last executing test programs:

11m1.385569097s ago: executing program 0 (id=1122):
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r1], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x40004)

10m59.786146559s ago: executing program 0 (id=1125):
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000100)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(0x0)
r0 = open(&(0x7f0000000580)='./bus\x00', 0xc0242, 0x1df2a23c5997fa5f)
sendfile(r0, r0, &(0x7f0000000080), 0x7f03)

10m59.691168009s ago: executing program 0 (id=1126):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001d40)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
r4 = gettid()
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2082)
read(r5, &(0x7f0000000100)=""/140, 0xde)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r6}, 0x10)
tkill(r4, 0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xa, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0x3}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x6, 0x0}, {0x18, 0x9, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x6, 0x1, 0x5, 0x2}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0xd, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

10m58.262515456s ago: executing program 0 (id=1129):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
bind$bt_rfcomm(r1, &(0x7f0000000200)={0x1f, @any, 0x9}, 0xa)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f0000000040)=ANY=[@ANYBLOB="7cbea37643f528939fb0fc054e2709d1c8b9ebff4baa2ef885180009efd9e9d2"])
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r2 = fsmount(0xffffffffffffffff, 0x0, 0x80)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x20000800)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x7c, r4, 0x5, 0x4, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x47, 0xe, {{{}, {}, @device_b, @broadcast, @random="40b2bc5eb7e8"}, 0x0, @random=0x4, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @void, @void, @void, @val={0x25, 0x3, {0x1, 0x3, 0x8}}, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @val={0x3c, 0x4, {0x1, 0x7, 0x3c, 0x2}}, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x1, 0x1, 0xf0, 0x8}}, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x7c}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000340)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_GET_MPATH(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1c, r7, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24040001}, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r4, 0x701, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @val={0x4, 0x99, {0x7, 0x74}}}}, [@NL80211_ATTR_STA_WME={0xc, 0x81, [@NL80211_STA_WME_MAX_SP={0x0, 0x2, 0x5}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x8000)

10m50.625513673s ago: executing program 0 (id=1156):
socket$key(0xf, 0x3, 0x2)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000000706010200000007000000000500000105000100070000000800064000000001090002"], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r5, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r5, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r5, &(0x7f0000005a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000005a00)=""/11, 0xb}, 0x101}], 0x1, 0x10002, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)

10m47.824336056s ago: executing program 0 (id=1161):
openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x161283, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipoib={{0xa}, {0x4}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x47f}]}, 0x3c}}, 0x0)
ioctl$KDFONTOP_SET(r1, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x1, 0x200, &(0x7f0000000cc0)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714b5e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8cd35df2cd7344aa8a9f3432b96fb889c02f484f63520cc3466a3c2903d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000600000000000000000000f80000000000000000000000000000000000000000005593e85f00"})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x9, <r4=>0x0}, 0x8)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000300), &(0x7f0000000380)=0x4)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000400)={'wg1\x00', <r5=>0x0})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000480)={{0x1, 0x1, 0x18, <r6=>r1, {0x338}}, './file0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0x10, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x80080)
write$P9_RUNLINKAT(r8, &(0x7f00000001c0)={0x7, 0x4d, 0x1}, 0x7)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x992, 0x0, 0x2}]})
r9 = syz_usb_connect(0x5, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x92, 0xec, 0xc6, 0x20, 0x5ac, 0x77c2, 0xeb3a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0xc4, 0x1, 0x1, 0xff, 0xfd, 0x1, 0x80, [], [{{0x9, 0x5, 0x2, 0x2, 0x210, 0x2}}]}}]}}]}}, 0x0)
init_module(&(0x7f0000000b00)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x6, 0x5, 0xf4, 0x8, 0x3, 0x3e, 0x3ff, 0x5e, 0x40, 0x347, 0x1f, 0x7fff, 0x38, 0x1, 0x2, 0x6, 0x3}, [{0x1, 0x708b, 0x5, 0xfffffffffffffff5, 0xfffffffffffffffe, 0x101, 0x1, 0x5}]}, 0x78, 0x0)
r10 = socket(0x28, 0x1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r11=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f00000002c0)={0xc, r11})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r6, 0x3ba0, &(0x7f00000015c0)={0x48, 0x1, r11, 0x0, 0x7, 0x7fffffff})
r12 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001740)=@newqdisc={0x238, 0x24, 0x10, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r13, {0x0, 0xfff2}, {0xffff, 0xffff}, {0xd, 0x6}}, [@qdisc_kind_options=@q_red={{0x8}, {0x20c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "119ca8d51d85df964e173b70d2a9bc976c4592482783a0db6825d6cd86354377d626b1157ebc69714efbf12fddb86ac84012df53c341814b0f72cfa8b071b7bc99678c021131ea40768ed0b4f3c2eb0ecc1c6d975892a2088191f521a73914cb6575859f6544c9bbd2003840802fbe256bc972314130b2961af8783691799ce561d11f8b5cf61075f850825d2306172fe7063d2366634fea641c570d773de706a81ae386048ec46dd4be846fc32981115b672fcfa7a09101344f7bbe8576d2a2235c6595d65967679a172f5997332347ee68d5239949b6a034fb1313c4e03ba6eba727891635d241967eb619126bcccf1bf88bed50151278790ce92ff6259d30"}, @TCA_RED_STAB={0x104, 0x2, "edc9274497b9ab990ad0340a331453153caac8361a55114f7a9f3c8482c11de2b5b98110a3464c0318983ad8642914b7a486b6c6c0d0b31a96b474fe410bdc96c677dcf250ead5b242ac0c7b5dec2147d5e79c1e44e2d793ac59f9a098b598dace8e088e71ae638a2f9b065577b26540d4723680ac63412ce8b0c2d2a164e2cc98e1375ddfe1a19beff6091f4c638382ada5002cb381793f88f9b65a2ca79d0b52c2563ae03ec67d24aafb3873a22977982100e0c90fe95656e9ae694a6d7952de1225cb7eeb811d2a718857509c63735b72f9b43fc2c61a7f739f275dfb9f65e89af187e7089ecad783dff15d1ac8c86f2b0e7e4e495d1c8bbc55bf5149f149"}]}}]}, 0x238}, 0x1, 0x0, 0x0, 0x2004c004}, 0x20000)
getsockname$packet(r10, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendto$inet(r10, &(0x7f00000005c0)="3038851cb6e1e221f67907d92fbc4ed640aa1c15c85e5e70eb6b356510f584e17b1fa89bab30f9efcede0708db5b3827e7224cdd27623c6e86b278d0e9765eee3e3cd0b93f99439c4264ef2e259fd0c858933a5ae0c293047c1f466b232d463c3abc4b6bd18300362f28811b70a674d06865095875a693e699fddf0d97fb78e5f992c734c7b9494143266e831f2641f97c60f1f7ee61e8e98e72013d0ee1fca344b3416c5365c794dc5cd8db16909ec851696183d8331e0fb18c5685361a667ff11b1f20816afe0cc18318a1d33f2cb9bc28a7607b57fc468fed71b5466a031ec746a9b5d804ca0ab3e93ab05558b59f7ebe56df663967233571ddb41b36499f69a9012234dee0158212f3035626efa18de55e0f050260de2b51c69dbaeb011a7dc1ccf73d04c06bb5b8d8ecf68d154d224519d55db1f852d0b9257f5bdb38ec7e8f7dd05face91bf8646139905e519040b32a20e91db24066cf6afa80b9b79d9d3ee363917a8a8c06ea096674565f5d36b35d7b1c818244ea3cca6576f65c1a0f74328097954443e30c1e7f4f5422e5192d18d170e687bca9b3b2c448feafb1405e3389376b333aafbb41e1e95d4298deb7f45ca91f29cb9bd0a2628ebd48a69af0a0948d59b5f973d36b7f25bf299bd274c4557b0b24b463611cf007701a1691f8b3c51188a11e76946ee39e34e460eb846972a8cb0f9e58ab7e15af0b83e779242d67c1a6b51443bb772ccbfe8c4b047d72a3531a3fa7bf0a72dd63d2379fb1edf9ea844c59fd3893e0f03bfff8c3481ba68137e7657ef927a4dedd0e6ff8c2cc59dfc683483e324171804877f6645dfd34a5b520818b46023cd4b5970882c8c5d0e101cc3ea8ba6ea99ab7cf8ff748b953abc2f0ea75f83c501a5cf838db7cdf4e09ac16705122f145a5c1af1d443c5b5259e2d304cbf65bdd07f5ad436122eae7586bb482c92098e1d76318c608457ab8144cca6fb05af526640e2f997d552a22c6e0a95658f31deb1308028eb00ca449163b213f4ef753e1037b9da5232d9aa98b0ec44c67dbd1e53c174969967782efa227f9722f9077d17cc59ad729142cf0bcd86f5febfb308794a54ed4d551daa8059be0b666a09941ae47317e7d66239ef40e5127012ad7ac451c908bf3c8584e74418192e8eaa949275b3f1dc009f1d07e8602f2186734d7f93792aeeeb718acc0182ea77daf0ff58cb792175f0e5e1f68839635039e3a0592faa439956727d4d5e362ab6afa800b6485b8ea0db914b090af825ba02ed02846a871465a2096b4acbba468410a4771a181fa9c9bd3ba2cb105cbeffc2f58956d66473e83144d0ad1761df5e9988b9362911bb6644628de4a8ed656769b635c9bbb6e8dd030b2a63f4862ed4094be826209651d9d253e24e1ab7f64235b15d330589e83be50466b19729580f51b8d952e3ac6fbaaf4aa0c260d5a3421ebd159bada0733b6e108899adc013bfbbc9d921552eef46ec6f26f365f50da2a3a0c19666e70cd51f22a78190032068a6347c8b3b637a71dec7c1e5ffde39f087d598de75c3f9f08447264784995a04ac4e64a8705ba7a2713e4806e67ce42eb39263cc18b43de1cdd81027383c33df50e111769643244ea83601159213d5fe3fddb7147637d7b32285f95e878140155c7d2af0655176a08277a767b2f03e39a827cc8ba19775ef9980760e1d1875736fe6b2c4a046ec90649e42e0c9eb5c6af5741254a322113ff1d9ad4a03a794b4fb2eb7eb893f3490aaf7ebc5255b8b41032da64441126a959f9779807b5b04a5a7e381dc8de9cffa5a8379ed6cef55fa18efc65f94701cf4025adbf58f17c0a8e17113667ea748488e003cf694332592f19a7b19b18e09f01120f08aa589f9fd17e1b1095041394faeb9bb687de4d9ae15c4884dffd1fcd1e9fdb1e46596f1230804fd552823368b335352f3ce8a9809c7b4b7bf0d6d990cb02bcea1b4f1e34e3847ad584f20ac1453f7b7510c5aac468cdba5734f9f0250d43d1d553dbb3264a8c4703cc86803e8424f8de1cea6a2d688a9fcce79803062120d33a8faad78192aa77087f4d30d66d58b870e377078bf57004fe26ef3e04312d1eb9126e491fc03063a5ab031c2ecc13ce2b832396197a20db32262ad94d6aa1632b77f7bdfabe57a47be53eaec27d1425299ed3a4ac7ab213a5830f1c2013f2b30914f4c3def72d215ff615fd65166903f84d2e47f3a5f273adf1d67744b53b864317cc3173eeee9b0aba01357ec54037f1b42abcc2fbe7514c693387d2e44057b5291d5f43b56ff276bfa6f8cac2c9ab022ba08d90fe02d909b059b6ea49bcbecf0c3d24a53c3a0d60cddeca4856be71f34a6c29486ff09ee143f4c05bb370b8957642cb3527b0956e0d6ba00d12896231d2367abca3a3192e5f0b258982f7897128b28bb5f14fd427d1a2122a1906a041a25dedc2bab9e73994c22b4cb4ee5a2cf3a7b5fc9907886d6358332887923f77db4fce2d1c9ca1aa09297e4f562ca9b6a49825ece14ccfe1873e95e275e417df5a7bda577c3b1f5e945d9da75b857407fb252adaabe6df5eaaf1d9236af720bfa7c9ba723639536c911828fc83b03da432c77a97a591702c40e42081f434f7d998d08041a6c852e01ce1ab8f773dd93fa6647417413304192a06322c7b1cdf2d831e7c01d1b2d4ebbec07539ef708804f3a7ab1ca80f3841f424de3eca4d8b28133f9754bee4eba978ae7dcc5b66c61b4be90cfbc78b0033e55788ba464e273f74c3ddad917034756b2d39beadeea7a88a4249ab3df2796bb19374d8bfb827c55ad13227303ccac5fdab32de2dd5f1bc90c092d047358e6b2b9e84718c2f646af19e6c1ec9535ebc66537e416c596792538f7518b9639f6d31896703744f0ac5a10fc58d768119b77a8a44b703481fa68932fc6c02f4449facc5340aff14f5587f02b1204aafe4064de8f60a5188b1332df0e87ba399dffe6fae46f51052dcc1c8c9e0f4b781c396561a328a23575f6fd055cb3f994b44381ecaa428a39d6677124a11efca55d988294726451e2e25f32246fd742ef311cb00bc268ba2f268d6323b9b500e1cbd2a176c6894795190a3f445b3854259eea6abad2c420c92577b4507ac07e318d76a666d2a6dfb9e03505dd307931c83e7f31b64f7fb8859f0d34918d347ad16fc29c5677dbe947d8733037f766f613e9d98a3c8f4899c9ec93b28ba0901c1e517d260ecfa37e144c5daadbcd394ce5fc26b27066091cbcf8b3ac9ce4b19bbd392fe795613e9fbfdc132772cc4b7dd4ba9eb598cb55ebda38ac10476f4b726ea2dd862d812e8f85940e9ff35ff4a27d21c475f80117e9c90008d82fb1d05174443e827eefd9d21b9088059edb5c14186634ad4ecfda86e3a37baebabad477ab9aad896bb71ffad18a4619d3d25bdd5a9b38479026a903d3feecdbddcb933ae825fa2e329b9aa3cdf979b9dacd241e17f48fd0f38ee5cc8712b297474865a4e953a0b88563ca47fe5d2fddfba1eed3be83202709899a58adacb876fdad4d845f06fa5b4919de66c105de47af4347b57e657f14da4a5480c20a59b729ad334544de8154721954fef63ba142434b6d08dc119fc2ae9a6418508843a9e8b6a650403d52e9960c50e7f7377157d1279880c343f4491ed2fd2a122c31c04aa53f5f4a710a7978c6ae234ae601a8296473cecb5555977e6499e175cc431876c53c99e868e839adec27ed80423531cf814d769b7b174728ef272ed2c7faa8f1f7b2b435a3eddd519a300f08ee1c0ece718b03bbe58569ecac67013a37024644e5e6f6cb9b0006d6f0dbb18ef721cbda5585ccc8e81ce50291ec9fc18a05f647da189c2a5169f1842c211b428e1fc7e3fb420a592ce58d52c7fe041e65de448f1a9e94215705c4a96deb8d4b0cdeece6c4e03cb56bc7061da1c3fd9d5e68f1f1645439714106f5db6381f9a9dc49ae02620168e43f393c37364a2e246de001bd03c99e9642c7f695457a1df8959e10ea51e86e9ecf6f192905c4d676f46c12d5059269f095e05ab0facc4502955c69b7a1ab5339140b46f8b150781fde989d58b9808220387b645711d2be3dd3771ee5b00222861f1b68afb6f8d4d633fec216812cfabfbb62bcb8678ed6faf5ef7d654d65877ec45976a8a7760a47a4fe536e19e3e9a6996bb2eb0b2beca548c70596399854289010f817feeaa4c197cf518dbab70a01077a9bd4ec740830598fa4d193fe21025efeb8b16ea314bebe2cca72c872eda4f6b6414462c2df8e647fa216dae7f92f699e95fb4271bf7c27d8aca879ffd862bf99f991a85591f7170833cf25727c2e0121fa84b130091c5c6390f66806eabc84e7cea0018e388b444beba3abe77811b679c1803f9e17bab11c8bce37d63775992aa822f77c95ec453c1b662cbb10cf7faaca95157b8e4f6c4c8616fae6f021ba687d505db046b3b110ebd8b5c25ca3b00b19fecb2a3336718d5fd58c10525fe8f8b175009ee00c579bcfe9af11f04eb3f4819fa581a0f32cb62a22949ca008793dd23d56dab0f0495d27b7d1e8bf3efc30ea1774eca1b8f8514dcad2c380cd10d9ced43fdc6af6f6c99ed2cb314275284e938afc1b46c02af281ac845823d4e03c4042e16dabf2caccfb3bfdcc3ed33a6092edab740d0690bab4980dc1b3842f606596c70400b6adf3b3023e46b8b07f94ac9b8e48171c0d1d401de7b1accd8802b616a5cc82972c14579c38725017a2124a869e059c9e5998caf6423008cf178b133f6bbce924999df350ae649ba33c9f3859f6e519e445473d7fba563c51d675762e271f156a990a4ee82863db2f5af69fb39a7be4b493b2ddefa254589f6bb6a05f68d912d8d49267a1bdfaaf11cef211b749d715e4786a70d58c1912862f1eb57c5bfa94365f967ddbcde7d5b403b036839dceea8f88d6b5d1386408f7aa6087fbea232a75201736fdcd05599fd8897975dd14a29ef5b8e0200fc5e10de7e506fb09c3063cbfa857cf021bc6e83e66d4f7b8fba550f12e3b152fd762c84eed4b9e09982945dd9650ee2051fa4395278854716bd59885ff716db93857b02b0b79990f867860aba1eee40c18b40bcc40c414b9ca8b40c3e697100f161756cde356ad596d94011e0bbf95ee3b6f726dbd7665a12b3900fd46467d4076d74b3d3630e0af88dc20ec890652e236844d73c0fa376e302b61ce29f0b6ef131050172996a131d30738f08f6679c72a661f192d36dffd8093c3e560509f87e570483c77150933dfb35b2083c09d909ce88230e9a3dae7ea39f082d5bd78c2ce09902c71108443d4729b9074bf6b939507b8f2c45f43262d699c028fecc31e2f65328899fe7a14bd210a2ab5a28f31f004a4f26974bc8cbac632f2d9cafc5bb214401600a42bc269fbfebe18d61cfddf166ef928f4c08aab4111971b6133b1a12f0b2d53fbc830dc62cc6214d24c9f0bbd800ebe8665a45656a3632d4e733c3feda4380c83b57265cd561dbf2284dc3df951b760c10221567424bbc293bd6791cf9ed2c3543d79b1d1e704a05874b4092746efd9c1cf28c6a4d93e3c96fe148ef41c4029e7aff3f0c7578625b629394f2ac26251b024a6de7150d1bb85b8b9dfe98d9a2c6c929cd6a53d51d8b10f041388bce774c10bee4db408926df38ae3cceebef7b717cafa0d44d2fad1cdd5dc9dfd6486cc24ab002889164e6e5461bfec24637fa323c82c38f64e3e6a219acdbd413424aa4138512aa199649b8b2ea8448623b3b7e5c0a710f115d960b588e4217627f05c9431faacf97", 0x1000, 0x4000000, &(0x7f0000000000)={0x2, 0x4e24, @broadcast}, 0x10)
r14 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r14, 0xc0306201, &(0x7f0000000280)={0xffffffffffffff7c, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000440)="42f7a85b"})
write$smackfs_change_rule(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYRES8=r9], 0xe)

10m32.20214305s ago: executing program 32 (id=1161):
openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x161283, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipoib={{0xa}, {0x4}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x47f}]}, 0x3c}}, 0x0)
ioctl$KDFONTOP_SET(r1, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x1, 0x200, &(0x7f0000000cc0)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714b5e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8cd35df2cd7344aa8a9f3432b96fb889c02f484f63520cc3466a3c2903d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000600000000000000000000f80000000000000000000000000000000000000000005593e85f00"})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x9, <r4=>0x0}, 0x8)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000300), &(0x7f0000000380)=0x4)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000400)={'wg1\x00', <r5=>0x0})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000480)={{0x1, 0x1, 0x18, <r6=>r1, {0x338}}, './file0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0x10, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x80080)
write$P9_RUNLINKAT(r8, &(0x7f00000001c0)={0x7, 0x4d, 0x1}, 0x7)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x992, 0x0, 0x2}]})
r9 = syz_usb_connect(0x5, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x92, 0xec, 0xc6, 0x20, 0x5ac, 0x77c2, 0xeb3a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0xc4, 0x1, 0x1, 0xff, 0xfd, 0x1, 0x80, [], [{{0x9, 0x5, 0x2, 0x2, 0x210, 0x2}}]}}]}}]}}, 0x0)
init_module(&(0x7f0000000b00)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x6, 0x5, 0xf4, 0x8, 0x3, 0x3e, 0x3ff, 0x5e, 0x40, 0x347, 0x1f, 0x7fff, 0x38, 0x1, 0x2, 0x6, 0x3}, [{0x1, 0x708b, 0x5, 0xfffffffffffffff5, 0xfffffffffffffffe, 0x101, 0x1, 0x5}]}, 0x78, 0x0)
r10 = socket(0x28, 0x1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r11=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f00000002c0)={0xc, r11})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r6, 0x3ba0, &(0x7f00000015c0)={0x48, 0x1, r11, 0x0, 0x7, 0x7fffffff})
r12 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001740)=@newqdisc={0x238, 0x24, 0x10, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r13, {0x0, 0xfff2}, {0xffff, 0xffff}, {0xd, 0x6}}, [@qdisc_kind_options=@q_red={{0x8}, {0x20c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "119ca8d51d85df964e173b70d2a9bc976c4592482783a0db6825d6cd86354377d626b1157ebc69714efbf12fddb86ac84012df53c341814b0f72cfa8b071b7bc99678c021131ea40768ed0b4f3c2eb0ecc1c6d975892a2088191f521a73914cb6575859f6544c9bbd2003840802fbe256bc972314130b2961af8783691799ce561d11f8b5cf61075f850825d2306172fe7063d2366634fea641c570d773de706a81ae386048ec46dd4be846fc32981115b672fcfa7a09101344f7bbe8576d2a2235c6595d65967679a172f5997332347ee68d5239949b6a034fb1313c4e03ba6eba727891635d241967eb619126bcccf1bf88bed50151278790ce92ff6259d30"}, @TCA_RED_STAB={0x104, 0x2, "edc9274497b9ab990ad0340a331453153caac8361a55114f7a9f3c8482c11de2b5b98110a3464c0318983ad8642914b7a486b6c6c0d0b31a96b474fe410bdc96c677dcf250ead5b242ac0c7b5dec2147d5e79c1e44e2d793ac59f9a098b598dace8e088e71ae638a2f9b065577b26540d4723680ac63412ce8b0c2d2a164e2cc98e1375ddfe1a19beff6091f4c638382ada5002cb381793f88f9b65a2ca79d0b52c2563ae03ec67d24aafb3873a22977982100e0c90fe95656e9ae694a6d7952de1225cb7eeb811d2a718857509c63735b72f9b43fc2c61a7f739f275dfb9f65e89af187e7089ecad783dff15d1ac8c86f2b0e7e4e495d1c8bbc55bf5149f149"}]}}]}, 0x238}, 0x1, 0x0, 0x0, 0x2004c004}, 0x20000)
getsockname$packet(r10, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendto$inet(r10, &(0x7f00000005c0)="3038851cb6e1e221f67907d92fbc4ed640aa1c15c85e5e70eb6b356510f584e17b1fa89bab30f9efcede0708db5b3827e7224cdd27623c6e86b278d0e9765eee3e3cd0b93f99439c4264ef2e259fd0c858933a5ae0c293047c1f466b232d463c3abc4b6bd18300362f28811b70a674d06865095875a693e699fddf0d97fb78e5f992c734c7b9494143266e831f2641f97c60f1f7ee61e8e98e72013d0ee1fca344b3416c5365c794dc5cd8db16909ec851696183d8331e0fb18c5685361a667ff11b1f20816afe0cc18318a1d33f2cb9bc28a7607b57fc468fed71b5466a031ec746a9b5d804ca0ab3e93ab05558b59f7ebe56df663967233571ddb41b36499f69a9012234dee0158212f3035626efa18de55e0f050260de2b51c69dbaeb011a7dc1ccf73d04c06bb5b8d8ecf68d154d224519d55db1f852d0b9257f5bdb38ec7e8f7dd05face91bf8646139905e519040b32a20e91db24066cf6afa80b9b79d9d3ee363917a8a8c06ea096674565f5d36b35d7b1c818244ea3cca6576f65c1a0f74328097954443e30c1e7f4f5422e5192d18d170e687bca9b3b2c448feafb1405e3389376b333aafbb41e1e95d4298deb7f45ca91f29cb9bd0a2628ebd48a69af0a0948d59b5f973d36b7f25bf299bd274c4557b0b24b463611cf007701a1691f8b3c51188a11e76946ee39e34e460eb846972a8cb0f9e58ab7e15af0b83e779242d67c1a6b51443bb772ccbfe8c4b047d72a3531a3fa7bf0a72dd63d2379fb1edf9ea844c59fd3893e0f03bfff8c3481ba68137e7657ef927a4dedd0e6ff8c2cc59dfc683483e324171804877f6645dfd34a5b520818b46023cd4b5970882c8c5d0e101cc3ea8ba6ea99ab7cf8ff748b953abc2f0ea75f83c501a5cf838db7cdf4e09ac16705122f145a5c1af1d443c5b5259e2d304cbf65bdd07f5ad436122eae7586bb482c92098e1d76318c608457ab8144cca6fb05af526640e2f997d552a22c6e0a95658f31deb1308028eb00ca449163b213f4ef753e1037b9da5232d9aa98b0ec44c67dbd1e53c174969967782efa227f9722f9077d17cc59ad729142cf0bcd86f5febfb308794a54ed4d551daa8059be0b666a09941ae47317e7d66239ef40e5127012ad7ac451c908bf3c8584e74418192e8eaa949275b3f1dc009f1d07e8602f2186734d7f93792aeeeb718acc0182ea77daf0ff58cb792175f0e5e1f68839635039e3a0592faa439956727d4d5e362ab6afa800b6485b8ea0db914b090af825ba02ed02846a871465a2096b4acbba468410a4771a181fa9c9bd3ba2cb105cbeffc2f58956d66473e83144d0ad1761df5e9988b9362911bb6644628de4a8ed656769b635c9bbb6e8dd030b2a63f4862ed4094be826209651d9d253e24e1ab7f64235b15d330589e83be50466b19729580f51b8d952e3ac6fbaaf4aa0c260d5a3421ebd159bada0733b6e108899adc013bfbbc9d921552eef46ec6f26f365f50da2a3a0c19666e70cd51f22a78190032068a6347c8b3b637a71dec7c1e5ffde39f087d598de75c3f9f08447264784995a04ac4e64a8705ba7a2713e4806e67ce42eb39263cc18b43de1cdd81027383c33df50e111769643244ea83601159213d5fe3fddb7147637d7b32285f95e878140155c7d2af0655176a08277a767b2f03e39a827cc8ba19775ef9980760e1d1875736fe6b2c4a046ec90649e42e0c9eb5c6af5741254a322113ff1d9ad4a03a794b4fb2eb7eb893f3490aaf7ebc5255b8b41032da64441126a959f9779807b5b04a5a7e381dc8de9cffa5a8379ed6cef55fa18efc65f94701cf4025adbf58f17c0a8e17113667ea748488e003cf694332592f19a7b19b18e09f01120f08aa589f9fd17e1b1095041394faeb9bb687de4d9ae15c4884dffd1fcd1e9fdb1e46596f1230804fd552823368b335352f3ce8a9809c7b4b7bf0d6d990cb02bcea1b4f1e34e3847ad584f20ac1453f7b7510c5aac468cdba5734f9f0250d43d1d553dbb3264a8c4703cc86803e8424f8de1cea6a2d688a9fcce79803062120d33a8faad78192aa77087f4d30d66d58b870e377078bf57004fe26ef3e04312d1eb9126e491fc03063a5ab031c2ecc13ce2b832396197a20db32262ad94d6aa1632b77f7bdfabe57a47be53eaec27d1425299ed3a4ac7ab213a5830f1c2013f2b30914f4c3def72d215ff615fd65166903f84d2e47f3a5f273adf1d67744b53b864317cc3173eeee9b0aba01357ec54037f1b42abcc2fbe7514c693387d2e44057b5291d5f43b56ff276bfa6f8cac2c9ab022ba08d90fe02d909b059b6ea49bcbecf0c3d24a53c3a0d60cddeca4856be71f34a6c29486ff09ee143f4c05bb370b8957642cb3527b0956e0d6ba00d12896231d2367abca3a3192e5f0b258982f7897128b28bb5f14fd427d1a2122a1906a041a25dedc2bab9e73994c22b4cb4ee5a2cf3a7b5fc9907886d6358332887923f77db4fce2d1c9ca1aa09297e4f562ca9b6a49825ece14ccfe1873e95e275e417df5a7bda577c3b1f5e945d9da75b857407fb252adaabe6df5eaaf1d9236af720bfa7c9ba723639536c911828fc83b03da432c77a97a591702c40e42081f434f7d998d08041a6c852e01ce1ab8f773dd93fa6647417413304192a06322c7b1cdf2d831e7c01d1b2d4ebbec07539ef708804f3a7ab1ca80f3841f424de3eca4d8b28133f9754bee4eba978ae7dcc5b66c61b4be90cfbc78b0033e55788ba464e273f74c3ddad917034756b2d39beadeea7a88a4249ab3df2796bb19374d8bfb827c55ad13227303ccac5fdab32de2dd5f1bc90c092d047358e6b2b9e84718c2f646af19e6c1ec9535ebc66537e416c596792538f7518b9639f6d31896703744f0ac5a10fc58d768119b77a8a44b703481fa68932fc6c02f4449facc5340aff14f5587f02b1204aafe4064de8f60a5188b1332df0e87ba399dffe6fae46f51052dcc1c8c9e0f4b781c396561a328a23575f6fd055cb3f994b44381ecaa428a39d6677124a11efca55d988294726451e2e25f32246fd742ef311cb00bc268ba2f268d6323b9b500e1cbd2a176c6894795190a3f445b3854259eea6abad2c420c92577b4507ac07e318d76a666d2a6dfb9e03505dd307931c83e7f31b64f7fb8859f0d34918d347ad16fc29c5677dbe947d8733037f766f613e9d98a3c8f4899c9ec93b28ba0901c1e517d260ecfa37e144c5daadbcd394ce5fc26b27066091cbcf8b3ac9ce4b19bbd392fe795613e9fbfdc132772cc4b7dd4ba9eb598cb55ebda38ac10476f4b726ea2dd862d812e8f85940e9ff35ff4a27d21c475f80117e9c90008d82fb1d05174443e827eefd9d21b9088059edb5c14186634ad4ecfda86e3a37baebabad477ab9aad896bb71ffad18a4619d3d25bdd5a9b38479026a903d3feecdbddcb933ae825fa2e329b9aa3cdf979b9dacd241e17f48fd0f38ee5cc8712b297474865a4e953a0b88563ca47fe5d2fddfba1eed3be83202709899a58adacb876fdad4d845f06fa5b4919de66c105de47af4347b57e657f14da4a5480c20a59b729ad334544de8154721954fef63ba142434b6d08dc119fc2ae9a6418508843a9e8b6a650403d52e9960c50e7f7377157d1279880c343f4491ed2fd2a122c31c04aa53f5f4a710a7978c6ae234ae601a8296473cecb5555977e6499e175cc431876c53c99e868e839adec27ed80423531cf814d769b7b174728ef272ed2c7faa8f1f7b2b435a3eddd519a300f08ee1c0ece718b03bbe58569ecac67013a37024644e5e6f6cb9b0006d6f0dbb18ef721cbda5585ccc8e81ce50291ec9fc18a05f647da189c2a5169f1842c211b428e1fc7e3fb420a592ce58d52c7fe041e65de448f1a9e94215705c4a96deb8d4b0cdeece6c4e03cb56bc7061da1c3fd9d5e68f1f1645439714106f5db6381f9a9dc49ae02620168e43f393c37364a2e246de001bd03c99e9642c7f695457a1df8959e10ea51e86e9ecf6f192905c4d676f46c12d5059269f095e05ab0facc4502955c69b7a1ab5339140b46f8b150781fde989d58b9808220387b645711d2be3dd3771ee5b00222861f1b68afb6f8d4d633fec216812cfabfbb62bcb8678ed6faf5ef7d654d65877ec45976a8a7760a47a4fe536e19e3e9a6996bb2eb0b2beca548c70596399854289010f817feeaa4c197cf518dbab70a01077a9bd4ec740830598fa4d193fe21025efeb8b16ea314bebe2cca72c872eda4f6b6414462c2df8e647fa216dae7f92f699e95fb4271bf7c27d8aca879ffd862bf99f991a85591f7170833cf25727c2e0121fa84b130091c5c6390f66806eabc84e7cea0018e388b444beba3abe77811b679c1803f9e17bab11c8bce37d63775992aa822f77c95ec453c1b662cbb10cf7faaca95157b8e4f6c4c8616fae6f021ba687d505db046b3b110ebd8b5c25ca3b00b19fecb2a3336718d5fd58c10525fe8f8b175009ee00c579bcfe9af11f04eb3f4819fa581a0f32cb62a22949ca008793dd23d56dab0f0495d27b7d1e8bf3efc30ea1774eca1b8f8514dcad2c380cd10d9ced43fdc6af6f6c99ed2cb314275284e938afc1b46c02af281ac845823d4e03c4042e16dabf2caccfb3bfdcc3ed33a6092edab740d0690bab4980dc1b3842f606596c70400b6adf3b3023e46b8b07f94ac9b8e48171c0d1d401de7b1accd8802b616a5cc82972c14579c38725017a2124a869e059c9e5998caf6423008cf178b133f6bbce924999df350ae649ba33c9f3859f6e519e445473d7fba563c51d675762e271f156a990a4ee82863db2f5af69fb39a7be4b493b2ddefa254589f6bb6a05f68d912d8d49267a1bdfaaf11cef211b749d715e4786a70d58c1912862f1eb57c5bfa94365f967ddbcde7d5b403b036839dceea8f88d6b5d1386408f7aa6087fbea232a75201736fdcd05599fd8897975dd14a29ef5b8e0200fc5e10de7e506fb09c3063cbfa857cf021bc6e83e66d4f7b8fba550f12e3b152fd762c84eed4b9e09982945dd9650ee2051fa4395278854716bd59885ff716db93857b02b0b79990f867860aba1eee40c18b40bcc40c414b9ca8b40c3e697100f161756cde356ad596d94011e0bbf95ee3b6f726dbd7665a12b3900fd46467d4076d74b3d3630e0af88dc20ec890652e236844d73c0fa376e302b61ce29f0b6ef131050172996a131d30738f08f6679c72a661f192d36dffd8093c3e560509f87e570483c77150933dfb35b2083c09d909ce88230e9a3dae7ea39f082d5bd78c2ce09902c71108443d4729b9074bf6b939507b8f2c45f43262d699c028fecc31e2f65328899fe7a14bd210a2ab5a28f31f004a4f26974bc8cbac632f2d9cafc5bb214401600a42bc269fbfebe18d61cfddf166ef928f4c08aab4111971b6133b1a12f0b2d53fbc830dc62cc6214d24c9f0bbd800ebe8665a45656a3632d4e733c3feda4380c83b57265cd561dbf2284dc3df951b760c10221567424bbc293bd6791cf9ed2c3543d79b1d1e704a05874b4092746efd9c1cf28c6a4d93e3c96fe148ef41c4029e7aff3f0c7578625b629394f2ac26251b024a6de7150d1bb85b8b9dfe98d9a2c6c929cd6a53d51d8b10f041388bce774c10bee4db408926df38ae3cceebef7b717cafa0d44d2fad1cdd5dc9dfd6486cc24ab002889164e6e5461bfec24637fa323c82c38f64e3e6a219acdbd413424aa4138512aa199649b8b2ea8448623b3b7e5c0a710f115d960b588e4217627f05c9431faacf97", 0x1000, 0x4000000, &(0x7f0000000000)={0x2, 0x4e24, @broadcast}, 0x10)
r14 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r14, 0xc0306201, &(0x7f0000000280)={0xffffffffffffff7c, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000440)="42f7a85b"})
write$smackfs_change_rule(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYRES8=r9], 0xe)

29.875233245s ago: executing program 5 (id=4161):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000001480)=""/251, 0xfb)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x186, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000050)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x2710})
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2)
connect$inet(r1, &(0x7f00000002c0)={0x2, 0xce21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x161a82, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)

29.626985876s ago: executing program 4 (id=4162):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000001480)=""/251, 0xfb)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x186, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000050)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x2710})
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x161a82, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000)

27.674317296s ago: executing program 4 (id=4163):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000200)=0xd4c, 0x4)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000180)=0x1f5, 0x4)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r2, 0x0, 0x0, 0x20000091, 0x0, 0x0)
listen(r2, 0xda90)
accept4(r2, 0x0, 0x0, 0x0)
r3 = socket$inet(0x2, 0x2, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x1d, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8040)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r7 = io_uring_setup(0x1684, &(0x7f0000000080)={0x0, 0xcc3d, 0x400, 0x0, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000006, 0x10010, r5, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r7, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20)
setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000000)=0x40, 0x4)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000004c0)=@security={'security\x00', 0xe, 0x4, 0x340, 0xffffffff, 0x0, 0xf8, 0xf8, 0xffffffff, 0xffffffff, 0x318, 0x318, 0x318, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@private0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, [0xffffffff, 0xffffffff, 0xff000000, 0xffffffff], [0xff000000, 0xffffff00, 0xff000000], 'syzkaller0\x00', 'veth0_virt_wifi\x00', {}, {}, 0x33, 0x8, 0x3, 0x74}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x3, 0x40}}}, {{@ipv6={@mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0xff000000, 0xffffff00], [], 'vlan1\x00', 'vlan0\x00', {0xff}, {}, 0x0, 0x3, 0x3, 0x10}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x1, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0)
ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000100)={{0x2, 0x4e24, @rand_addr=0x64010101}, {0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x22}}, 0x0, {0x2, 0x4e21, @multicast1}, 'pim6reg\x00'})
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

26.001405706s ago: executing program 3 (id=4168):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi4\x00', 0x40000, 0x0)
ioctl$COMEDI_CMDTEST(r1, 0x8050640a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socket$rxrpc(0x21, 0x2, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
socket$kcm(0x21, 0x2, 0x2)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r5, 0x5760, 0x6)
ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f00000000c0)={0x3, 0x6, 0x8, 0x1f40})
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r6, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x7ff8, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x1, 0x2}, 0xe)
setsockopt$inet6_int(r6, 0x29, 0x2, 0x0, 0x0)
ioctl$VT_ACTIVATE(r0, 0x80085610, 0x840)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

25.97707893s ago: executing program 4 (id=4169):
unshare(0x2040400)
r0 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = fsmount(r0, 0x0, 0x0)
syz_clone3(&(0x7f0000000340)={0x201800000, 0x0, 0x0, 0x0, {0x2d}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58)
unshare(0x2a020600)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0)

24.323426096s ago: executing program 3 (id=4171):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000001480)=""/251, 0xfb)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x186, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000050)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x2710})
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
connect$inet(r1, &(0x7f00000002c0)={0x2, 0xce21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000)

24.322743736s ago: executing program 4 (id=4172):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000001480)=""/251, 0xfb)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x186, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000050)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x2710})
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
connect$inet(r1, &(0x7f00000002c0)={0x2, 0xce21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x161a82, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)

22.022307397s ago: executing program 3 (id=4174):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0)
sendmsg$tipc(r1, &(0x7f0000000e40)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r1, &(0x7f0000000f80)={0x0, 0x0, 0x0}, 0x0)
r2 = socket(0x1c, 0xa, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x101040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
close_range(r2, 0xffffffffffffffff, 0x0)
sendmsg$tipc(r1, &(0x7f0000002700)={0x0, 0x0, 0x0}, 0x800)
setsockopt$sock_attach_bpf(r0, 0x1, 0x21, &(0x7f00000001c0), 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_DEL(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x44, r6, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x44}, 0x1, 0x0, 0x0, 0x40008c1}, 0x20004080)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x10)
mount$tmpfs(0x0, 0x0, &(0x7f0000000280), 0x8008, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
r8 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCPKT(r8, 0x5420, &(0x7f0000000100)=0x5)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = fspick(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f0000000580)=[{&(0x7f00000003c0)="89fe53c6ece96012ad89c7c4a240ad9f0b74b1d3cc6418d9c1bcd2617c9674e522daccc36333aa600cfcce87b30c4863ac1a9c3bb72f6c7699a407d81f4c1394960a440000000000", 0x48}, {&(0x7f0000000480)="380aef6c45035008521b1aef37221d47c0035fc24fecc572b61b5df0f8dc21861fd1c188511068a95b1073", 0x2b}, {&(0x7f0000000600)="ae5b4b8532b5ad040f16ea409398b194839248c0e6818fc61a904bb2eb84422248f91f41999bc2ee67008f53468392bfdeb160b4cba34f9fda99e21a65666cb80a47a0000000000000000000000000006bff611f93edd7aca679a95d70be5f7abbb766437f97c0ed0fa776ee475e7d1c4fbccadd20d4efa773708ad99bb51f4c4c95bf0bb97dbbe599c0d43aba48c58a8c58c3dbeae43c889975c97094188d9d6e53bc245dd524daf46d31124cfce0583603b2ad", 0xb4}, {&(0x7f0000000180)="40698a1996e7bafce96311cbb135fa5ef27d42f8ad41d89b574c8af415e380afae97fed654c371717251", 0x2a}, {&(0x7f00000004c0)="7411d0b3601e6acf02235981949dc50d5b6db634635550012918b31740ef9c665bf73924dd300395c11ac72feee1e6acc79560be3900880e9cde88dd1bf2c608e2f6e75b31fb7df74718b26558a1e0535155a675ed436a06c32c1245549b1dd0fa11a909caecac3cad0d207aadd48ada860c63c1ae410035b8796e2de85e65a02c6ef7cb31dec4bcf2fa18e14f494de2d22952b7451aab8a8049b8ea26e12220f366f6a27fbdfd1d4d499c", 0xab}], 0x5)
r11 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100)={0xffffffffffffffff}, 0x4)
fcntl$dupfd(r9, 0x0, r11)

19.442906629s ago: executing program 5 (id=4177):
r0 = socket$nl_route(0x10, 0x3, 0x0)
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000190001000000000000c3b2000a0000000003c8"], 0x24}, 0x1, 0x0, 0x0, 0x40884}, 0x20000010)
socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
r2 = getpid()
r3 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000780)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
mkdir(&(0x7f00000002c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000700), 0x0, &(0x7f0000000740)={[], [{@fowner_lt}, {@hash}]})
gettid()

19.266175878s ago: executing program 4 (id=4178):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000040)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0})

19.217659836s ago: executing program 2 (id=4179):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r3, @ANYBLOB="0000000002000000b70500000800000085000000c900000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0x1002, &(0x7f00000014c0)=""/4098}, 0x94)

17.195179416s ago: executing program 5 (id=4180):
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x4e1e2563543d84f9}, @TCA_TBF_PBURST={0x8, 0x7, 0x1fc0}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0xffff}, {0x0, 0x0, 0x0, 0x8, 0x2, 0x3}, 0x0, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x78}}, 0x4000080)
bind$packet(r0, &(0x7f0000000740)={0x11, 0x18, r3, 0x1, 0x0, 0x6, @remote}, 0x14)
sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930", 0x100, 0x880, 0x0, 0x0)

16.906509344s ago: executing program 1 (id=4181):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi4\x00', 0x40000, 0x0)
ioctl$COMEDI_CMDTEST(r1, 0x8050640a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socket$rxrpc(0x21, 0x2, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
socket$kcm(0x21, 0x2, 0x2)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r5, 0x5760, 0x6)
ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f00000000c0)={0x3, 0x6, 0x8, 0x1f40})
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r6, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x7ff8, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x1, 0x2}, 0xe)
setsockopt$inet6_int(r6, 0x29, 0x2, 0x0, 0x0)
ioctl$VT_ACTIVATE(r0, 0x80085610, 0x840)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

15.149301578s ago: executing program 1 (id=4182):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000001480)=""/251, 0xfb)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x186, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000050)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x2710})
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x161a82, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)

12.93401752s ago: executing program 1 (id=4183):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)

12.276821508s ago: executing program 3 (id=4184):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000fed000/0x13000)=nil, &(0x7f0000ff5000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0xa, 0x20002f7})
socket$inet_sctp(0x2, 0x1, 0x84)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)

12.240158703s ago: executing program 4 (id=4185):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x48042, 0x1)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x2}, 0x94)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x608b}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000240)={0x0, 0x3, r2, 0xa})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x18)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={<r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'netpci0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x74, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xfff3}, {0xffff, 0xd}, {0x0, 0x7}}, [@qdisc_kind_options=@q_drr={0x8}, @TCA_STAB={0x48, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x4, 0x2, 0x7f, 0x7, 0x0, 0x749, 0x200, 0x2}}, {0x8, 0x2, [0x2, 0xc]}}, {{0x1c, 0x1, {0x5, 0x1, 0xd, 0x9, 0x0, 0x4f, 0x6}}, {0x4}}]}]}, 0x74}}, 0x0)
getxattr(0x0, 0x0, 0x0, 0x0)
close(r0)
sendmmsg$inet(r5, &(0x7f00000017c0), 0x1, 0x4d480)
socket$inet(0x2, 0x2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$video(&(0x7f0000000080), 0x8, 0x3c3080)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r9 = dup(r8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x32040, 0x0)
read$FUSE(r9, &(0x7f0000000640)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'bond0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r10, {0x0, 0xfff3}, {0xffff, 0xffff}, {0x10, 0x5}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0xffff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x4804)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
r11 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000380)={'veth1\x00'})

11.873179399s ago: executing program 2 (id=4186):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000001480)=""/251, 0xfb)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x186, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000050)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x2710})
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x161a82, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000)

9.690934905s ago: executing program 3 (id=4187):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000001480)=""/251, 0xfb)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x186, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000050)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x2710})
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
connect$inet(r1, &(0x7f00000002c0)={0x2, 0xce21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x161a82, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)

9.641642417s ago: executing program 2 (id=4188):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x181001, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r2 = fanotify_init(0x200, 0x0)
r3 = dup2(r2, r1)
readv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/81, 0x51}], 0x1)
fcntl$setstatus(r2, 0x4, 0x2800)
r4 = syz_io_uring_setup(0x22f, &(0x7f0000019140)={0x0, 0x8ffd, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
r8 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x200, 0x0)
r9 = fspick(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r8, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, r9, {0x8}}, './file0\x00'})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
connect$unix(r10, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$F2FS_IOC_SET_PIN_FILE(r9, 0x4004f50d, &(0x7f0000000180)=0x1)
sendmmsg$unix(r11, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r4, 0x7a98, 0x0, 0x0, 0x0, 0x0)

7.145900488s ago: executing program 3 (id=4189):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000003400), 0x0, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000100)=0x5, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

6.836504773s ago: executing program 5 (id=4190):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000001480)=""/251, 0xfb)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x186, 0x0, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000050)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x2710})
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x161a82, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000)

4.802564084s ago: executing program 5 (id=4191):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582030004"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
bind$bt_rfcomm(r1, &(0x7f0000000200)={0x1f, @any, 0x9}, 0xa)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r2 = fsmount(0xffffffffffffffff, 0x0, 0x80)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x20000800)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x2c, r4, 0x5, 0x4, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@beacon, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x2c}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000340)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_GET_MPATH(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1c, r7, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24040001}, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r4, 0x701, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x7, 0x74}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8000)

4.116534626s ago: executing program 1 (id=4192):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi4\x00', 0x40000, 0x0)
ioctl$COMEDI_CMDTEST(r1, 0x8050640a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socket$rxrpc(0x21, 0x2, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
socket$kcm(0x21, 0x2, 0x2)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r5, 0x5760, 0x6)
ioctl$IMCTRLREQ(r5, 0x80044945, &(0x7f00000000c0)={0x3, 0x6, 0x8, 0x1f40})
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r6, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x7ff8, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x1, 0x2}, 0xe)
setsockopt$inet6_int(r6, 0x29, 0x2, 0x0, 0x0)
ioctl$VT_ACTIVATE(r0, 0x80085610, 0x840)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

3.89750395s ago: executing program 2 (id=4193):
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000040)={0x0, 0x0, <r0=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000080)={0x0, 0x0, r0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x20, 0x100, 0x5, 0x3, 0x21110, 0x1, 0xa, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x3}, 0x50)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)=@o_path={&(0x7f00000000c0)='./file0\x00', r1, 0x4000, r0}, 0x18)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000240), 0x305040, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wg0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=@deltclass={0x2c, 0x29, 0x2, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x1, 0x9}, {0x9, 0x4}, {0x9, 0xb}}, [@TCA_RATE={0x6, 0x5, {0xff, 0x7e}}]}, 0x2c}}, 0x891)
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r2, 0x4008af23, &(0x7f00000003c0)={0x0, 0x200})
syz_clone3(&(0x7f0000002180)={0x4001000, &(0x7f0000001f80), &(0x7f0000001fc0), &(0x7f0000002000), {0x16}, &(0x7f0000002040), 0x0, &(0x7f0000002080)=""/149, &(0x7f0000002140)=[0xffffffffffffffff, 0x0], 0x2, {r2}}, 0x58)

3.691891788s ago: executing program 2 (id=4194):
ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, &(0x7f00000000c0)={0x1, 0x0, {0x0, 0x1, 0x300f, 0x2, 0x1, 0x3, 0x0, 0x300}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="1802000003000000000000000000000085000000870000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000"], &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x17, &(0x7f00000006c0)=0x400, 0x4)
openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$KDFONTOP_GET(0xffffffffffffffff, 0x4b72, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000b00)={0x0, 0x989680}, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil)

2.745704778s ago: executing program 1 (id=4195):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000001480)=""/251, 0xfb)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x186, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000050)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x2710})
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
connect$inet(r1, &(0x7f00000002c0)={0x2, 0xce21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x161a82, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)

261.316498ms ago: executing program 2 (id=4196):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r4, @ANYBLOB="0000000002000000b70500000800000085000000c900000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0x1002, &(0x7f00000014c0)=""/4098}, 0x94)

141.663597ms ago: executing program 1 (id=4197):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000fed000/0x13000)=nil, &(0x7f0000ff5000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0xa, 0x20002f7})
socket$inet_sctp(0x2, 0x1, 0x84)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

0s ago: executing program 5 (id=4198):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000001480)=""/251, 0xfb)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x186, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000050)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x2710})
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2)
connect$inet(r1, &(0x7f00000002c0)={0x2, 0xce21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x161a82, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000)

kernel console output (not intermixed with test programs):

08071][ T6320] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  794.308094][ T6320] usb 2-1: Product: syz
[  794.308110][ T6320] usb 2-1: Manufacturer: syz
[  794.308128][ T6320] usb 2-1: SerialNumber: syz
[  794.365228][ T6320] usb 2-1: config 0 descriptor??
[  794.511678][T15793] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3734'.
[  794.619951][T15795] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.3735'.
[  794.745435][ T5934] usb 5-1: USB disconnect, device number 97
[  794.814882][T15801] ubi31: attaching mtd0
[  794.836168][T15801] ubi31: scanning is finished
[  794.836192][T15801] ubi31: empty MTD device detected
[  795.068286][T15813] FAULT_INJECTION: forcing a failure.
[  795.068286][T15813] name failslab, interval 1, probability 0, space 0, times 0
[  795.068323][T15813] CPU: 0 UID: 0 PID: 15813 Comm: syz.2.3739 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  795.068349][T15813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  795.068364][T15813] Call Trace:
[  795.068373][T15813]  <TASK>
[  795.068384][T15813]  dump_stack_lvl+0xe8/0x150
[  795.068432][T15813]  should_fail_ex+0x46c/0x600
[  795.068471][T15813]  should_failslab+0xa8/0x100
[  795.068496][T15813]  __kmalloc_noprof+0xe0/0x7e0
[  795.068531][T15813]  ? tomoyo_encode+0x28b/0x550
[  795.068560][T15813]  tomoyo_encode+0x28b/0x550
[  795.068589][T15813]  tomoyo_realpath_from_path+0x58d/0x5d0
[  795.068625][T15813]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  795.068658][T15813]  tomoyo_path_number_perm+0x1e8/0x5a0
[  795.068700][T15813]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  795.068732][T15813]  ? __lock_acquire+0x6b6/0x2cf0
[  795.068766][T15813]  ? do_raw_spin_lock+0x121/0x290
[  795.068828][T15813]  ? __fget_files+0x2a/0x420
[  795.068856][T15813]  ? __fget_files+0x2a/0x420
[  795.068879][T15813]  ? __fget_files+0x3a6/0x420
[  795.068901][T15813]  ? __fget_files+0x2a/0x420
[  795.068938][T15813]  security_file_ioctl+0xcb/0x2d0
[  795.068974][T15813]  __se_sys_ioctl+0x47/0x170
[  795.069009][T15813]  do_syscall_64+0xec/0xf80
[  795.069031][T15813]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  795.069054][T15813]  ? trace_irq_disable+0x37/0x100
[  795.069079][T15813]  ? clear_bhb_loop+0x60/0xb0
[  795.069108][T15813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  795.069131][T15813] RIP: 0033:0x7fad3516f749
[  795.069151][T15813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  795.069170][T15813] RSP: 002b:00007fad333ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  795.069195][T15813] RAX: ffffffffffffffda RBX: 00007fad353c5fa0 RCX: 00007fad3516f749
[  795.069212][T15813] RDX: 0000200000000340 RSI: 00000000c058560f RDI: 0000000000000003
[  795.069228][T15813] RBP: 00007fad333ce090 R08: 0000000000000000 R09: 0000000000000000
[  795.069243][T15813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  795.069257][T15813] R13: 00007fad353c6038 R14: 00007fad353c5fa0 R15: 00007fff9167bf38
[  795.069292][T15813]  </TASK>
[  795.069312][T15813] ERROR: Out of memory at tomoyo_realpath_from_path.
[  795.189882][ T5934] usb 5-1: new full-speed USB device number 98 using dummy_hcd
[  795.416022][ T5934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 64
[  795.416063][ T5934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  795.441578][ T5934] usb 5-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  795.441613][ T5934] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  795.441636][ T5934] usb 5-1: Product: syz
[  795.441653][ T5934] usb 5-1: Manufacturer: syz
[  795.441669][ T5934] usb 5-1: SerialNumber: syz
[  795.483705][ T5934] usb 5-1: config 0 descriptor??
[  795.486959][T15805] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  795.505140][ T5934] port100 5-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  795.697836][T15817] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3741'.
[  796.473437][T15801] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  796.473470][T15801] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  796.473490][T15801] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  796.473508][T15801] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  796.473527][T15801] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  796.473545][T15801] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  796.473564][T15801] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2480288854
[  796.473586][T15801] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  796.475576][T15823] ubi31: background thread "ubi_bgt31d" started, PID 15823
[  796.675275][   T10] usb 5-1: USB disconnect, device number 98
[  797.119893][ T6326] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  797.125297][ T5120] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  797.148750][ T5120] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  797.150656][ T5120] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  797.171753][ T5120] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  797.176095][ T5120] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  797.247647][ T6000] usb 2-1: USB disconnect, device number 73
[  797.277457][ T6326] usb 3-1: Using ep0 maxpacket: 32
[  797.290417][ T6326] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  797.290449][ T6326] usb 3-1: config 0 has no interface number 0
[  797.290499][ T6326] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  797.290529][ T6326] usb 3-1: config 0 interface 85 has no altsetting 0
[  797.297692][ T6326] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  797.297724][ T6326] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  797.297747][ T6326] usb 3-1: Product: syz
[  797.297773][ T6326] usb 3-1: Manufacturer: syz
[  797.297789][ T6326] usb 3-1: SerialNumber: syz
[  797.378373][ T6326] usb 3-1: config 0 descriptor??
[  797.870104][  T992] usb 5-1: new full-speed USB device number 99 using dummy_hcd
[  797.892393][ T6326] appletouch 3-1:0.85: Geyser mode initialized.
[  797.894966][ T6326] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input84
[  798.033532][  T992] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  798.033652][  T992] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  798.037287][  T992] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  798.037318][  T992] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  798.037340][  T992] usb 5-1: Product: syz
[  798.037357][  T992] usb 5-1: Manufacturer: syz
[  798.037373][  T992] usb 5-1: SerialNumber: syz
[  798.076372][  T992] usb 5-1: config 0 descriptor??
[  798.203111][  T992] usb 3-1: USB disconnect, device number 76
[  798.311826][  T992] appletouch 3-1:0.85: input: appletouch disconnected
[  799.007011][T12037] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  799.206685][T15831] chnl_net:caif_netlink_parms(): no params data found
[  799.269920][ T5120] Bluetooth: hci0: command tx timeout
[  799.613320][T12037] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  800.009140][T15877] FAULT_INJECTION: forcing a failure.
[  800.009140][T15877] name failslab, interval 1, probability 0, space 0, times 0
[  800.009178][T15877] CPU: 1 UID: 0 PID: 15877 Comm: syz.3.3755 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  800.009204][T15877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  800.009219][T15877] Call Trace:
[  800.009229][T15877]  <TASK>
[  800.009239][T15877]  dump_stack_lvl+0xe8/0x150
[  800.009276][T15877]  should_fail_ex+0x46c/0x600
[  800.009313][T15877]  should_failslab+0xa8/0x100
[  800.009350][T15877]  __kmalloc_noprof+0xe0/0x7e0
[  800.009385][T15877]  ? tomoyo_encode+0x28b/0x550
[  800.009414][T15877]  tomoyo_encode+0x28b/0x550
[  800.009443][T15877]  tomoyo_realpath_from_path+0x58d/0x5d0
[  800.009469][T15877]  ? tomoyo_domain+0xd9/0x130
[  800.009499][T15877]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  800.009544][T15877]  tomoyo_path_number_perm+0x1e8/0x5a0
[  800.009580][T15877]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  800.009613][T15877]  ? __lock_acquire+0x6b6/0x2cf0
[  800.009647][T15877]  ? do_raw_spin_lock+0x121/0x290
[  800.009712][T15877]  ? __fget_files+0x2a/0x420
[  800.009739][T15877]  ? __fget_files+0x2a/0x420
[  800.009762][T15877]  ? __fget_files+0x3a6/0x420
[  800.009784][T15877]  ? __fget_files+0x2a/0x420
[  800.009819][T15877]  security_file_ioctl+0xcb/0x2d0
[  800.009854][T15877]  __se_sys_ioctl+0x47/0x170
[  800.009887][T15877]  do_syscall_64+0xec/0xf80
[  800.009908][T15877]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.009930][T15877]  ? trace_irq_disable+0x37/0x100
[  800.009954][T15877]  ? clear_bhb_loop+0x60/0xb0
[  800.009981][T15877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.010023][T15877] RIP: 0033:0x7f0f682df749
[  800.010043][T15877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  800.010063][T15877] RSP: 002b:00007f0f66546038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  800.010087][T15877] RAX: ffffffffffffffda RBX: 00007f0f68535fa0 RCX: 00007f0f682df749
[  800.010105][T15877] RDX: 0000200000000280 RSI: 00000000000089f3 RDI: 0000000000000003
[  800.010120][T15877] RBP: 00007f0f66546090 R08: 0000000000000000 R09: 0000000000000000
[  800.010135][T15877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  800.010149][T15877] R13: 00007f0f68536038 R14: 00007f0f68535fa0 R15: 00007ffd69d55028
[  800.010186][T15877]  </TASK>
[  800.275594][T15877] ERROR: Out of memory at tomoyo_realpath_from_path.
[  800.640422][ T6326] usb 5-1: USB disconnect, device number 99
[  800.876494][T12037] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  801.060334][T15831] bridge0: port 1(bridge_slave_0) entered blocking state
[  801.060479][T15831] bridge0: port 1(bridge_slave_0) entered disabled state
[  801.060747][T15831] bridge_slave_0: entered allmulticast mode
[  801.063591][T15831] bridge_slave_0: entered promiscuous mode
[  801.066947][T15831] bridge0: port 2(bridge_slave_1) entered blocking state
[  801.067088][T15831] bridge0: port 2(bridge_slave_1) entered disabled state
[  801.067300][T15831] bridge_slave_1: entered allmulticast mode
[  801.118287][T15831] bridge_slave_1: entered promiscuous mode
[  801.330006][ T5120] Bluetooth: hci0: command tx timeout
[  801.349038][T12037] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  801.470344][ T9233] usb 4-1: new full-speed USB device number 106 using dummy_hcd
[  801.652790][ T9233] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  801.652825][ T9233] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  801.652846][ T9233] usb 4-1: Product: syz
[  801.652863][ T9233] usb 4-1: Manufacturer: syz
[  801.652880][ T9233] usb 4-1: SerialNumber: syz
[  801.658421][ T9233] usb 4-1: config 0 descriptor??
[  801.704088][T15831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  801.777330][T15831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  801.872903][ T9233] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  802.033748][T15831] team0: Port device team_slave_0 added
[  802.037783][T15831] team0: Port device team_slave_1 added
[  803.652766][T15912] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3768'.
[  804.348405][T15918] comedi comedi3: mpc624: I/O port conflict (0x1,16)
[  805.079793][ T5808] Bluetooth: hci0: command tx timeout
[  805.102071][ T9233] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110
[  805.254769][T15831] batman_adv: batadv0: Adding interface: batadv_slave_0
[  805.254790][T15831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  805.254820][T15831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  805.268927][T15831] batman_adv: batadv0: Adding interface: batadv_slave_1
[  805.268981][T15831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  805.269065][T15831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  805.460265][ T6326] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  805.612750][ T6326] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  805.612785][ T6326] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  805.619111][ T6326] usb 5-1: config 0 descriptor??
[  805.665232][ T6326] cp210x 5-1:0.0: cp210x converter detected
[  805.756247][T15831] hsr_slave_0: entered promiscuous mode
[  805.759652][T15831] hsr_slave_1: entered promiscuous mode
[  805.917171][T15921] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  807.090449][ T5120] Bluetooth: hci0: command tx timeout
[  809.090277][    C0] ip6_tunnel: ip6gre4 xmit: Local address not yet configured!
[  809.291894][ T6326] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -71
[  809.291938][ T6326] cp210x 5-1:0.0: querying part number failed
[  809.791513][ T6326] usb 5-1: cp210x converter now attached to ttyUSB0
[  809.794549][ T6326] usb 5-1: USB disconnect, device number 100
[  809.836239][ T6326] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  809.836750][ T6326] cp210x 5-1:0.0: device disconnected
[  809.843797][ T5987] usb 4-1: USB disconnect, device number 106
[  809.971608][T12037] bridge_slave_1: left allmulticast mode
[  809.971638][T12037] bridge_slave_1: left promiscuous mode
[  809.971907][T12037] bridge0: port 2(bridge_slave_1) entered disabled state
[  810.029093][T12037] bridge_slave_0: left allmulticast mode
[  810.029124][T12037] bridge_slave_0: left promiscuous mode
[  810.034746][T12037] bridge0: port 1(bridge_slave_0) entered disabled state
[  810.429880][ T9233] usb 3-1: new full-speed USB device number 77 using dummy_hcd
[  810.584828][   T37] audit: type=1326 audit(1767943130.273:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a551df749 code=0x7ffc0000
[  810.585046][   T37] audit: type=1326 audit(1767943130.273:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a551df749 code=0x7ffc0000
[  810.585225][   T37] audit: type=1326 audit(1767943130.273:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f2a551df749 code=0x7ffc0000
[  810.585584][   T37] audit: type=1326 audit(1767943130.273:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a551df749 code=0x7ffc0000
[  810.585760][   T37] audit: type=1326 audit(1767943130.273:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a551df749 code=0x7ffc0000
[  810.585914][   T37] audit: type=1326 audit(1767943130.273:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f2a551df749 code=0x7ffc0000
[  810.586175][   T37] audit: type=1326 audit(1767943130.273:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a551df749 code=0x7ffc0000
[  810.586317][   T37] audit: type=1326 audit(1767943130.273:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a551df749 code=0x7ffc0000
[  810.587930][   T37] audit: type=1326 audit(1767943130.273:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2a551df749 code=0x7ffc0000
[  810.590309][ T6326] usb 4-1: new full-speed USB device number 107 using dummy_hcd
[  810.675107][ T9233] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  810.675190][ T9233] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  810.675415][ T9233] usb 3-1: Product: syz
[  810.675460][ T9233] usb 3-1: Manufacturer: syz
[  810.675505][ T9233] usb 3-1: SerialNumber: syz
[  810.700440][ T9233] usb 3-1: config 0 descriptor??
[  810.843804][ T6326] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  810.843837][ T6326] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  810.843859][ T6326] usb 4-1: Product: syz
[  810.843875][ T6326] usb 4-1: Manufacturer: syz
[  810.843892][ T6326] usb 4-1: SerialNumber: syz
[  810.885463][ T6326] usb 4-1: config 0 descriptor??
[  811.114326][ T9233] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  811.129992][ T6326] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  811.739563][ T6326] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  811.975783][ T9233] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  812.716014][  T992] usb 3-1: USB disconnect, device number 77
[  813.341403][  T992] usb 4-1: USB disconnect, device number 107
[  814.216770][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  814.216850][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  814.792942][T15984] netlink: 'syz.1.3789': attribute type 10 has an invalid length.
[  814.810610][T12037] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  814.890748][T12037] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  814.934073][T12037] bond0 (unregistering): Released all slaves
[  815.130501][T15984] 8021q: adding VLAN 0 to HW filter on device batadv0
[  815.183722][T15984] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  815.223163][T15992] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3792'.
[  815.370848][T12037] tipc: Disabling bearer <udp:syz2>
[  815.410093][T12037] tipc: Left network mode
[  815.606771][T16004] FAULT_INJECTION: forcing a failure.
[  815.606771][T16004] name failslab, interval 1, probability 0, space 0, times 0
[  815.606808][T16004] CPU: 0 UID: 0 PID: 16004 Comm: syz.3.3797 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  815.606833][T16004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  815.606847][T16004] Call Trace:
[  815.606856][T16004]  <TASK>
[  815.606865][T16004]  dump_stack_lvl+0xe8/0x150
[  815.606902][T16004]  should_fail_ex+0x46c/0x600
[  815.606937][T16004]  should_failslab+0xa8/0x100
[  815.606960][T16004]  __kmalloc_noprof+0xe0/0x7e0
[  815.606991][T16004]  ? tomoyo_encode+0x28b/0x550
[  815.607019][T16004]  tomoyo_encode+0x28b/0x550
[  815.607047][T16004]  tomoyo_realpath_from_path+0x58d/0x5d0
[  815.607081][T16004]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  815.607112][T16004]  tomoyo_path_number_perm+0x1e8/0x5a0
[  815.607147][T16004]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  815.607176][T16004]  ? __lock_acquire+0x6b6/0x2cf0
[  815.607208][T16004]  ? do_raw_spin_lock+0x121/0x290
[  815.607268][T16004]  ? __fget_files+0x2a/0x420
[  815.607295][T16004]  ? __fget_files+0x2a/0x420
[  815.607317][T16004]  ? __fget_files+0x3a6/0x420
[  815.607339][T16004]  ? __fget_files+0x2a/0x420
[  815.607367][T16004]  security_file_ioctl+0xcb/0x2d0
[  815.607401][T16004]  __se_sys_ioctl+0x47/0x170
[  815.607434][T16004]  do_syscall_64+0xec/0xf80
[  815.607457][T16004]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  815.607477][T16004]  ? trace_irq_disable+0x37/0x100
[  815.607501][T16004]  ? clear_bhb_loop+0x60/0xb0
[  815.607528][T16004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  815.607558][T16004] RIP: 0033:0x7f0f682df749
[  815.607582][T16004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  815.607601][T16004] RSP: 002b:00007f0f66546038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  815.607625][T16004] RAX: ffffffffffffffda RBX: 00007f0f68535fa0 RCX: 00007f0f682df749
[  815.607642][T16004] RDX: 00002000000006c0 RSI: 00000000c0d05605 RDI: 0000000000000003
[  815.607657][T16004] RBP: 00007f0f66546090 R08: 0000000000000000 R09: 0000000000000000
[  815.607671][T16004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  815.607685][T16004] R13: 00007f0f68536038 R14: 00007f0f68535fa0 R15: 00007ffd69d55028
[  815.607721][T16004]  </TASK>
[  815.607741][T16004] ERROR: Out of memory at tomoyo_realpath_from_path.
[  815.953611][T12037] rxrpc: Call ffff88805c213480 still in use (1,Complete,1489,0)!
[  815.953911][ T5987] usb 5-1: new full-speed USB device number 101 using dummy_hcd
[  816.056156][T16011] 9p: Bad value for 'rfdno'
[  816.115282][ T5987] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  816.115316][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  816.115338][ T5987] usb 5-1: Product: syz
[  816.115355][ T5987] usb 5-1: Manufacturer: syz
[  816.115371][ T5987] usb 5-1: SerialNumber: syz
[  816.125858][ T5987] usb 5-1: config 0 descriptor??
[  816.220798][ T6326] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  816.340769][ T5987] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  816.365831][T16019] netlink: 'syz.1.3803': attribute type 10 has an invalid length.
[  816.383878][ T6326] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  816.383903][ T6326] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  816.405892][ T6326] usb 3-1: config 0 descriptor??
[  818.565423][ T5987] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  819.391882][T15831] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  819.462609][T15831] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  819.512134][T15831] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  819.574672][ T6326] usb 3-1: Cannot set autoneg
[  819.574943][ T6326] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  819.604908][T15831] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  819.624431][ T6326] usb 3-1: USB disconnect, device number 78
[  819.728191][  T804] usb 5-1: USB disconnect, device number 101
[  819.909020][T16051] 9p: Bad value for 'rfdno'
[  820.135230][T16053] FAULT_INJECTION: forcing a failure.
[  820.135230][T16053] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  820.135268][T16053] CPU: 0 UID: 0 PID: 16053 Comm: syz.4.3812 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  820.135293][T16053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  820.135306][T16053] Call Trace:
[  820.135315][T16053]  <TASK>
[  820.135323][T16053]  dump_stack_lvl+0xe8/0x150
[  820.135354][T16053]  should_fail_ex+0x46c/0x600
[  820.135387][T16053]  _copy_from_iter+0x1cd/0x1630
[  820.135434][T16053]  ? __pfx__copy_from_iter+0x10/0x10
[  820.135469][T16053]  ? rcu_is_watching+0x15/0xb0
[  820.135492][T16053]  ? rcu_is_watching+0x15/0xb0
[  820.135513][T16053]  ? kfree+0x4d/0x900
[  820.135556][T16053]  ? _mutex_trylock_nest_lock+0x129/0x180
[  820.135595][T16053]  file_tty_write+0x4ca/0xa30
[  820.135634][T16053]  vfs_write+0x5d5/0xb40
[  820.135673][T16053]  ? __pfx_tty_write+0x10/0x10
[  820.135713][T16053]  ? __pfx_vfs_write+0x10/0x10
[  820.135756][T16053]  ? __fget_files+0x2a/0x420
[  820.135788][T16053]  ksys_write+0x14b/0x260
[  820.135822][T16053]  ? __pfx_ksys_write+0x10/0x10
[  820.135866][T16053]  do_syscall_64+0xec/0xf80
[  820.135887][T16053]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  820.135908][T16053]  ? trace_irq_disable+0x37/0x100
[  820.135932][T16053]  ? clear_bhb_loop+0x60/0xb0
[  820.135959][T16053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  820.135990][T16053] RIP: 0033:0x7f04ceadf749
[  820.136010][T16053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  820.136028][T16053] RSP: 002b:00007f04ccd46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  820.136050][T16053] RAX: ffffffffffffffda RBX: 00007f04ced35fa0 RCX: 00007f04ceadf749
[  820.136066][T16053] RDX: 0000000000001006 RSI: 0000200000001300 RDI: 0000000000000004
[  820.136080][T16053] RBP: 00007f04ccd46090 R08: 0000000000000000 R09: 0000000000000000
[  820.136093][T16053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  820.136107][T16053] R13: 00007f04ced36038 R14: 00007f04ced35fa0 R15: 00007ffdd46726c8
[  820.136141][T16053]  </TASK>
[  820.408939][T15831] 8021q: adding VLAN 0 to HW filter on device bond0
[  820.466915][T16055] netlink: 'syz.2.3813': attribute type 10 has an invalid length.
[  820.533338][T16057] FAULT_INJECTION: forcing a failure.
[  820.533338][T16057] name failslab, interval 1, probability 0, space 0, times 0
[  820.533377][T16057] CPU: 1 UID: 0 PID: 16057 Comm: syz.4.3815 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  820.533404][T16057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  820.533431][T16057] Call Trace:
[  820.533439][T16057]  <TASK>
[  820.533449][T16057]  dump_stack_lvl+0xe8/0x150
[  820.533485][T16057]  should_fail_ex+0x46c/0x600
[  820.533520][T16057]  ? __alloc_skb+0x1dc/0x3a0
[  820.533544][T16057]  should_failslab+0xa8/0x100
[  820.533567][T16057]  ? __alloc_skb+0x1dc/0x3a0
[  820.533589][T16057]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[  820.533622][T16057]  ? lockdep_hardirqs_on+0x7b/0x110
[  820.533646][T16057]  ? __alloc_skb+0x198/0x3a0
[  820.533671][T16057]  __alloc_skb+0x1dc/0x3a0
[  820.533719][T16057]  netlink_sendmsg+0x5c6/0xb30
[  820.533762][T16057]  ? __pfx_netlink_sendmsg+0x10/0x10
[  820.533804][T16057]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  820.533833][T16057]  ? __pfx_netlink_sendmsg+0x10/0x10
[  820.533865][T16057]  __sock_sendmsg+0x21c/0x270
[  820.533912][T16057]  ____sys_sendmsg+0x508/0x810
[  820.533949][T16057]  ? __pfx_____sys_sendmsg+0x10/0x10
[  820.533989][T16057]  ? import_iovec+0x74/0xa0
[  820.534016][T16057]  ___sys_sendmsg+0x21f/0x2a0
[  820.534049][T16057]  ? __pfx____sys_sendmsg+0x10/0x10
[  820.534116][T16057]  ? __fget_files+0x2a/0x420
[  820.534139][T16057]  ? __fget_files+0x3a6/0x420
[  820.534175][T16057]  __x64_sys_sendmsg+0x1a1/0x260
[  820.534209][T16057]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  820.534248][T16057]  ? __pfx_ksys_write+0x10/0x10
[  820.534294][T16057]  do_syscall_64+0xec/0xf80
[  820.534316][T16057]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  820.534339][T16057]  ? trace_irq_disable+0x37/0x100
[  820.534365][T16057]  ? clear_bhb_loop+0x60/0xb0
[  820.534392][T16057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  820.534416][T16057] RIP: 0033:0x7f04ceadf749
[  820.534435][T16057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  820.534456][T16057] RSP: 002b:00007f04ccd46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  820.534480][T16057] RAX: ffffffffffffffda RBX: 00007f04ced35fa0 RCX: 00007f04ceadf749
[  820.534497][T16057] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  820.534512][T16057] RBP: 00007f04ccd46090 R08: 0000000000000000 R09: 0000000000000000
[  820.534526][T16057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  820.534540][T16057] R13: 00007f04ced36038 R14: 00007f04ced35fa0 R15: 00007ffdd46726c8
[  820.534576][T16057]  </TASK>
[  820.699600][T15831] 8021q: adding VLAN 0 to HW filter on device team0
[  820.717959][ T1434] bridge0: port 1(bridge_slave_0) entered blocking state
[  820.718201][ T1434] bridge0: port 1(bridge_slave_0) entered forwarding state
[  821.048748][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  821.048987][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  821.683664][T16069] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3816'.
[  821.780005][   T10] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[  821.939863][   T10] usb 5-1: Using ep0 maxpacket: 32
[  821.956839][   T10] usb 5-1: config 0 has an invalid interface number: 85 but max is 0
[  821.956869][   T10] usb 5-1: config 0 has no interface number 0
[  821.956921][   T10] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  821.956951][   T10] usb 5-1: config 0 interface 85 has no altsetting 0
[  821.998804][   T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  821.998844][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  821.998864][   T10] usb 5-1: Product: syz
[  821.998879][   T10] usb 5-1: Manufacturer: syz
[  821.998895][   T10] usb 5-1: SerialNumber: syz
[  822.041706][   T10] usb 5-1: config 0 descriptor??
[  822.199874][ T9233] usb 3-1: new full-speed USB device number 79 using dummy_hcd
[  822.372803][ T5936] IPVS: starting estimator thread 0...
[  822.627595][ T9233] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  822.627693][ T9233] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  822.627717][ T9233] usb 3-1: Product: syz
[  822.627734][ T9233] usb 3-1: Manufacturer: syz
[  822.627750][ T9233] usb 3-1: SerialNumber: syz
[  822.646316][T16086] IPVS: using max 8 ests per chain, 19200 per kthread
[  822.801079][T16090] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3821'.
[  822.937540][   T10] appletouch 5-1:0.85: Geyser mode initialized.
[  823.456572][   T10] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input85
[  823.494381][ T9233] usb 3-1: config 0 descriptor??
[  823.589322][   T10] usb 5-1: USB disconnect, device number 102
[  823.740784][ T9233] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  823.839642][   T10] appletouch 5-1:0.85: input: appletouch disconnected
[  824.132414][T15831] 8021q: adding VLAN 0 to HW filter on device batadv0
[  824.181624][T16102] FAULT_INJECTION: forcing a failure.
[  824.181624][T16102] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  824.181678][T16102] CPU: 1 UID: 0 PID: 16102 Comm: syz.1.3824 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  824.181705][T16102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  824.181720][T16102] Call Trace:
[  824.181729][T16102]  <TASK>
[  824.181739][T16102]  dump_stack_lvl+0xe8/0x150
[  824.181776][T16102]  should_fail_ex+0x46c/0x600
[  824.181808][T16102]  _copy_from_iter+0x1cd/0x1630
[  824.181854][T16102]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  824.181890][T16102]  ? __pfx__copy_from_iter+0x10/0x10
[  824.181928][T16102]  ? set_page_refcounted+0xa0/0x1e0
[  824.181950][T16102]  ? page_copy_sane+0x4e/0x280
[  824.181982][T16102]  copy_page_from_iter+0xdd/0x170
[  824.182030][T16102]  tun_get_user+0x1d40/0x3de0
[  824.182066][T16102]  ? tun_get_user+0x6fc/0x3de0
[  824.182109][T16102]  ? __pfx_tun_get_user+0x10/0x10
[  824.182141][T16102]  ? __lock_acquire+0x6b6/0x2cf0
[  824.182166][T16102]  ? kstrtoull+0x12f/0x1d0
[  824.182215][T16102]  ? ref_tracker_alloc+0x2fe/0x450
[  824.182247][T16102]  ? get_pid_task+0x20/0x1f0
[  824.182282][T16102]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  824.182317][T16102]  ? tun_get+0x1c/0x2f0
[  824.182337][T16102]  ? tun_get+0x1c/0x2f0
[  824.182382][T16102]  ? tun_get+0x1c/0x2f0
[  824.182411][T16102]  ? tun_get+0x1c/0x2f0
[  824.182444][T16102]  tun_chr_write_iter+0x119/0x200
[  824.182475][T16102]  vfs_write+0x5d5/0xb40
[  824.182513][T16102]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  824.182554][T16102]  ? __pfx_vfs_write+0x10/0x10
[  824.182598][T16102]  ? __fget_files+0x2a/0x420
[  824.182629][T16102]  ksys_write+0x14b/0x260
[  824.182668][T16102]  ? __pfx_ksys_write+0x10/0x10
[  824.182713][T16102]  do_syscall_64+0xec/0xf80
[  824.182737][T16102]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.182761][T16102]  ? trace_irq_disable+0x37/0x100
[  824.182785][T16102]  ? clear_bhb_loop+0x60/0xb0
[  824.182811][T16102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.182838][T16102] RIP: 0033:0x7f2a551de1ff
[  824.182852][T16102] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  824.182866][T16102] RSP: 002b:00007f2a5343e000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  824.182902][T16102] RAX: ffffffffffffffda RBX: 00007f2a55435fa0 RCX: 00007f2a551de1ff
[  824.182919][T16102] RDX: 000000000000002e RSI: 00002000000001c0 RDI: 00000000000000c8
[  824.182934][T16102] RBP: 00007f2a5343e090 R08: 0000000000000000 R09: 0000000000000000
[  824.182948][T16102] R10: 000000000000002e R11: 0000000000000293 R12: 0000000000000001
[  824.182973][T16102] R13: 00007f2a55436038 R14: 00007f2a55435fa0 R15: 00007ffc5dc4cc98
[  824.183008][T16102]  </TASK>
[  824.350250][ T9233] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  824.674041][T16113] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3826'.
[  825.490486][T16116] overlay: Unknown parameter 'fowner<00000000000000000000'
[  826.537715][ T9233] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  826.676868][   T10] usb 3-1: USB disconnect, device number 79
[  826.799895][ T9233] usb 4-1: Using ep0 maxpacket: 32
[  826.831063][ T9233] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  826.831095][ T9233] usb 4-1: config 0 has no interface number 0
[  826.861617][ T9233] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  826.861651][ T9233] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  826.861672][ T9233] usb 4-1: Product: syz
[  826.861696][ T9233] usb 4-1: Manufacturer: syz
[  826.861712][ T9233] usb 4-1: SerialNumber: syz
[  826.902894][ T9233] usb 4-1: config 0 descriptor??
[  826.907971][ T9233] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  826.962787][T16122] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3828'.
[  827.143963][ T9233] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  827.204352][T15831] veth0_vlan: entered promiscuous mode
[  827.227386][T15831] veth1_vlan: entered promiscuous mode
[  827.263082][ T9233] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  827.331305][T15831] veth0_macvtap: entered promiscuous mode
[  827.337493][T15831] veth1_macvtap: entered promiscuous mode
[  827.370044][ T5956] usb 5-1: new full-speed USB device number 103 using dummy_hcd
[  827.401818][T15831] batman_adv: batadv0: Interface activated: batadv_slave_0
[  827.450029][T15831] batman_adv: batadv0: Interface activated: batadv_slave_1
[  827.986228][T12036] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  828.014096][   T69] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  828.056204][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  828.078260][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  828.079612][ T5987] usb 4-1: USB disconnect, device number 108
[  828.088475][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  828.105615][ T5956] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  828.105647][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  828.105668][ T5956] usb 5-1: Product: syz
[  828.105685][ T5956] usb 5-1: Manufacturer: syz
[  828.105719][ T5956] usb 5-1: SerialNumber: syz
[  828.144439][ T5956] usb 5-1: config 0 descriptor??
[  828.221650][ T5987] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  828.279551][ T5987] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  828.302019][ T5987] quatech2 4-1:0.51: device disconnected
[  828.471859][ T5956] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  828.742561][ T1434] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  828.742585][ T1434] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  828.834450][ T1448] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  828.834474][ T1448] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  828.920545][T16133] FAULT_INJECTION: forcing a failure.
[  828.920545][T16133] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  828.920579][T16133] CPU: 1 UID: 0 PID: 16133 Comm: syz.2.3833 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  828.920603][T16133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  828.920614][T16133] Call Trace:
[  828.920622][T16133]  <TASK>
[  828.920630][T16133]  dump_stack_lvl+0xe8/0x150
[  828.920661][T16133]  should_fail_ex+0x46c/0x600
[  828.920691][T16133]  _copy_to_iter+0x404/0x1790
[  828.920732][T16133]  ? __pfx__copy_to_iter+0x10/0x10
[  828.920761][T16133]  ? trace_kmalloc+0x1f/0xb0
[  828.920792][T16133]  ? __kvmalloc_node_noprof+0x425/0x940
[  828.920821][T16133]  ? seq_read_iter+0x203/0xe20
[  828.920848][T16133]  ? mutex_lock_nested+0x154/0x1d0
[  828.920875][T16133]  seq_read_iter+0xbf6/0xe20
[  828.920916][T16133]  seq_read+0x36c/0x480
[  828.920949][T16133]  ? __pfx_seq_read+0x10/0x10
[  828.920984][T16133]  ? rw_verify_area+0x2ac/0x4e0
[  828.921007][T16133]  ? __pfx_seq_read+0x10/0x10
[  828.921034][T16133]  vfs_read+0x206/0xa30
[  828.921065][T16133]  ? __pfx_vfs_read+0x10/0x10
[  828.921092][T16133]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  828.921111][T16133]  ? lockdep_hardirqs_on+0x7b/0x110
[  828.921129][T16133]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  828.921146][T16133]  ? mutex_lock_nested+0x154/0x1d0
[  828.921169][T16133]  ? fdget_pos+0x253/0x320
[  828.921196][T16133]  ksys_read+0x14b/0x260
[  828.921224][T16133]  ? __pfx_ksys_read+0x10/0x10
[  828.921270][T16133]  do_syscall_64+0xec/0xf80
[  828.921289][T16133]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  828.921307][T16133]  ? trace_irq_disable+0x37/0x100
[  828.921326][T16133]  ? clear_bhb_loop+0x60/0xb0
[  828.921348][T16133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  828.921366][T16133] RIP: 0033:0x7fad3516f749
[  828.921384][T16133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  828.921400][T16133] RSP: 002b:00007fad333ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  828.921420][T16133] RAX: ffffffffffffffda RBX: 00007fad353c5fa0 RCX: 00007fad3516f749
[  828.921434][T16133] RDX: 0000000000002020 RSI: 00002000000007c0 RDI: 0000000000000003
[  828.921447][T16133] RBP: 00007fad333ce090 R08: 0000000000000000 R09: 0000000000000000
[  828.921461][T16133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  828.921474][T16133] R13: 00007fad353c6038 R14: 00007fad353c5fa0 R15: 00007fff9167bf38
[  828.921509][T16133]  </TASK>
[  829.139011][ T5956] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  829.316444][T16138] netlink: 'syz.5.3743': attribute type 10 has an invalid length.
[  829.361580][T16138] 8021q: adding VLAN 0 to HW filter on device batadv0
[  829.381229][T16138] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  829.580758][ T5956] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  829.732169][ T5956] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  829.732216][ T5956] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  829.732261][ T5956] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  829.732287][ T5956] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  829.780540][ T5956] usb 3-1: config 0 descriptor??
[  829.994665][T16142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  829.996375][T16142] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  829.998623][ T5956] ath6kl: Failed to submit usb control message: -71
[  829.998675][ T5956] ath6kl: unable to send the bmi data to the device: -71
[  829.998692][ T5956] ath6kl: Unable to send get target info: -71
[  830.055634][ T5956] ath6kl: Failed to init ath6kl core: -71
[  830.057206][ T5956] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[  830.100298][ T5956] usb 3-1: USB disconnect, device number 80
[  830.238668][  T804] usb 5-1: USB disconnect, device number 103
[  831.129946][    T9] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  831.510074][    T9] usb 6-1: config 0 has an invalid interface number: 117 but max is 0
[  831.510106][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  831.510136][    T9] usb 6-1: config 0 has no interface number 0
[  831.510207][    T9] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  831.510234][    T9] usb 6-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  831.531292][    T9] usb 6-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  831.531322][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  831.531341][    T9] usb 6-1: Product: syz
[  831.531354][    T9] usb 6-1: Manufacturer: syz
[  831.531368][    T9] usb 6-1: SerialNumber: syz
[  831.627865][    T9] usb 6-1: config 0 descriptor??
[  832.034114][    T9] usbtouchscreen 6-1:0.117: probe with driver usbtouchscreen failed with error -71
[  832.071821][    T9] usb 6-1: USB disconnect, device number 44
[  832.154039][ T9233] usb 2-1: new full-speed USB device number 74 using dummy_hcd
[  832.280615][T16198] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3851'.
[  832.280651][T16198] openvswitch: netlink: Geneve option length err (len 256, max 255).
[  832.316644][ T9233] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  832.316678][ T9233] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  832.316702][ T9233] usb 2-1: Product: syz
[  832.316718][ T9233] usb 2-1: Manufacturer: syz
[  832.316734][ T9233] usb 2-1: SerialNumber: syz
[  832.363699][ T9233] usb 2-1: config 0 descriptor??
[  832.578162][ T9233] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  833.192427][ T9233] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  834.606467][T16231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  834.610047][T16231] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  834.617151][T16231] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  834.640842][T16231] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  834.643102][T16231] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  835.017118][    T9] usb 2-1: USB disconnect, device number 74
[  835.052861][T16237] FAULT_INJECTION: forcing a failure.
[  835.052861][T16237] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  835.052900][T16237] CPU: 0 UID: 0 PID: 16237 Comm: syz.2.3863 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  835.052924][T16237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  835.052938][T16237] Call Trace:
[  835.052947][T16237]  <TASK>
[  835.052957][T16237]  dump_stack_lvl+0xe8/0x150
[  835.053003][T16237]  should_fail_ex+0x46c/0x600
[  835.053041][T16237]  _copy_from_user+0x2d/0xb0
[  835.053065][T16237]  memdup_user_nul+0x66/0x110
[  835.053092][T16237]  smk_write_net4addr+0x164/0xb80
[  835.053130][T16237]  ? __pfx_smk_write_net4addr+0x10/0x10
[  835.053159][T16237]  ? vfs_write+0x217/0xb40
[  835.053204][T16237]  ? __pfx_smk_write_net4addr+0x10/0x10
[  835.053236][T16237]  vfs_write+0x287/0xb40
[  835.053277][T16237]  ? __pfx_vfs_write+0x10/0x10
[  835.053311][T16237]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  835.053335][T16237]  ? lockdep_hardirqs_on+0x7b/0x110
[  835.053356][T16237]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  835.053378][T16237]  ? mutex_lock_nested+0x154/0x1d0
[  835.053406][T16237]  ? fdget_pos+0x253/0x320
[  835.053440][T16237]  ksys_write+0x14b/0x260
[  835.053474][T16237]  ? __pfx_ksys_write+0x10/0x10
[  835.053518][T16237]  do_syscall_64+0xec/0xf80
[  835.053540][T16237]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  835.053562][T16237]  ? trace_irq_disable+0x37/0x100
[  835.053587][T16237]  ? clear_bhb_loop+0x60/0xb0
[  835.053615][T16237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  835.053636][T16237] RIP: 0033:0x7fad3516f749
[  835.053655][T16237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  835.053673][T16237] RSP: 002b:00007fad333ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  835.053696][T16237] RAX: ffffffffffffffda RBX: 00007fad353c5fa0 RCX: 00007fad3516f749
[  835.053712][T16237] RDX: 0000000000000057 RSI: 0000200000000080 RDI: 0000000000000003
[  835.053725][T16237] RBP: 00007fad333ce090 R08: 0000000000000000 R09: 0000000000000000
[  835.053739][T16237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  835.053753][T16237] R13: 00007fad353c6038 R14: 00007fad353c5fa0 R15: 00007fff9167bf38
[  835.053788][T16237]  </TASK>
[  836.025880][ T6326] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[  836.189838][ T6326] usb 4-1: Using ep0 maxpacket: 32
[  836.210006][ T5987] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  836.231938][ T6326] usb 4-1: config 0 has an invalid interface number: 85 but max is 0
[  836.231977][ T6326] usb 4-1: config 0 has no interface number 0
[  836.232032][ T6326] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  836.232061][ T6326] usb 4-1: config 0 interface 85 has no altsetting 0
[  836.234770][ T6326] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  836.234800][ T6326] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  836.234828][ T6326] usb 4-1: Product: syz
[  836.234845][ T6326] usb 4-1: Manufacturer: syz
[  836.234860][ T6326] usb 4-1: SerialNumber: syz
[  836.310984][ T6326] usb 4-1: config 0 descriptor??
[  836.369140][ T5987] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[  836.369164][ T5987] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  836.369178][ T5987] usb 2-1: config 0 has no interface number 0
[  836.369213][ T5987] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  836.369272][ T5987] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  836.413067][ T5987] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  836.413100][ T5987] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  836.413122][ T5987] usb 2-1: Product: syz
[  836.413138][ T5987] usb 2-1: Manufacturer: syz
[  836.413154][ T5987] usb 2-1: SerialNumber: syz
[  836.493474][ T5987] usb 2-1: config 0 descriptor??
[  836.689962][ T5120] Bluetooth: hci1: command tx timeout
[  836.736367][ T6326] appletouch 4-1:0.85: Geyser mode initialized.
[  836.760312][ T6326] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input87
[  838.012306][ T5987] usbtouchscreen 2-1:0.117: probe with driver usbtouchscreen failed with error -71
[  838.058921][ T5999] usb 4-1: USB disconnect, device number 109
[  838.067626][ T5987] usb 2-1: USB disconnect, device number 75
[  838.229150][T16228] chnl_net:caif_netlink_parms(): no params data found
[  838.270130][T16244] sctp: [Deprecated]: syz.2.3865 (pid 16244) Use of struct sctp_assoc_value in delayed_ack socket option.
[  838.270130][T16244] Use struct sctp_sack_info instead
[  838.361800][ T5999] appletouch 4-1:0.85: input: appletouch disconnected
[  838.744743][T16228] bridge0: port 1(bridge_slave_0) entered blocking state
[  838.746726][T16228] bridge0: port 1(bridge_slave_0) entered disabled state
[  838.747031][T16228] bridge_slave_0: entered allmulticast mode
[  838.770095][ T5120] Bluetooth: hci1: command tx timeout
[  838.776802][T16228] bridge_slave_0: entered promiscuous mode
[  838.792066][T16228] bridge0: port 2(bridge_slave_1) entered blocking state
[  838.792207][T16228] bridge0: port 2(bridge_slave_1) entered disabled state
[  838.792514][T16228] bridge_slave_1: entered allmulticast mode
[  838.795446][T16228] bridge_slave_1: entered promiscuous mode
[  839.032880][T16228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  839.037390][T16228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  839.344264][T16228] team0: Port device team_slave_0 added
[  839.348228][T16228] team0: Port device team_slave_1 added
[  839.739101][T16290] FAULT_INJECTION: forcing a failure.
[  839.739101][T16290] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  839.739139][T16290] CPU: 0 UID: 0 PID: 16290 Comm: syz.5.3875 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  839.739165][T16290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  839.739179][T16290] Call Trace:
[  839.739188][T16290]  <TASK>
[  839.739197][T16290]  dump_stack_lvl+0xe8/0x150
[  839.739239][T16290]  should_fail_ex+0x46c/0x600
[  839.739275][T16290]  _copy_to_user+0x31/0xb0
[  839.739301][T16290]  simple_read_from_buffer+0xe1/0x170
[  839.739330][T16290]  proc_fail_nth_read+0x1b6/0x220
[  839.739366][T16290]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  839.739402][T16290]  ? rw_verify_area+0x2ac/0x4e0
[  839.739433][T16290]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  839.739468][T16290]  vfs_read+0x206/0xa30
[  839.739508][T16290]  ? __pfx_vfs_read+0x10/0x10
[  839.739541][T16290]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  839.739565][T16290]  ? lockdep_hardirqs_on+0x7b/0x110
[  839.739587][T16290]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  839.739610][T16290]  ? mutex_lock_nested+0x154/0x1d0
[  839.739637][T16290]  ? fdget_pos+0x253/0x320
[  839.739682][T16290]  ksys_read+0x14b/0x260
[  839.739715][T16290]  ? __pfx_ksys_read+0x10/0x10
[  839.739760][T16290]  do_syscall_64+0xec/0xf80
[  839.739781][T16290]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  839.739802][T16290]  ? trace_irq_disable+0x37/0x100
[  839.739825][T16290]  ? clear_bhb_loop+0x60/0xb0
[  839.739851][T16290]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  839.739873][T16290] RIP: 0033:0x7fd75238e15c
[  839.739892][T16290] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  839.739912][T16290] RSP: 002b:00007fd7505f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  839.739935][T16290] RAX: ffffffffffffffda RBX: 00007fd7525e5fa0 RCX: 00007fd75238e15c
[  839.739952][T16290] RDX: 000000000000000f RSI: 00007fd7505f60a0 RDI: 0000000000000004
[  839.739965][T16290] RBP: 00007fd7505f6090 R08: 0000000000000000 R09: 0000000000000000
[  839.739978][T16290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  839.739989][T16290] R13: 00007fd7525e6038 R14: 00007fd7525e5fa0 R15: 00007ffe51335ab8
[  839.740020][T16290]  </TASK>
[  839.767736][  T992] usb 3-1: new full-speed USB device number 81 using dummy_hcd
[  840.030925][  T992] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  840.030960][  T992] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  840.030982][  T992] usb 3-1: Product: syz
[  840.030998][  T992] usb 3-1: Manufacturer: syz
[  840.031015][  T992] usb 3-1: SerialNumber: syz
[  840.092803][  T992] usb 3-1: config 0 descriptor??
[  840.190993][T16270] netlink: 7 bytes leftover after parsing attributes in process `syz.3.3870'.
[  840.260339][T16270] netlink: 7 bytes leftover after parsing attributes in process `syz.3.3870'.
[  840.317472][  T992] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  840.319229][T16228] batman_adv: batadv0: Adding interface: batadv_slave_0
[  840.319246][T16228] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  840.319326][T16228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  840.398604][T16228] batman_adv: batadv0: Adding interface: batadv_slave_1
[  840.398632][T16228] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  840.398659][T16228] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  840.689928][ T5956] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  840.733943][T16228] hsr_slave_0: entered promiscuous mode
[  840.735518][T16228] hsr_slave_1: entered promiscuous mode
[  840.736682][T16228] debugfs: 'hsr0' already exists in 'hsr'
[  840.736709][T16228] Cannot create hsr debugfs directory
[  840.764511][  T804] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[  840.839879][ T5956] usb 6-1: Using ep0 maxpacket: 32
[  840.842636][ T5956] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  840.842665][ T5956] usb 6-1: config 0 has no interface number 0
[  840.842719][ T5956] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  840.842749][ T5956] usb 6-1: config 0 interface 85 has no altsetting 0
[  840.846130][ T5956] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  840.846161][ T5956] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  840.846184][ T5956] usb 6-1: Product: syz
[  840.846199][ T5956] usb 6-1: Manufacturer: syz
[  840.846215][ T5956] usb 6-1: SerialNumber: syz
[  840.849894][ T5120] Bluetooth: hci1: command tx timeout
[  840.923641][T16259] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  840.924980][  T804] usb 4-1: Using ep0 maxpacket: 16
[  840.934287][  T804] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  840.934355][  T804] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  840.934427][  T804] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  840.934484][  T804] usb 4-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  840.934544][  T804] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  840.942763][ T5956] usb 6-1: config 0 descriptor??
[  841.005780][  T804] usb 4-1: config 0 descriptor??
[  841.059892][T16259] usb 2-1: device descriptor read/64, error -71
[  841.309957][T16259] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  841.315815][  T992] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  841.425620][ T5956] appletouch 6-1:0.85: Geyser mode initialized.
[  841.427830][ T5956] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input89
[  841.432917][  T804] hid_parser_main: 5 callbacks suppressed
[  841.432974][  T804] hid-picolcd 0003:04D8:F002.0007: unknown main item tag 0x0
[  841.450242][T16259] usb 2-1: device descriptor read/64, error -71
[  841.530368][  T804] hid-picolcd 0003:04D8:F002.0007: No report with id 0xf3 found
[  841.530398][  T804] hid-picolcd 0003:04D8:F002.0007: No report with id 0xf4 found
[  841.569967][T16259] usb usb2-port1: attempt power cycle
[  841.706132][T16228] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  841.821574][ T5956] usb 6-1: USB disconnect, device number 45
[  841.822245][   T10] usb 4-1: USB disconnect, device number 110
[  841.929904][T16259] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  841.933709][ T5956] appletouch 6-1:0.85: input: appletouch disconnected
[  841.951550][T16259] usb 2-1: device descriptor read/8, error -71
[  842.016598][T16228] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.052285][  T804] usb 3-1: USB disconnect, device number 81
[  842.190408][T16259] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  842.215332][T16259] usb 2-1: device descriptor read/8, error -71
[  842.312969][T16228] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.330237][T16259] usb usb2-port1: unable to enumerate USB device
[  842.638027][ T6000] usb 6-1: new full-speed USB device number 46 using dummy_hcd
[  842.733342][T16228] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.765429][T16317] IPv6: addrconf: prefix option has invalid lifetime
[  842.786178][T16317] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3885'.
[  842.807240][ T6000] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  842.807385][ T6000] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  842.807409][ T6000] usb 6-1: Product: syz
[  842.807426][ T6000] usb 6-1: Manufacturer: syz
[  842.807443][ T6000] usb 6-1: SerialNumber: syz
[  842.828252][ T6000] usb 6-1: config 0 descriptor??
[  842.929822][ T5120] Bluetooth: hci1: command tx timeout
[  843.104496][ T6000] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  843.234578][T16228] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  843.283737][T16228] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  843.352412][T16228] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  843.352793][T16327] netlink: 'syz.3.3888': attribute type 10 has an invalid length.
[  843.516622][T16327] 8021q: adding VLAN 0 to HW filter on device batadv0
[  843.530431][T16327] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  843.531058][T16228] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  843.691097][T16337] FAULT_INJECTION: forcing a failure.
[  843.691097][T16337] name failslab, interval 1, probability 0, space 0, times 0
[  843.691137][T16337] CPU: 0 UID: 0 PID: 16337 Comm: syz.3.3890 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  843.691164][T16337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  843.691179][T16337] Call Trace:
[  843.691188][T16337]  <TASK>
[  843.691198][T16337]  dump_stack_lvl+0xe8/0x150
[  843.691235][T16337]  should_fail_ex+0x46c/0x600
[  843.691273][T16337]  should_failslab+0xa8/0x100
[  843.691299][T16337]  __kmalloc_noprof+0xe0/0x7e0
[  843.691343][T16337]  ? tomoyo_encode+0x28b/0x550
[  843.691372][T16337]  tomoyo_encode+0x28b/0x550
[  843.691401][T16337]  tomoyo_realpath_from_path+0x58d/0x5d0
[  843.691437][T16337]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  843.691472][T16337]  tomoyo_path_number_perm+0x1e8/0x5a0
[  843.691510][T16337]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  843.691542][T16337]  ? __lock_acquire+0x6b6/0x2cf0
[  843.691576][T16337]  ? do_raw_spin_lock+0x121/0x290
[  843.691640][T16337]  ? __fget_files+0x2a/0x420
[  843.691670][T16337]  ? __fget_files+0x2a/0x420
[  843.691692][T16337]  ? __fget_files+0x3a6/0x420
[  843.691714][T16337]  ? __fget_files+0x2a/0x420
[  843.691743][T16337]  security_file_ioctl+0xcb/0x2d0
[  843.691779][T16337]  __se_sys_ioctl+0x47/0x170
[  843.691815][T16337]  do_syscall_64+0xec/0xf80
[  843.691836][T16337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  843.691863][T16337]  ? trace_irq_disable+0x37/0x100
[  843.691888][T16337]  ? clear_bhb_loop+0x60/0xb0
[  843.691916][T16337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  843.691939][T16337] RIP: 0033:0x7f0f682df749
[  843.691959][T16337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  843.691979][T16337] RSP: 002b:00007f0f66546038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  843.692004][T16337] RAX: ffffffffffffffda RBX: 00007f0f68535fa0 RCX: 00007f0f682df749
[  843.692021][T16337] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[  843.692035][T16337] RBP: 00007f0f66546090 R08: 0000000000000000 R09: 0000000000000000
[  843.692050][T16337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  843.692064][T16337] R13: 00007f0f68536038 R14: 00007f0f68535fa0 R15: 00007ffd69d55028
[  843.692097][T16337]  </TASK>
[  843.692760][T16337] ERROR: Out of memory at tomoyo_realpath_from_path.
[  843.695690][T16337] input: syz1 as /devices/virtual/input/input90
[  843.703684][ T5956] usb 3-1: new full-speed USB device number 82 using dummy_hcd
[  844.029350][ T5956] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  844.029576][ T5956] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.029592][ T5956] usb 3-1: Product: syz
[  844.029604][ T5956] usb 3-1: Manufacturer: syz
[  844.029615][ T5956] usb 3-1: SerialNumber: syz
[  844.103488][ T5956] usb 3-1: config 0 descriptor??
[  844.321703][ T5956] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  844.373981][ T6000] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  844.379657][ T6000] usb 6-1: USB disconnect, device number 46
[  844.935557][T16228] 8021q: adding VLAN 0 to HW filter on device bond0
[  845.087270][T16228] 8021q: adding VLAN 0 to HW filter on device team0
[  845.111177][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  845.111415][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[  845.138023][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state
[  845.138263][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state
[  845.481422][ T5956] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  845.736698][T16228] 8021q: adding VLAN 0 to HW filter on device batadv0
[  846.730806][   T10] IPVS: starting estimator thread 0...
[  846.822312][T13998] usb 3-1: USB disconnect, device number 82
[  846.840132][T16375] IPVS: using max 10 ests per chain, 24000 per kthread
[  847.233679][T16228] veth0_vlan: entered promiscuous mode
[  847.245167][T16228] veth1_vlan: entered promiscuous mode
[  847.337240][T16228] veth0_macvtap: entered promiscuous mode
[  847.352853][T16228] veth1_macvtap: entered promiscuous mode
[  847.399393][T16228] batman_adv: batadv0: Interface activated: batadv_slave_0
[  847.399892][   T10] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  847.423827][T16392] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3901'.
[  847.446082][T16228] batman_adv: batadv0: Interface activated: batadv_slave_1
[  847.466940][ T1116] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  847.467154][ T1116] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  847.467201][ T1116] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  847.467232][ T1116] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  847.550380][   T10] usb 2-1: Using ep0 maxpacket: 16
[  847.561495][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  847.561592][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  847.593541][   T10] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  847.593580][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  847.593595][   T10] usb 2-1: Product: syz
[  847.593606][   T10] usb 2-1: Manufacturer: syz
[  847.593617][   T10] usb 2-1: SerialNumber: syz
[  847.631908][   T10] usb 2-1: config 0 descriptor??
[  847.654677][   T10] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  847.654705][   T10] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  847.981068][T16399] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3906'.
[  848.034703][T16400] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3906'.
[  848.054026][T16390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  848.054559][T16390] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  848.481078][   T10] em28xx 2-1:0.0: unknown em28xx chip ID (197)
[  848.633752][T16088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  848.633778][T16088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  848.686369][   T10] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  848.688837][   T10] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  848.688853][   T10] em28xx 2-1:0.0: No AC97 audio processor
[  848.840588][   T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  848.840613][   T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  849.565328][T16431] FAULT_INJECTION: forcing a failure.
[  849.565328][T16431] name failslab, interval 1, probability 0, space 0, times 0
[  849.565363][T16431] CPU: 0 UID: 0 PID: 16431 Comm: syz.5.3913 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  849.565384][T16431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  849.565397][T16431] Call Trace:
[  849.565405][T16431]  <TASK>
[  849.565413][T16431]  dump_stack_lvl+0xe8/0x150
[  849.565446][T16431]  should_fail_ex+0x46c/0x600
[  849.565478][T16431]  should_failslab+0xa8/0x100
[  849.565498][T16431]  __kmalloc_noprof+0xe0/0x7e0
[  849.565526][T16431]  ? tomoyo_encode+0x28b/0x550
[  849.565550][T16431]  tomoyo_encode+0x28b/0x550
[  849.565585][T16431]  tomoyo_realpath_from_path+0x58d/0x5d0
[  849.565615][T16431]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  849.565640][T16431]  tomoyo_path_number_perm+0x1e8/0x5a0
[  849.565675][T16431]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  849.565700][T16431]  ? __lock_acquire+0x6b6/0x2cf0
[  849.565728][T16431]  ? do_raw_spin_lock+0x121/0x290
[  849.565775][T16431]  ? __fget_files+0x2a/0x420
[  849.565797][T16431]  ? __fget_files+0x2a/0x420
[  849.565815][T16431]  ? __fget_files+0x3a6/0x420
[  849.565836][T16431]  ? __fget_files+0x2a/0x420
[  849.565858][T16431]  security_file_ioctl+0xcb/0x2d0
[  849.565887][T16431]  __se_sys_ioctl+0x47/0x170
[  849.565926][T16431]  do_syscall_64+0xec/0xf80
[  849.565950][T16431]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.565969][T16431]  ? trace_irq_disable+0x37/0x100
[  849.565987][T16431]  ? clear_bhb_loop+0x60/0xb0
[  849.566008][T16431]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.566025][T16431] RIP: 0033:0x7fd75238f749
[  849.566042][T16431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  849.566058][T16431] RSP: 002b:00007fd7505d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  849.566077][T16431] RAX: ffffffffffffffda RBX: 00007fd7525e6090 RCX: 00007fd75238f749
[  849.566090][T16431] RDX: 0000200000001ac0 RSI: 000000008038550a RDI: 0000000000000003
[  849.566102][T16431] RBP: 00007fd7505d5090 R08: 0000000000000000 R09: 0000000000000000
[  849.566113][T16431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  849.566123][T16431] R13: 00007fd7525e6128 R14: 00007fd7525e6090 R15: 00007ffe51335ab8
[  849.566151][T16431]  </TASK>
[  849.584387][T16431] ERROR: Out of memory at tomoyo_realpath_from_path.
[  849.856865][T16431] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  850.467538][T16440] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3917'.
[  851.299067][ T5936] usb 2-1: USB disconnect, device number 80
[  851.325143][ T5936] em28xx 2-1:0.0: Disconnecting em28xx
[  851.432960][ T5936] em28xx 2-1:0.0: Freeing device
[  852.151968][  T992] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  852.312776][  T992] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  852.312806][  T992] usb 2-1: config 0 has no interface number 0
[  852.375912][  T992] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  852.375946][  T992] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  852.375970][  T992] usb 2-1: Product: syz
[  852.375986][  T992] usb 2-1: Manufacturer: syz
[  852.376003][  T992] usb 2-1: SerialNumber: syz
[  852.419613][  T992] usb 2-1: config 0 descriptor??
[  852.710483][  T992] dvb_usb_ec168 2-1:0.1: probe with driver dvb_usb_ec168 failed with error -71
[  852.716178][  T992] usb 2-1: USB disconnect, device number 81
[  852.749922][   T10] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  852.879907][   T10] usb 5-1: device descriptor read/64, error -71
[  852.919958][   T31] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  852.939948][ T6000] usb 3-1: new full-speed USB device number 83 using dummy_hcd
[  853.098378][   T31] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  853.098405][   T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  853.098439][   T31] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  853.098456][   T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  853.119918][   T10] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  853.161885][   T31] usb 6-1: config 0 descriptor??
[  853.164600][ T6000] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  853.164632][ T6000] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.164655][ T6000] usb 3-1: Product: syz
[  853.164672][ T6000] usb 3-1: Manufacturer: syz
[  853.164688][ T6000] usb 3-1: SerialNumber: syz
[  853.168725][ T6000] usb 3-1: config 0 descriptor??
[  853.250497][   T10] usb 5-1: device descriptor read/64, error -71
[  853.378215][T16472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  853.378849][T16472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  853.388981][   T10] usb usb5-port1: attempt power cycle
[  853.402832][   T31] ath6kl: Failed to submit usb control message: -71
[  853.402949][   T31] ath6kl: unable to send the bmi data to the device: -71
[  853.402969][   T31] ath6kl: Unable to send get target info: -71
[  853.438306][   T31] ath6kl: Failed to init ath6kl core: -71
[  853.440681][   T31] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71
[  853.452137][   T31] usb 6-1: USB disconnect, device number 47
[  853.497813][ T6000] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  853.780114][   T10] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  853.800922][   T10] usb 5-1: device descriptor read/8, error -71
[  853.959927][  T992] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  854.039940][   T10] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  854.061849][   T10] usb 5-1: device descriptor read/8, error -71
[  854.109986][  T992] usb 2-1: Using ep0 maxpacket: 16
[  854.124977][  T992] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  854.125014][  T992] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  854.125083][  T992] usb 2-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[  854.125141][  T992] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  854.144671][  T992] usb 2-1: config 0 descriptor??
[  854.179380][   T10] usb usb5-port1: unable to enumerate USB device
[  854.588642][  T992] apple 0003:05AC:0247.0008: unexpected long global item
[  854.589570][  T992] apple 0003:05AC:0247.0008: parse failed
[  854.590117][  T992] apple 0003:05AC:0247.0008: probe with driver apple failed with error -22
[  854.698015][    C1] raw-gadget.3 gadget.2: ignoring, device is not running
[  854.707811][ T6000] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  854.720904][ T6000] usb 3-1: USB disconnect, device number 83
[  854.793935][T16480] IPv6: NLM_F_CREATE should be specified when creating new route
[  857.482163][  T992] usb 2-1: USB disconnect, device number 82
[  860.060017][   T10] usb 4-1: new full-speed USB device number 111 using dummy_hcd
[  862.154865][   T10] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  862.154901][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  862.154924][   T10] usb 4-1: Product: syz
[  862.154940][   T10] usb 4-1: Manufacturer: syz
[  862.154956][   T10] usb 4-1: SerialNumber: syz
[  862.296517][   T10] usb 4-1: config 0 descriptor??
[  862.730136][   T10] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  863.194635][T16565] FAULT_INJECTION: forcing a failure.
[  863.194635][T16565] name failslab, interval 1, probability 0, space 0, times 0
[  863.194900][T16565] CPU: 0 UID: 0 PID: 16565 Comm: syz.2.3952 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  863.194928][T16565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  863.194943][T16565] Call Trace:
[  863.194953][T16565]  <TASK>
[  863.194963][T16565]  dump_stack_lvl+0xe8/0x150
[  863.195003][T16565]  should_fail_ex+0x46c/0x600
[  863.195039][T16565]  should_failslab+0xa8/0x100
[  863.195064][T16565]  __kmalloc_noprof+0xe0/0x7e0
[  863.195098][T16565]  ? do_sys_poll+0x2a7/0xed0
[  863.195126][T16565]  do_sys_poll+0x2a7/0xed0
[  863.195160][T16565]  ? __lock_acquire+0x6b6/0x2cf0
[  863.195193][T16565]  ? __pfx_do_sys_poll+0x10/0x10
[  863.195219][T16565]  ? is_bpf_text_address+0x292/0x2b0
[  863.195249][T16565]  ? is_bpf_text_address+0x26/0x2b0
[  863.195279][T16565]  ? do_sys_openat2+0x15a/0x200
[  863.195413][T16565]  ? set_user_sigmask+0xc1/0x250
[  863.195441][T16565]  ? __pfx_set_user_sigmask+0x10/0x10
[  863.195479][T16565]  __se_sys_ppoll+0x1ff/0x260
[  863.195518][T16565]  ? __pfx___se_sys_ppoll+0x10/0x10
[  863.195548][T16565]  ? __pfx_ksys_write+0x10/0x10
[  863.195589][T16565]  ? __x64_sys_ppoll+0x20/0xc0
[  863.195628][T16565]  do_syscall_64+0xec/0xf80
[  863.195650][T16565]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.195672][T16565]  ? trace_irq_disable+0x37/0x100
[  863.195697][T16565]  ? clear_bhb_loop+0x60/0xb0
[  863.195726][T16565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.195748][T16565] RIP: 0033:0x7fad3516f749
[  863.195775][T16565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  863.195796][T16565] RSP: 002b:00007fad333ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  863.195821][T16565] RAX: ffffffffffffffda RBX: 00007fad353c5fa0 RCX: 00007fad3516f749
[  863.195838][T16565] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  863.195854][T16565] RBP: 00007fad333ce090 R08: 0000000000000000 R09: 0000000000000000
[  863.195868][T16565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  863.195882][T16565] R13: 00007fad353c6038 R14: 00007fad353c5fa0 R15: 00007fff9167bf38
[  863.195918][T16565]  </TASK>
[  864.068961][   T10] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  864.085548][   T10] usb 4-1: USB disconnect, device number 111
[  866.673757][T16606] 9p: Bad value for 'rfdno'
[  866.959388][T16609] FAULT_INJECTION: forcing a failure.
[  866.959388][T16609] name failslab, interval 1, probability 0, space 0, times 0
[  866.959417][T16609] CPU: 1 UID: 0 PID: 16609 Comm: syz.2.3961 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  866.959436][T16609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  866.959446][T16609] Call Trace:
[  866.959454][T16609]  <TASK>
[  866.959462][T16609]  dump_stack_lvl+0xe8/0x150
[  866.959489][T16609]  should_fail_ex+0x46c/0x600
[  866.959515][T16609]  ? sctp_get_port_local+0x726/0x1750
[  866.959540][T16609]  should_failslab+0xa8/0x100
[  866.959557][T16609]  ? sctp_get_port_local+0x726/0x1750
[  866.959581][T16609]  kmem_cache_alloc_noprof+0x84/0x6c0
[  866.959610][T16609]  sctp_get_port_local+0x726/0x1750
[  866.959641][T16609]  ? sctp_get_port_local+0x514/0x1750
[  866.959697][T16609]  ? __pfx_sctp_get_port_local+0x10/0x10
[  866.959735][T16609]  ? sctp_bind_addr_match+0x28b/0x2b0
[  866.959773][T16609]  sctp_do_bind+0x4ef/0x9d0
[  866.959822][T16609]  sctp_connect_new_asoc+0x25c/0x690
[  866.959862][T16609]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  866.959911][T16609]  ? __local_bh_enable_ip+0x1af/0x2c0
[  866.959938][T16609]  ? lockdep_hardirqs_on+0x7b/0x110
[  866.959960][T16609]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  866.959993][T16609]  ? security_sctp_bind_connect+0x7e/0x2e0
[  866.960032][T16609]  sctp_sendmsg+0x14fd/0x25d0
[  866.960067][T16609]  ? __pfx_sctp_sendmsg+0x10/0x10
[  866.960107][T16609]  ? sock_rps_record_flow+0x19/0x410
[  866.960130][T16609]  ? inet_sendmsg+0x2f4/0x370
[  866.960153][T16609]  __sock_sendmsg+0x19c/0x270
[  866.960182][T16609]  __sys_sendto+0x3c7/0x520
[  866.960210][T16609]  ? __pfx___sys_sendto+0x10/0x10
[  866.960251][T16609]  ? ksys_write+0x230/0x260
[  866.960276][T16609]  ? __pfx_ksys_write+0x10/0x10
[  866.960304][T16609]  __x64_sys_sendto+0xde/0x100
[  866.960325][T16609]  do_syscall_64+0xec/0xf80
[  866.960341][T16609]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.960357][T16609]  ? trace_irq_disable+0x37/0x100
[  866.960374][T16609]  ? clear_bhb_loop+0x60/0xb0
[  866.960394][T16609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.960410][T16609] RIP: 0033:0x7fad3516f749
[  866.960425][T16609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  866.960439][T16609] RSP: 002b:00007fad3338c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  866.960459][T16609] RAX: ffffffffffffffda RBX: 00007fad353c6180 RCX: 00007fad3516f749
[  866.960471][T16609] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000005
[  866.960482][T16609] RBP: 00007fad3338c090 R08: 000020000005ffe4 R09: 000000000000001c
[  866.960493][T16609] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000001
[  866.960503][T16609] R13: 00007fad353c6218 R14: 00007fad353c6180 R15: 00007fff9167bf38
[  866.960531][T16609]  </TASK>
[  867.466151][T16604] IPv6: sit1: Disabled Multicast RS
[  867.992726][ T6320] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  868.155346][ T6320] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  868.155391][ T6320] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  868.155440][ T6320] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  868.155466][ T6320] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  868.220595][ T6320] usb 5-1: config 0 descriptor??
[  868.433745][T16618] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  868.434195][T16618] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  868.457997][ T6320] ath6kl: Failed to submit usb control message: -71
[  868.458055][ T6320] ath6kl: unable to send the bmi data to the device: -71
[  868.458072][ T6320] ath6kl: Unable to send get target info: -71
[  868.540704][ T6320] ath6kl: Failed to init ath6kl core: -71
[  868.542288][ T6320] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  868.551789][ T6320] usb 5-1: USB disconnect, device number 108
[  868.983014][T16631] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3974'.
[  869.228736][T16637] overlayfs: missing 'lowerdir'
[  869.269865][T13998] usb 4-1: new full-speed USB device number 112 using dummy_hcd
[  869.425356][T13998] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  869.425391][T13998] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  869.425415][T13998] usb 4-1: Product: syz
[  869.425432][T13998] usb 4-1: Manufacturer: syz
[  869.425449][T13998] usb 4-1: SerialNumber: syz
[  869.461132][T16640] 9p: Bad value for 'rfdno'
[  869.520160][T13998] usb 4-1: config 0 descriptor??
[  869.740932][T13998] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  872.431180][T16662] FAULT_INJECTION: forcing a failure.
[  872.431180][T16662] name failslab, interval 1, probability 0, space 0, times 0
[  872.431227][T16662] CPU: 0 UID: 0 PID: 16662 Comm: syz.2.3986 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  872.431258][T16662] Tainted: [L]=SOFTLOCKUP
[  872.431267][T16662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  872.431282][T16662] Call Trace:
[  872.431292][T16662]  <TASK>
[  872.431302][T16662]  dump_stack_lvl+0xe8/0x150
[  872.431339][T16662]  should_fail_ex+0x46c/0x600
[  872.431377][T16662]  should_failslab+0xa8/0x100
[  872.431401][T16662]  __kmalloc_noprof+0xe0/0x7e0
[  872.431435][T16662]  ? tomoyo_encode+0x28b/0x550
[  872.431465][T16662]  tomoyo_encode+0x28b/0x550
[  872.431495][T16662]  tomoyo_realpath_from_path+0x58d/0x5d0
[  872.431531][T16662]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  872.431563][T16662]  tomoyo_path_number_perm+0x1e8/0x5a0
[  872.431599][T16662]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  872.431632][T16662]  ? __lock_acquire+0x6b6/0x2cf0
[  872.431668][T16662]  ? do_raw_spin_lock+0x121/0x290
[  872.431732][T16662]  ? __fget_files+0x2a/0x420
[  872.431761][T16662]  ? __fget_files+0x2a/0x420
[  872.431785][T16662]  ? __fget_files+0x3a6/0x420
[  872.431808][T16662]  ? __fget_files+0x2a/0x420
[  872.431845][T16662]  security_file_ioctl+0xcb/0x2d0
[  872.431882][T16662]  __se_sys_ioctl+0x47/0x170
[  872.431916][T16662]  do_syscall_64+0xec/0xf80
[  872.431940][T16662]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  872.431964][T16662]  ? trace_irq_disable+0x37/0x100
[  872.431988][T16662]  ? clear_bhb_loop+0x60/0xb0
[  872.432017][T16662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  872.432038][T16662] RIP: 0033:0x7fad3516f749
[  872.432059][T16662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  872.432080][T16662] RSP: 002b:00007fad333ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  872.432111][T16662] RAX: ffffffffffffffda RBX: 00007fad353c5fa0 RCX: 00007fad3516f749
[  872.432128][T16662] RDX: 0000200000001340 RSI: 000000008020640d RDI: 0000000000000003
[  872.432144][T16662] RBP: 00007fad333ce090 R08: 0000000000000000 R09: 0000000000000000
[  872.432159][T16662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  872.432173][T16662] R13: 00007fad353c6038 R14: 00007fad353c5fa0 R15: 00007fff9167bf38
[  872.432210][T16662]  </TASK>
[  872.432232][T16662] ERROR: Out of memory at tomoyo_realpath_from_path.
[  872.785858][T13998] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  872.821086][T13998] usb 4-1: USB disconnect, device number 112
[  874.335502][T16674] 9p: Bad value for 'rfdno'
[  875.656733][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  875.656817][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  877.353027][T16700] FAULT_INJECTION: forcing a failure.
[  877.353027][T16700] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  877.353069][T16700] CPU: 1 UID: 0 PID: 16700 Comm: syz.3.4000 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  877.353101][T16700] Tainted: [L]=SOFTLOCKUP
[  877.353109][T16700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  877.353124][T16700] Call Trace:
[  877.353133][T16700]  <TASK>
[  877.353143][T16700]  dump_stack_lvl+0xe8/0x150
[  877.353180][T16700]  should_fail_ex+0x46c/0x600
[  877.353218][T16700]  _copy_from_user+0x2d/0xb0
[  877.353242][T16700]  ___sys_sendmsg+0x158/0x2a0
[  877.353275][T16700]  ? __pfx____sys_sendmsg+0x10/0x10
[  877.353302][T16700]  ? __lock_acquire+0x6b6/0x2cf0
[  877.353339][T16700]  ? kstrtouint+0x6e/0xe0
[  877.353420][T16700]  __sys_sendmmsg+0x22d/0x430
[  877.353455][T16700]  ? __pfx___sys_sendmmsg+0x10/0x10
[  877.353495][T16700]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  877.353542][T16700]  ? ksys_write+0x230/0x260
[  877.353578][T16700]  ? __pfx_ksys_write+0x10/0x10
[  877.353618][T16700]  __x64_sys_sendmmsg+0xa0/0xc0
[  877.353651][T16700]  do_syscall_64+0xec/0xf80
[  877.353674][T16700]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.353695][T16700]  ? trace_irq_disable+0x37/0x100
[  877.353719][T16700]  ? clear_bhb_loop+0x60/0xb0
[  877.353747][T16700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.353770][T16700] RIP: 0033:0x7f0f682df749
[  877.353790][T16700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  877.353810][T16700] RSP: 002b:00007f0f66546038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  877.353835][T16700] RAX: ffffffffffffffda RBX: 00007f0f68535fa0 RCX: 00007f0f682df749
[  877.353852][T16700] RDX: 0000000000000003 RSI: 0000200000001c00 RDI: 0000000000000004
[  877.353868][T16700] RBP: 00007f0f66546090 R08: 0000000000000000 R09: 0000000000000000
[  877.353883][T16700] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001
[  877.353897][T16700] R13: 00007f0f68536038 R14: 00007f0f68535fa0 R15: 00007ffd69d55028
[  877.353932][T16700]  </TASK>
[  879.670353][T16704] netlink: 'syz.4.4003': attribute type 10 has an invalid length.
[  879.747331][T16712] 9pnet_virtio: no channels available for device syz
[  879.755410][T16704] 8021q: adding VLAN 0 to HW filter on device batadv0
[  879.760816][T16704] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  879.760995][T16712] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  879.762000][T16712] batadv_slave_0: entered promiscuous mode
[  881.070710][T16716] 9p: Bad value for 'rfdno'
[  882.944506][T16231] Bluetooth: hci4: command 0x0406 tx timeout
[  884.738261][T16737] loop2: detected capacity change from 0 to 7
[  885.092818][T16737] Dev loop2: unable to read RDB block 7
[  885.092890][T16737]  loop2: unable to read partition table
[  885.093158][T16737] loop2: partition table beyond EOD, truncated
[  885.093183][T16737] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  885.756042][T16746] FAULT_INJECTION: forcing a failure.
[  885.756042][T16746] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  885.756110][T16746] CPU: 0 UID: 0 PID: 16746 Comm: syz.4.4013 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  885.756141][T16746] Tainted: [L]=SOFTLOCKUP
[  885.756151][T16746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  885.756167][T16746] Call Trace:
[  885.756176][T16746]  <TASK>
[  885.756187][T16746]  dump_stack_lvl+0xe8/0x150
[  885.756225][T16746]  should_fail_ex+0x46c/0x600
[  885.756264][T16746]  _copy_from_user+0x2d/0xb0
[  885.756287][T16746]  ___sys_sendmsg+0x158/0x2a0
[  885.756322][T16746]  ? __pfx____sys_sendmsg+0x10/0x10
[  885.756358][T16746]  ? finish_task_switch+0x23d/0x940
[  885.756393][T16746]  ? lockdep_hardirqs_on+0x7b/0x110
[  885.756447][T16746]  ? __fget_files+0x2a/0x420
[  885.756471][T16746]  ? __fget_files+0x3a6/0x420
[  885.756507][T16746]  __x64_sys_sendmsg+0x1a1/0x260
[  885.756541][T16746]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  885.756584][T16746]  ? rcu_is_watching+0x15/0xb0
[  885.756619][T16746]  do_syscall_64+0xec/0xf80
[  885.756641][T16746]  ? rcu_is_watching+0x15/0xb0
[  885.756660][T16746]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  885.756684][T16746]  ? clear_bhb_loop+0x60/0xb0
[  885.756710][T16746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  885.756730][T16746] RIP: 0033:0x7f9d7929f749
[  885.756751][T16746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  885.756772][T16746] RSP: 002b:00007f9d774c4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  885.756796][T16746] RAX: ffffffffffffffda RBX: 00007f9d794f6180 RCX: 00007f9d7929f749
[  885.756813][T16746] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000008
[  885.756829][T16746] RBP: 00007f9d774c4090 R08: 0000000000000000 R09: 0000000000000000
[  885.756843][T16746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  885.756857][T16746] R13: 00007f9d794f6218 R14: 00007f9d794f6180 R15: 00007fff23d23518
[  885.756895][T16746]  </TASK>
[  885.769173][T16746] loop2: detected capacity change from 0 to 7
[  886.237214][T16746] Dev loop2: unable to read RDB block 7
[  886.237257][T16746]  loop2: unable to read partition table
[  886.237433][T16746] loop2: partition table beyond EOD, truncated
[  886.237448][T16746] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  886.871214][T16754] netlink: 284 bytes leftover after parsing attributes in process `syz.3.4017'.
[  887.492219][T16756] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4015'.
[  887.788317][T16768] 9p: Bad value for 'rfdno'
[  889.122874][T16790] FAULT_INJECTION: forcing a failure.
[  889.122874][T16790] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  889.122914][T16790] CPU: 0 UID: 0 PID: 16790 Comm: syz.5.4028 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  889.122946][T16790] Tainted: [L]=SOFTLOCKUP
[  889.122955][T16790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  889.122969][T16790] Call Trace:
[  889.122978][T16790]  <TASK>
[  889.122989][T16790]  dump_stack_lvl+0xe8/0x150
[  889.123026][T16790]  should_fail_ex+0x46c/0x600
[  889.123064][T16790]  _copy_to_user+0x31/0xb0
[  889.123089][T16790]  simple_read_from_buffer+0xe1/0x170
[  889.123118][T16790]  proc_fail_nth_read+0x1b6/0x220
[  889.123157][T16790]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  889.123194][T16790]  ? rw_verify_area+0x2ac/0x4e0
[  889.123226][T16790]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  889.123261][T16790]  vfs_read+0x206/0xa30
[  889.123303][T16790]  ? __pfx_vfs_read+0x10/0x10
[  889.123337][T16790]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  889.123362][T16790]  ? lockdep_hardirqs_on+0x7b/0x110
[  889.123385][T16790]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  889.123408][T16790]  ? mutex_lock_nested+0x154/0x1d0
[  889.123438][T16790]  ? fdget_pos+0x253/0x320
[  889.123472][T16790]  ksys_read+0x14b/0x260
[  889.123519][T16790]  ? __pfx_ksys_read+0x10/0x10
[  889.123563][T16790]  do_syscall_64+0xec/0xf80
[  889.123585][T16790]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.123608][T16790]  ? trace_irq_disable+0x37/0x100
[  889.123632][T16790]  ? clear_bhb_loop+0x60/0xb0
[  889.123661][T16790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.123683][T16790] RIP: 0033:0x7fd75238e15c
[  889.123703][T16790] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  889.123723][T16790] RSP: 002b:00007fd7505f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  889.123747][T16790] RAX: ffffffffffffffda RBX: 00007fd7525e5fa0 RCX: 00007fd75238e15c
[  889.123764][T16790] RDX: 000000000000000f RSI: 00007fd7505f60a0 RDI: 0000000000000004
[  889.123779][T16790] RBP: 00007fd7505f6090 R08: 0000000000000000 R09: 0000000000000000
[  889.123793][T16790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  889.123807][T16790] R13: 00007fd7525e6038 R14: 00007fd7525e5fa0 R15: 00007ffe51335ab8
[  889.123845][T16790]  </TASK>
[  889.151212][T13998] usb 3-1: new full-speed USB device number 84 using dummy_hcd
[  889.411784][T13998] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  889.411823][T13998] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  889.411847][T13998] usb 3-1: Product: syz
[  889.411864][T13998] usb 3-1: Manufacturer: syz
[  889.411881][T13998] usb 3-1: SerialNumber: syz
[  889.457721][T13998] usb 3-1: config 0 descriptor??
[  889.735162][T13998] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  890.070769][T16794] netlink: 'syz.3.4030': attribute type 10 has an invalid length.
[  890.070797][T16794] netlink: 65015 bytes leftover after parsing attributes in process `syz.3.4030'.
[  890.294843][T16797] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4031'.
[  890.549873][  T992] usb 4-1: new full-speed USB device number 113 using dummy_hcd
[  891.789394][  T992] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  891.789437][  T992] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  891.789484][  T992] usb 4-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.00
[  891.789510][  T992] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  891.849068][  T992] usb 4-1: config 0 descriptor??
[  891.887417][T13998] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  892.117613][T13998] usb 3-1: USB disconnect, device number 84
[  892.668844][  T992] usbhid 4-1:0.0: can't add hid device: -71
[  892.668981][  T992] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  892.692843][  T992] usb 4-1: USB disconnect, device number 113
[  894.804604][T16832] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4041'.
[  897.209897][  T804] usb 4-1: new full-speed USB device number 114 using dummy_hcd
[  898.449098][T16863] netlink: 64 bytes leftover after parsing attributes in process `syz.4.4049'.
[  898.633704][  T804] usb 4-1: device descriptor read/all, error -71
[  898.710117][T16867] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4053'.
[  900.649808][ T6413] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  900.802288][ T6413] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  900.802327][ T6413] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  900.802375][ T6413] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  900.802401][ T6413] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.807957][ T6413] usb 2-1: config 0 descriptor??
[  900.876027][T16900] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4064'.
[  901.025152][T16892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  901.027284][T16892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  901.051095][ T6413] ath6kl: Failed to submit usb control message: -71
[  901.051150][ T6413] ath6kl: unable to send the bmi data to the device: -71
[  901.051167][ T6413] ath6kl: Unable to send get target info: -71
[  901.670149][ T6413] ath6kl: Failed to init ath6kl core: -71
[  901.671315][ T6413] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  901.680232][ T6413] usb 2-1: USB disconnect, device number 83
[  901.963169][T16921] FAULT_INJECTION: forcing a failure.
[  901.963169][T16921] name failslab, interval 1, probability 0, space 0, times 0
[  901.963210][T16921] CPU: 0 UID: 0 PID: 16921 Comm: syz.3.4070 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  901.963240][T16921] Tainted: [L]=SOFTLOCKUP
[  901.963249][T16921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  901.963262][T16921] Call Trace:
[  901.963270][T16921]  <TASK>
[  901.963280][T16921]  dump_stack_lvl+0xe8/0x150
[  901.963316][T16921]  should_fail_ex+0x46c/0x600
[  901.963352][T16921]  should_failslab+0xa8/0x100
[  901.963376][T16921]  __kmalloc_cache_node_noprof+0x8b/0x700
[  901.963423][T16921]  ? __get_vm_area_node+0x172/0x350
[  901.963459][T16921]  __get_vm_area_node+0x172/0x350
[  901.963496][T16921]  __vmalloc_node_range_noprof+0x371/0x16a0
[  901.963530][T16921]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  901.963579][T16921]  ? is_bpf_text_address+0x26/0x2b0
[  901.963612][T16921]  ? kernel_text_address+0xa5/0xe0
[  901.963661][T16921]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  901.963704][T16921]  ? __lock_acquire+0x6b6/0x2cf0
[  901.963744][T16921]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  901.963769][T16921]  __vmalloc_noprof+0xd2/0x120
[  901.963802][T16921]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  901.963832][T16921]  bpf_prog_alloc_no_stats+0x4a/0x4d0
[  901.963865][T16921]  bpf_prog_alloc+0x3c/0x1a0
[  901.963895][T16921]  bpf_prog_load+0x735/0x1a10
[  901.963931][T16921]  ? get_pid_task+0x20/0x1f0
[  901.963965][T16921]  ? __pfx_bpf_prog_load+0x10/0x10
[  901.963992][T16921]  ? __might_fault+0xb0/0x130
[  901.964046][T16921]  ? bpf_lsm_bpf+0x9/0x20
[  901.964065][T16921]  ? security_bpf+0x7e/0x300
[  901.964104][T16921]  __sys_bpf+0x507/0x860
[  901.964132][T16921]  ? __pfx___sys_bpf+0x10/0x10
[  901.964154][T16921]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  901.964217][T16921]  ? ksys_write+0x230/0x260
[  901.964253][T16921]  ? __pfx_ksys_write+0x10/0x10
[  901.964287][T16921]  __x64_sys_bpf+0x7c/0x90
[  901.964306][T16921]  do_syscall_64+0xec/0xf80
[  901.964324][T16921]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.964342][T16921]  ? trace_irq_disable+0x37/0x100
[  901.964362][T16921]  ? clear_bhb_loop+0x60/0xb0
[  901.964384][T16921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.964411][T16921] RIP: 0033:0x7f0f682df749
[  901.964427][T16921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  901.964444][T16921] RSP: 002b:00007f0f66546038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  901.964463][T16921] RAX: ffffffffffffffda RBX: 00007f0f68535fa0 RCX: 00007f0f682df749
[  901.964477][T16921] RDX: 0000000000000042 RSI: 00002000000006c0 RDI: 0000000000000005
[  901.964489][T16921] RBP: 00007f0f66546090 R08: 0000000000000000 R09: 0000000000000000
[  901.964500][T16921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  901.964511][T16921] R13: 00007f0f68536038 R14: 00007f0f68535fa0 R15: 00007ffd69d55028
[  901.964539][T16921]  </TASK>
[  901.964816][T16921] syz.3.4070: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  901.965209][T16921] CPU: 0 UID: 0 PID: 16921 Comm: syz.3.4070 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  901.965240][T16921] Tainted: [L]=SOFTLOCKUP
[  901.965248][T16921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  901.965263][T16921] Call Trace:
[  901.965271][T16921]  <TASK>
[  901.965281][T16921]  dump_stack_lvl+0xe8/0x150
[  901.965317][T16921]  warn_alloc+0x22e/0x3b0
[  901.965352][T16921]  ? should_fail_ex+0x344/0x600
[  901.965416][T16921]  ? __pfx_warn_alloc+0x10/0x10
[  901.965452][T16921]  ? __kmalloc_cache_node_noprof+0x2aa/0x700
[  901.965487][T16921]  ? __get_vm_area_node+0x172/0x350
[  901.965523][T16921]  ? __get_vm_area_node+0x2e2/0x350
[  901.965562][T16921]  __vmalloc_node_range_noprof+0x396/0x16a0
[  901.965621][T16921]  ? is_bpf_text_address+0x26/0x2b0
[  901.965652][T16921]  ? kernel_text_address+0xa5/0xe0
[  901.965689][T16921]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  901.965725][T16921]  ? __lock_acquire+0x6b6/0x2cf0
[  901.965765][T16921]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  901.965791][T16921]  __vmalloc_noprof+0xd2/0x120
[  901.965822][T16921]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  901.965851][T16921]  bpf_prog_alloc_no_stats+0x4a/0x4d0
[  901.965884][T16921]  bpf_prog_alloc+0x3c/0x1a0
[  901.965914][T16921]  bpf_prog_load+0x735/0x1a10
[  901.965950][T16921]  ? get_pid_task+0x20/0x1f0
[  901.965983][T16921]  ? __pfx_bpf_prog_load+0x10/0x10
[  901.966010][T16921]  ? __might_fault+0xb0/0x130
[  901.966065][T16921]  ? bpf_lsm_bpf+0x9/0x20
[  901.966083][T16921]  ? security_bpf+0x7e/0x300
[  901.966122][T16921]  __sys_bpf+0x507/0x860
[  901.966149][T16921]  ? __pfx___sys_bpf+0x10/0x10
[  901.966172][T16921]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  901.966220][T16921]  ? ksys_write+0x230/0x260
[  901.966255][T16921]  ? __pfx_ksys_write+0x10/0x10
[  901.966296][T16921]  __x64_sys_bpf+0x7c/0x90
[  901.966321][T16921]  do_syscall_64+0xec/0xf80
[  901.966342][T16921]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.966363][T16921]  ? trace_irq_disable+0x37/0x100
[  901.966386][T16921]  ? clear_bhb_loop+0x60/0xb0
[  901.966425][T16921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.966446][T16921] RIP: 0033:0x7f0f682df749
[  901.966466][T16921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  901.966486][T16921] RSP: 002b:00007f0f66546038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  901.966508][T16921] RAX: ffffffffffffffda RBX: 00007f0f68535fa0 RCX: 00007f0f682df749
[  901.966524][T16921] RDX: 0000000000000042 RSI: 00002000000006c0 RDI: 0000000000000005
[  901.966538][T16921] RBP: 00007f0f66546090 R08: 0000000000000000 R09: 0000000000000000
[  901.966553][T16921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  901.966567][T16921] R13: 00007f0f68536038 R14: 00007f0f68535fa0 R15: 00007ffd69d55028
[  901.966603][T16921]  </TASK>
[  902.094209][ T6413] usb 6-1: new full-speed USB device number 48 using dummy_hcd
[  902.150890][ T5934] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  902.215237][T16921] Mem-Info:
[  902.215299][T16921] active_anon:296 inactive_anon:8759 isolated_anon:0
[  902.215299][T16921]  active_file:26629 inactive_file:37821 isolated_file:0
[  902.215299][T16921]  unevictable:768 dirty:163 writeback:0
[  902.215299][T16921]  slab_reclaimable:10134 slab_unreclaimable:112746
[  902.215299][T16921]  mapped:33950 shmem:5200 pagetables:1544
[  902.215299][T16921]  sec_pagetables:0 bounce:0
[  902.215299][T16921]  kernel_misc_reclaimable:0
[  902.215299][T16921]  free:1281498 free_pcp:12099 free_cma:0
[  902.215455][T16921] Node 0 active_anon:1184kB inactive_anon:35036kB active_file:106276kB inactive_file:151284kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:135760kB dirty:648kB writeback:0kB shmem:19264kB kernel_stack:15308kB pagetables:6024kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  902.215592][T16921] Node 1 active_anon:0kB inactive_anon:0kB active_file:240kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  902.215720][T16921] Node 0 DMA free:15356kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  902.215939][T16921] lowmem_reserve[]: 0 2514 2515 2515 2515
[  902.216046][T16921] Node 0 DMA32 free:1212784kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1184kB inactive_anon:35036kB active_file:106276kB inactive_file:151284kB unevictable:1536kB writepending:648kB zspages:0kB present:3129332kB managed:2574688kB mlocked:0kB bounce:0kB free_pcp:48396kB local_pcp:42612kB free_cma:0kB
[  902.216482][T16921] lowmem_reserve[]: 0 0 1 1 1
[  902.216561][T16921] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  902.216726][T16921] lowmem_reserve[]: 0 0 0 0 0
[  902.216825][T16921] Node 1 Normal free:3897852kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:240kB inactive_file:0kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  902.216983][T16921] lowmem_reserve[]: 0 0 0 0 0
[  902.217080][T16921] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15356kB
[  902.251483][T16921] Node 0 DMA32: 2102*4kB (UME) 2319*8kB (UME) 1828*16kB (UME) 763*32kB (UME) 298*64kB (UME) 143*128kB (UME) 234*256kB (UME) 147*512kB (UM) 61*1024kB (UM) 28*2048kB (UM) 205*4096kB (UM) = 1212656kB
[  902.251958][T16921] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  902.252254][T16921] Node 1 Normal: 191*4kB (UME) 44*8kB (UE) 30*16kB (UME) 202*32kB (UE) 96*64kB (UME) 21*128kB (UME) 10*256kB (UM) 11*512kB (UME) 4*1024kB (UME) 1*2048kB (E) 944*4096kB (M) = 3897852kB
[  902.327042][T16921] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  902.327091][T16921] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  902.327141][T16921] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  902.327187][T16921] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  902.327231][T16921] 69685 total pagecache pages
[  902.327273][T16921] 0 pages in swap cache
[  902.327295][T16921] Free swap  = 124996kB
[  902.327317][T16921] Total swap = 124996kB
[  902.327348][T16921] 2097051 pages RAM
[  902.327370][T16921] 0 pages HighMem/MovableOnly
[  902.327398][T16921] 421353 pages reserved
[  902.327414][T16921] 0 pages cma reserved
[  902.418965][ T5934] usb 5-1: device descriptor read/64, error -71
[  902.463350][ T6413] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  902.463431][ T6413] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  903.126979][ T6413] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  903.127014][ T6413] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  903.127038][ T6413] usb 6-1: Product: syz
[  903.127054][ T6413] usb 6-1: Manufacturer: syz
[  903.127071][ T6413] usb 6-1: SerialNumber: syz
[  903.165499][ T6413] usb 6-1: config 0 descriptor??
[  903.517994][ T5934] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  904.419806][ T5934] usb 5-1: device descriptor read/64, error -71
[  904.550035][ T5934] usb usb5-port1: attempt power cycle
[  905.384194][ T6413] usb 6-1: USB disconnect, device number 48
[  905.423702][T16943] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4077'.
[  905.960568][ T5934] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[  906.129835][ T5934] usb 5-1: Using ep0 maxpacket: 32
[  906.132073][ T5934] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  906.132101][ T5934] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  906.181819][ T5934] usb 5-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  906.181848][ T5934] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  906.181866][ T5934] usb 5-1: Product: syz
[  906.181880][ T5934] usb 5-1: Manufacturer: syz
[  906.181893][ T5934] usb 5-1: SerialNumber: syz
[  906.227164][ T5934] usb 5-1: config 0 descriptor??
[  906.564202][T16954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  906.564504][T16954] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  906.580935][ T5934] usb 5-1: USB disconnect, device number 112
[  909.774806][T16983] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4090'.
[  909.906831][T16557] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  912.371417][T16557] usb 6-1: device descriptor read/64, error -71
[  912.994785][T16995] FAULT_INJECTION: forcing a failure.
[  912.994785][T16995] name failslab, interval 1, probability 0, space 0, times 0
[  912.994852][T16995] CPU: 1 UID: 0 PID: 16995 Comm: syz.4.4092 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  912.994884][T16995] Tainted: [L]=SOFTLOCKUP
[  912.994894][T16995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  912.994909][T16995] Call Trace:
[  912.994919][T16995]  <TASK>
[  912.994929][T16995]  dump_stack_lvl+0xe8/0x150
[  912.994967][T16995]  should_fail_ex+0x46c/0x600
[  912.995005][T16995]  should_failslab+0xa8/0x100
[  912.995030][T16995]  __kmalloc_cache_noprof+0x84/0x6d0
[  912.995067][T16995]  ? sctp_association_new+0x89/0x25e0
[  912.995109][T16995]  sctp_association_new+0x89/0x25e0
[  912.995163][T16995]  sctp_connect_new_asoc+0x2c5/0x690
[  912.995203][T16995]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  912.995246][T16995]  ? sctp_sendmsg+0x1335/0x25d0
[  912.995280][T16995]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  912.995313][T16995]  ? security_sctp_bind_connect+0x7e/0x2e0
[  912.995352][T16995]  sctp_sendmsg+0x14fd/0x25d0
[  912.995401][T16995]  ? __pfx_sctp_sendmsg+0x10/0x10
[  912.995434][T16995]  ? finish_task_switch+0x23d/0x940
[  912.995490][T16995]  ? sock_rps_record_flow+0x19/0x410
[  912.995539][T16995]  ? inet_sendmsg+0x2f4/0x370
[  912.995566][T16995]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  912.995599][T16995]  __sock_sendmsg+0x19c/0x270
[  912.995639][T16995]  __sys_sendto+0x3c7/0x520
[  912.995669][T16995]  ? __pfx___sys_sendto+0x10/0x10
[  912.995741][T16995]  __x64_sys_sendto+0xde/0x100
[  912.995773][T16995]  do_syscall_64+0xec/0xf80
[  912.995794][T16995]  ? rcu_is_watching+0x15/0xb0
[  912.995814][T16995]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  912.995838][T16995]  ? clear_bhb_loop+0x60/0xb0
[  912.995868][T16995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  912.995891][T16995] RIP: 0033:0x7f9d7929f749
[  912.995911][T16995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  912.995932][T16995] RSP: 002b:00007f9d774c4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  912.995956][T16995] RAX: ffffffffffffffda RBX: 00007f9d794f6180 RCX: 00007f9d7929f749
[  912.995975][T16995] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000005
[  912.995991][T16995] RBP: 00007f9d774c4090 R08: 000020000005ffe4 R09: 000000000000001c
[  912.996007][T16995] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000001
[  912.996021][T16995] R13: 00007f9d794f6218 R14: 00007f9d794f6180 R15: 00007fff23d23518
[  912.996060][T16995]  </TASK>
[  917.511189][T17007] FAULT_INJECTION: forcing a failure.
[  917.511189][T17007] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  917.511227][T17007] CPU: 1 UID: 0 PID: 17007 Comm: syz.1.4097 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  917.511254][T17007] Tainted: [L]=SOFTLOCKUP
[  917.511261][T17007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  917.511273][T17007] Call Trace:
[  917.511281][T17007]  <TASK>
[  917.511290][T17007]  dump_stack_lvl+0xe8/0x150
[  917.511322][T17007]  should_fail_ex+0x46c/0x600
[  917.511353][T17007]  _copy_from_iter+0x1cd/0x1630
[  917.511382][T17007]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  917.511412][T17007]  ? __pfx__copy_from_iter+0x10/0x10
[  917.511454][T17007]  ? set_page_refcounted+0xa0/0x1e0
[  917.511474][T17007]  ? page_copy_sane+0x4e/0x280
[  917.511503][T17007]  copy_page_from_iter+0xdd/0x170
[  917.511535][T17007]  tun_get_user+0x1d40/0x3de0
[  917.511564][T17007]  ? tun_get_user+0x6fc/0x3de0
[  917.511600][T17007]  ? __pfx_tun_get_user+0x10/0x10
[  917.511627][T17007]  ? __lock_acquire+0x6b6/0x2cf0
[  917.511655][T17007]  ? kstrtoull+0x12f/0x1d0
[  917.511686][T17007]  ? ref_tracker_alloc+0x2fe/0x450
[  917.511711][T17007]  ? get_pid_task+0x20/0x1f0
[  917.511740][T17007]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  917.511768][T17007]  ? tun_get+0x1c/0x2f0
[  917.511791][T17007]  ? tun_get+0x1c/0x2f0
[  917.511819][T17007]  ? tun_get+0x1c/0x2f0
[  917.511841][T17007]  ? tun_get+0x1c/0x2f0
[  917.511868][T17007]  tun_chr_write_iter+0x119/0x200
[  917.511895][T17007]  vfs_write+0x5d5/0xb40
[  917.511925][T17007]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  917.511950][T17007]  ? __pfx_vfs_write+0x10/0x10
[  917.511986][T17007]  ? __fget_files+0x2a/0x420
[  917.512013][T17007]  ksys_write+0x14b/0x260
[  917.512042][T17007]  ? __pfx_ksys_write+0x10/0x10
[  917.512079][T17007]  do_syscall_64+0xec/0xf80
[  917.512098][T17007]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  917.512117][T17007]  ? trace_irq_disable+0x37/0x100
[  917.512137][T17007]  ? clear_bhb_loop+0x60/0xb0
[  917.512160][T17007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  917.512179][T17007] RIP: 0033:0x7f2a551de1ff
[  917.512199][T17007] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  917.512217][T17007] RSP: 002b:00007f2a5343e000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  917.512237][T17007] RAX: ffffffffffffffda RBX: 00007f2a55435fa0 RCX: 00007f2a551de1ff
[  917.512252][T17007] RDX: 000000000000004e RSI: 00002000000003c0 RDI: 00000000000000c8
[  917.512264][T17007] RBP: 00007f2a5343e090 R08: 0000000000000000 R09: 0000000000000000
[  917.512277][T17007] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001
[  917.512288][T17007] R13: 00007f2a55436038 R14: 00007f2a55435fa0 R15: 00007ffc5dc4cc98
[  917.512318][T17007]  </TASK>
[  917.922107][ T6413] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  918.069924][ T6413] usb 6-1: Using ep0 maxpacket: 32
[  919.936959][ T6413] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  919.936989][ T6413] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  919.968055][ T6413] usb 6-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  919.968090][ T6413] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  919.968112][ T6413] usb 6-1: Product: syz
[  919.968128][ T6413] usb 6-1: Manufacturer: syz
[  919.968145][ T6413] usb 6-1: SerialNumber: syz
[  920.005523][ T6413] usb 6-1: config 0 descriptor??
[  920.673027][T16989] usb 6-1: USB disconnect, device number 51
[  922.780083][T16590] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[  922.909842][T16590] usb 5-1: device descriptor read/64, error -71
[  923.149905][T16590] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  923.302714][T16590] usb 5-1: device descriptor read/64, error -71
[  923.410251][T16590] usb usb5-port1: attempt power cycle
[  926.715636][ T5934] IPVS: starting estimator thread 0...
[  926.822076][T17053] IPVS: using max 11 ests per chain, 26400 per kthread
[  926.995904][T17055] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4114'.
[  928.329957][T13998] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  928.417770][T17064] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4118'.
[  928.479835][T13998] usb 3-1: Using ep0 maxpacket: 32
[  928.480474][T17064] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4118'.
[  928.483365][T13998] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  928.489551][T13998] usb 3-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  928.489582][T13998] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  928.489605][T13998] usb 3-1: Product: syz
[  928.489622][T13998] usb 3-1: Manufacturer: syz
[  928.544323][T13998] usb 3-1: SerialNumber: syz
[  928.574829][T13998] usb 3-1: config 0 descriptor??
[  930.481549][T17057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  930.481836][T17057] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  930.602695][ T5934] usb 3-1: USB disconnect, device number 85
[  930.693722][T17076] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4122'.
[  930.777184][   T13] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  930.788643][   T13] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  930.788701][   T13] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  930.788744][   T13] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  931.679839][ T5987] usb 5-1: new full-speed USB device number 116 using dummy_hcd
[  932.038369][ T5987] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  932.038404][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  932.038428][ T5987] usb 5-1: Product: syz
[  932.038457][ T5987] usb 5-1: Manufacturer: syz
[  932.038473][ T5987] usb 5-1: SerialNumber: syz
[  932.534828][ T5987] usb 5-1: config 0 descriptor??
[  932.680371][T17090] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4128'.
[  932.763703][ T5987] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  934.370374][ T5987] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  934.377022][ T5987] usb 5-1: USB disconnect, device number 116
[  934.658285][T17112] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4132'.
[  934.711990][T17115] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4132'.
[  935.010136][ T5880] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[  936.910341][ T5880] usb 4-1: Using ep0 maxpacket: 32
[  936.912860][ T5880] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  936.915538][ T5880] usb 4-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  936.915568][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  936.915590][ T5880] usb 4-1: Product: syz
[  936.915606][ T5880] usb 4-1: Manufacturer: syz
[  936.915622][ T5880] usb 4-1: SerialNumber: syz
[  936.936102][ T5880] usb 4-1: config 0 descriptor??
[  937.102214][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  937.102268][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  939.259796][ T5934] usb 4-1: USB disconnect, device number 116
[  941.434708][T17142] FAULT_INJECTION: forcing a failure.
[  941.434708][T17142] name failslab, interval 1, probability 0, space 0, times 0
[  941.434749][T17142] CPU: 1 UID: 0 PID: 17142 Comm: syz.3.4144 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  941.434781][T17142] Tainted: [L]=SOFTLOCKUP
[  941.434789][T17142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  941.434804][T17142] Call Trace:
[  941.434813][T17142]  <TASK>
[  941.434823][T17142]  dump_stack_lvl+0xe8/0x150
[  941.434861][T17142]  should_fail_ex+0x46c/0x600
[  941.434897][T17142]  ? __alloc_skb+0x1dc/0x3a0
[  941.434922][T17142]  should_failslab+0xa8/0x100
[  941.434947][T17142]  ? __alloc_skb+0x1dc/0x3a0
[  941.434968][T17142]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[  941.435003][T17142]  ? lockdep_hardirqs_on+0x7b/0x110
[  941.435027][T17142]  ? __alloc_skb+0x198/0x3a0
[  941.435054][T17142]  __alloc_skb+0x1dc/0x3a0
[  941.435084][T17142]  netlink_sendmsg+0x5c6/0xb30
[  941.435126][T17142]  ? __pfx_netlink_sendmsg+0x10/0x10
[  941.435167][T17142]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  941.435197][T17142]  ? __pfx_netlink_sendmsg+0x10/0x10
[  941.435231][T17142]  __sock_sendmsg+0x21c/0x270
[  941.435278][T17142]  ____sys_sendmsg+0x508/0x810
[  941.435314][T17142]  ? __pfx_____sys_sendmsg+0x10/0x10
[  941.435362][T17142]  ? import_iovec+0x74/0xa0
[  941.435389][T17142]  ___sys_sendmsg+0x21f/0x2a0
[  941.435423][T17142]  ? __pfx____sys_sendmsg+0x10/0x10
[  941.435492][T17142]  ? __fget_files+0x2a/0x420
[  941.435516][T17142]  ? __fget_files+0x3a6/0x420
[  941.435553][T17142]  __x64_sys_sendmsg+0x1a1/0x260
[  941.435585][T17142]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  941.435625][T17142]  ? __pfx_ksys_write+0x10/0x10
[  941.435672][T17142]  do_syscall_64+0xec/0xf80
[  941.435695][T17142]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  941.435717][T17142]  ? trace_irq_disable+0x37/0x100
[  941.435740][T17142]  ? clear_bhb_loop+0x60/0xb0
[  941.435769][T17142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  941.435792][T17142] RIP: 0033:0x7f0f682df749
[  941.435812][T17142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  941.435832][T17142] RSP: 002b:00007f0f66546038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  941.435857][T17142] RAX: ffffffffffffffda RBX: 00007f0f68535fa0 RCX: 00007f0f682df749
[  941.435874][T17142] RDX: 0000000004000054 RSI: 0000200000000280 RDI: 0000000000000004
[  941.435889][T17142] RBP: 00007f0f66546090 R08: 0000000000000000 R09: 0000000000000000
[  941.435903][T17142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  941.435917][T17142] R13: 00007f0f68536038 R14: 00007f0f68535fa0 R15: 00007ffd69d55028
[  941.435954][T17142]  </TASK>
[  942.589894][T16654] usb 6-1: new full-speed USB device number 52 using dummy_hcd
[  942.775235][T16654] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  942.775269][T16654] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  942.775292][T16654] usb 6-1: Product: syz
[  942.775307][T16654] usb 6-1: Manufacturer: syz
[  942.775324][T16654] usb 6-1: SerialNumber: syz
[  942.818412][T16654] usb 6-1: config 0 descriptor??
[  943.038924][T16654] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  946.101559][T16654] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110
[  946.286879][   T10] usb 6-1: USB disconnect, device number 52
[  948.564292][T17185] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4147'.
[  948.665367][T17188] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4147'.
[  950.802965][T17196] IPv6: sit1: Disabled Multicast RS
[  950.837856][T17196] 9p: Bad value for 'rfdno'
[  953.722613][T17206] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4163'.
[  954.060001][T16590] usb 2-1: new full-speed USB device number 84 using dummy_hcd
[  954.151209][T17213] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4166'.
[  954.217932][T16590] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  954.217968][T16590] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  954.217998][T16590] usb 2-1: Product: syz
[  954.218009][T16590] usb 2-1: Manufacturer: syz
[  954.218021][T16590] usb 2-1: SerialNumber: syz
[  954.251596][T16590] usb 2-1: config 0 descriptor??
[  954.473745][T16590] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  958.706054][T16590] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  960.422623][T16590] usb 2-1: USB disconnect, device number 84
[  960.426729][ T5120] Bluetooth: hci1: command 0x0406 tx timeout
[  961.337232][T17253] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4177'.
[  962.192182][T17254] overlay: Unknown parameter 'fowner<00000000000000000000'
[  963.187777][ T5929] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  963.809897][T13998] usb 5-1: new full-speed USB device number 117 using dummy_hcd
[  963.871204][ T5929] usb 2-1: device not accepting address 85, error -71
[  963.982434][T13998] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  963.982470][T13998] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  963.982492][T13998] usb 5-1: Product: syz
[  963.982517][T13998] usb 5-1: Manufacturer: syz
[  963.982535][T13998] usb 5-1: SerialNumber: syz
[  964.040923][T13998] usb 5-1: config 0 descriptor??
[  965.394233][T13998] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  965.537664][T13998] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  967.812368][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  968.291464][T13998] usb 5-1: USB disconnect, device number 117
[  968.492875][   T37] audit: type=1326 audit(1767943288.173:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17285 comm="syz.4.4185" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9d7929f749 code=0x0
[  968.828206][T17291] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4180'.
[  976.429874][T13998] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[  976.590058][T13998] usb 6-1: Using ep0 maxpacket: 32
[  976.643493][T13998] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  976.643525][T13998] usb 6-1: config 0 has no interface number 0
[  976.643578][T13998] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  976.643609][T13998] usb 6-1: config 0 interface 85 has no altsetting 0
[  976.827125][T13998] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  976.827159][T13998] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  976.827182][T13998] usb 6-1: Product: syz
[  976.827199][T13998] usb 6-1: Manufacturer: syz
[  976.827216][T13998] usb 6-1: SerialNumber: syz
[  977.597865][T13998] usb 6-1: config 0 descriptor??
[  978.242901][T13998] appletouch 6-1:0.85: Geyser mode initialized.
[  978.246540][T13998] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input92
[  980.561885][T16989] usb 6-1: USB disconnect, device number 53
[  980.610267][   T38] INFO: task kworker/u8:21:12037 blocked for more than 145 seconds.
[  980.610297][   T38]       Tainted: G             L      syzkaller #0
[  980.610311][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  980.610321][   T38] task:kworker/u8:21   state:D stack:21000 pid:12037 tgid:12037 ppid:2      task_flags:0x4208060 flags:0x00080000
[  980.610397][   T38] Workqueue: netns cleanup_net
[  980.610435][   T38] Call Trace:
[  980.610443][   T38]  <TASK>
[  980.610459][   T38]  __schedule+0x145f/0x5070
[  980.610498][   T38]  ? __lock_acquire+0x6b6/0x2cf0
[  980.610545][   T38]  ? lockdep_hardirqs_on+0x7b/0x110
[  980.610580][   T38]  ? __pfx___schedule+0x10/0x10
[  980.610625][   T38]  ? schedule+0x91/0x360
[  980.610665][   T38]  schedule+0x165/0x360
[  980.610704][   T38]  rxrpc_destroy_all_calls+0x564/0x660
[  980.610751][   T38]  ? __pfx_rxrpc_destroy_all_calls+0x10/0x10
[  980.610787][   T38]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  980.610814][   T38]  ? __pfx_var_wake_function+0x10/0x10
[  980.610845][   T38]  ? __try_to_del_timer_sync+0x34d/0x3a0
[  980.610887][   T38]  rxrpc_exit_net+0x6f/0xc0
[  980.610910][   T38]  ops_undo_list+0x49a/0x990
[  980.610946][   T38]  ? __pfx_ops_undo_list+0x10/0x10
[  980.610970][   T38]  ? rt_spin_unlock+0x150/0x200
[  980.611006][   T38]  ? rt_spin_unlock+0x161/0x200
[  980.611042][   T38]  cleanup_net+0x4de/0x7b0
[  980.611071][   T38]  ? __pfx_cleanup_net+0x10/0x10
[  980.611103][   T38]  ? process_scheduled_works+0x9ef/0x1770
[  980.611130][   T38]  ? process_scheduled_works+0x9ef/0x1770
[  980.611159][   T38]  process_scheduled_works+0xad1/0x1770
[  980.611219][   T38]  ? __pfx_process_scheduled_works+0x10/0x10
[  980.611243][   T38]  ? do_raw_spin_lock+0x121/0x290
[  980.611289][   T38]  worker_thread+0x8a0/0xda0
[  980.611330][   T38]  ? __kthread_parkme+0x7b/0x200
[  980.611379][   T38]  kthread+0x711/0x8a0
[  980.611417][   T38]  ? __pfx_worker_thread+0x10/0x10
[  980.611444][   T38]  ? __pfx_kthread+0x10/0x10
[  980.611475][   T38]  ? rt_spin_unlock+0x150/0x200
[  980.611511][   T38]  ? rt_spin_unlock+0x161/0x200
[  980.611541][   T38]  ? __pfx_kthread+0x10/0x10
[  980.611576][   T38]  ret_from_fork+0x510/0xa50
[  980.611605][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  980.611630][   T38]  ? __switch_to+0xc9e/0x1480
[  980.611671][   T38]  ? __pfx_kthread+0x10/0x10
[  980.611706][   T38]  ret_from_fork_asm+0x1a/0x30
[  980.611760][   T38]  </TASK>
[  980.611829][   T38] 
[  980.611829][   T38] Showing all locks held in the system:
[  980.611842][   T38] 1 lock held by khungtaskd/38:
[  980.611856][   T38]  #0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  980.611957][   T38] 2 locks held by getty/5559:
[  980.611971][   T38]  #0: ffff888034f060a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  980.612032][   T38]  #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x44f/0x1460
[  980.612094][   T38] 3 locks held by kworker/u8:21/12037:
[  980.612108][   T38]  #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  980.612165][   T38]  #1: ffffc90004bffbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  980.612222][   T38]  #2: ffffffff8e898800 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x7b0
[  980.612280][   T38] 3 locks held by syz-executor/13265:
[  980.612296][   T38] 3 locks held by syz-executor/15196:
[  980.612312][   T38] 1 lock held by syz-executor/15831:
[  980.612329][   T38] 6 locks held by kworker/1:14/16989:
[  980.612342][   T38]  #0: ffff88801dedf538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  980.612405][   T38]  #1: ffffc90005fcfbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  980.612460][   T38]  #2: ffff888144be1188 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4f30
[  980.612520][   T38]  #3: ffff888068184188 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xde/0x970
[  980.612575][   T38]  #4: ffff888068180150 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x800
[  980.612634][   T38]  #5: ffffffff8e326978 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x328/0x640
[  980.612689][   T38] 2 locks held by syz.4.4185/17285:
[  980.612703][   T38] 1 lock held by syz.2.4196/17332:
[  980.612717][   T38] 
[  980.612723][   T38] =============================================
[  980.612723][   T38] 
[  980.612734][   T38] NMI backtrace for cpu 0
[  980.612754][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  980.612784][   T38] Tainted: [L]=SOFTLOCKUP
[  980.612792][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  980.612808][   T38] Call Trace:
[  980.612817][   T38]  <TASK>
[  980.612826][   T38]  dump_stack_lvl+0xe8/0x150
[  980.612859][   T38]  nmi_cpu_backtrace+0x274/0x2d0
[  980.612889][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  980.612917][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  980.612951][   T38]  sys_info+0x135/0x170
[  980.612976][   T38]  watchdog+0xf95/0xfe0
[  980.613008][   T38]  ? watchdog+0x20a/0xfe0
[  980.613041][   T38]  kthread+0x711/0x8a0
[  980.613078][   T38]  ? __pfx_watchdog+0x10/0x10
[  980.613103][   T38]  ? __pfx_kthread+0x10/0x10
[  980.613132][   T38]  ? rt_spin_unlock+0x150/0x200
[  980.613168][   T38]  ? rt_spin_unlock+0x161/0x200
[  980.613202][   T38]  ? __pfx_kthread+0x10/0x10
[  980.613237][   T38]  ret_from_fork+0x510/0xa50
[  980.613265][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  980.613292][   T38]  ? __switch_to+0xc9e/0x1480
[  980.613331][   T38]  ? __pfx_kthread+0x10/0x10
[  980.613369][   T38]  ret_from_fork_asm+0x1a/0x30
[  980.613422][   T38]  </TASK>
[  980.613431][   T38] Sending NMI from CPU 0 to CPUs 1:
[  980.613467][    C1] NMI backtrace for cpu 1
[  980.613486][    C1] CPU: 1 UID: 0 PID: 17285 Comm: syz.4.4185 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  980.613514][    C1] Tainted: [L]=SOFTLOCKUP
[  980.613521][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  980.613533][    C1] RIP: 0010:_raw_spin_lock_irqsave+0x0/0x60
[  980.613554][    C1] Code: 74 24 08 e8 82 5b c7 f6 48 83 c4 08 48 89 df 5b e9 65 13 c8 f6 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 41 56 53 49 89 fe 9c 5b fa f7 c3 00 02 00 00 74 05 e8
[  980.613572][    C1] RSP: 0018:ffffc900093a7658 EFLAGS: 00000246
[  980.613590][    C1] RAX: 1ffff11006091162 RBX: ffffc900093a76a8 RCX: 0000000000000046
[  980.613604][    C1] RDX: 0000000000000000 RSI: ffffffff8cfdf0f5 RDI: ffff888148f0bde0
[  980.613619][    C1] RBP: ffffc900093a7720 R08: ffffffff8241ec5a R09: ffff888148f0be38
[  980.613634][    C1] R10: dffffc0000000000 R11: fffff94000191e21 R12: 1ffff92001274ed5
[  980.613649][    C1] R13: dffffc0000000000 R14: ffff888148f0bde0 R15: ffffc900093a76a0
[  980.613664][    C1] FS:  000055557cb01500(0000) GS:ffff888126def000(0000) knlGS:0000000000000000
[  980.613681][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  980.613699][    C1] CR2: 0000001b2da23ffc CR3: 00000000307a6000 CR4: 00000000003526f0
[  980.613717][    C1] Call Trace:
[  980.613724][    C1]  <TASK>
[  980.613731][    C1]  rt_spin_lock+0x14a/0x3e0
[  980.613760][    C1]  ? __pfx_rt_spin_lock+0x10/0x10
[  980.613785][    C1]  ? kmem_cache_free+0x18f/0x8d0
[  980.613823][    C1]  try_to_free_buffers+0x14a/0x2d0
[  980.613858][    C1]  block_invalidate_folio+0x5f7/0x730
[  980.613886][    C1]  ? shmem_mapping+0xd/0x50
[  980.613915][    C1]  ? __pfx_block_invalidate_folio+0x10/0x10
[  980.613946][    C1]  ? folio_mapping+0x16f/0x1f0
[  980.613969][    C1]  ? __pfx_block_invalidate_folio+0x10/0x10
[  980.613998][    C1]  truncate_cleanup_folio+0x2d8/0x430
[  980.614021][    C1]  truncate_inode_pages_range+0x236/0xd90
[  980.614050][    C1]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[  980.614087][    C1]  ? __pfx_call_function_single_prep_ipi+0x10/0x10
[  980.614140][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  980.614170][    C1]  ? __pfx_has_bh_in_lru+0x10/0x10
[  980.614201][    C1]  blkdev_flush_mapping+0x10c/0x2f0
[  980.614230][    C1]  ? bdev_release+0x1af/0x660
[  980.614258][    C1]  bdev_release+0x422/0x660
[  980.614288][    C1]  ? __pfx_blkdev_release+0x10/0x10
[  980.614318][    C1]  blkdev_release+0x15/0x20
[  980.614345][    C1]  __fput+0x45b/0xa80
[  980.614376][    C1]  task_work_run+0x1d4/0x260
[  980.614408][    C1]  ? __pfx_task_work_run+0x10/0x10
[  980.614445][    C1]  exit_to_user_mode_loop+0xef/0x4e0
[  980.614474][    C1]  ? rcu_is_watching+0x15/0xb0
[  980.614494][    C1]  do_syscall_64+0x2c1/0xf80
[  980.614513][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  980.614534][    C1]  ? clear_bhb_loop+0x60/0xb0
[  980.614557][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  980.614576][    C1] RIP: 0033:0x7f9d7929f749
[  980.614593][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  980.614609][    C1] RSP: 002b:00007fff23d23678 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  980.614628][    C1] RAX: 0000000000000000 RBX: 00007f9d794f7da0 RCX: 00007f9d7929f749
[  980.614642][    C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  980.614654][    C1] RBP: 00007f9d794f7da0 R08: 000000000000021c R09: 0000001e23d2396f
[  980.614667][    C1] R10: 00007f9d794f7cb0 R11: 0000000000000246 R12: 00000000000ec851
[  980.614681][    C1] R13: 00007f9d794f6090 R14: ffffffffffffffff R15: 00007fff23d23790
[  980.614707][    C1]  </TASK>
[  980.615471][   T38] Kernel panic - not syncing: hung_task: blocked tasks
[  980.615496][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  980.615527][   T38] Tainted: [L]=SOFTLOCKUP
[  980.615535][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  980.615548][   T38] Call Trace:
[  980.615557][   T38]  <TASK>
[  980.615567][   T38]  vpanic+0x1e0/0x670
[  980.615604][   T38]  panic+0xb9/0xc0
[  980.615635][   T38]  ? __pfx_panic+0x10/0x10
[  980.615678][   T38]  ? nmi_trigger_cpumask_backtrace+0x234/0x300
[  980.615715][   T38]  watchdog+0xfdf/0xfe0
[  980.615746][   T38]  ? watchdog+0x20a/0xfe0
[  980.615781][   T38]  kthread+0x711/0x8a0
[  980.615816][   T38]  ? __pfx_watchdog+0x10/0x10
[  980.615842][   T38]  ? __pfx_kthread+0x10/0x10
[  980.615873][   T38]  ? rt_spin_unlock+0x150/0x200
[  980.615909][   T38]  ? rt_spin_unlock+0x161/0x200
[  980.615938][   T38]  ? __pfx_kthread+0x10/0x10
[  980.615972][   T38]  ret_from_fork+0x510/0xa50
[  980.616001][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  980.616024][   T38]  ? __switch_to+0xc9e/0x1480
[  980.616063][   T38]  ? __pfx_kthread+0x10/0x10
[  980.616098][   T38]  ret_from_fork_asm+0x1a/0x30
[  980.616152][   T38]  </TASK>
[  980.616769][   T38] Kernel Offset: disabled