'.
[  336.138297][ T5818] Bluetooth: hci2: command 0x0406 tx timeout
[  336.217561][ T5821] Bluetooth: hci3: command 0x0406 tx timeout
[  336.217806][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  336.223899][ T5818] Bluetooth: hci0: command 0x0405 tx timeout
[  336.757177][ T8416] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  338.218299][ T5818] Bluetooth: hci2: command 0x0406 tx timeout
[  338.347527][ T5818] Bluetooth: hci4: command 0x0406 tx timeout
[  338.354366][   T51] Bluetooth: hci0: command 0x0405 tx timeout
[  338.361089][ T5818] Bluetooth: hci3: command 0x0406 tx timeout
[  338.682314][ T5924] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  338.859538][ T5924] usb 3-1: Using ep0 maxpacket: 32
[  338.880104][ T5924] usb 3-1: config 0 has an invalid descriptor of length 51, skipping remainder of the config
[  338.923666][ T5924] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  338.956184][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.978847][ T5924] usb 3-1: Product: syz
[  338.986290][ T5924] usb 3-1: Manufacturer: syz
[  338.996401][ T5924] usb 3-1: SerialNumber: syz
[  339.018774][ T5924] usb 3-1: config 0 descriptor??
[  339.048579][ T5924] cdc_ether 3-1:0.0: probe with driver cdc_ether failed with error -22
[  339.071876][ T5924] usb 3-1: unsupported MDLM descriptors
[  340.599838][ T8471] loop9: detected capacity change from 0 to 8
[  340.611769][ T8471]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  340.617273][ T8471] loop9: partition table partially beyond EOD, truncated
[  340.631358][ T8471] loop9: p1 size 81768186 extends beyond EOD, truncated
[  340.727836][   T10] usb 3-1: USB disconnect, device number 11
[  340.838355][ T8474] netlink: 64 bytes leftover after parsing attributes in process `syz.6.607'.
[  341.327554][   T10] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  341.542900][   T10] usb 3-1: not running at top speed; connect to a high speed hub
[  341.562990][   T10] usb 3-1: config 1 interface 0 has no altsetting 0
[  341.575094][   T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40
[  341.585289][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.598697][   T10] usb 3-1: Product: syz
[  341.603230][   T10] usb 3-1: Manufacturer: syz
[  342.118587][   T10] usb 3-1: SerialNumber: syz
[  342.238731][ T8499] loop9: detected capacity change from 0 to 8
[  342.246943][ T8499]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  342.256582][ T8499] loop9: partition table partially beyond EOD, truncated
[  342.284531][ T8499] loop9: p1 size 81768186 extends beyond EOD, truncated
[  342.363797][   T10] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input15
[  342.415858][   T10] usb 3-1: USB disconnect, device number 12
[  343.558312][ T8512] netlink: 60 bytes leftover after parsing attributes in process `syz.4.616'.
[  343.627417][    T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  343.861290][    T9] usb 1-1: Using ep0 maxpacket: 32
[  343.879380][    T9] usb 1-1: config 0 has an invalid descriptor of length 51, skipping remainder of the config
[  343.958721][    T9] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  344.092186][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.219145][    T9] usb 1-1: Product: syz
[  344.258580][    T9] usb 1-1: Manufacturer: syz
[  344.277403][    T9] usb 1-1: SerialNumber: syz
[  344.303337][    T9] usb 1-1: config 0 descriptor??
[  344.320051][    T9] cdc_ether 1-1:0.0: probe with driver cdc_ether failed with error -22
[  344.339180][    T9] usb 1-1: unsupported MDLM descriptors
[  345.585923][    T9] usb 1-1: USB disconnect, device number 11
[  345.890929][ T8536] input: syz0 as /devices/virtual/input/input16
[  345.927526][ T8536] input: failed to attach handler leds to device input16, error: -6
[  346.757473][ T5924] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  347.528527][ T5924] usb 2-1: not running at top speed; connect to a high speed hub
[  347.550796][ T5924] usb 2-1: config 1 interface 0 has no altsetting 0
[  347.566328][ T5924] usb 2-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40
[  347.582976][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.593865][ T5924] usb 2-1: Product: syz
[  347.598401][ T5924] usb 2-1: Manufacturer: syz
[  347.604797][ T5924] usb 2-1: SerialNumber: syz
[  348.086760][ T5924] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input17
[  348.499732][ T5174] bcm5974 2-1:1.0: could not read from device
[  348.576980][ T5174] bcm5974 2-1:1.0: could not read from device
[  348.583153][ T5924] usb 2-1: USB disconnect, device number 12
[  348.604353][ T5174] bcm5974 2-1:1.0: could not read from device
[  348.619812][ T5174] bcm5974 2-1:1.0: could not read from device
[  348.757808][   T10] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  348.808628][ T8576] netlink: 60 bytes leftover after parsing attributes in process `syz.6.637'.
[  348.952027][   T10] usb 3-1: Using ep0 maxpacket: 32
[  349.017426][   T10] usb 3-1: config 0 has an invalid descriptor of length 51, skipping remainder of the config
[  349.218906][   T10] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  349.233228][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.242781][   T10] usb 3-1: Product: syz
[  349.247484][   T10] usb 3-1: Manufacturer: syz
[  349.252253][   T10] usb 3-1: SerialNumber: syz
[  349.296088][   T10] usb 3-1: config 0 descriptor??
[  349.418529][   T10] cdc_ether 3-1:0.0: probe with driver cdc_ether failed with error -22
[  349.444079][   T10] usb 3-1: unsupported MDLM descriptors
[  351.045294][   T10] usb 3-1: USB disconnect, device number 13
[  351.341363][ T8599] FAULT_INJECTION: forcing a failure.
[  351.341363][ T8599] name failslab, interval 1, probability 0, space 0, times 0
[  351.354581][ T8599] CPU: 0 UID: 0 PID: 8599 Comm: syz.2.645 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  351.354620][ T8599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  351.354641][ T8599] Call Trace:
[  351.354649][ T8599]  <TASK>
[  351.354657][ T8599]  dump_stack_lvl+0x189/0x250
[  351.354689][ T8599]  ? __pfx____ratelimit+0x10/0x10
[  351.354715][ T8599]  ? __pfx_dump_stack_lvl+0x10/0x10
[  351.354740][ T8599]  ? __pfx__printk+0x10/0x10
[  351.354764][ T8599]  ? __pfx___might_resched+0x10/0x10
[  351.354789][ T8599]  ? fs_reclaim_acquire+0x7d/0x100
[  351.354819][ T8599]  should_fail_ex+0x414/0x560
[  351.354845][ T8599]  should_failslab+0xa8/0x100
[  351.354870][ T8599]  __kmalloc_cache_noprof+0x70/0x3d0
[  351.354891][ T8599]  ? snd_pcm_oss_change_params_locked+0x172/0x3e40
[  351.354923][ T8599]  snd_pcm_oss_change_params_locked+0x172/0x3e40
[  351.354956][ T8599]  ? __pfx___mutex_trylock_common+0x10/0x10
[  351.354990][ T8599]  ? rcu_is_watching+0x15/0xb0
[  351.355015][ T8599]  ? trace_contention_end+0x39/0x120
[  351.355033][ T8599]  ? __mutex_lock+0x330/0xe80
[  351.355068][ T8599]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  351.355093][ T8599]  ? snd_pcm_oss_make_ready+0xc0/0x340
[  351.355118][ T8599]  ? __lock_acquire+0xab9/0xd20
[  351.355141][ T8599]  ? __pfx___mutex_lock+0x10/0x10
[  351.355177][ T8599]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  351.355203][ T8599]  snd_pcm_oss_make_ready+0x11b/0x340
[  351.355234][ T8599]  snd_pcm_oss_set_trigger+0x95/0x740
[  351.355268][ T8599]  snd_pcm_oss_poll+0x659/0x8a0
[  351.355298][ T8599]  ? __pfx_snd_pcm_oss_poll+0x10/0x10
[  351.355328][ T8599]  ? __pfx_snd_pcm_oss_poll+0x10/0x10
[  351.355354][ T8599]  do_select+0x105b/0x17e0
[  351.355385][ T8599]  ? do_select+0x8b1/0x17e0
[  351.355426][ T8599]  ? __pfx_do_select+0x10/0x10
[  351.355454][ T8599]  ? __pfx___pollwait+0x10/0x10
[  351.355480][ T8599]  ? __pfx_pollwake+0x10/0x10
[  351.355505][ T8599]  ? __pfx_pollwake+0x10/0x10
[  351.355530][ T8599]  ? __pfx_pollwake+0x10/0x10
[  351.355555][ T8599]  ? __pfx_pollwake+0x10/0x10
[  351.355580][ T8599]  ? __pfx_pollwake+0x10/0x10
[  351.355656][ T8599]  core_sys_select+0x6dd/0xa20
[  351.355689][ T8599]  ? __pfx_core_sys_select+0x10/0x10
[  351.355735][ T8599]  ? __pfx_set_user_sigmask+0x10/0x10
[  351.355760][ T8599]  ? __rcu_read_unlock+0x84/0xe0
[  351.355789][ T8599]  __se_sys_pselect6+0x27a/0x300
[  351.355817][ T8599]  ? __pfx___se_sys_pselect6+0x10/0x10
[  351.355839][ T8599]  ? __pfx_ksys_write+0x10/0x10
[  351.355857][ T8599]  ? rcu_is_watching+0x15/0xb0
[  351.355887][ T8599]  ? __x64_sys_pselect6+0x21/0xf0
[  351.355912][ T8599]  do_syscall_64+0xfa/0x3b0
[  351.355936][ T8599]  ? lockdep_hardirqs_on+0x9c/0x150
[  351.355960][ T8599]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.355978][ T8599]  ? clear_bhb_loop+0x60/0xb0
[  351.356000][ T8599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.356016][ T8599] RIP: 0033:0x7fe49df8e929
[  351.356032][ T8599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.356047][ T8599] RSP: 002b:00007fe49ed82038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  351.356065][ T8599] RAX: ffffffffffffffda RBX: 00007fe49e1b6080 RCX: 00007fe49df8e929
[  351.356079][ T8599] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  351.356090][ T8599] RBP: 00007fe49ed82090 R08: 0000000000000000 R09: 0000000000000000
[  351.356101][ T8599] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  351.356112][ T8599] R13: 0000000000000000 R14: 00007fe49e1b6080 R15: 00007ffe434af9b8
[  351.356140][ T8599]  </TASK>
[  352.147581][    T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  352.359071][    T9] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  352.440119][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.474960][    T9] usb 2-1: config 0 descriptor??
[  352.508061][    T9] gspca_main: cpia1-2.14.0 probing 0813:0001
[  352.981889][    T9] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  353.202875][    T9] gspca_cpia1: usb_control_msg 01, error -71
[  353.217369][    T9] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0)
[  353.228214][    T9] usb 2-1: USB disconnect, device number 13
[  353.817791][    T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  354.044878][ T8608] kvm: pic: non byte write
[  354.270165][    T9] usb 2-1: Using ep0 maxpacket: 8
[  354.281786][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  354.299171][    T9] usb 2-1: config 4 has an invalid interface number: 255 but max is 0
[  354.808174][ T5881] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  354.852380][    T9] usb 2-1: config 4 has no interface number 0
[  354.869042][    T9] usb 2-1: config 4 interface 255 has no altsetting 0
[  354.905700][    T9] usb 2-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice= e.87
[  354.917156][ T8648] netem: change failed
[  354.923973][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.943374][    T9] usb 2-1: Product: syz
[  354.964645][    T9] usb 2-1: Manufacturer: syz
[  354.976187][ T8649] netlink: 'syz.0.660': attribute type 1 has an invalid length.
[  354.983874][    T9] usb 2-1: SerialNumber: syz
[  355.029481][ T5881] usb 3-1: Using ep0 maxpacket: 32
[  355.036823][ T5881] usb 3-1: config 0 has an invalid descriptor of length 51, skipping remainder of the config
[  355.064988][ T5881] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  355.097486][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.123196][ T5881] usb 3-1: Product: syz
[  355.136088][ T5881] usb 3-1: Manufacturer: syz
[  355.141371][ T5881] usb 3-1: SerialNumber: syz
[  355.162599][ T5881] usb 3-1: config 0 descriptor??
[  355.174180][ T5881] cdc_ether 3-1:0.0: probe with driver cdc_ether failed with error -22
[  355.191617][ T8648] netlink: 146780 bytes leftover after parsing attributes in process `syz.0.660'.
[  355.196613][ T5881] usb 3-1: unsupported MDLM descriptors
[  355.247111][ T8651] veth3: entered promiscuous mode
[  355.257004][ T8651] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  355.282913][ T8621] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  355.302175][ T8648] warning: `syz.0.660' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  355.349915][    T9] usb 2-1: USB disconnect, device number 14
[  355.480464][  T978] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  355.691987][  T978] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  355.703471][  T978] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  355.713761][  T978] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  355.723069][  T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.775886][  T978] usb 5-1: config 0 descriptor??
[  355.814719][  T978] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  355.827648][  T978] dvb-usb: bulk message failed: -22 (3/0)
[  355.858880][  T978] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  355.916808][  T978] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  355.930926][  T978] usb 5-1: media controller created
[  355.940383][  T978] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  356.055428][  T978] dvb-usb: bulk message failed: -22 (6/0)
[  356.124082][  T978] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  356.147555][  T978] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input18
[  356.164623][  T978] dvb-usb: schedule remote query interval to 150 msecs.
[  356.175078][  T978] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  356.190604][  T978] usb 5-1: USB disconnect, device number 9
[  356.342887][  T978] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  357.114514][ T5895] usb 3-1: USB disconnect, device number 14
[  357.598262][  T978] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  357.685817][    T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  357.735084][ T5895] libceph: connect (1)[c::]:6789 error -101
[  357.742751][ T5895] libceph: mon0 (1)[c::]:6789 connect error
[  357.748766][  T978] usb 2-1: device descriptor read/64, error -71
[  357.821689][ T8694] ceph: No mds server is up or the cluster is laggy
[  357.881137][    T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  357.919175][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  357.952544][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  357.997687][  T978] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  358.099319][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  358.124087][    T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  358.133910][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.247360][  T978] usb 2-1: device descriptor read/64, error -71
[  358.321365][   T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  358.340915][    T9] usb 1-1: config 0 descriptor??
[  358.447985][  T978] usb usb2-port1: attempt power cycle
[  358.591101][   T10] usb 7-1: Using ep0 maxpacket: 8
[  358.601162][   T10] usb 7-1: unable to get BOS descriptor or descriptor too short
[  358.614594][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  358.614609][   T30] audit: type=1326 audit(1751387905.916:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8708 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe49df8e929 code=0x7ffc0000
[  358.615578][   T10] usb 7-1: config 4 has an invalid interface number: 255 but max is 0
[  358.631599][   T30] audit: type=1326 audit(1751387905.936:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8708 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe49df8e929 code=0x7ffc0000
[  358.651124][   T10] usb 7-1: config 4 has no interface number 0
[  358.687029][   T10] usb 7-1: config 4 interface 255 has no altsetting 0
[  358.698128][   T10] usb 7-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice= e.87
[  358.710817][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.718878][   T30] audit: type=1326 audit(1751387905.986:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8708 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7fe49df8e929 code=0x7ffc0000
[  358.718923][   T30] audit: type=1326 audit(1751387905.986:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8708 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe49df8e929 code=0x7ffc0000
[  358.718963][   T30] audit: type=1326 audit(1751387905.986:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8708 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe49df8e929 code=0x7ffc0000
[  358.745945][   T10] usb 7-1: Product: syz
[  358.763407][   T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  358.797287][   T30] audit: type=1326 audit(1751387905.986:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8708 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe49df8e929 code=0x7ffc0000
[  358.825159][   T30] audit: type=1326 audit(1751387905.986:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8708 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe49df8e929 code=0x7ffc0000
[  358.848634][   T30] audit: type=1326 audit(1751387905.986:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8708 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe49df8e929 code=0x7ffc0000
[  358.851143][  T978] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  358.870234][   T30] audit: type=1326 audit(1751387905.986:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8708 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fe49df8e929 code=0x7ffc0000
[  358.898971][   T10] usb 7-1: Manufacturer: syz
[  358.899011][   T10] usb 7-1: SerialNumber: syz
[  358.911847][   T30] audit: type=1326 audit(1751387905.986:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8708 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe49df8e929 code=0x7ffc0000
[  358.942819][  T978] usb 2-1: device descriptor read/8, error -71
[  358.968773][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  358.974745][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  358.987190][    T9] usb 1-1: USB disconnect, device number 12
[  358.996396][   T24] usb 5-1: Using ep0 maxpacket: 32
[  359.003566][   T24] usb 5-1: config 2 has an invalid interface number: 66 but max is 0
[  359.012510][   T24] usb 5-1: config 2 has no interface number 0
[  359.019688][   T24] usb 5-1: config 2 interface 66 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[  359.032002][   T24] usb 5-1: config 2 interface 66 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  359.046504][   T24] usb 5-1: New USB device found, idVendor=046d, idProduct=08c6, bcdDevice= b.5d
[  359.056635][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.064890][   T24] usb 5-1: Product: syz
[  359.071882][   T24] usb 5-1: Manufacturer: syz
[  359.076513][   T24] usb 5-1: SerialNumber: syz
[  359.087908][   T24] usb 5-1: Found UVC 0.00 device syz (046d:08c6)
[  359.093498][ T8714] gfs2: path_lookup on c:::!(>ˆìy¢o™=O-ŽÄFm×SH_Y8yÿu
[  359.093498][ T8714] FãzR׶#ŸxI™6BçÙYCg)ß'!µAØ{g¥
[  359.093498][ T8714] ¹}ÐmŒ]x®ïÏ%{qΗmÍ*©ºPNäȺ~%U5JëhBoGhÛN÷]î”.L›.`¾º�$Ž
 returned error -2
[  359.094420][   T24] usb 5-1: No valid video chain found.
[  359.129219][ T8702] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  359.153310][   T10] usb 7-1: USB disconnect, device number 6
[  359.187897][  T978] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  359.209678][  T978] usb 2-1: device descriptor read/8, error -71
[  359.379437][  T978] usb usb2-port1: unable to enumerate USB device
[  359.676106][   T24] usb 5-1: USB disconnect, device number 10
[  361.052670][ T8734] netlink: 32 bytes leftover after parsing attributes in process `syz.0.687'.
[  361.199489][ T8729] sctp: [Deprecated]: syz.1.686 (pid 8729) Use of struct sctp_assoc_value in delayed_ack socket option.
[  361.199489][ T8729] Use struct sctp_sack_info instead
[  362.178216][  T978] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  364.710522][ T8753] netlink: 20 bytes leftover after parsing attributes in process `syz.4.693'.
[  364.751435][ T8765] autofs4:pid:8765:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e)
[  365.808998][  T978] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  365.996061][ T8775] netlink: 24 bytes leftover after parsing attributes in process `syz.2.698'.
[  366.169659][  T978] usb 5-1: unable to get BOS descriptor or descriptor too short
[  366.514102][  T978] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  366.570927][  T978] usb 5-1: config 1 has no interface number 1
[  366.594046][ T8779] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  366.883609][  T978] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  366.984390][  T978] usb 5-1: string descriptor 0 read error: -71
[  366.990772][  T978] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  367.000365][  T978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.011940][  T978] usb 5-1: can't set config #1, error -71
[  367.019589][  T978] usb 5-1: USB disconnect, device number 11
[  368.037605][    T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  368.318388][    T9] usb 2-1: Using ep0 maxpacket: 32
[  368.358564][    T9] usb 2-1: config 0 has an invalid descriptor of length 51, skipping remainder of the config
[  368.418803][    T9] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  368.499855][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.520171][    T9] usb 2-1: Product: syz
[  368.535504][    T9] usb 2-1: Manufacturer: syz
[  368.543121][    T9] usb 2-1: SerialNumber: syz
[  368.564372][    T9] usb 2-1: config 0 descriptor??
[  368.660035][    T9] cdc_ether 2-1:0.0: probe with driver cdc_ether failed with error -22
[  368.694884][    T9] usb 2-1: unsupported MDLM descriptors
[  370.774743][    T9] usb 2-1: USB disconnect, device number 19
[  372.878203][    T9] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  373.207424][    T9] usb 7-1: Using ep0 maxpacket: 8
[  373.238709][    T9] usb 7-1: unable to get BOS descriptor or descriptor too short
[  373.260687][    T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  373.297492][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  373.370182][    T9] usb 7-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  373.391370][    T9] usb 7-1: New USB device strings: Mfr=34, Product=2, SerialNumber=3
[  373.411659][    T9] usb 7-1: Product: й
[  373.415777][    T9] usb 7-1: Manufacturer: syz
[  373.427395][    T9] usb 7-1: SerialNumber: syz
[  373.458699][    T9] usb 7-1: config 0 descriptor??
[  373.486094][    T9] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  373.605903][    T9] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -2
[  376.340428][ T8884] netlink: 60 bytes leftover after parsing attributes in process `syz.4.726'.
[  376.677412][    T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  376.754111][ T8885] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  376.767820][ T5834] hid-generic 0000:0004:0034.000D: unknown main item tag 0x0
[  376.786523][ T8870] syz_tun: entered allmulticast mode
[  376.842293][ T8869] syz_tun: left allmulticast mode
[  376.850027][ T5834] hid-generic 0000:0004:0034.000D: unknown main item tag 0x0
[  376.859303][   T24] usb 7-1: USB disconnect, device number 8
[  376.906390][ T5834] hid-generic 0000:0004:0034.000D: unknown main item tag 0x0
[  376.917407][    T9] usb 2-1: Using ep0 maxpacket: 32
[  376.919556][ T5834] hid-generic 0000:0004:0034.000D: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  376.926198][    T9] usb 2-1: config 0 has an invalid descriptor of length 51, skipping remainder of the config
[  376.987154][    T9] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  377.036712][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.063486][    T9] usb 2-1: Product: syz
[  377.073679][    T9] usb 2-1: Manufacturer: syz
[  377.086640][    T9] usb 2-1: SerialNumber: syz
[  377.098445][    T9] usb 2-1: config 0 descriptor??
[  377.113228][    T9] cdc_ether 2-1:0.0: probe with driver cdc_ether failed with error -22
[  377.132374][    T9] usb 2-1: unsupported MDLM descriptors
[  377.935669][ T8910] netlink: 28 bytes leftover after parsing attributes in process `syz.2.736'.
[  378.448459][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  379.263526][ T5924] usb 2-1: USB disconnect, device number 20
[  379.655559][ T8928] netlink: 60 bytes leftover after parsing attributes in process `syz.0.738'.
[  379.728366][ T8929] input: syz1 as /devices/virtual/input/input19
[  379.871990][ T8934] netlink: 4 bytes leftover after parsing attributes in process `syz.4.741'.
[  380.055264][ T5857] IPVS: starting estimator thread 0...
[  380.808655][ T8937] IPVS: using max 33 ests per chain, 79200 per kthread
[  381.351051][ T8952] xt_connbytes: Forcing CT accounting to be enabled
[  381.387657][ T8952] Cannot find set identified by id 0 to match
[  382.145454][ T8962] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  382.625970][ T8977] netlink: 60 bytes leftover after parsing attributes in process `syz.2.754'.
[  383.432327][ T8982] loop9: detected capacity change from 0 to 8
[  383.447719][ T8982]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  383.453293][ T8982] loop9: partition table partially beyond EOD, truncated
[  383.461145][ T8982] loop9: p1 size 81768186 extends beyond EOD, truncated
[  384.034695][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  384.034714][   T30] audit: type=1326 audit(1751387931.336:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8985 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f345838e929 code=0x7ffc0000
[  384.072048][ T8986] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.757' sets config #0
[  384.080064][   T30] audit: type=1326 audit(1751387931.366:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8985 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f345838e929 code=0x7ffc0000
[  384.099526][ T8986] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.757' sets config #1
[  384.105431][   T30] audit: type=1326 audit(1751387931.366:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8985 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f345838e929 code=0x7ffc0000
[  384.134366][   T30] audit: type=1326 audit(1751387931.366:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8985 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f345838e929 code=0x7ffc0000
[  384.161682][   T30] audit: type=1326 audit(1751387931.366:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8985 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f345838e929 code=0x7ffc0000
[  384.183538][   T30] audit: type=1326 audit(1751387931.366:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8985 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f345838e929 code=0x7ffc0000
[  384.228905][   T30] audit: type=1326 audit(1751387931.366:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8985 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f345838e929 code=0x7ffc0000
[  384.762806][   T30] audit: type=1326 audit(1751387931.366:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8985 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f345838e929 code=0x7ffc0000
[  384.950645][   T30] audit: type=1326 audit(1751387931.366:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8985 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f345838e929 code=0x7ffc0000
[  384.972338][   T30] audit: type=1326 audit(1751387931.366:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8985 comm="syz.1.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f345838e929 code=0x7ffc0000
[  386.061512][ T9012] ntfs3(nullb0): Primary boot signature is not NTFS.
[  386.092651][ T9012] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  386.239127][ T9014] netlink: 60 bytes leftover after parsing attributes in process `syz.4.768'.
[  386.373304][ T9017] fuse: root generation should be zero
[  387.085256][ T9040] Bluetooth: MGMT ver 1.23
[  390.667627][ T5924] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  390.877826][ T5924] usb 5-1: device descriptor read/64, error -71
[  391.312272][ T9076] tipc: Started in network mode
[  391.317563][ T9076] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  391.325936][ T9076] tipc: Enabled bearer <eth:vlan0>, priority 10
[  392.267866][ T5924] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  392.279117][ T9070] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.782'.
[  392.340539][ T9078] netlink: 'syz.1.782': attribute type 1 has an invalid length.
[  392.370390][ T9078] netlink: 3 bytes leftover after parsing attributes in process `syz.1.782'.
[  392.427110][ T5924] usb 5-1: device descriptor read/64, error -71
[  392.545999][  T978] tipc: Node number set to 10005162
[  392.568723][ T5924] usb usb5-port1: attempt power cycle
[  392.609400][ T9086] netlink: 60 bytes leftover after parsing attributes in process `syz.6.786'.
[  392.917509][ T5924] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  392.963119][ T5924] usb 5-1: device descriptor read/8, error -71
[  396.272146][ T9129] batadv1: entered promiscuous mode
[  396.557837][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  396.557877][   T30] audit: type=1326 audit(1751387943.796:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9126 comm="syz.4.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  396.659866][ T9130] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.800' sets config #0
[  396.675908][   T30] audit: type=1326 audit(1751387943.806:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9126 comm="syz.4.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  396.698253][   T30] audit: type=1326 audit(1751387943.806:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9126 comm="syz.4.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  396.717456][ T9127] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.800' sets config #1
[  396.763855][   T30] audit: type=1326 audit(1751387943.806:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9126 comm="syz.4.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  396.788068][   T30] audit: type=1326 audit(1751387943.816:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9126 comm="syz.4.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  396.815147][   T30] audit: type=1326 audit(1751387943.816:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9126 comm="syz.4.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  396.895635][   T30] audit: type=1326 audit(1751387943.826:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9126 comm="syz.4.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  397.054016][   T30] audit: type=1326 audit(1751387943.826:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9126 comm="syz.4.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  397.092248][   T30] audit: type=1326 audit(1751387943.836:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9126 comm="syz.4.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  397.122118][   T10] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  397.365472][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  397.413561][   T30] audit: type=1326 audit(1751387943.836:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9126 comm="syz.4.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  397.517578][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  397.775125][   T10] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  397.784413][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.001800][ T9148] netlink: 60 bytes leftover after parsing attributes in process `syz.0.805'.
[  398.216229][   T10] usb 2-1: config 0 descriptor??
[  398.225141][   T10] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  399.059054][   T10] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  399.527399][   T10] usb 5-1: Using ep0 maxpacket: 16
[  399.534451][   T10] usb 5-1: config 4 has an invalid interface number: 51 but max is 0
[  399.546268][   T10] usb 5-1: config 4 has no interface number 0
[  399.554999][   T10] usb 5-1: config 4 interface 51 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  399.557542][ T5881] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  399.574454][   T10] usb 5-1: config 4 interface 51 has no altsetting 0
[  399.585251][   T10] usb 5-1: New USB device found, idVendor=954f, idProduct=4199, bcdDevice= f.76
[  399.597281][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.605563][   T10] usb 5-1: Product: syz
[  399.610284][   T10] usb 5-1: Manufacturer: syz
[  399.614908][   T10] usb 5-1: SerialNumber: syz
[  399.629244][ T9157] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  399.638570][   T10] cdc_eem 5-1:4.51: probe with driver cdc_eem failed with error -22
[  399.727472][ T5881] usb 1-1: device descriptor read/64, error -71
[  399.820813][   T10] usb 2-1: USB disconnect, device number 21
[  399.841894][  T978] usb 5-1: USB disconnect, device number 16
[  400.006513][ T5881] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  400.800834][ T5881] usb 1-1: device descriptor read/64, error -71
[  400.948634][ T5881] usb usb1-port1: attempt power cycle
[  401.482298][ T5881] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  401.509126][ T5881] usb 1-1: device descriptor read/8, error -71
[  401.547489][ T9200] netlink: 60 bytes leftover after parsing attributes in process `syz.1.819'.
[  401.747827][ T5881] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  401.792760][ T5881] usb 1-1: device descriptor read/8, error -71
[  402.035265][ T5881] usb usb1-port1: unable to enumerate USB device
[  402.599652][ T5881] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  403.524028][ T5881] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  403.575053][ T5881] usb 2-1: config 0 has no interface number 0
[  403.736489][ T5881] usb 2-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  403.855142][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.052318][ T5881] usb 2-1: config 0 descriptor??
[  404.309480][ T5881] usb 2-1: bad CDC descriptors
[  404.712699][ T5881] usb 2-1: USB disconnect, device number 22
[  408.087547][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  408.087565][   T30] audit: type=1326 audit(1751388408.383:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9270 comm="syz.6.838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b3f8e929 code=0x7fc00000
[  409.737903][ T9297] netlink: 24 bytes leftover after parsing attributes in process `syz.4.844'.
[  411.413036][ T9311] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  411.477518][ T9315] netlink: 24 bytes leftover after parsing attributes in process `syz.1.852'.
[  411.691514][ T9325] netlink: 24 bytes leftover after parsing attributes in process `syz.0.853'.
[  411.765473][    T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  411.894079][ T9324] netlink: 4 bytes leftover after parsing attributes in process `syz.1.852'.
[  411.919196][ T9326] netlink: 4 bytes leftover after parsing attributes in process `syz.1.852'.
[  412.082553][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  412.093744][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  412.117121][    T9] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  412.147532][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.270192][    T9] usb 3-1: config 0 descriptor??
[  413.012320][    T9] pyra 0003:1E7D:2CF6.000E: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0
[  413.156025][    T9] pyra 0003:1E7D:2CF6.000E: couldn't init struct pyra_device
[  413.200446][    T9] pyra 0003:1E7D:2CF6.000E: couldn't install mouse
[  413.246949][    T9] pyra 0003:1E7D:2CF6.000E: probe with driver pyra failed with error -71
[  413.275745][    T9] usb 3-1: USB disconnect, device number 15
[  414.411744][ T9353] FAULT_INJECTION: forcing a failure.
[  414.411744][ T9353] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  414.430794][ T9353] CPU: 1 UID: 0 PID: 9353 Comm: syz.4.864 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  414.430821][ T9353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  414.430833][ T9353] Call Trace:
[  414.430841][ T9353]  <TASK>
[  414.430849][ T9353]  dump_stack_lvl+0x189/0x250
[  414.430883][ T9353]  ? __pfx____ratelimit+0x10/0x10
[  414.430909][ T9353]  ? __pfx_dump_stack_lvl+0x10/0x10
[  414.430936][ T9353]  ? __pfx__printk+0x10/0x10
[  414.430956][ T9353]  ? __might_fault+0xb0/0x130
[  414.430990][ T9353]  should_fail_ex+0x414/0x560
[  414.431017][ T9353]  _copy_from_user+0x2d/0xb0
[  414.431046][ T9353]  bpf_obj_get_info_by_fd+0x474/0x2f70
[  414.431075][ T9353]  ? _parse_integer_limit+0x1ae/0x1f0
[  414.431108][ T9353]  ? __pfx_bpf_obj_get_info_by_fd+0x10/0x10
[  414.431166][ T9353]  ? get_pid_task+0x20/0x1f0
[  414.431235][ T9353]  ? bpf_lsm_bpf+0x9/0x20
[  414.431260][ T9353]  ? security_bpf+0x7e/0x300
[  414.431306][ T9353]  __sys_bpf+0x77a/0x860
[  414.431334][ T9353]  ? __pfx___sys_bpf+0x10/0x10
[  414.431374][ T9353]  ? ksys_write+0x1e1/0x250
[  414.431400][ T9353]  ? __pfx_ksys_write+0x10/0x10
[  414.431421][ T9353]  ? rcu_is_watching+0x15/0xb0
[  414.431465][ T9353]  __x64_sys_bpf+0x7c/0x90
[  414.431489][ T9353]  do_syscall_64+0xfa/0x3b0
[  414.431518][ T9353]  ? lockdep_hardirqs_on+0x9c/0x150
[  414.431546][ T9353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.431566][ T9353]  ? clear_bhb_loop+0x60/0xb0
[  414.431592][ T9353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.431611][ T9353] RIP: 0033:0x7fdb1b78e929
[  414.431629][ T9353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.431646][ T9353] RSP: 002b:00007fdb1c5d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  414.431668][ T9353] RAX: ffffffffffffffda RBX: 00007fdb1b9b5fa0 RCX: 00007fdb1b78e929
[  414.431683][ T9353] RDX: 0000000000000010 RSI: 00002000000007c0 RDI: 000000000000000f
[  414.431697][ T9353] RBP: 00007fdb1c5d8090 R08: 0000000000000000 R09: 0000000000000000
[  414.431710][ T9353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  414.431723][ T9353] R13: 0000000000000000 R14: 00007fdb1b9b5fa0 R15: 00007ffef7d66778
[  414.431756][ T9353]  </TASK>
[  419.261949][ T9418] Process accounting resumed
[  419.712458][ T9426] loop9: detected capacity change from 0 to 8
[  419.740502][ T9426]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  419.752541][ T9426] loop9: partition table partially beyond EOD, truncated
[  419.817122][ T9426] loop9: p1 size 81768186 extends beyond EOD, truncated
[  421.017432][   T10] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  421.199291][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  421.222535][   T10] usb 5-1: config 0 has no interfaces?
[  421.243637][   T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  421.267340][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.308074][   T10] usb 5-1: config 0 descriptor??
[  422.637592][ T9444] netlink: 4 bytes leftover after parsing attributes in process `syz.0.890'.
[  422.681874][ T9444] netlink: 8 bytes leftover after parsing attributes in process `syz.0.890'.
[  422.715991][ T9444] netlink: 20 bytes leftover after parsing attributes in process `syz.0.890'.
[  422.742424][   T24] hid-generic 0007:0003:FFFF.000F: unknown main item tag 0x1
[  422.784741][   T24] hid-generic 0007:0003:FFFF.000F: collection stack underflow
[  422.830707][   T24] hid-generic 0007:0003:FFFF.000F: item 0 1 0 12 parsing failed
[  422.900997][   T24] hid-generic 0007:0003:FFFF.000F: probe with driver hid-generic failed with error -22
[  423.175290][ T9462] openvswitch: netlink: IPv6 tunnel dst address is zero
[  423.851106][ T5857] usb 5-1: USB disconnect, device number 17
[  424.179638][    T9] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  424.319861][ T5857] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  424.342015][ T9481] bond0: (slave bond_slave_0): Releasing backup interface
[  424.386390][    T9] usb 1-1: not running at top speed; connect to a high speed hub
[  424.412253][    T9] usb 1-1: config 1 interface 0 has no altsetting 0
[  424.435950][ T9481] bond0: (slave bond_slave_1): Releasing backup interface
[  424.449977][    T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40
[  424.479177][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.507434][    T9] usb 1-1: Product: syz
[  424.523604][    T9] usb 1-1: Manufacturer: syz
[  424.542058][ T5857] usb 5-1: config 68 has an invalid interface number: 220 but max is 0
[  424.561802][    T9] usb 1-1: SerialNumber: syz
[  424.578179][ T5857] usb 5-1: config 68 has no interface number 0
[  424.607058][ T9481] team0: Failed to send options change via netlink (err -105)
[  424.636000][ T5857] usb 5-1: config 68 interface 220 has no altsetting 0
[  424.680541][ T5857] usb 5-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice=55.7a
[  424.690136][ T9481] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  424.720878][ T5857] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.751822][ T9481] team0: Port device team_slave_0 removed
[  424.768006][ T5857] usb 5-1: Product: syz
[  424.798450][ T5857] usb 5-1: Manufacturer: syz
[  424.819712][ T5857] usb 5-1: SerialNumber: syz
[  424.826997][ T9481] team0: Failed to send options change via netlink (err -105)
[  424.865658][ T9481] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[  424.865699][    T9] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input21
[  424.913206][ T9481] team0: Port device team_slave_1 removed
[  424.939367][ T9481] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  424.958195][ T5174] bcm5974 1-1:1.0: could not read from device
[  424.976911][ T9481] batman_adv: batadv0: Removing interface: batadv_slave_0
[  424.987129][ T5174] bcm5974 1-1:1.0: could not read from device
[  425.016245][ T9481] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  425.025967][ T5174] bcm5974 1-1:1.0: could not read from device
[  425.036274][    T9] usb 1-1: USB disconnect, device number 18
[  425.044754][ T9481] batman_adv: batadv0: Removing interface: batadv_slave_1
[  425.060768][ T5174] bcm5974 1-1:1.0: could not read from device
[  425.191869][ T5857] gspca_main: spca501-2.14.0 probing 0497:c001
[  425.216150][ T5857] gspca_spca501: reg write: error -71
[  425.260688][ T5857] spca501 5-1:68.220: Reg write failed for 0x02,0x07,0x05
[  425.269545][ T5857] spca501 5-1:68.220: probe with driver spca501 failed with error -22
[  425.303727][ T5857] usb 5-1: USB disconnect, device number 18
[  425.681649][ T9496] trusted_key: encrypted_key: insufficient parameters specified
[  426.769494][ T9501] netlink: 'syz.1.907': attribute type 7 has an invalid length.
[  426.815517][ T9501] netlink: 8 bytes leftover after parsing attributes in process `syz.1.907'.
[  427.934290][   T24] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[  428.163977][   T24] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  429.423279][ T9531] netlink: 28 bytes leftover after parsing attributes in process `syz.1.914'.
[  429.490742][ T9531] netlink: 28 bytes leftover after parsing attributes in process `syz.1.914'.
[  429.505951][ T9531] team0: entered promiscuous mode
[  429.513187][ T9531] bond0: entered promiscuous mode
[  429.523921][ T9531] hsr1: Slave A (team0) is not up; please bring it up to get a fully working HSR network
[  429.545600][ T9531] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network
[  429.599385][ T9531] 8021q: adding VLAN 0 to HW filter on device hsr1
[  429.712366][ T5857] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  429.889020][ T9544] 9pnet: Found fid 0 not clunked
[  429.922874][ T5857] usb 3-1: unable to get BOS descriptor or descriptor too short
[  430.011783][ T5857] usb 3-1: config 5 has an invalid interface number: 52 but max is 0
[  430.022161][ T5857] usb 3-1: config 5 has no interface number 0
[  430.028602][ T5857] usb 3-1: config 5 interface 52 has no altsetting 0
[  430.039880][ T5857] usb 3-1: New USB device found, idVendor=1385, idProduct=5f02, bcdDevice=97.1d
[  430.119717][ T9549] loop9: detected capacity change from 0 to 8
[  430.648255][ T5857] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.656397][ T5857] usb 3-1: Product: syz
[  430.667349][ T5857] usb 3-1: Manufacturer: syz
[  430.677372][ T5857] usb 3-1: SerialNumber: syz
[  430.703586][ T9549]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  430.709173][ T9549] loop9: partition table partially beyond EOD, truncated
[  430.716283][ T9549] loop9: p1 size 81768186 extends beyond EOD, truncated
[  430.718105][    T9] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  431.076718][    T9] usb 7-1: not running at top speed; connect to a high speed hub
[  431.201067][    T9] usb 7-1: config 1 interface 0 has no altsetting 0
[  431.220730][   T24] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  431.301686][    T9] usb 7-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40
[  431.314970][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.330759][    T9] usb 7-1: Product: syz
[  431.336482][    T9] usb 7-1: Manufacturer: syz
[  431.341783][    T9] usb 7-1: SerialNumber: syz
[  431.457541][   T24] usb 5-1: Using ep0 maxpacket: 8
[  431.767710][    T9] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/input/input22
[  431.782531][ T5174] bcm5974 7-1:1.0: could not read from device
[  431.804903][   T24] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  431.821012][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.829936][   T24] usb 5-1: Product: syz
[  431.835214][   T24] usb 5-1: Manufacturer: syz
[  431.842411][   T24] usb 5-1: SerialNumber: syz
[  431.851643][   T24] usb 5-1: config 0 descriptor??
[  431.863356][   T24] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  431.886710][   T24] usb 5-1: setting power ON
[  431.886716][ T5174] bcm5974 7-1:1.0: could not read from device
[  431.917620][    T9] usb 7-1: USB disconnect, device number 9
[  431.933948][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  431.972422][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  432.000896][   T24] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  432.022243][   T24] usb 5-1: media controller created
[  432.069390][ T9562] could not allocate digest TFM handle digest_null-generic
[  432.131598][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  432.155661][   T24] usb 5-1: selecting invalid altsetting 6
[  432.162365][   T24] usb 5-1: digital interface selection failed (-22)
[  432.169077][   T24] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  432.178590][   T24] usb 5-1: setting power OFF
[  432.183573][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  432.190386][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  432.200690][   T24] (NULL device *): no alternate interface
[  432.226790][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  432.244790][   T24] usb 5-1: USB disconnect, device number 19
[  432.331227][ T5834] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  432.397491][    T9] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  432.453827][ T9576] 9pnet_rdma: rdma_create_trans (9576): problem binding to privport: 13
[  432.461975][ T5857] usb 3-1: Could not find all expected endpoints
[  432.491237][ T5857] usb 3-1: USB disconnect, device number 16
[  432.507379][ T5834] usb 2-1: Using ep0 maxpacket: 16
[  432.520349][ T5834] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  432.530551][ T5834] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  432.541300][ T5834] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  432.550215][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  432.550236][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  432.550279][    T9] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  432.550300][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.554244][    T9] usb 1-1: config 0 descriptor??
[  432.564030][ T5834] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  432.586725][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  432.605316][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.616793][ T5834] usb 2-1: Product: syz
[  432.624040][ T5834] usb 2-1: Manufacturer: syz
[  432.628892][ T5834] usb 2-1: SerialNumber: syz
[  432.636230][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  432.645084][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  432.654504][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  432.664988][    T9] usb 1-1: media controller created
[  432.676695][ T9579] io-wq is not configured for unbound workers
[  432.678772][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  432.703355][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  432.711859][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  432.732576][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input23
[  432.750036][   T24] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  432.753131][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[  432.770592][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  432.929776][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  432.951362][    T9] dvb-usb: error while querying for an remote control event.
[  433.068725][ T5834] usb 2-1: 0:2 : does not exist
[  433.097462][   T24] usb 7-1: Using ep0 maxpacket: 16
[  433.108579][ T5834] usb 2-1: USB disconnect, device number 23
[  433.127477][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  433.133439][    T9] dvb-usb: error while querying for an remote control event.
[  433.145334][   T24] usb 7-1: New USB device found, idVendor=0413, idProduct=6026, bcdDevice=18.aa
[  433.182097][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.212766][ T9590] vlan2: entered promiscuous mode
[  433.218033][   T24] usb 7-1: Product: syz
[  433.222228][   T24] usb 7-1: Manufacturer: syz
[  433.226857][   T24] usb 7-1: SerialNumber: syz
[  433.273400][   T24] usb 7-1: config 0 descriptor??
[  433.289706][   T24] dvb-usb: found a 'Leadtek - USB2.0 Winfast DTV dongle' in warm state.
[  433.307394][   T24] dvb-usb: bulk message failed: -22 (3/0)
[  433.307410][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  433.320163][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  433.322821][    T9] dvb-usb: error while querying for an remote control event.
[  433.362519][   T24] dvbdev: DVB: registering new adapter (Leadtek - USB2.0 Winfast DTV dongle)
[  433.382000][   T24] usb 7-1: media controller created
[  433.432993][ T9593] netlink: 32 bytes leftover after parsing attributes in process `syz.4.934'.
[  433.434521][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  433.460362][ T9571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  433.484229][   T24] dvb-usb: bulk message failed: -22 (6/0)
[  433.490242][ T9571] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  433.493144][   T24] dvb-usb: bulk message failed: -22 (6/0)
[  433.498101][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  433.498128][    T9] dvb-usb: error while querying for an remote control event.
[  433.521533][   T24] dvb-usb: no frontend was attached by 'Leadtek - USB2.0 Winfast DTV dongle'
[  433.533691][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input24
[  433.551348][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[  433.559920][   T24] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully initialized and connected.
[  433.658391][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  433.664214][    T9] dvb-usb: error while querying for an remote control event.
[  433.806092][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  433.815277][   T24] dvb-usb: error while querying for an remote control event.
[  433.870712][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  433.876502][    T9] dvb-usb: error while querying for an remote control event.
[  434.122739][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  434.129294][   T24] dvb-usb: error while querying for an remote control event.
[  434.411188][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  434.434901][   T24] dvb-usb: error while querying for an remote control event.
[  434.616145][    T9] usb 1-1: USB disconnect, device number 19
[  434.684636][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  434.778345][ T9595] program syz.1.935 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  434.928087][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  434.934476][   T24] dvb-usb: error while querying for an remote control event.
[  434.965502][ T5857] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[  435.145166][ T9612] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  435.157274][ T9612] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  435.217244][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  435.231962][   T24] dvb-usb: error while querying for an remote control event.
[  435.397559][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  435.440905][   T24] dvb-usb: error while querying for an remote control event.
[  435.738703][ T5834] dvb-usb: bulk message failed: -22 (1/0)
[  435.744493][ T5834] dvb-usb: error while querying for an remote control event.
[  435.809578][    T9] usb 7-1: USB disconnect, device number 10
[  435.824527][ T5857] usb 3-1: not running at top speed; connect to a high speed hub
[  435.848736][ T5857] usb 3-1: config 1 interface 0 has no altsetting 0
[  435.879255][ T5857] usb 3-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40
[  435.946592][ T9616] loop9: detected capacity change from 0 to 8
[  436.003536][ T5857] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.052518][ T9616]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  436.058271][ T9616] loop9: partition table partially beyond EOD, truncated
[  436.065899][ T9616] loop9: p1 size 81768186 extends beyond EOD, truncated
[  436.332719][ T5857] usb 3-1: Product: syz
[  436.430093][ T5857] usb 3-1: Manufacturer: syz
[  436.577430][ T5857] usb 3-1: SerialNumber: syz
[  436.601366][    T9] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully deinitialized and disconnected.
[  436.834123][ T5857] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input25
[  436.854686][ T5174] bcm5974 3-1:1.0: could not read from device
[  437.408136][ T5174] bcm5974 3-1:1.0: could not read from device
[  437.854954][ T9649] FAULT_INJECTION: forcing a failure.
[  437.854954][ T9649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  437.872299][ T5857] usb 3-1: USB disconnect, device number 17
[  437.886432][ T5174] bcm5974 3-1:1.0: could not read from device
[  437.897076][ T9649] CPU: 0 UID: 0 PID: 9649 Comm: syz.2.950 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  437.897101][ T9649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  437.897115][ T9649] Call Trace:
[  437.897126][ T9649]  <TASK>
[  437.897133][ T9649]  dump_stack_lvl+0x189/0x250
[  437.897163][ T9649]  ? __pfx____ratelimit+0x10/0x10
[  437.897189][ T9649]  ? __pfx_dump_stack_lvl+0x10/0x10
[  437.897214][ T9649]  ? __pfx__printk+0x10/0x10
[  437.897244][ T9649]  should_fail_ex+0x414/0x560
[  437.897281][ T9649]  _copy_to_user+0x31/0xb0
[  437.897309][ T9649]  simple_read_from_buffer+0xe1/0x170
[  437.897335][ T9649]  proc_fail_nth_read+0x1df/0x250
[  437.897363][ T9649]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  437.897390][ T9649]  ? rw_verify_area+0x258/0x650
[  437.897409][ T9649]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  437.897434][ T9649]  vfs_read+0x1fd/0x980
[  437.897458][ T9649]  ? __pfx___mutex_lock+0x10/0x10
[  437.897485][ T9649]  ? __pfx_vfs_read+0x10/0x10
[  437.897505][ T9649]  ? __fget_files+0x2a/0x420
[  437.897532][ T9649]  ? __fget_files+0x3a0/0x420
[  437.897571][ T9649]  ? __fget_files+0x2a/0x420
[  437.897616][ T9649]  ksys_read+0x145/0x250
[  437.897634][ T9649]  ? __fget_files+0x3a0/0x420
[  437.897657][ T9649]  ? __pfx_ksys_read+0x10/0x10
[  437.897682][ T9649]  ? do_syscall_64+0xbe/0x3b0
[  437.897712][ T9649]  do_syscall_64+0xfa/0x3b0
[  437.897735][ T9649]  ? lockdep_hardirqs_on+0x9c/0x150
[  437.897759][ T9649]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.897777][ T9649]  ? clear_bhb_loop+0x60/0xb0
[  437.897798][ T9649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.897815][ T9649] RIP: 0033:0x7fe49df8d33c
[  437.897829][ T9649] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  437.897844][ T9649] RSP: 002b:00007fe49eda3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  437.897863][ T9649] RAX: ffffffffffffffda RBX: 00007fe49e1b5fa0 RCX: 00007fe49df8d33c
[  437.897876][ T9649] RDX: 000000000000000f RSI: 00007fe49eda30a0 RDI: 0000000000000004
[  437.897886][ T9649] RBP: 00007fe49eda3090 R08: 0000000000000000 R09: 0000000000000000
[  437.897897][ T9649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.897908][ T9649] R13: 0000000000000000 R14: 00007fe49e1b5fa0 R15: 00007ffe434af9b8
[  437.897936][ T9649]  </TASK>
[  439.821593][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  439.880816][ T9671] netlink: 24 bytes leftover after parsing attributes in process `syz.1.959'.
[  440.857465][ T5857] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  441.038130][ T5857] usb 3-1: not running at top speed; connect to a high speed hub
[  441.183611][ T5857] usb 3-1: config 1 interface 0 has no altsetting 0
[  441.215699][ T5857] usb 3-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40
[  441.614105][ T5857] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.622270][ T5857] usb 3-1: Product: syz
[  441.627145][ T5857] usb 3-1: Manufacturer: syz
[  441.647333][ T5857] usb 3-1: SerialNumber: syz
[  441.665456][ T5857] usb 3-1: can't set config #1, error -71
[  441.718900][ T5857] usb 3-1: USB disconnect, device number 18
[  441.833534][ T9695] CUSE: DEVNAME unspecified
[  443.712942][   T24] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  444.469123][   T24] usb 2-1: config 0 has an invalid interface number: 175 but max is 0
[  444.485440][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  444.505730][   T24] usb 2-1: config 0 has no interface number 0
[  444.517453][   T24] usb 2-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C
[  444.639881][   T24] usb 2-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 10
[  444.682827][   T24] usb 2-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  444.718150][ T5821] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  444.778000][   T24] usb 2-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[  444.829534][   T24] usb 2-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b
[  444.855073][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.869256][   T24] usb 2-1: Product: syz
[  444.876741][   T24] usb 2-1: Manufacturer: syz
[  444.886208][   T24] usb 2-1: SerialNumber: syz
[  445.024125][   T24] usb 2-1: config 0 descriptor??
[  445.036651][   T24] symbolserial 2-1:0.175: symbol converter detected
[  445.717800][ T9726] netlink: 24 bytes leftover after parsing attributes in process `syz.0.972'.
[  445.972853][   T24] usb 2-1: symbol converter now attached to ttyUSB0
[  446.920831][ T5834] usb 2-1: USB disconnect, device number 24
[  447.090132][ T9739] block device autoloading is deprecated and will be removed.
[  447.099497][ T9739] syz.1.980: attempt to access beyond end of device
[  447.099497][ T9739] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  447.148380][ T5834] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0
[  447.157138][ T5834] symbolserial 2-1:0.175: device disconnected
[  448.586329][ T9744] netlink: 60 bytes leftover after parsing attributes in process `syz.0.979'.
[  449.793676][ T9767] Cannot find map_set index 0 as target
[  450.885043][ T9776] netlink: 24 bytes leftover after parsing attributes in process `syz.0.989'.
[  453.324079][ T9791] trusted_key: encrypted_key: insufficient parameters specified
[  454.221193][ T9793] netlink: 60 bytes leftover after parsing attributes in process `syz.1.993'.
[  455.685789][ T9806] evm: overlay not supported
[  456.327455][ T5925] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  456.611853][ T5925] usb 2-1: too many configurations: 251, using maximum allowed: 8
[  456.741066][ T5925] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  456.920646][ T5925] usb 2-1: config 1 interface 0 has no altsetting 0
[  457.032956][ T5925] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  457.244656][ T5925] usb 2-1: config 1 interface 0 has no altsetting 0
[  457.320587][ T9809] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  457.327439][ T9809] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  457.404216][ T5925] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  457.566625][ T9809] vhci_hcd vhci_hcd.0: Device attached
[  457.577714][ T5834] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  457.596438][ T5925] usb 2-1: config 1 interface 0 has no altsetting 0
[  457.704367][ T5925] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  457.704438][ T5925] usb 2-1: config 1 interface 0 has no altsetting 0
[  457.712712][ T5925] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  457.712770][ T5925] usb 2-1: config 1 interface 0 has no altsetting 0
[  457.726287][ T9818] netlink: 'syz.4.1000': attribute type 21 has an invalid length.
[  457.726333][ T9818] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1000'.
[  457.728201][ T5925] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  457.728238][ T5925] usb 2-1: config 1 interface 0 has no altsetting 0
[  457.742161][ T5925] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  457.742208][ T5925] usb 2-1: config 1 interface 0 has no altsetting 0
[  457.761660][ T5925] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  457.761704][ T5925] usb 2-1: config 1 interface 0 has no altsetting 0
[  457.794149][ T5925] usb 2-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40
[  457.794186][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.794273][ T5925] usb 2-1: Product: syz
[  457.794316][ T5925] usb 2-1: Manufacturer: syz
[  457.794359][ T5925] usb 2-1: SerialNumber: syz
[  457.837613][ T5834] usb 1-1: Using ep0 maxpacket: 16
[  457.919971][ T5881] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  458.014809][ T5834] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  458.014935][ T5834] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.015025][ T5834] usb 1-1: Product: syz
[  458.015071][ T5834] usb 1-1: Manufacturer: syz
[  458.015114][ T5834] usb 1-1: SerialNumber: syz
[  458.118041][ T5834] usb 1-1: config 0 descriptor??
[  458.282197][ T9821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1002'.
[  458.342727][ T9821] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1002'.
[  458.444714][ T5834] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  458.455655][ T5925] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input26
[  458.477958][ T5834] usb 1-1: Detected FT232H
[  458.699923][ T5924] usb 7-1: new full-speed USB device number 11 using dummy_hcd
[  458.732667][ T5925] usb 2-1: USB disconnect, device number 25
[  458.732758][    C0] pxrc 2-1:1.0: pxrc_usb_irq - usb_submit_urb failed with result: -19
[  458.899476][ T5924] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  458.947483][ T5924] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  459.016040][ T9827] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1004'.
[  459.022567][ T5924] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  459.462218][ T5924] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.684362][ T5924] aiptek 7-1:17.0: Aiptek using 400 ms programming speed
[  461.316696][ T5924] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input27
[  461.401663][ T5834] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  461.451354][ T9812] vhci_hcd: connection reset by peer
[  461.482553][   T49] vhci_hcd: stop threads
[  461.486981][ T5834] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  461.526001][   T49] vhci_hcd: release socket
[  461.668724][   T49] vhci_hcd: disconnect device
[  461.686572][ T5834] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71
[  461.893090][ T9849] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1007'.
[  462.654563][ T5834] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  462.664987][ T5834] usb 1-1: USB disconnect, device number 20
[  462.674957][ T5834] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  462.684901][ T5924] input: failed to attach handler kbd to device input27, error: -5
[  462.694970][ T5834] ftdi_sio 1-1:0.0: device disconnected
[  463.127448][ T5881] vhci_hcd: vhci_device speed not set
[  463.158219][ T9856] overlayfs: missing 'lowerdir'
[  463.207249][ T5924] usb 7-1: USB disconnect, device number 11
[  463.993460][ T9877] loop9: detected capacity change from 0 to 8
[  464.584395][ T9877]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  464.589810][ T9877] loop9: partition table partially beyond EOD, truncated
[  464.597621][ T9877] loop9: p1 size 81768186 extends beyond EOD, truncated
[  464.741522][ T5857] hid-generic 0000:0004:0034.0011: unknown main item tag 0x0
[  464.790527][ T9878] syz_tun: entered allmulticast mode
[  464.801279][ T9874] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1017'.
[  464.842845][ T5857] hid-generic 0000:0004:0034.0011: unknown main item tag 0x0
[  464.875514][ T5857] hid-generic 0000:0004:0034.0011: unknown main item tag 0x0
[  464.901105][ T9871] syz_tun: left allmulticast mode
[  465.368105][ T5857] hid-generic 0000:0004:0034.0011: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  465.574801][ T9889] syz_tun: entered allmulticast mode
[  465.593412][ T5881] hid-generic 0000:0004:0034.0012: unknown main item tag 0x0
[  465.695526][ T5881] hid-generic 0000:0004:0034.0012: unknown main item tag 0x0
[  465.766210][ T5881] hid-generic 0000:0004:0034.0012: unknown main item tag 0x0
[  465.905568][ T9879] syz_tun: left allmulticast mode
[  465.998967][ T5881] hid-generic 0000:0004:0034.0012: hidraw1: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  466.310817][ T9898] syz.2.1022 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  466.657594][ T5834] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  467.357481][ T5834] usb 2-1: device descriptor read/64, error -71
[  468.097378][ T5834] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  468.237393][ T5834] usb 2-1: device descriptor read/64, error -71
[  468.361766][ T5834] usb usb2-port1: attempt power cycle
[  468.707950][ T5834] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  469.627370][ T5834] usb 2-1: device descriptor read/8, error -71
[  469.877375][    T9] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  469.957391][ T5881] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  470.007427][    T9] usb 7-1: device descriptor read/64, error -71
[  470.137914][ T5881] usb 1-1: Using ep0 maxpacket: 32
[  470.151717][ T5881] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  470.166706][ T5881] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  470.179178][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  470.188743][ T5881] usb 1-1: Product: syz
[  470.192986][ T5881] usb 1-1: Manufacturer: syz
[  470.209631][ T5881] usb 1-1: SerialNumber: syz
[  470.226686][ T5881] usb 1-1: config 0 descriptor??
[  470.257356][    T9] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  470.406606][ T9928] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  470.416840][ T5881] hub 1-1:0.0: bad descriptor, ignoring hub
[  470.421113][    T9] usb 7-1: device descriptor read/64, error -71
[  470.423030][ T5881] hub 1-1:0.0: probe with driver hub failed with error -5
[  471.007539][    T9] usb usb7-port1: attempt power cycle
[  471.058178][ T9945] tmpfs: Bad value for 'mpol'
[  471.367466][    T9] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  471.408848][    T9] usb 7-1: device descriptor read/8, error -71
[  471.681787][    T9] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  471.718126][    T9] usb 7-1: device descriptor read/8, error -71
[  471.831841][    T9] usb usb7-port1: unable to enumerate USB device
[  474.212900][ T9969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1047'.
[  474.313546][ T9969] hsr_slave_1 (unregistering): left promiscuous mode
[  474.317849][ T5895] usb 1-1: USB disconnect, device number 21
[  474.818293][ T5857] usb 7-1: new full-speed USB device number 16 using dummy_hcd
[  474.839008][ T9979] loop9: detected capacity change from 0 to 8
[  474.859969][ T9979]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  474.865313][ T9979] loop9: partition table partially beyond EOD, truncated
[  474.872657][ T9979] loop9: p1 size 81768186 extends beyond EOD, truncated
[  474.987183][ T9977] hsr0: entered promiscuous mode
[  475.008578][ T5857] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  475.034995][ T9977] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1048'.
[  475.037815][ T5857] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  475.063895][ T9977] hsr_slave_0: left promiscuous mode
[  475.081843][ T5857] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  475.104308][ T5857] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.122072][ T9977] hsr_slave_1: left promiscuous mode
[  475.134396][ T9984] NILFS (nbd4): device size too small
[  475.151904][ T5857] usb 7-1: config 0 descriptor??
[  475.224606][ T5857] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  475.244593][ T5857] dvb-usb: bulk message failed: -22 (3/0)
[  475.269535][ T9977] hsr0 (unregistering): left promiscuous mode
[  475.279048][ T5857] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  475.293607][ T5857] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  475.344252][ T5857] usb 7-1: media controller created
[  475.353196][ T5857] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  475.390873][ T5857] dvb-usb: bulk message failed: -22 (6/0)
[  475.429672][ T5857] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  475.438567][ T9967] dibusb: i2c wr: len=61 is too big!
[  475.438567][ T9967] 
[  475.504542][ T5857] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input28
[  475.747727][ T5857] dvb-usb: schedule remote query interval to 150 msecs.
[  475.775270][ T5857] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  475.834917][ T5857] usb 7-1: USB disconnect, device number 16
[  475.884642][ T5857] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  476.132970][ T9998] trusted_key: encrypted_key: insufficient parameters specified
[  479.313711][T10037] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1064'.
[  482.093794][T10052] trusted_key: encrypted_key: insufficient parameters specified
[  482.124478][T10052] block device autoloading is deprecated and will be removed.
[  482.214178][ T5821] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  483.523178][T10076] loop9: detected capacity change from 0 to 8
[  483.555928][T10076]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  483.561650][T10076] loop9: partition table partially beyond EOD, truncated
[  483.569280][T10076] loop9: p1 size 81768186 extends beyond EOD, truncated
[  484.209120][T10078] overlayfs: missing 'workdir'
[  484.276120][T10078] overlayfs: missing 'lowerdir'
[  484.547389][ T5895] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  484.710417][ T5895] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  484.719719][ T5895] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.733483][ T5895] usb 2-1: config 0 descriptor??
[  484.742135][ T5895] gspca_main: cpia1-2.14.0 probing 0813:0001
[  484.972900][T10054] netlink: 'syz.4.1067': attribute type 29 has an invalid length.
[  484.980979][T10054] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1067'.
[  485.155527][T10083] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  485.171217][ T5895] gspca_cpia1: usb_control_msg 03, error -32
[  485.250636][ T5895] gspca_cpia1: usb_control_msg 03, error -32
[  485.292564][ T5895] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  485.402628][T10088] program syz.6.1078 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  485.551791][T10089] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1076'.
[  486.361640][ T5895] gspca_cpia1: usb_control_msg 01, error -71
[  486.477514][ T5895] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0)
[  486.843132][T10099] tmpfs: Bad value for 'mode'
[  486.865491][ T5895] usb 2-1: USB disconnect, device number 30
[  490.361118][ T5895] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  490.537421][ T5895] usb 2-1: device descriptor read/64, error -71
[  490.681769][T10120] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1084'.
[  491.025669][ T5895] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  491.719253][ T5895] usb 2-1: device descriptor read/64, error -71
[  491.788825][T10130] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1089'.
[  491.829601][ T5895] usb usb2-port1: attempt power cycle
[  492.217529][ T5895] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  492.988118][ T5895] usb 2-1: device descriptor read/8, error -71
[  493.029378][T10148] netem: change failed
[  493.294689][T10155] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1097'.
[  493.583179][ T5895] usb 2-1: new full-speed USB device number 34 using dummy_hcd
[  493.784153][ T5895] usb 2-1: not running at top speed; connect to a high speed hub
[  494.547718][ T5895] usb 2-1: config 1 interface 0 has no altsetting 0
[  494.568248][ T5895] usb 2-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40
[  494.578946][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.586971][ T5895] usb 2-1: Product: syz
[  494.621142][ T5895] usb 2-1: Manufacturer: syz
[  494.626718][ T5895] usb 2-1: SerialNumber: syz
[  495.479579][ T5895] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input30
[  495.505397][ T5174] bcm5974 2-1:1.0: could not read from device
[  495.521611][ T5174] bcm5974 2-1:1.0: could not read from device
[  495.528940][ T5895] usb 2-1: USB disconnect, device number 34
[  495.535038][ T5174] bcm5974 2-1:1.0: could not read from device
[  495.544873][ T5174] bcm5974 2-1:1.0: could not read from device
[  496.176166][T10188] syz.1.1109: attempt to access beyond end of device
[  496.176166][T10188] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  496.317614][ T5834] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  496.479448][T10189] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1110'.
[  496.580810][ T5895] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  496.749129][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  497.056835][ T5834] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  497.146008][ T5895] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  497.166356][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.176132][ T5895] usb 3-1: Product: syz
[  497.180433][ T5895] usb 3-1: Manufacturer: syz
[  497.185106][ T5895] usb 3-1: SerialNumber: syz
[  497.192868][ T5895] usb 3-1: config 0 descriptor??
[  497.223528][ T5834] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0
[  497.234366][ T5834] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  497.254705][ T5834] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0
[  497.275152][ T5834] usb 7-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[  497.286148][ T5834] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.304000][ T5834] usb 7-1: Product: syz
[  497.308339][ T5834] usb 7-1: Manufacturer: syz
[  497.312952][ T5834] usb 7-1: SerialNumber: syz
[  497.320841][ T5834] usb 7-1: config 0 descriptor??
[  497.327985][ T5834] ums-isd200 7-1:0.0: USB Mass Storage device detected
[  497.424462][ T5895] usb 3-1: USB disconnect, device number 19
[  497.655917][T10182] QAT: Invalid ioctl 1075883590
[  497.662633][T10182] QAT: Invalid ioctl 1075883590
[  497.672288][T10182] QAT: Invalid ioctl 1075883590
[  497.677716][T10182] QAT: Invalid ioctl 1075883590
[  497.682676][T10182] QAT: Invalid ioctl 1075883590
[  497.688751][T10182] QAT: Invalid ioctl 1075883590
[  497.693721][T10182] QAT: Invalid ioctl 1075883590
[  497.698834][T10182] QAT: Invalid ioctl 1075883590
[  497.703767][T10182] QAT: Invalid ioctl 1075883590
[  497.708830][T10182] QAT: Invalid ioctl 1075883590
[  497.718241][ T5834] scsi host1: usb-storage 7-1:0.0
[  497.753282][ T5834] usb 7-1: USB disconnect, device number 17
[  498.017382][ T9829] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  498.194902][ T9829] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  498.225353][ T9829] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  498.256336][ T9829] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  498.278092][ T9829] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  498.324861][ T9829] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  498.340767][ T9829] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  498.369939][ T9829] usb 5-1: Manufacturer: syz
[  498.388861][ T9829] usb 5-1: config 0 descriptor??
[  498.587797][ T5834] hid-generic 0000:0004:0034.0013: unknown main item tag 0x0
[  498.597582][T10215] syz_tun: entered allmulticast mode
[  498.648331][ T5834] hid-generic 0000:0004:0034.0013: unknown main item tag 0x0
[  498.739921][ T5834] hid-generic 0000:0004:0034.0013: unknown main item tag 0x0
[  498.982337][ T5834] hid-generic 0000:0004:0034.0013: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  499.110036][ T9829] appleir 0003:05AC:8243.0014: unknown main item tag 0x0
[  499.380377][T10213] syz_tun: left allmulticast mode
[  502.025199][ T9829] appleir 0003:05AC:8243.0014: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  502.028459][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  502.137106][T10226] syz.1.1121: attempt to access beyond end of device
[  502.137106][T10226] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  502.787979][T10240] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1122'.
[  502.836999][ T9829] usb 5-1: USB disconnect, device number 20
[  508.200227][T10280] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1130'.
[  508.869873][T10278] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  508.888727][T10278] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  509.050080][T10278] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  509.150189][T10279] loop9: detected capacity change from 0 to 8
[  509.329969][T10279]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  509.335323][T10279] loop9: partition table partially beyond EOD, truncated
[  509.343180][T10279] loop9: p1 size 81768186 extends beyond EOD, truncated
[  509.709364][T10295] FAULT_INJECTION: forcing a failure.
[  509.709364][T10295] name failslab, interval 1, probability 0, space 0, times 0
[  509.722123][T10295] CPU: 1 UID: 0 PID: 10295 Comm: syz.6.1134 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  509.722143][T10295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  509.722152][T10295] Call Trace:
[  509.722158][T10295]  <TASK>
[  509.722165][T10295]  dump_stack_lvl+0x189/0x250
[  509.722192][T10295]  ? __pfx____ratelimit+0x10/0x10
[  509.722214][T10295]  ? __pfx_dump_stack_lvl+0x10/0x10
[  509.722236][T10295]  ? __pfx__printk+0x10/0x10
[  509.722253][T10295]  ? __pfx___might_resched+0x10/0x10
[  509.722274][T10295]  ? fs_reclaim_acquire+0x7d/0x100
[  509.722299][T10295]  should_fail_ex+0x414/0x560
[  509.722320][T10295]  should_failslab+0xa8/0x100
[  509.722340][T10295]  __kmalloc_noprof+0xcb/0x4f0
[  509.722357][T10295]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  509.722383][T10295]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  509.722410][T10295]  genl_family_rcv_msg_doit+0xb8/0x300
[  509.722436][T10295]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  509.722459][T10295]  ? __pfx_genl_get_cmd+0x10/0x10
[  509.722489][T10295]  ? __pfx_nbd_genl_connect+0x10/0x10
[  509.722519][T10295]  genl_rcv_msg+0x60e/0x790
[  509.722556][T10295]  ? __pfx_genl_rcv_msg+0x10/0x10
[  509.722572][T10295]  ? __pfx_nbd_genl_connect+0x10/0x10
[  509.722598][T10295]  netlink_rcv_skb+0x205/0x470
[  509.722612][T10295]  ? __pfx_genl_rcv_msg+0x10/0x10
[  509.722630][T10295]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  509.722654][T10295]  ? down_read+0x1ad/0x2e0
[  509.722668][T10295]  genl_rcv+0x28/0x40
[  509.722682][T10295]  netlink_unicast+0x758/0x8d0
[  509.722709][T10295]  netlink_sendmsg+0x805/0xb30
[  509.722728][T10295]  ? __pfx_netlink_sendmsg+0x10/0x10
[  509.722747][T10295]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  509.722762][T10295]  ? __pfx_netlink_sendmsg+0x10/0x10
[  509.722781][T10295]  __sock_sendmsg+0x219/0x270
[  509.722801][T10295]  ____sys_sendmsg+0x505/0x830
[  509.722820][T10295]  ? __pfx_____sys_sendmsg+0x10/0x10
[  509.722841][T10295]  ? import_iovec+0x74/0xa0
[  509.722862][T10295]  ___sys_sendmsg+0x21f/0x2a0
[  509.722878][T10295]  ? __pfx____sys_sendmsg+0x10/0x10
[  509.722917][T10295]  ? __fget_files+0x2a/0x420
[  509.722933][T10295]  ? __fget_files+0x3a0/0x420
[  509.722956][T10295]  __x64_sys_sendmsg+0x19b/0x260
[  509.722973][T10295]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  509.722994][T10295]  ? __pfx_ksys_write+0x10/0x10
[  509.723006][T10295]  ? rcu_is_watching+0x15/0xb0
[  509.723029][T10295]  ? do_syscall_64+0xbe/0x3b0
[  509.723050][T10295]  do_syscall_64+0xfa/0x3b0
[  509.723066][T10295]  ? lockdep_hardirqs_on+0x9c/0x150
[  509.723083][T10295]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.723095][T10295]  ? clear_bhb_loop+0x60/0xb0
[  509.723110][T10295]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.723122][T10295] RIP: 0033:0x7f81b3f8e929
[  509.723133][T10295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  509.723144][T10295] RSP: 002b:00007f81b4e7e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  509.723158][T10295] RAX: ffffffffffffffda RBX: 00007f81b41b5fa0 RCX: 00007f81b3f8e929
[  509.723167][T10295] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 000000000000000d
[  509.723175][T10295] RBP: 00007f81b4e7e090 R08: 0000000000000000 R09: 0000000000000000
[  509.723182][T10295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  509.723190][T10295] R13: 0000000000000000 R14: 00007f81b41b5fa0 R15: 00007fff1bbde368
[  509.723209][T10295]  </TASK>
[  510.036458][T10306] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1137'.
[  510.280772][T10306] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1137'.
[  510.293251][T10306] netlink: 'syz.1.1137': attribute type 5 has an invalid length.
[  510.872213][T10309] syz_tun: entered allmulticast mode
[  511.199946][T10308] syz_tun: left allmulticast mode
[  514.401987][T10334] syz_tun: entered allmulticast mode
[  514.674574][T10326] syz_tun: left allmulticast mode
[  515.564721][T10348] netlink: 'syz.1.1150': attribute type 1 has an invalid length.
[  515.610237][ T5895] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  515.612104][T10349] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1151'.
[  515.683636][T10349] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1151'.
[  515.686040][T10348] 8021q: adding VLAN 0 to HW filter on device bond2
[  515.694337][T10349] netlink: 'syz.4.1151': attribute type 5 has an invalid length.
[  515.730648][T10353] bond2: entered promiscuous mode
[  515.736261][T10357] netlink: 'syz.0.1153': attribute type 21 has an invalid length.
[  515.763670][T10357] netlink: 'syz.0.1153': attribute type 1 has an invalid length.
[  515.773692][ T5895] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  515.792384][ T5895] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  515.810551][ T5895] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  515.834065][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.870102][ T5895] usb 3-1: config 0 descriptor??
[  516.047821][    T9] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  516.095530][T10372] Illegal XDP return value 10372 on prog  (id 251) dev N/A, expect packet loss!
[  516.106173][ T5895] usb 3-1: USB disconnect, device number 20
[  516.817551][    T9] usb 2-1: Using ep0 maxpacket: 32
[  516.838798][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  516.859404][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  516.886489][    T9] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  516.945333][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  517.002600][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  517.047301][    T9] usb 2-1: Product: syz
[  517.051515][    T9] usb 2-1: Manufacturer: syz
[  517.086852][    T9] usb 2-1: SerialNumber: syz
[  517.093435][T10375] 9pnet_fd: Insufficient options for proto=fd
[  517.118395][    T9] cdc_ncm 2-1:1.0: skipping garbage
[  517.134321][    T9] cdc_ncm 2-1:1.0: skipping garbage
[  517.147314][    T9] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  517.171074][    T9] cdc_ncm 2-1:1.0: bind() failure
[  517.673082][    T9] usb 2-1: USB disconnect, device number 35
[  517.796654][T10387] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1160'.
[  517.987776][T10387] hsr_slave_1 (unregistering): left promiscuous mode
[  519.056599][T10403] syz.2.1165: attempt to access beyond end of device
[  519.056599][T10403] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  519.882323][   T30] audit: type=1326 audit(1751388520.193:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10413 comm="syz.6.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b3f8e929 code=0x7ffc0000
[  519.892489][T10415] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.1170' sets config #0
[  519.954598][T10415] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.1170' sets config #1
[  520.060301][   T30] audit: type=1326 audit(1751388520.193:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10413 comm="syz.6.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81b3f8e929 code=0x7ffc0000
[  520.116307][   T30] audit: type=1326 audit(1751388520.193:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10413 comm="syz.6.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b3f8e929 code=0x7ffc0000
[  520.408045][   T30] audit: type=1326 audit(1751388520.193:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10413 comm="syz.6.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b3f8e929 code=0x7ffc0000
[  521.027127][   T30] audit: type=1326 audit(1751388520.193:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10413 comm="syz.6.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81b3f8e929 code=0x7ffc0000
[  521.055234][   T30] audit: type=1326 audit(1751388520.193:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10413 comm="syz.6.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b3f8e929 code=0x7ffc0000
[  521.163894][   T30] audit: type=1326 audit(1751388520.193:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10413 comm="syz.6.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b3f8e929 code=0x7ffc0000
[  521.364603][   T30] audit: type=1326 audit(1751388520.193:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10413 comm="syz.6.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f81b3f8e929 code=0x7ffc0000
[  521.907407][   T30] audit: type=1326 audit(1751388520.193:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10413 comm="syz.6.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b3f8e929 code=0x7ffc0000
[  522.037758][   T30] audit: type=1326 audit(1751388520.193:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10413 comm="syz.6.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f81b3f8e929 code=0x7ffc0000
[  522.555951][T10458] loop9: detected capacity change from 0 to 8
[  522.569215][T10458]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  522.575057][T10458] loop9: partition table partially beyond EOD, truncated
[  522.586113][T10458] loop9: p1 size 81768186 extends beyond EOD, truncated
[  523.323763][T10460] loop8: detected capacity change from 0 to 16384
[  523.641401][T10460] loop8: detected capacity change from 16384 to 16383
[  523.894633][T10471] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.1185' sets config #0
[  523.910850][T10471] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.1185' sets config #1
[  524.387950][T10466] openvswitch: netlink: Missing valid actions attribute.
[  524.395031][T10466] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  524.657914][  T927] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  524.846994][  T927] usb 1-1: device descriptor read/64, error -71
[  525.097371][  T927] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  525.257992][  T927] usb 1-1: device descriptor read/64, error -71
[  525.326859][T10498] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1196'.
[  525.403704][T10498] FAULT_INJECTION: forcing a failure.
[  525.403704][T10498] name failslab, interval 1, probability 0, space 0, times 0
[  525.451167][  T927] usb usb1-port1: attempt power cycle
[  525.589760][T10498] CPU: 1 UID: 0 PID: 10498 Comm: syz.2.1196 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  525.589789][T10498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  525.589800][T10498] Call Trace:
[  525.589808][T10498]  <TASK>
[  525.589816][T10498]  dump_stack_lvl+0x189/0x250
[  525.589849][T10498]  ? __pfx____ratelimit+0x10/0x10
[  525.589875][T10498]  ? __pfx_dump_stack_lvl+0x10/0x10
[  525.589902][T10498]  ? __pfx__printk+0x10/0x10
[  525.589925][T10498]  ? __pfx___might_resched+0x10/0x10
[  525.589951][T10498]  ? fs_reclaim_acquire+0x7d/0x100
[  525.589981][T10498]  should_fail_ex+0x414/0x560
[  525.590006][T10498]  should_failslab+0xa8/0x100
[  525.590032][T10498]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  525.590072][T10498]  ? kasprintf+0xd4/0x120
[  525.590094][T10498]  kvasprintf+0xdc/0x190
[  525.590125][T10498]  ? __pfx_kvasprintf+0x10/0x10
[  525.590151][T10498]  ? do_raw_spin_lock+0x121/0x290
[  525.590184][T10498]  kasprintf+0xd4/0x120
[  525.590200][T10498]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  525.590228][T10498]  ? __pfx_kasprintf+0x10/0x10
[  525.590243][T10498]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  525.590281][T10498]  ieee80211_alloc_led_names+0x141/0x2b0
[  525.590305][T10498]  ieee80211_alloc_hw_nm+0x18ca/0x1f20
[  525.590339][T10498]  mac80211_hwsim_new_radio+0x1ee/0x5340
[  525.590373][T10498]  ? rcu_is_watching+0x15/0xb0
[  525.590400][T10498]  ? trace_irq_disable+0x37/0x110
[  525.590422][T10498]  ? preempt_schedule_irq+0xde/0x150
[  525.590447][T10498]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  525.590478][T10498]  ? irqentry_exit+0x74/0x90
[  525.590502][T10498]  ? lockdep_hardirqs_on+0x9c/0x150
[  525.590529][T10498]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  525.590572][T10498]  hwsim_new_radio_nl+0xea4/0x1b10
[  525.590604][T10498]  ? __pfx___nla_validate_parse+0x10/0x10
[  525.590645][T10498]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  525.590688][T10498]  ? __nla_parse+0x40/0x60
[  525.590716][T10498]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  525.590752][T10498]  genl_family_rcv_msg_doit+0x215/0x300
[  525.590778][T10498]  ? __sanitizer_cov_trace_pc+0x8/0x70
[  525.590804][T10498]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  525.590854][T10498]  ? bpf_lsm_capable+0x9/0x20
[  525.590880][T10498]  ? security_capable+0x7e/0x2e0
[  525.590911][T10498]  genl_rcv_msg+0x60e/0x790
[  525.590942][T10498]  ? __pfx_genl_rcv_msg+0x10/0x10
[  525.590965][T10498]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  525.591006][T10498]  netlink_rcv_skb+0x205/0x470
[  525.591026][T10498]  ? __pfx_genl_rcv_msg+0x10/0x10
[  525.591060][T10498]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  525.591096][T10498]  ? down_read+0x1ad/0x2e0
[  525.591113][T10498]  genl_rcv+0x28/0x40
[  525.591134][T10498]  netlink_unicast+0x758/0x8d0
[  525.591171][T10498]  netlink_sendmsg+0x805/0xb30
[  525.591190][T10498]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  525.591220][T10498]  ? __pfx_netlink_sendmsg+0x10/0x10
[  525.591248][T10498]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  525.591268][T10498]  ? __pfx_netlink_sendmsg+0x10/0x10
[  525.591288][T10498]  __sock_sendmsg+0x219/0x270
[  525.591340][T10498]  ____sys_sendmsg+0x505/0x830
[  525.591370][T10498]  ? __pfx_____sys_sendmsg+0x10/0x10
[  525.591406][T10498]  ? import_iovec+0x74/0xa0
[  525.591442][T10498]  ___sys_sendmsg+0x21f/0x2a0
[  525.591469][T10498]  ? __pfx____sys_sendmsg+0x10/0x10
[  525.591502][T10498]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  525.591559][T10498]  ? __fget_files+0x2a/0x420
[  525.591586][T10498]  ? __fget_files+0x3a0/0x420
[  525.591625][T10498]  __x64_sys_sendmsg+0x19b/0x260
[  525.591654][T10498]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  525.591690][T10498]  ? __pfx_ksys_write+0x10/0x10
[  525.591720][T10498]  ? do_syscall_64+0xbe/0x3b0
[  525.591756][T10498]  do_syscall_64+0xfa/0x3b0
[  525.591786][T10498]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.591807][T10498]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  525.591827][T10498]  ? clear_bhb_loop+0x60/0xb0
[  525.591852][T10498]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.591872][T10498] RIP: 0033:0x7fe49df8e929
[  525.591896][T10498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  525.591914][T10498] RSP: 002b:00007fe49eda3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  525.591937][T10498] RAX: ffffffffffffffda RBX: 00007fe49e1b5fa0 RCX: 00007fe49df8e929
[  525.591952][T10498] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[  525.591965][T10498] RBP: 00007fe49eda3090 R08: 0000000000000000 R09: 0000000000000000
[  525.591977][T10498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  525.591989][T10498] R13: 0000000000000000 R14: 00007fe49e1b5fa0 R15: 00007ffe434af9b8
[  525.592023][T10498]  </TASK>
[  525.947333][  T927] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  526.368626][    T9] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  526.399572][  T927] usb 1-1: device descriptor read/8, error -71
[  526.439501][T10506] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  526.448139][T10506] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  526.457692][T10506] batadv_slave_0: entered promiscuous mode
[  526.516251][   T30] kauditd_printk_skb: 39 callbacks suppressed
[  526.516278][   T30] audit: type=1326 audit(1751388526.813:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10507 comm="syz.4.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  526.554578][    T9] usb 2-1: device descriptor read/64, error -71
[  526.590286][   T30] audit: type=1326 audit(1751388526.813:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10507 comm="syz.4.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  526.637418][  T927] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  526.658570][   T30] audit: type=1326 audit(1751388526.813:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10507 comm="syz.4.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  526.698812][  T927] usb 1-1: device descriptor read/8, error -71
[  526.747573][   T30] audit: type=1326 audit(1751388526.813:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10507 comm="syz.4.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  526.791789][   T30] audit: type=1326 audit(1751388526.813:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10507 comm="syz.4.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  526.813893][   T30] audit: type=1326 audit(1751388526.813:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10507 comm="syz.4.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  526.831680][  T927] usb usb1-port1: unable to enumerate USB device
[  526.835726][    T9] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  526.849859][   T30] audit: type=1326 audit(1751388526.813:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10507 comm="syz.4.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  526.914304][   T30] audit: type=1326 audit(1751388526.813:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10507 comm="syz.4.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  526.936229][   T30] audit: type=1326 audit(1751388526.823:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10507 comm="syz.4.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  526.960108][   T30] audit: type=1326 audit(1751388526.823:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10507 comm="syz.4.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb1b78e929 code=0x7ffc0000
[  527.017765][ T5895] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  527.025543][    T9] usb 2-1: device descriptor read/64, error -71
[  527.149714][    T9] usb usb2-port1: attempt power cycle
[  527.169071][ T5895] usb 1-1: device descriptor read/64, error -71
[  527.438182][ T5895] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  527.508315][    T9] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  527.538098][    T9] usb 2-1: device descriptor read/8, error -71
[  527.799249][    T9] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  527.819526][ T5821] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  527.849022][    T9] usb 2-1: device descriptor read/8, error -71
[  527.972803][    T9] usb usb2-port1: unable to enumerate USB device
[  528.109577][T10537] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1205'.
[  529.447550][  T978] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  529.773676][  T978] usb 1-1: config 0 has an invalid interface number: 183 but max is 0
[  530.014602][  T978] usb 1-1: config 0 has no interface number 0
[  530.071805][  T978] usb 1-1: New USB device found, idVendor=19d2, idProduct=e9d4, bcdDevice=38.f6
[  530.177676][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.212148][T10550] tmpfs: Bad value for 'mode'
[  530.259427][  T978] usb 1-1: config 0 descriptor??
[  530.289657][  T978] usb 1-1: bad CDC descriptors
[  531.052844][  T978] usb 1-1: USB disconnect, device number 28
[  531.247695][ T5834] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  531.369134][T10573] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1214'.
[  531.397491][T10573] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1214'.
[  531.409848][ T5834] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  531.428381][T10573] netlink: 'syz.1.1214': attribute type 5 has an invalid length.
[  531.452485][ T5834] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4
[  531.456177][T10575] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1216'.
[  531.479214][ T5834] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  531.504573][ T5834] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  531.531730][ T5834] usb 7-1: Product: syz
[  531.544097][ T5834] usb 7-1: Manufacturer: syz
[  531.566393][ T5834] usb 7-1: SerialNumber: syz
[  531.588935][ T5834] usb 7-1: config 0 descriptor??
[  531.623462][ T5834] em28xx 7-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0)
[  531.653130][ T5834] em28xx 7-1:0.0: Device initialization failed.
[  531.674944][ T5834] em28xx 7-1:0.0: Device must be connected to a high-speed USB 2.0 port.
[  532.748112][T10604] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[  532.881209][T10604] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1221'.
[  533.146802][ T5924] usb 7-1: USB disconnect, device number 18
[  533.540657][T10613] syzkaller1: entered promiscuous mode
[  533.613793][T10613] syzkaller1: entered allmulticast mode
[  534.294243][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  534.294257][   T30] audit: type=1326 audit(1751388534.213:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10614 comm="syz.1.1223" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f345838e929 code=0x0
[  536.158737][T10638] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  536.196720][T10640] tmpfs: Bad value for 'mpol'
[  536.912432][T10652] ip6gre1: entered promiscuous mode
[  537.868762][T10656] syz_tun: entered allmulticast mode
[  538.200726][T10655] syz_tun: left allmulticast mode
[  540.917481][T10696] syz_tun: entered allmulticast mode
[  540.936341][T10697] syz_tun: left allmulticast mode
[  541.387360][    T9] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  541.516832][T10725] netlink: 372 bytes leftover after parsing attributes in process `syz.4.1245'.
[  541.545447][T10725] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1245'.
[  541.557330][    T9] usb 2-1: Using ep0 maxpacket: 32
[  541.615676][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  542.890315][T10725] netlink: 'syz.4.1245': attribute type 6 has an invalid length.
[  543.036702][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  543.142848][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  543.306029][    T9] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  543.432342][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.629218][    T9] usb 2-1: config 0 descriptor??
[  543.942111][T10707] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1238'.
[  544.141194][T10725] netlink: 'syz.4.1245': attribute type 5 has an invalid length.
[  544.149123][T10725] netlink: 'syz.4.1245': attribute type 4 has an invalid length.
[  545.482500][T10737] syz_tun: entered allmulticast mode
[  545.769862][T10736] syz_tun: left allmulticast mode
[  545.821493][    T9] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0015/input/input33
[  545.938915][T10750] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  545.945481][T10750] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  545.946202][    T9] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0015/input/input34
[  546.167739][T10750] vhci_hcd vhci_hcd.0: Device attached
[  546.180229][    T9] kye 0003:0458:5011.0015: input,hiddev0,hidraw0: USB HID v9.00 Mouse [HID 0458:5011] on usb-dummy_hcd.1-1/input0
[  546.749933][T10759] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  546.756505][T10759] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  546.788626][    T9] usb 2-1: USB disconnect, device number 40
[  546.818827][ T5924] vhci_hcd: vhci_device speed not set
[  546.844272][T10760] tmpfs: Bad value for 'size'
[  546.877167][T10759] vhci_hcd vhci_hcd.0: Device attached
[  546.933887][ T5924] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  547.027437][ T5895] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[  547.203404][ T5895] usb 3-1: config 1 has an invalid interface number: 128 but max is 1
[  547.270172][ T5895] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  547.378146][T10785] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1257'.
[  547.893265][ T5895] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  547.927287][ T5895] usb 3-1: config 1 has no interface number 0
[  547.933514][ T5895] usb 3-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  548.080329][ T5895] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  548.096167][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.107273][ T5895] usb 3-1: Product: syz
[  548.111485][ T5895] usb 3-1: Manufacturer: syz
[  548.116114][ T5895] usb 3-1: SerialNumber: syz
[  548.142734][ T5895] cdc_wdm 3-1:1.128: skipping garbage
[  548.163400][ T5895] cdc_wdm 3-1:1.128: probe with driver cdc_wdm failed with error -22
[  548.366884][ T5895] usb 3-1: USB disconnect, device number 21
[  548.416589][T10761] vhci_hcd: connection closed
[  548.423884][ T7284] vhci_hcd: stop threads
[  548.433412][T10752] vhci_hcd: connection reset by peer
[  548.449066][ T7284] vhci_hcd: release socket
[  548.472879][ T7284] vhci_hcd: disconnect device
[  548.479534][ T7284] vhci_hcd: stop threads
[  548.484142][ T7284] vhci_hcd: release socket
[  548.488960][ T7284] vhci_hcd: disconnect device
[  549.185603][T10808] syz.1.1265: attempt to access beyond end of device
[  549.185603][T10808] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  550.315610][T10822] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1270'.
[  552.208271][ T5924] vhci_hcd: vhci_device speed not set
[  552.346656][T10863] syz.4.1279: attempt to access beyond end of device
[  552.346656][T10863] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  552.507471][ T5857] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  552.689131][ T5857] usb 3-1: config 8 has an invalid interface number: 250 but max is 0
[  553.443475][ T5857] usb 3-1: config 8 has no interface number 0
[  553.461122][ T5857] usb 3-1: config 8 interface 250 has no altsetting 0
[  553.520123][ T5857] usb 3-1: New USB device found, idVendor=0545, idProduct=8333, bcdDevice=8f.86
[  553.567289][ T5857] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  553.613131][ T5857] usb 3-1: Product: syz
[  553.629597][ T5857] usb 3-1: Manufacturer: syz
[  553.646767][ T5857] usb 3-1: SerialNumber: syz
[  554.218927][ T5857] gspca_main: tv8532-2.14.0 probing 0545:8333
[  554.284553][ T5857] usb 3-1: USB disconnect, device number 22
[  554.418256][   T10] usb usb38-port1: attempt power cycle
[  554.834916][T10895] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  555.187578][   T10] usb usb38-port1: unable to enumerate USB device
[  560.169329][T10979] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1302' sets config #0
[  560.200236][T10979] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1302' sets config #1
[  560.853773][T10991] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1307'.
[  561.952872][T11018] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1315' sets config #0
[  561.979420][T11018] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1315' sets config #1
[  562.795385][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  563.438172][T11034] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1319'.
[  565.466480][T11048] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1323'.
[  567.435010][T11074] loop6: detected capacity change from 0 to 1
[  567.537971][T11076] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1329'.
[  568.102623][T11074] Dev loop6: unable to read RDB block 1
[  568.132589][T11074]  loop6: unable to read partition table
[  568.260506][T11074] loop6: partition table beyond EOD, truncated
[  568.266729][T11074] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  569.370677][T11112] loop9: detected capacity change from 0 to 8
[  569.408292][T11112]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  569.413651][T11112] loop9: partition table partially beyond EOD, truncated
[  569.800412][T11112] loop9: p1 size 81768186 extends beyond EOD, truncated
[  569.920567][T11120] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.1342' sets config #0
[  570.009167][T11120] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.1342' sets config #1
[  570.315365][T11129] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1345'.
[  570.825869][T11143] sp0: Synchronizing with TNC
[  571.076556][T11148] netlink: 'syz.6.1350': attribute type 4 has an invalid length.
[  571.084478][T11148] netlink: 17 bytes leftover after parsing attributes in process `syz.6.1350'.
[  571.627642][T11135] [U] è`
[  572.549736][T11160] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1354' sets config #0
[  572.563303][T11160] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1354' sets config #1
[  573.001344][  T927] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  574.648083][ T5924] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  574.877418][ T5924] usb 7-1: Using ep0 maxpacket: 32
[  574.988692][ T5924] usb 7-1: config 0 has an invalid descriptor of length 51, skipping remainder of the config
[  575.028113][ T5924] usb 7-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  575.055060][ T5924] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  575.069882][ T5924] usb 7-1: Product: syz
[  575.074266][ T5924] usb 7-1: Manufacturer: syz
[  575.819366][T11191] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1362'.
[  575.990852][ T5924] usb 7-1: SerialNumber: syz
[  576.059162][ T5924] usb 7-1: config 0 descriptor??
[  576.132287][ T5924] cdc_ether 7-1:0.0: probe with driver cdc_ether failed with error -22
[  576.280304][ T5924] usb 7-1: unsupported MDLM descriptors
[  576.307300][  T927] usb 5-1: device descriptor read/64, error -71
[  576.919037][  T927] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  577.111194][  T927] usb 5-1: config 1 has an invalid descriptor of length 238, skipping remainder of the config
[  577.130067][  T927] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  577.144643][  T927] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  577.154929][  T927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.165389][  T927] usb 5-1: Product: syz
[  577.172713][  T927] usb 5-1: Manufacturer: syz
[  577.177890][  T927] usb 5-1: SerialNumber: syz
[  577.229727][T11208] loop2: detected capacity change from 0 to 7
[  577.256513][T11208] Dev loop2: unable to read RDB block 7
[  577.310969][T11208]  loop2: unable to read partition table
[  577.353089][T11208] loop2: partition table beyond EOD, truncated
[  577.418050][   T10] usb 7-1: USB disconnect, device number 19
[  577.430760][T11208] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  577.716128][  T927] usb 5-1: skipping empty audio interface (v1)
[  577.755613][  T927] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  577.792931][  T927] usb 5-1: USB disconnect, device number 22
[  577.883230][T11223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1373'.
[  581.297104][T11253] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1386'.
[  581.360392][T11253] bridge0: entered promiscuous mode
[  581.366385][T11253] macsec1: entered allmulticast mode
[  581.382231][T11253] bridge0: entered allmulticast mode
[  581.488826][T11267] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1388'.
[  581.606653][   T10] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  581.728202][T11272] lo speed is unknown, defaulting to 1000
[  581.734741][T11272] lo speed is unknown, defaulting to 1000
[  581.748020][T11272] lo speed is unknown, defaulting to 1000
[  581.777583][T11272] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  581.845164][T11272] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  582.266053][T11274] xfrm1: entered promiscuous mode
[  582.273621][T11274] xfrm1: entered allmulticast mode
[  582.303697][T11272] lo speed is unknown, defaulting to 1000
[  582.311785][T11272] lo speed is unknown, defaulting to 1000
[  582.325739][T11272] lo speed is unknown, defaulting to 1000
[  582.333581][T11272] lo speed is unknown, defaulting to 1000
[  582.342870][T11272] lo speed is unknown, defaulting to 1000
[  582.347367][   T10] usb 1-1: Using ep0 maxpacket: 32
[  582.373453][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  582.406225][   T10] usb 1-1: config index 0 descriptor too short (expected 39698, got 18)
[  582.440121][   T10] usb 1-1: config 134 has too many interfaces: 166, using maximum allowed: 32
[  582.479122][   T10] usb 1-1: config 134 has an invalid descriptor of length 17, skipping remainder of the config
[  582.551313][   T10] usb 1-1: config 134 has 0 interfaces, different from the descriptor's value: 166
[  582.583572][   T10] usb 1-1: New USB device found, idVendor=0557, idProduct=2011, bcdDevice=7c.1c
[  582.613349][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  582.647264][   T10] usb 1-1: Product: syz
[  582.674210][   T10] usb 1-1: Manufacturer: syz
[  582.713205][   T10] usb 1-1: SerialNumber: syz
[  582.949967][T11289] overlayfs: missing 'lowerdir'
[  582.994736][   T10] usb 1-1: USB disconnect, device number 29
[  584.915081][T11308] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1397'.
[  586.321509][T11319] syz_tun: entered allmulticast mode
[  586.458043][T11317] syz_tun: left allmulticast mode
[  586.579684][T11318] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1400'.
[  589.049329][T11344] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1409'.
[  589.347473][T11349] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1411'.
[  594.136850][T11370] afs: Unknown parameter 'dynns'
[  594.148811][T11370] overlayfs: overlapping lowerdir path
[  596.712435][T11410] trusted_key: encrypted_key: insufficient parameters specified
[  599.993936][T11413] xt_CT: No such helper "pptp"
[  705.117195][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  705.124218][    C1] rcu: 	0-...!: (0 ticks this GP) idle=8764/1/0x4000000000000000 softirq=51586/51586 fqs=0
[  705.135305][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P11416/1:b..l
[  705.143321][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=41249, q=232 ncpus=2)
[  705.151057][    C1] Sending NMI from CPU 1 to CPUs 0:
[  705.151089][    C0] NMI backtrace for cpu 0
[  705.151104][    C0] CPU: 0 UID: 0 PID: 5822 Comm: syz-executor Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  705.151122][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  705.151132][    C0] RIP: 0010:lock_release+0x29a/0x3e0
[  705.151156][    C0] Code: c7 e7 a5 b5 8d e8 d6 ce c1 09 b8 ff ff ff ff 65 0f c1 05 e9 cb fb 10 83 f8 01 75 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 <f7> 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b
[  705.151169][    C0] RSP: 0018:ffffc90000007bf8 EFLAGS: 00000046
[  705.151182][    C0] RAX: 0000000000000001 RBX: 0000000000000006 RCX: ea00c0f9a5e5db00
[  705.151191][    C0] RDX: 0000000000000004 RSI: ffffffff8db5a5e7 RDI: ffffffff8be1b940
[  705.151202][    C0] RBP: ffff888011b5c790 R08: ffff88805b4b6487 R09: 1ffff1100b696c90
[  705.151213][    C0] R10: dffffc0000000000 R11: ffffed100b696c91 R12: 0000000000000004
[  705.151223][    C0] R13: 0000000000000004 R14: ffff88807d1ef300 R15: ffff888011b5bc00
[  705.151233][    C0] FS:  0000555574fa3500(0000) GS:ffff888125c84000(0000) knlGS:0000000000000000
[  705.151246][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  705.151256][    C0] CR2: 00007f3458580ab8 CR3: 0000000078b68000 CR4: 00000000003526f0
[  705.151269][    C0] Call Trace:
[  705.151276][    C0]  <IRQ>
[  705.151284][    C0]  ? advance_sched+0x99f/0xc90
[  705.151304][    C0]  _raw_spin_unlock+0x16/0x50
[  705.151323][    C0]  advance_sched+0x99f/0xc90
[  705.151348][    C0]  ? __pfx_advance_sched+0x10/0x10
[  705.151364][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  705.151400][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  705.151439][    C0]  ? read_tsc+0x9/0x20
[  705.151465][    C0]  hrtimer_interrupt+0x45b/0xaa0
[  705.151505][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  705.151533][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  705.151556][    C0]  </IRQ>
[  705.151561][    C0]  <TASK>
[  705.151568][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  705.151586][    C0] RIP: 0010:unwind_next_frame+0x1a8/0x2390
[  705.151612][    C0] Code: 4c 89 64 24 20 4c 89 7c 24 48 48 89 5c 24 10 0f b6 1b 48 8b 44 24 30 80 3c 28 00 4c 8b 7c 24 18 74 08 4c 89 ff e8 a8 19 af 00 <4d> 8b 27 48 83 f3 01 48 c7 c2 20 3e 88 8b 49 29 dc 0f 84 a2 01 00
[  705.151626][    C0] RSP: 0018:ffffc9000446f4f8 EFLAGS: 00000246
[  705.151640][    C0] RAX: 1ffff9200088dec2 RBX: 0000000000000000 RCX: ea00c0f9a5e5db00
[  705.151652][    C0] RDX: 0000000000000000 RSI: ffffffff8be1b920 RDI: ffffffff8be1b8e0
[  705.151664][    C0] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff81728af5
[  705.151675][    C0] R10: ffffc9000446f618 R11: ffffffff81ace5d0 R12: 1ffff9200088deb9
[  705.151688][    C0] R13: ffffc9000446f618 R14: ffffc9000446f5c8 R15: ffffc9000446f610
[  705.151704][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  705.151722][    C0]  ? unwind_next_frame+0xa5/0x2390
[  705.151751][    C0]  ? unwind_next_frame+0xd4/0x2390
[  705.151778][    C0]  ? unwind_next_frame+0xa5/0x2390
[  705.151801][    C0]  ? tomoyo_path_rmdir+0xa2/0xe0
[  705.151830][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  705.151848][    C0]  arch_stack_walk+0x11c/0x150
[  705.151877][    C0]  ? tomoyo_path_rmdir+0xa2/0xe0
[  705.151905][    C0]  stack_trace_save+0x9c/0xe0
[  705.151922][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  705.151943][    C0]  ? stack_depot_save_flags+0x40/0x900
[  705.151965][    C0]  kasan_save_track+0x3e/0x80
[  705.151984][    C0]  ? kasan_save_track+0x3e/0x80
[  705.151999][    C0]  ? __kasan_kmalloc+0x93/0xb0
[  705.152018][    C0]  ? __kmalloc_noprof+0x27a/0x4f0
[  705.152036][    C0]  ? tomoyo_encode+0x28b/0x550
[  705.152058][    C0]  ? tomoyo_realpath_from_path+0x58d/0x5d0
[  705.152082][    C0]  ? tomoyo_path_perm+0x213/0x4b0
[  705.152099][    C0]  ? tomoyo_path_rmdir+0xa2/0xe0
[  705.152154][    C0]  __kasan_kmalloc+0x93/0xb0
[  705.152175][    C0]  __kmalloc_noprof+0x27a/0x4f0
[  705.152193][    C0]  ? tomoyo_encode+0x28b/0x550
[  705.152219][    C0]  tomoyo_encode+0x28b/0x550
[  705.152246][    C0]  tomoyo_realpath_from_path+0x58d/0x5d0
[  705.152279][    C0]  tomoyo_path_perm+0x213/0x4b0
[  705.152298][    C0]  ? security_inode_permission+0xb7/0x310
[  705.152317][    C0]  ? tomoyo_path_perm+0x1e3/0x4b0
[  705.152335][    C0]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  705.152375][    C0]  ? __pfx_current_check_access_path+0x10/0x10
[  705.152405][    C0]  tomoyo_path_rmdir+0xa2/0xe0
[  705.152431][    C0]  ? __pfx_tomoyo_path_rmdir+0x10/0x10
[  705.152465][    C0]  security_path_rmdir+0x167/0x360
[  705.152483][    C0]  do_rmdir+0x219/0x630
[  705.152504][    C0]  ? __pfx_do_rmdir+0x10/0x10
[  705.152526][    C0]  ? getname_flags+0x1e5/0x540
[  705.152568][    C0]  __x64_sys_unlinkat+0xc2/0xf0
[  705.152588][    C0]  do_syscall_64+0xfa/0x3b0
[  705.152621][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  705.152641][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.152655][    C0]  ? clear_bhb_loop+0x60/0xb0
[  705.152671][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.152685][    C0] RIP: 0033:0x7fe49df8df07
[  705.152699][    C0] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  705.152711][    C0] RSP: 002b:00007ffe434aec48 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[  705.152725][    C0] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fe49df8df07
[  705.152735][    C0] RDX: 0000000000000200 RSI: 00007ffe434afd90 RDI: 00000000ffffff9c
[  705.152744][    C0] RBP: 00007fe49e010925 R08: 0000000000000000 R09: 0000000000000000
[  705.152753][    C0] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffe434afd90
[  705.152763][    C0] R13: 00007fe49e010925 R14: 000000000009279a R15: 00007ffe434afdd0
[  705.152781][    C0]  </TASK>
[  705.153079][    C1] task:syz.0.1423      state:R  running task     stack:27112 pid:11416 tgid:11405 ppid:5819   task_flags:0x400040 flags:0x00004002
[  705.716647][    C1] Call Trace:
[  705.719946][    C1]  <TASK>
[  705.722893][    C1]  __schedule+0x16a2/0x4cb0
[  705.727437][    C1]  ? refill_stock+0xe0/0x870
[  705.732055][    C1]  ? preempt_schedule_irq+0xb5/0x150
[  705.737368][    C1]  ? __lock_acquire+0xab9/0xd20
[  705.742246][    C1]  ? __pfx___schedule+0x10/0x10
[  705.747122][    C1]  ? __lock_acquire+0xab9/0xd20
[  705.752011][    C1]  ? preempt_schedule_irq+0xaa/0x150
[  705.757324][    C1]  preempt_schedule_irq+0xb5/0x150
[  705.762459][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  705.768215][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  705.774049][    C1]  irqentry_exit+0x6f/0x90
[  705.778481][    C1]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  705.783954][    C1] RIP: 0010:lock_acquire+0x175/0x360
[  705.789255][    C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 0b 9e fb 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  705.808869][    C1] RSP: 0000:ffffc9000b5ff7c0 EFLAGS: 00000206
[  705.814949][    C1] RAX: dc0397b802991f00 RBX: 0000000000000000 RCX: dc0397b802991f00
[  705.822931][    C1] RDX: 0000000000000000 RSI: ffffffff8db5a5e7 RDI: ffffffff8be1b940
[  705.830910][    C1] RBP: ffffffff8238c5b0 R08: 0000000000000000 R09: ffffffff8238c5b0
[  705.838891][    C1] R10: dffffc0000000000 R11: ffffed100ff09a7b R12: 0000000000000002
[  705.846870][    C1] R13: ffffffff8e13ee20 R14: 0000000000000000 R15: 0000000000000246
[  705.854861][    C1]  ? d_alloc_parallel+0x2e0/0x14e0
[  705.859984][    C1]  ? d_alloc_parallel+0x2e0/0x14e0
[  705.865121][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  705.870336][    C1]  d_alloc_parallel+0x301/0x14e0
[  705.875281][    C1]  ? d_alloc_parallel+0x2e0/0x14e0
[  705.880401][    C1]  ? __kernel_text_address+0xd/0x40
[  705.885615][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  705.891783][    C1]  ? d_alloc_parallel+0x2e0/0x14e0
[  705.896929][    C1]  ? __pfx_d_alloc_parallel+0x10/0x10
[  705.902322][    C1]  ? __raw_spin_lock_init+0x45/0x100
[  705.907632][    C1]  ? __init_waitqueue_head+0xa9/0x150
[  705.913018][    C1]  __lookup_slow+0x116/0x3d0
[  705.917631][    C1]  ? __pfx___lookup_slow+0x10/0x10
[  705.922775][    C1]  ? d_lookup+0x8a/0xa0
[  705.926939][    C1]  ? lookup_noperm+0x112/0x220
[  705.931734][    C1]  start_creating+0x22e/0x3c0
[  705.936438][    C1]  ? __pfx_start_creating+0x10/0x10
[  705.941673][    C1]  __debugfs_create_file+0x79/0x4f0
[  705.946897][    C1]  debugfs_create_file_full+0x3f/0x60
[  705.952296][    C1]  kvm_create_vm_debugfs+0x6b6/0x900
[  705.957645][    C1]  ? __pfx_kvm_create_vm_debugfs+0x10/0x10
[  705.963498][    C1]  kvm_dev_ioctl+0x1516/0x18e0
[  705.968296][    C1]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  705.973429][    C1]  ? __fget_files+0x2a/0x420
[  705.978049][    C1]  ? bpf_lsm_file_ioctl+0x9/0x20
[  705.983007][    C1]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  705.988145][    C1]  __se_sys_ioctl+0xfc/0x170
[  705.992753][    C1]  do_syscall_64+0xfa/0x3b0
[  705.997279][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  706.002502][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  706.008626][    C1]  ? clear_bhb_loop+0x60/0xb0
[  706.013322][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  706.019231][    C1] RIP: 0033:0x7f417f98e929
[  706.023672][    C1] RSP: 002b:00007f4180839038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  706.032113][    C1] RAX: ffffffffffffffda RBX: 00007f417fbb6160 RCX: 00007f417f98e929
[  706.040105][    C1] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000008
[  706.048087][    C1] RBP: 00007f417fa10b39 R08: 0000000000000000 R09: 0000000000000000
[  706.056071][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  706.064056][    C1] R13: 0000000000000000 R14: 00007f417fbb6160 R15: 00007ffeb0b75f18
[  706.072070][    C1]  </TASK>
[  706.075112][    C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g41249 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  706.087441][    C1] rcu: 	Possible timer handling issue on cpu=0 timer-softirq=34206
[  706.095335][    C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g41249 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
[  706.106710][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  706.116685][    C1] rcu: RCU grace-period kthread stack dump:
[  706.122628][    C1] task:rcu_preempt     state:I stack:27320 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  706.134608][    C1] Call Trace:
[  706.137905][    C1]  <TASK>
[  706.140858][    C1]  __schedule+0x16a2/0x4cb0
[  706.145407][    C1]  ? schedule+0x165/0x360
[  706.149780][    C1]  ? __pfx___schedule+0x10/0x10
[  706.154690][    C1]  ? schedule+0x91/0x360
[  706.158996][    C1]  schedule+0x165/0x360
[  706.163185][    C1]  schedule_timeout+0x12b/0x270
[  706.168059][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  706.173460][    C1]  ? __pfx_process_timeout+0x10/0x10
[  706.178779][    C1]  ? prepare_to_swait_event+0x341/0x380
[  706.184354][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[  706.189239][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  706.194207][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  706.199433][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  706.204745][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[  706.209988][    C1]  rcu_gp_kthread+0x99/0x390
[  706.214632][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  706.219864][    C1]  ? __kthread_parkme+0x7b/0x200
[  706.224859][    C1]  ? __kthread_parkme+0x1a1/0x200
[  706.229914][    C1]  kthread+0x711/0x8a0
[  706.234008][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  706.239232][    C1]  ? __pfx_kthread+0x10/0x10
[  706.243846][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  706.249072][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  706.254293][    C1]  ? __pfx_kthread+0x10/0x10
[  706.258905][    C1]  ret_from_fork+0x3fc/0x770
[  706.263525][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  706.268676][    C1]  ? __switch_to_asm+0x39/0x70
[  706.273459][    C1]  ? __switch_to_asm+0x33/0x70
[  706.278244][    C1]  ? __pfx_kthread+0x10/0x10
[  706.282866][    C1]  ret_from_fork_asm+0x1a/0x30
[  706.287661][    C1]  </TASK>