last executing test programs:

1m52.582363908s ago: executing program 3 (id=19):
openat$ppp(0xffffffffffffff9c, 0x0, 0x61500, 0x0)
r0 = openat$ttynull(0xffffff9c, &(0x7f00000000c0), 0x40, 0x0)
ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syzkaller0\x00', <r4=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x17}, 0x6e, r4})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000000180)=0x200000, 0x4)
getsockopt$XDP_STATISTICS(r6, 0x11b, 0x7, &(0x7f00000003c0), &(0x7f0000000400)=0x2f)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

1m52.251383333s ago: executing program 3 (id=20):
ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, 0x0, 0x0, @inherit={0x78, 0x0}, @subvolid=0x2})
r0 = syz_io_uring_setup(0x70d6, &(0x7f0000000040)={0x0, 0xe92b, 0x8000, 0x0, 0x293}, &(0x7f00000000c0), &(0x7f0000000100))
io_uring_setup(0x177f, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x3, 0x0, 0x0, r0})
syz_usb_connect(0x2, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x2, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x201, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x7}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0xc810}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000012c0)=ANY=[@ANYBLOB="24000000200001030000f3fffadbdf2502000004000000000800000035aa045cd7133b49cc0c0339a31e9beddb874f646aa2156b449ead7db457fa08d07c8d6d3ab633de24e2deda6e2b1de528b46a4615ce0a8d966ee82b6a67119fe5545b357772a534aee00ce1d6845c6f1e34b887cd5caab5283c30412677607efdcc1785c612e784b0c0b0e40018aecb26367a08be0315ef731cc287b0b97b317af34779"], 0x24}}, 0x40)
sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000900), 0x1ff, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r6, 0xc0045540, &(0x7f0000000340)=0x6)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$xdp(0x2c, 0x3, 0x0)

1m49.139224629s ago: executing program 3 (id=26):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}})
r0 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000480)={0x1, 0x1, &(0x7f00000003c0)=""/72, &(0x7f0000000440)=""/22, &(0x7f0000000540)=""/217})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0xe7ffffff, 0x0, {}, {0x5, 0x8, 0x0, 0x0, 0x4, 0x40}, 0x400, 0x1, {}, 0x4})
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r2, &(0x7f0000001240)=""/102400, 0x200000, 0x200000)

1m48.134225412s ago: executing program 3 (id=28):
syz_open_dev$vim2m(0x0, 0x1f7ff6, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000300), 0x101000, 0x0)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x8006d8c, 0x1, 0x20000200, 0x310, 0x0, r0}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x4}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
prlimit64(0x0, 0xe, 0x0, 0x0)
bind$rxrpc(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_emit_vhci(&(0x7f00000017c0)=ANY=[@ANYBLOB="040f04624f0b08"], 0x7)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x80000c0)
shmctl$IPC_INFO(0x0, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(r1, 0x1, 0x0)
r4 = getpid()
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r5 = syz_open_procfs$namespace(r4, &(0x7f0000000140)='ns/mnt\x00')
ioctl$EXT4_IOC_GETSTATE(r5, 0x8008b705, 0x0)

1m47.17120723s ago: executing program 3 (id=30):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}})
r0 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000480)={0x1, 0x1, &(0x7f00000003c0)=""/72, &(0x7f0000000440)=""/22, &(0x7f0000000540)=""/217})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0xe7ffffff, 0x0, {}, {0x5, 0x8, 0x0, 0x0, 0x4, 0x40}, 0x400, 0x1, {}, 0x4})
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r2, &(0x7f0000001240)=""/102400, 0x200000, 0x200000) (fail_nth: 2)

1m46.161761046s ago: executing program 3 (id=33):
gettid()
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x2000)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x234, @tick=0x9})
socket(0x11, 0x80a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000400))
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x6, [0x6, 0xb, 0x61b7, 0xcca4, 0x3, 0x5, 0x5, 0x2, 0xfff9, 0x3, 0xee8, 0x0, 0x7ff, 0xb200, 0x5, 0x8, 0x1ff, 0xfffa, 0x9, 0x6, 0x0, 0x5, 0x9, 0x800, 0x6f, 0x0, 0x7, 0x3, 0xffff, 0x4, 0x4, 0x7, 0x6, 0x90, 0xec5, 0x20, 0x4, 0x6, 0x7, 0x1, 0x40, 0x0, 0x5, 0x9, 0x6, 0x2, 0xf, 0x3], 0x81}})
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94)
r2 = socket$kcm(0x11, 0x2, 0x0)
r3 = socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r3, 0x107, 0x12, &(0x7f00000000c0)=r2, 0x8)
close(r2)
r4 = socket$kcm(0x11, 0x2, 0x0)
r5 = socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r5, 0x107, 0x12, &(0x7f00000000c0)=r4, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180))
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setrlimit(0x1, &(0x7f0000000000)={0x3, 0x6})
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8002, 0x0)
read$msr(r6, &(0x7f0000019540)=""/102400, 0xfffffdc4)
eventfd(0x1e)
ioperm(0x0, 0xd4b7, 0xa)
syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffff1704b45adbde0800450000380000000000019078ac1e0001ac1414aa05009078e00000e04500000000000000e6840000ac1414aa7f000001c6cfe9"], 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x40045731, 0x0)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)=0xdfe5)

1m30.981379627s ago: executing program 32 (id=33):
gettid()
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x2000)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x234, @tick=0x9})
socket(0x11, 0x80a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000400))
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x6, [0x6, 0xb, 0x61b7, 0xcca4, 0x3, 0x5, 0x5, 0x2, 0xfff9, 0x3, 0xee8, 0x0, 0x7ff, 0xb200, 0x5, 0x8, 0x1ff, 0xfffa, 0x9, 0x6, 0x0, 0x5, 0x9, 0x800, 0x6f, 0x0, 0x7, 0x3, 0xffff, 0x4, 0x4, 0x7, 0x6, 0x90, 0xec5, 0x20, 0x4, 0x6, 0x7, 0x1, 0x40, 0x0, 0x5, 0x9, 0x6, 0x2, 0xf, 0x3], 0x81}})
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94)
r2 = socket$kcm(0x11, 0x2, 0x0)
r3 = socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r3, 0x107, 0x12, &(0x7f00000000c0)=r2, 0x8)
close(r2)
r4 = socket$kcm(0x11, 0x2, 0x0)
r5 = socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r5, 0x107, 0x12, &(0x7f00000000c0)=r4, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180))
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setrlimit(0x1, &(0x7f0000000000)={0x3, 0x6})
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8002, 0x0)
read$msr(r6, &(0x7f0000019540)=""/102400, 0xfffffdc4)
eventfd(0x1e)
ioperm(0x0, 0xd4b7, 0xa)
syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffff1704b45adbde0800450000380000000000019078ac1e0001ac1414aa05009078e00000e04500000000000000e6840000ac1414aa7f000001c6cfe9"], 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x40045731, 0x0)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)=0xdfe5)

8.69048102s ago: executing program 1 (id=392):
r0 = socket(0x1d, 0x6, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x8}, 0x14)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180}, {0x0, 0x0, 0x1000, 0x1, 0x0, 0x7fffffffffffffff, 0x0, 0x5}, {0x0, 0x0, 0x200}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1}, {{@in6=@mcast1}, 0x0, @in=@multicast1, 0x3507, 0x0, 0x0, 0x0, 0xfffffffe, 0x4000000, 0xb9}}, 0xe4)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@x86={0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x80, 0x0, 0x0, 0x0, 0x2})
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x3, 0x4006, 0xe944, 0x0, [{0x80, 0x8, 0x0, '\x00', 0x2}, {0x0, 0xff, 0x0, '\x00', 0x2}, {0x12, 0x6, 0x4, '\x00', 0x7}, {0xf4, 0x2, 0x4, '\x00', 0x5}, {0xd, 0x8, 0x5, '\x00', 0xd}, {0x4, 0x0, 0x20, '\x00', 0x4}, {0x3, 0x65, 0x10, '\x00', 0x4}, {0x5, 0xea, 0x9, '\x00', 0xfd}, {0x7, 0xd, 0x8, '\x00', 0xd}, {0xb0, 0x8, 0x6b, '\x00', 0x81}, {0x8, 0xa, 0x5, '\x00', 0x8}, {0x5, 0x4, 0xb, '\x00', 0x2}, {0x81, 0x0, 0x3, '\x00', 0x9}, {0x4, 0x3, 0x1, '\x00', 0x8}, {0x8, 0xf0, 0x48, '\x00', 0xd}, {0x4, 0x7, 0xf7, '\x00', 0x4}, {0xbb, 0xd, 0x3, '\x00', 0x4}, {0x2, 0x5, 0x81, '\x00', 0x1}, {0x7, 0x3, 0x4, '\x00', 0x8}, {0x4, 0x7, 0x5, '\x00', 0x71}, {0x50, 0x3, 0x1, '\x00', 0x9}, {0x51, 0xfd, 0x1, '\x00', 0x6}, {0x5, 0x6, 0x9}, {0x1, 0x2, 0x1, '\x00', 0xd5}]}})
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
mknod$loop(0x0, 0x0, 0x1)
mount$nfs4(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="6673633d8f"])
setsockopt$SO_BINDTODEVICE_wg(r8, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r8, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)

7.714978577s ago: executing program 1 (id=395):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000003080)={0x0, 0x0, 0x0}, 0x24048045)
setsockopt$sock_attach_bpf(r0, 0x1, 0x31, &(0x7f0000000000), 0x4)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r4, 0x6, 0xb, &(0x7f0000000300)=""/218, &(0x7f0000000040)=0xda)
sched_setaffinity(r1, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)

6.767722949s ago: executing program 0 (id=399):
r0 = openat$hpet(0xffffffffffffff9c, 0x0, 0x400, 0x0)
mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, r0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000280)={r1, r1, 0xc, 0x0, 0x0, 0x9, 0x1, 0x458, 0x9, 0x9, 0x2, 0x7, 'syz0\x00'})
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x8, 0x3, 0x3b0, 0x0, 0x11, 0x148, 0x14c, 0x10, 0x374, 0x2a8, 0x2a8, 0x374, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0xac, 0xf4, 0x1c, {}, [@common=@unspec=@limit={{0x3c}, {0x6, 0x8, 0x2, 0x12, 0x0, 0x7, 0x3}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x1ff, 0x0, 0x2, 'snmp\x00', {0xff}}}}, {{@ip={@multicast1, @rand_addr=0x64010102, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1c8, 0x228, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'team_slave_0\x00', {0x459, 0x0, 0x48, 0x0, 0x0, 0x3, 0x2, 0x80, 0x0, 0x18}, {0x91}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x1, 0x3, 0x2, 0x0, 0x2, 0x1]}, {0x1, [0x3, 0x2, 0x1, 0x0, 0x3, 0x5], 0x4}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x40c)

6.609701248s ago: executing program 1 (id=400):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x5, &(0x7f0000000180)=ANY=[@ANYRESOCT=r1, @ANYRESDEC=r0, @ANYRESDEC=r1], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x24, @void, @value}, 0x94)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122"], 0x0)
syz_usb_control_io(r2, &(0x7f0000000100)={0x18, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)

6.555442647s ago: executing program 4 (id=401):
ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, 0x0, 0x0, @inherit={0x78, 0x0}, @subvolid=0x2})
r0 = syz_io_uring_setup(0x70d6, &(0x7f0000000040)={0x0, 0xe92b, 0x8000, 0x0, 0x293}, &(0x7f00000000c0), &(0x7f0000000100))
io_uring_setup(0x177f, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x3, 0x0, 0x0, r0})
syz_usb_connect(0x2, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x2, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x201, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x7}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0xc810}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000012c0)=ANY=[@ANYBLOB="24000000200001030000f3fffadbdf2502000004000000000800000035aa045cd7133b49cc0c0339a31e9beddb874f646aa2156b449ead7db457fa08d07c8d6d3ab633de24e2deda6e2b1de528b46a4615ce0a8d966ee82b6a67119fe5545b357772a534aee00ce1d6845c6f1e34b887cd5caab5283c3041"], 0x24}}, 0x40)
sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000900), 0x1ff, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r6, 0xc0045540, &(0x7f0000000340)=0x6)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$xdp(0x2c, 0x3, 0x0)

5.700673364s ago: executing program 0 (id=402):
ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, 0x0, 0x0, @inherit={0x78, 0x0}, @subvolid=0x2})
r0 = syz_io_uring_setup(0x70d6, &(0x7f0000000040)={0x0, 0xe92b, 0x8000, 0x0, 0x293}, &(0x7f00000000c0), &(0x7f0000000100))
io_uring_setup(0x177f, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x3, 0x0, 0x0, r0})
syz_usb_connect(0x2, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x2, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x201, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x7}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0xc810}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000012c0)=ANY=[@ANYBLOB="24000000200001030000f3fffadbdf2502000004000000000800000035aa045cd7133b49cc0c0339a31e9beddb874f646aa2156b449ead7db457fa08d07c8d6d3ab633de24e2deda6e2b1de528b46a4615ce0a8d966ee82b6a67119fe5545b357772a534aee00ce1d6845c6f1e34b887cd5caab5283c3041"], 0x24}}, 0x40)
sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000900), 0x1ff, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r6, 0xc0045540, &(0x7f0000000340)=0x6)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$xdp(0x2c, 0x3, 0x0)

4.510186274s ago: executing program 2 (id=403):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="94000000", @ANYRES16=r2, @ANYBLOB="01002abd7000fbdbdf251700000008000300", @ANYRES32=r3, @ANYBLOB="0a0006"], 0x94}, 0x1, 0x0, 0x0, 0x4800}, 0x40004)

4.424288689s ago: executing program 2 (id=404):
socket(0x10, 0x803, 0x0)
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
userfaultfd(0x80001)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x1b, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.450791335s ago: executing program 4 (id=405):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
syz_io_uring_setup(0x241d, &(0x7f0000000380)={0x0, 0xabb9, 0x13090, 0x1, 0x11b}, 0x0, 0x0)
ioctl$TCSBRKP(r0, 0x5425, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

3.278391848s ago: executing program 1 (id=406):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0x151b, &(0x7f00000000c0)={0x0, 0x6d89, 0x400, 0x40000, 0x113}, &(0x7f0000000280), 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usbip_server_init(0x4)
r0 = openat(0xffffffffffffffff, &(0x7f0000004040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xa0080, 0xda)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
sendto$unix(r0, &(0x7f0000000080)="f91e8addef32d75121ef77b238b4", 0xe, 0x4, &(0x7f0000000200)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
syz_usbip_server_init(0x2)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000380)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r3, 0x0, 0x20000000, 0x0, 0x0, [], [0x1, 0x0, 0x0, 0x1], [0x0, 0xfffffffe, 0x0, 0xb68a], [0x0, 0x2, 0x0, 0xcbb]})
syz_usbip_server_init(0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
symlinkat(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r0, &(0x7f0000000c40)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000880)=@generic={&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r4}, 0xfffffffffffffdf7)
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000300)='./file0\x00')
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)

2.86004792s ago: executing program 2 (id=407):
r0 = socket$inet6_dccp(0xa, 0x6, 0x0)
madvise(&(0x7f0000fed000/0x13000)=nil, 0x13000, 0x19)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000540)=0x1, 0x4)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000040)={0x401, 0x0, 0x5, 0x2, 0x8})
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000140)=0x8, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="58000000020601080000000000000000000000000900020073797a31000000000500040000001900050001000700000005000500020000000c000300686173683a6970001400078005001500080000000800064000000003"], 0x58}}, 0x0)
listen(r2, 0xc)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x9, @loopback, 0x20}, 0x1c)
r4 = syz_io_uring_setup(0x3dfc, &(0x7f0000000400)={0x0, 0x100002, 0x10300, 0x2, 0xffffffff}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
socket$inet6_sctp(0xa, 0x1, 0x84)
io_uring_enter(r4, 0xa3d, 0x0, 0x0, 0x0, 0xff39)

2.834306778s ago: executing program 2 (id=408):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@bridge_delvlan={0x24, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x5, 0x1}}}]}, 0x24}}, 0x0) (fail_nth: 6)

2.740178538s ago: executing program 2 (id=409):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f0000000200)=ANY=[@ANYRES8=r0], &(0x7f00000001c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000a0000000c00008008"], 0x20}, 0x1, 0x0, 0x0, 0x20040041}, 0x0)
socket$rds(0x15, 0x5, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x9e)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r5=>r1, {0x4}}, './file0\x00'})
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000140)={0x0, 0x2, 0x100, 0x9, 0x7, 0xfffefffd}, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000000))
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r7 = io_uring_setup(0x7d94, &(0x7f00000003c0)={0x0, 0xdf07, 0x2, 0x2, 0x0, 0x0, r5})
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r8, 0x5201)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000440), 0x189040, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r9, 0x5201)
close_range(r7, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x24, 0x24, 0x5820a61ca228651, 0x70bd26, 0x80, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
ioctl$PPPIOCSNPMODE(0xffffffffffffffff, 0x4008744b, &(0x7f00000000c0)={0x29, 0x2})

2.659902057s ago: executing program 0 (id=410):
r0 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000203850000a26939d60000000000000f0800010001"], 0x1c}}, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r1, 0x107, 0x14, 0x0, &(0x7f0000000040))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f00000001c0)={r3, 0x7, 0x2, "1c99"}, 0xa)
r4 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="068e9ee03608000000100000200b000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {}, {0x0, 0x5}, {0x9, 0xa}}}, 0x24}}, 0x0)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280), r0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, r8, 0x2, 0x70bd26, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x200008c1}, 0x4005)
openat$vcs(0xffffff9c, &(0x7f0000000100), 0x80, 0x0)
io_setup(0x6, 0x0)
io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x101, 0xffffffffffffffff, 0x0, 0x0, 0x8000000000000000}])
r9 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb, 0xc}}, @TCA_CT_ZONE={0x6, 0x4, 0x9}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4004000}, 0x10000000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r11=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r9, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffea5, 0x0, 0x0, r11})

2.590148817s ago: executing program 4 (id=411):
r0 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000203850000a26939d60000000000000f0800010001"], 0x1c}}, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r1, 0x107, 0x14, 0x0, &(0x7f0000000040))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f00000001c0)={r3, 0x7, 0x2, "1c99"}, 0xa)
r4 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="068e9ee03608000000100000200b000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {}, {0x0, 0x5}, {0x9, 0xa}}}, 0x24}}, 0x0)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280), r0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, r8, 0x2, 0x70bd26, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x200008c1}, 0x4005)
openat$vcs(0xffffff9c, &(0x7f0000000100), 0x80, 0x0)
io_setup(0x6, 0x0)
io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x101, 0xffffffffffffffff, 0x0, 0x0, 0x8000000000000000}])
r9 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb, 0xc}}, @TCA_CT_ZONE={0x6, 0x4, 0x9}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4004000}, 0x10000000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r11=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r9, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffea5, 0x0, 0x0, r11})

2.526947838s ago: executing program 1 (id=412):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="08002600ad1600004000330010000000"], 0x68}}, 0x0) (fail_nth: 6)

2.299829169s ago: executing program 1 (id=413):
ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, 0x0, 0x0, @inherit={0x78, 0x0}, @subvolid=0x2})
r0 = syz_io_uring_setup(0x70d6, &(0x7f0000000040)={0x0, 0xe92b, 0x8000, 0x0, 0x293}, &(0x7f00000000c0), &(0x7f0000000100))
io_uring_setup(0x177f, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x3, 0x0, 0x0, r0})
syz_usb_connect(0x2, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x2, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x201, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x7}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0xc810}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000012c0)=ANY=[@ANYBLOB="24000000200001030000f3fffadbdf2502000004000000000800000035aa045cd7133b49cc0c0339a31e9beddb874f646aa2156b449ead7db457fa08d07c8d6d3ab633de24e2deda6e2b1de528b46a4615ce0a8d966ee82b6a67119fe5545b357772a534aee00ce1d6845c6f1e34b887cd5caab5283c3041"], 0x24}}, 0x40)
sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000900), 0x1ff, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r6, 0xc0045540, &(0x7f0000000340)=0x6)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$xdp(0x2c, 0x3, 0x0)

1.91556386s ago: executing program 2 (id=414):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x5, &(0x7f0000000180)=ANY=[@ANYRESOCT=r1, @ANYRESDEC=r0, @ANYRESDEC=r1], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x24, @void, @value}, 0x94)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122"], 0x0)
syz_usb_control_io(r2, &(0x7f0000000100)={0x18, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)

414.520535ms ago: executing program 0 (id=415):
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r0, {}, 0xa}}, 0x26)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x4f, &(0x7f0000001180)={@random="c3ad7f0ceb48", @random="f8794fda5bd6", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e21, 0x4e20, 0x2d, 0x0, @opaque="4222f037fa70d3822f9c070124784b6dce530d3bd86c1c783a1358eb3d5a47aad79b433e7f"}}}}}, 0x0) (fail_nth: 6)

270.595123ms ago: executing program 0 (id=416):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_RW(r3, 0x118, 0x0, &(0x7f0000000100)=0x9, 0x4)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0xb, 0x0, 0x8, 0x0, 0x4, 0x2, 0x3, 0x8, 0x9, 0x10}, {0x2, 0xf000, 0xc, 0x0, 0x2, 0x0, 0x7, 0x0, 0x25, 0x7, 0x4, 0x4}, {0x2000, 0x5000, 0x9, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x4, 0xfc}, {0x0, 0xd000, 0x0, 0xff, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0xeeef0000, 0x6960be0366b8f219, 0x0, 0xfc, 0x4, 0x0, 0x0, 0x0, 0x38, 0x0, 0x2}, {0x0, 0xdddd1000, 0x8, 0x0, 0x0, 0x0, 0x2, 0x0, 0xa, 0x2, 0x1}, {0xeeee0000, 0x4000, 0xa, 0x5, 0x0, 0x0, 0x3, 0x7, 0x0, 0x4}, {0x1, 0x0, 0x3, 0xfe, 0x0, 0x1, 0x0, 0x2b, 0x26}, {0xdddd1000}, {0xdddd1000, 0xfffc}, 0xddf8ffdb, 0x0, 0x0, 0x430, 0x4, 0x2501, 0x4000, [0x100000, 0x0, 0x2]})
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x170003, 0x0, [0x53b2, 0xffffffff, 0x4, 0x5, 0x1, 0x7, 0x40, 0xb82]})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_PER_PORT={0x5, 0x2d, 0x1}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0x1}, @IFLA_BR_NF_CALL_IPTABLES={0x5, 0x24, 0x1}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}, @IFLA_BR_GROUP_FWD_MASK={0x6, 0x9, 0xffff}]}}}]}, 0x60}}, 0x0)

210.628215ms ago: executing program 4 (id=417):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@x86={0x6, 0x8, 0x0, 0x0, 0x9, 0x3, 0x4, 0x1b, 0x7, 0x40, 0x5, 0x6, 0x0, 0x1, 0x6, 0x4, 0x9, 0x4, 0xa0, '\x00', 0xf3, 0x1000})
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000080)={0x1a0003, 0x0, [0x8, 0xff, 0xfffffffffffffffb, 0x3e00000000000000, 0x7fffffff, 0x7, 0x9, 0xa]})
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1200000008000000ff000000b47c000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x48)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000900), 0x2, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a006030", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000004fe8000000000000000000000000000bb4e200000000000000a0040", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r9=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[@ANYBLOB="4c0000001000010027bd7000fbdbdfa500000000", @ANYRES32=r9, @ANYBLOB="104e0600016201002c001280110001006272696467655f736c6176650000000014000580050006000100"], 0x4c}, 0x1, 0x0, 0x0, 0x404c000}, 0x2)

566.392µs ago: executing program 4 (id=418):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r0, &(0x7f0000000140)="96", 0x1, 0x1, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000015000103"], 0x14}}, 0x0)
close(r1)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0xf0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0xb8}}, 0x0)

186.397µs ago: executing program 4 (id=419):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a18010000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000002cd40009800800014000000006c80002800c00018008000140000000032400018008000140000000070800014000000008080001400000000908000140000000080c000180080001400000000a240001800800014000000006"], 0x140}}, 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000000c0)={[{@dyn}]})
r1 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r3 = openat$cgroup_devices(r2, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r3, &(0x7f0000000000)=ANY=[@ANYBLOB='b *:', @ANYRESDEC], 0x5a)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x11a)
mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
renameat2(r5, &(0x7f00000001c0)='./file0\x00', r5, &(0x7f0000000200)='./bus/file0\x00', 0x0)
r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r6, &(0x7f0000001fc0)=""/184, 0xb8)

0s ago: executing program 0 (id=420):
r0 = syz_open_dev$media(&(0x7f00000007c0), 0x2, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f00000001c0)={0x0, 0x3, 0x0, &(0x7f0000000c00)=[{}, {}, {}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

k - 0 bytes
[   90.275058][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[   90.276911][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[   90.278846][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[   90.280721][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[   90.282589][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[   90.284432][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[   90.286285][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[   90.288150][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[   90.290357][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[   90.292207][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[   90.292362][ T6475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   90.293967][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[   90.293976][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[   90.294146][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[   90.294155][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[   90.294325][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[   90.296745][ T6475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   90.298414][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[   90.309676][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[   90.311520][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[   92.218298][ T6534] netlink: 8 bytes leftover after parsing attributes in process `syz.4.124'.
[   92.591871][ T6537] netlink: 4 bytes leftover after parsing attributes in process `syz.2.126'.
[   92.616448][ T6018] usb 6-1: USB disconnect, device number 8
[   92.770895][ T6543] netlink: 4 bytes leftover after parsing attributes in process `syz.1.127'.
[   93.219890][   T24] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[   93.369942][   T24] usb 9-1: Using ep0 maxpacket: 16
[   93.374833][   T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   93.377577][   T24] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   93.381177][   T24] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[   93.383675][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.387065][   T24] usb 9-1: config 0 descriptor??
[   93.391752][   T24] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[   94.054225][ T6567] ieee802154 phy1 wpan1: encryption failed: -22
[   94.059853][ T6567] netlink: 68 bytes leftover after parsing attributes in process `syz.2.133'.
[   94.110069][ T6014] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[   94.258942][ T6572] random: crng reseeded on system resumption
[   94.289595][ T6014] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[   94.293946][ T6014] usb 5-1: config 0 has no interface number 0
[   94.296170][ T6014] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   94.301280][ T6014] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[   94.305258][ T6014] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[   94.308990][ T6014] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[   94.315658][ T6014] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[   94.321301][ T6014] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[   94.324516][ T6014] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.335086][ T6014] usb 5-1: config 0 descriptor??
[   94.342289][ T6564] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[   94.349156][ T6014] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[   94.379930][ T6018] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[   94.532807][ T6018] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[   94.535098][ T6018] usb 6-1: config 0 has no interface number 0
[   94.536815][ T6018] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   94.539737][ T6018] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[   94.543124][ T6018] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[   94.547744][ T6018] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[   94.551245][ T6018] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[   94.554821][ T6018] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[   94.557861][ T6018] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.562226][ T6018] usb 6-1: config 0 descriptor??
[   94.565047][ T6570] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[   94.569058][ T6018] ldusb 6-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[   96.106821][   T29] usb 9-1: USB disconnect, device number 3
[   96.357021][ T6590] netlink: 4 bytes leftover after parsing attributes in process `syz.4.139'.
[   96.905815][   T29] usb 5-1: USB disconnect, device number 6
[   96.921950][   T29] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[   97.590624][ T6015] usb 6-1: USB disconnect, device number 9
[   97.700135][ T6015] ldusb 6-1:0.55: LD USB Device #1 now disconnected
[   98.402084][   T58] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[   98.549862][   T58] usb 7-1: Using ep0 maxpacket: 16
[   98.553613][   T58] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   98.556340][   T58] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   98.560667][   T58] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[   98.563192][   T58] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.566459][   T58] usb 7-1: config 0 descriptor??
[   98.569468][   T58] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[   98.740078][   T24] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[   98.829880][ T1331] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[   98.890985][   T24] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[   98.893297][   T24] usb 6-1: config 0 has no interface number 0
[   98.895004][   T24] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   98.898309][   T24] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[   98.901862][   T24] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[   98.905292][   T24] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[   98.908330][   T24] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[   98.912301][   T24] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[   98.914808][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.918261][   T24] usb 6-1: config 0 descriptor??
[   98.921270][ T6623] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   98.925100][   T24] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[   99.001231][ T1331] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   99.003697][ T1331] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   99.006539][ T1331] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[   99.009065][ T1331] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[   99.012551][ T1331] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[   99.017777][ T1331] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   99.020554][ T1331] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   99.022665][ T1331] usb 9-1: Product: syz
[   99.023799][ T1331] usb 9-1: Manufacturer: syz
[   99.026791][ T6625] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[   99.029998][ T1331] cdc_wdm 9-1:1.0: skipping garbage
[   99.031480][ T1331] cdc_wdm 9-1:1.0: skipping garbage
[   99.034044][ T1331] cdc_wdm 9-1:1.0: cdc-wdm1: USB WDM device
[   99.035649][ T1331] cdc_wdm 9-1:1.0: Unknown control protocol
[   99.234730][ T6625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.238529][ T6625] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.245026][ T1331] usb 9-1: USB disconnect, device number 4
[   99.494750][ T6639] random: crng reseeded on system resumption
[   99.862344][ T6646] exFAT-fs (nullb0): invalid boot record signature
[   99.864302][ T6646] exFAT-fs (nullb0): failed to read boot sector
[   99.866049][ T6646] exFAT-fs (nullb0): failed to recognize exfat type
[  101.273649][ T6015] usb 7-1: USB disconnect, device number 8
[  101.495995][ T6659] netlink: 4 bytes leftover after parsing attributes in process `syz.2.159'.
[  101.584307][ T6015] usb 6-1: USB disconnect, device number 10
[  101.601348][ T6015] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  101.729106][ T6667] netlink: 56 bytes leftover after parsing attributes in process `syz.0.161'.
[  101.737112][ T6667] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  101.741948][ T6667] batman_adv: batadv0: Adding interface: ip6gretap1
[  101.743826][ T6667] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.744147][ T6669] FAULT_INJECTION: forcing a failure.
[  101.744147][ T6669] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  101.755655][ T6669] CPU: 0 UID: 0 PID: 6669 Comm: syz.4.162 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  101.755686][ T6669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  101.755693][ T6669] Call Trace:
[  101.755697][ T6669]  <TASK>
[  101.755701][ T6669]  dump_stack_lvl+0x16c/0x1f0
[  101.755718][ T6669]  should_fail_ex+0x512/0x640
[  101.755757][ T6669]  _copy_to_user+0x32/0xd0
[  101.755773][ T6669]  simple_read_from_buffer+0xcb/0x170
[  101.755788][ T6669]  proc_fail_nth_read+0x197/0x270
[  101.755803][ T6669]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  101.755817][ T6669]  ? rw_verify_area+0xcf/0x680
[  101.755829][ T6669]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  101.755842][ T6669]  vfs_read+0x1de/0xc70
[  101.755856][ T6669]  ? __pfx___mutex_lock+0x10/0x10
[  101.755870][ T6669]  ? __pfx_vfs_read+0x10/0x10
[  101.755887][ T6669]  ? __fget_files+0x20e/0x3c0
[  101.755904][ T6669]  ksys_read+0x12a/0x240
[  101.755917][ T6669]  ? __pfx_ksys_read+0x10/0x10
[  101.755929][ T6669]  ? rcu_is_watching+0x12/0xc0
[  101.755942][ T6669]  ? rcu_is_watching+0x12/0xc0
[  101.755955][ T6669]  __do_fast_syscall_32+0x73/0x120
[  101.755970][ T6669]  do_fast_syscall_32+0x32/0x80
[  101.755984][ T6669]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  101.755996][ T6669] RIP: 0023:0xf7f68579
[  101.756004][ T6669] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  101.756013][ T6669] RSP: 002b:00000000f5086590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  101.756023][ T6669] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5086620
[  101.756028][ T6669] RDX: 000000000000000f RSI: 00000000f73ecff4 RDI: 0000000000000000
[  101.756034][ T6669] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  101.756039][ T6669] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  101.756044][ T6669] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  101.756056][ T6669]  </TASK>
[  101.759163][ T6667] batman_adv: batadv0: Interface activated: ip6gretap1
[  101.886661][ T6674] netlink: 4 bytes leftover after parsing attributes in process `syz.1.164'.
[  102.359973][ T6014] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  102.370400][ T6684] Cannot find add_set index 3 as target
[  102.376013][ T6684] erofs (device loop1): cannot find valid erofs superblock
[  102.512330][ T6014] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  102.515338][ T6014] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  102.518089][ T6014] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  102.520845][ T6014] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  102.523855][ T6014] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  102.529534][ T6014] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  102.532353][ T6014] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  102.534526][ T6014] usb 9-1: Product: syz
[  102.535690][ T6014] usb 9-1: Manufacturer: syz
[  102.539707][ T6671] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  102.542630][ T6014] cdc_wdm 9-1:1.0: skipping garbage
[  102.544707][ T6014] cdc_wdm 9-1:1.0: skipping garbage
[  102.547659][ T6014] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  102.549318][ T6014] cdc_wdm 9-1:1.0: Unknown control protocol
[  102.744204][    C0] wdm_int_callback: 14183 callbacks suppressed
[  102.744225][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  102.747834][    C0] wdm_int_callback: 14183 callbacks suppressed
[  102.747841][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  102.751590][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  102.753428][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  102.755057][ T6671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  102.756470][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  102.758087][ T6671] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  102.759266][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  102.763549][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  102.765389][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  102.767332][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  102.769152][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  102.771055][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  102.772886][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  102.774824][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  102.776807][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  102.778620][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  102.780291][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  102.782221][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  102.783893][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  102.785777][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  102.787426][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  102.868020][ T6018] usb 9-1: USB disconnect, device number 5
[  102.868349][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  102.872446][ T6671] cdc_wdm 9-1:1.0: Tx URB error: -19
[  103.054321][ T6692] FAULT_INJECTION: forcing a failure.
[  103.054321][ T6692] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  103.057779][ T6692] CPU: 2 UID: 0 PID: 6692 Comm: syz.1.169 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  103.057794][ T6692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  103.057801][ T6692] Call Trace:
[  103.057805][ T6692]  <TASK>
[  103.057808][ T6692]  dump_stack_lvl+0x16c/0x1f0
[  103.057828][ T6692]  should_fail_ex+0x512/0x640
[  103.057842][ T6692]  _copy_from_iter+0x2a4/0x15b0
[  103.057856][ T6692]  ? alloc_pages_mpol+0x25a/0x550
[  103.057865][ T6692]  ? __pfx__copy_from_iter+0x10/0x10
[  103.057877][ T6692]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  103.057885][ T6692]  ? trace_mm_page_alloc+0x11f/0x1a0
[  103.057900][ T6692]  copy_page_from_iter+0xa5/0x120
[  103.057913][ T6692]  tun_build_skb.constprop.0+0x292/0x1480
[  103.057932][ T6692]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  103.057947][ T6692]  ? __lock_acquire+0x5ca/0x1ba0
[  103.057963][ T6692]  ? find_held_lock+0x2b/0x80
[  103.057976][ T6692]  tun_get_user+0x165f/0x3b10
[  103.057994][ T6692]  ? __pfx_tun_get_user+0x10/0x10
[  103.058007][ T6692]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  103.058023][ T6692]  ? find_held_lock+0x2b/0x80
[  103.058035][ T6692]  ? tun_get+0x191/0x370
[  103.058050][ T6692]  tun_chr_write_iter+0xdc/0x210
[  103.058064][ T6692]  vfs_write+0x5ba/0x1180
[  103.058078][ T6692]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  103.058092][ T6692]  ? __pfx_vfs_write+0x10/0x10
[  103.058104][ T6692]  ? find_held_lock+0x2b/0x80
[  103.058123][ T6692]  ksys_write+0x12a/0x240
[  103.058136][ T6692]  ? __pfx_ksys_write+0x10/0x10
[  103.058150][ T6692]  ? rcu_is_watching+0x12/0xc0
[  103.058163][ T6692]  __do_fast_syscall_32+0x73/0x120
[  103.058178][ T6692]  do_fast_syscall_32+0x32/0x80
[  103.058192][ T6692]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  103.058204][ T6692] RIP: 0023:0xf743e579
[  103.058212][ T6692] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  103.058221][ T6692] RSP: 002b:00000000f50c6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  103.058230][ T6692] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 00000000800002c0
[  103.058236][ T6692] RDX: 000000000000002a RSI: 00000000f742cff4 RDI: 0000000000000000
[  103.058242][ T6692] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  103.058247][ T6692] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  103.058252][ T6692] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  103.058263][ T6692]  </TASK>
[  103.130772][    C2] hpet: Lost 3 RTC interrupts
[  103.140032][ T6014] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  103.299846][ T6014] usb 5-1: Using ep0 maxpacket: 16
[  103.304670][ T6014] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  103.307211][ T6014] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  103.310740][ T6014] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  103.313223][ T6014] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.317153][ T6014] usb 5-1: config 0 descriptor??
[  103.322136][ T6014] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  104.155238][ T6710] random: crng reseeded on system resumption
[  104.195298][ T6711] netlink: 4 bytes leftover after parsing attributes in process `syz.2.174'.
[  105.111587][ T6722] FAULT_INJECTION: forcing a failure.
[  105.111587][ T6722] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  105.115162][ T6722] CPU: 3 UID: 0 PID: 6722 Comm: syz.4.177 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  105.115175][ T6722] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.115181][ T6722] Call Trace:
[  105.115184][ T6722]  <TASK>
[  105.115188][ T6722]  dump_stack_lvl+0x16c/0x1f0
[  105.115205][ T6722]  should_fail_ex+0x512/0x640
[  105.115219][ T6722]  _copy_to_iter+0x477/0x15a0
[  105.115234][ T6722]  ? __pfx__copy_to_iter+0x10/0x10
[  105.115247][ T6722]  ? __skb_recv_datagram+0x1b2/0x220
[  105.115260][ T6722]  ? __pfx___skb_recv_datagram+0x10/0x10
[  105.115272][ T6722]  simple_copy_to_iter+0x46/0x90
[  105.115282][ T6722]  __skb_datagram_iter+0x125/0x8c0
[  105.115291][ T6722]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  105.115302][ T6722]  ? skb_recv_datagram+0x88/0xc0
[  105.115314][ T6722]  skb_copy_datagram_iter+0x40/0x50
[  105.115325][ T6722]  netlink_recvmsg+0x298/0xf20
[  105.115340][ T6722]  ? __pfx_netlink_recvmsg+0x10/0x10
[  105.115352][ T6722]  ? aa_sk_perm+0x2f4/0xb10
[  105.115365][ T6722]  ? __pfx_aa_sk_perm+0x10/0x10
[  105.115381][ T6722]  sock_recvmsg+0x1f6/0x250
[  105.115396][ T6722]  ____sys_recvmsg+0x218/0x6b0
[  105.115413][ T6722]  ? __pfx_____sys_recvmsg+0x10/0x10
[  105.115427][ T6722]  ? import_iovec+0x109/0x140
[  105.115444][ T6722]  ? __lock_acquire+0x5ca/0x1ba0
[  105.115455][ T6722]  ___sys_recvmsg+0x114/0x1a0
[  105.115472][ T6722]  ? __pfx____sys_recvmsg+0x10/0x10
[  105.115490][ T6722]  ? get_pid_task+0x40/0x250
[  105.115503][ T6722]  do_recvmmsg+0x568/0x740
[  105.115514][ T6722]  ? find_held_lock+0x2b/0x80
[  105.115527][ T6722]  ? __pfx_do_recvmmsg+0x10/0x10
[  105.115548][ T6722]  ? __fget_files+0x20e/0x3c0
[  105.115564][ T6722]  __sys_recvmmsg+0x21c/0x280
[  105.115577][ T6722]  ? __pfx___sys_recvmmsg+0x10/0x10
[  105.115590][ T6722]  ? __pfx_ksys_write+0x10/0x10
[  105.115606][ T6722]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  105.115620][ T6722]  ? lockdep_hardirqs_on+0x7c/0x110
[  105.115633][ T6722]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  105.115647][ T6722]  __do_fast_syscall_32+0x73/0x120
[  105.115662][ T6722]  do_fast_syscall_32+0x32/0x80
[  105.115675][ T6722]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  105.115687][ T6722] RIP: 0023:0xf7f68579
[  105.115695][ T6722] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  105.115721][ T6722] RSP: 002b:00000000f506555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  105.115730][ T6722] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000780
[  105.115736][ T6722] RDX: 0000000000000002 RSI: 0000000040012100 RDI: 0000000000000000
[  105.115741][ T6722] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  105.115746][ T6722] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  105.115752][ T6722] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  105.115763][ T6722]  </TASK>
[  105.365904][ T6729] Illegal XDP return value 594888832 on prog  (id 23) dev syz_tun, expect packet loss!
[  105.719230][ T6741] Zero length message leads to an empty skb
[  105.729759][ T6731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.179'.
[  106.163803][ T6015] usb 5-1: USB disconnect, device number 7
[  106.801840][ T6769] loop2: detected capacity change from 0 to 1
[  106.805676][ T6769] Dev loop2: unable to read RDB block 1
[  106.807496][ T6769]  loop2: unable to read partition table
[  106.809538][ T6769] loop2: partition table beyond EOD, truncated
[  106.812249][ T6769] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  106.884804][ T6772] netlink: 4 bytes leftover after parsing attributes in process `syz.1.187'.
[  107.454670][ T6789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.193'.
[  107.520127][ T1331] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  107.530042][ T6014] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  107.669933][ T1331] usb 6-1: Using ep0 maxpacket: 16
[  107.672758][ T1331] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  107.675491][ T1331] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  107.679076][ T1331] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  107.681797][ T1331] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.681855][ T6014] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  107.685476][ T1331] usb 6-1: config 0 descriptor??
[  107.686303][ T6014] usb 5-1: config 0 has no interface number 0
[  107.689371][ T1331] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  107.690584][ T6014] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  107.695797][ T6014] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  107.699227][ T6014] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  107.702648][ T6014] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  107.705897][ T6014] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  107.709703][ T6014] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  107.712413][ T6014] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.717445][ T6014] usb 5-1: config 0 descriptor??
[  107.720343][ T6780] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  107.726519][ T6014] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  108.090684][ T6014] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  108.403297][ T6014] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  108.406230][ T6014] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  108.409049][ T6014] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  108.411727][ T6014] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  108.415210][ T6014] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  108.420776][ T6014] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  108.423299][ T6014] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  108.425660][ T6014] usb 9-1: Product: syz
[  108.426933][ T6014] usb 9-1: Manufacturer: syz
[  108.433991][ T6794] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  108.437776][ T6014] cdc_wdm 9-1:1.0: skipping garbage
[  108.439562][ T6014] cdc_wdm 9-1:1.0: skipping garbage
[  108.442524][ T6014] cdc_wdm 9-1:1.0: cdc-wdm1: USB WDM device
[  108.444592][ T6014] cdc_wdm 9-1:1.0: Unknown control protocol
[  108.464091][ T6801] random: crng reseeded on system resumption
[  108.665872][ T6794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.668432][ T6794] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.674270][ T6018] usb 9-1: USB disconnect, device number 6
[  108.880478][ T6805] netlink: 8 bytes leftover after parsing attributes in process `syz.2.196'.
[  109.700771][ T6814] FAULT_INJECTION: forcing a failure.
[  109.700771][ T6814] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.704636][ T6814] CPU: 3 UID: 0 PID: 6814 Comm: syz.4.199 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  109.704651][ T6814] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  109.704657][ T6814] Call Trace:
[  109.704661][ T6814]  <TASK>
[  109.704665][ T6814]  dump_stack_lvl+0x16c/0x1f0
[  109.704684][ T6814]  should_fail_ex+0x512/0x640
[  109.704698][ T6814]  _copy_to_user+0x32/0xd0
[  109.704711][ T6814]  v4l2_compat_put_user+0xa53/0x1810
[  109.704725][ T6814]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  109.704741][ T6814]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  109.704757][ T6814]  ? __pfx_v4l2_compat_put_user+0x10/0x10
[  109.704773][ T6814]  ? __video_do_ioctl+0x8f0/0xfc0
[  109.704790][ T6814]  ? __pfx___video_do_ioctl+0x10/0x10
[  109.704805][ T6814]  ? __kmalloc_noprof+0x242/0x510
[  109.704823][ T6814]  video_usercopy+0x98e/0x1720
[  109.704832][ T6814]  ? __pfx___video_do_ioctl+0x10/0x10
[  109.704857][ T6814]  ? __pfx_video_usercopy+0x10/0x10
[  109.704873][ T6814]  ? hook_file_ioctl_common+0x145/0x410
[  109.704886][ T6814]  v4l2_ioctl+0x1ba/0x250
[  109.704902][ T6814]  v4l2_compat_ioctl32+0x214/0x2c0
[  109.704915][ T6814]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  109.704928][ T6814]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  109.704941][ T6814]  __do_fast_syscall_32+0x73/0x120
[  109.704956][ T6814]  do_fast_syscall_32+0x32/0x80
[  109.704970][ T6814]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  109.704982][ T6814] RIP: 0023:0xf7f68579
[  109.704990][ T6814] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  109.704999][ T6814] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  109.705009][ T6814] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080785659
[  109.705015][ T6814] RDX: 00000000800017c0 RSI: 0000000000000000 RDI: 0000000000000000
[  109.705020][ T6814] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  109.705025][ T6814] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  109.705030][ T6814] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  109.705042][ T6814]  </TASK>
[  109.968696][ T6825] netlink: 4 bytes leftover after parsing attributes in process `syz.2.203'.
[  110.316508][ T6015] usb 5-1: USB disconnect, device number 8
[  110.332264][ T6015] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  110.367720][ T4379] usb 6-1: USB disconnect, device number 11
[  110.477654][ T6839] netlink: 4 bytes leftover after parsing attributes in process `syz.1.206'.
[  110.849857][   T34] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  111.001086][   T34] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  111.004178][   T34] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  111.007734][   T34] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  111.011547][   T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  111.015490][   T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  111.021164][   T34] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  111.024377][   T34] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  111.027217][   T34] usb 5-1: Product: syz
[  111.028775][   T34] usb 5-1: Manufacturer: syz
[  111.032077][ T6846] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  111.034924][   T34] cdc_wdm 5-1:1.0: skipping garbage
[  111.036480][   T34] cdc_wdm 5-1:1.0: skipping garbage
[  111.038622][   T34] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  111.040476][   T34] cdc_wdm 5-1:1.0: Unknown control protocol
[  111.239905][    C3] wdm_int_callback: 432 callbacks suppressed
[  111.239920][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  111.243434][    C3] wdm_int_callback: 432 callbacks suppressed
[  111.243442][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  111.247068][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  111.248896][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  111.250783][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  111.252612][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  111.254469][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  111.256338][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  111.258202][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  111.260034][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  111.261890][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  111.263723][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  111.265557][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  111.267373][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  111.269227][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  111.271048][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  111.272897][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  111.274703][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  111.276807][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  111.278636][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  111.280607][ T6846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  111.285308][ T6846] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  111.345535][ T6018] usb 5-1: USB disconnect, device number 9
[  111.345595][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  111.649911][ T5990] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  111.801231][ T5990] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  111.803528][ T5990] usb 6-1: config 0 has no interface number 0
[  111.805240][ T5990] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  111.808400][ T5990] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  111.812220][ T5990] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  111.816405][ T5990] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  111.819484][ T5990] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  111.823156][ T5990] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  111.826032][ T5990] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.829360][ T5990] usb 6-1: config 0 descriptor??
[  111.831481][ T6862] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  111.836435][ T5990] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  112.139931][ T6018] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  112.359865][   T34] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  112.379896][ T6018] usb 9-1: Using ep0 maxpacket: 16
[  112.382635][ T6018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  112.385334][ T6018] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  112.388860][ T6018] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  112.391379][ T6018] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.395083][ T6018] usb 9-1: config 0 descriptor??
[  112.398620][ T6018] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  112.400023][ T6874] netlink: 4 bytes leftover after parsing attributes in process `syz.0.217'.
[  112.426538][ T6874] FAULT_INJECTION: forcing a failure.
[  112.426538][ T6874] name failslab, interval 1, probability 0, space 0, times 0
[  112.430712][ T6874] CPU: 1 UID: 0 PID: 6874 Comm: syz.0.217 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  112.430728][ T6874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  112.430734][ T6874] Call Trace:
[  112.430737][ T6874]  <TASK>
[  112.430741][ T6874]  dump_stack_lvl+0x16c/0x1f0
[  112.430758][ T6874]  should_fail_ex+0x512/0x640
[  112.430770][ T6874]  ? fs_reclaim_acquire+0xae/0x150
[  112.430783][ T6874]  ? tomoyo_encode2+0x100/0x3e0
[  112.430796][ T6874]  should_failslab+0xc2/0x120
[  112.430805][ T6874]  __kmalloc_noprof+0xd2/0x510
[  112.430820][ T6874]  ? d_absolute_path+0x136/0x1a0
[  112.430834][ T6874]  tomoyo_encode2+0x100/0x3e0
[  112.430848][ T6874]  tomoyo_encode+0x29/0x50
[  112.430860][ T6874]  tomoyo_realpath_from_path+0x18f/0x6e0
[  112.430877][ T6874]  tomoyo_path_number_perm+0x245/0x580
[  112.430888][ T6874]  ? tomoyo_path_number_perm+0x237/0x580
[  112.430900][ T6874]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  112.430912][ T6874]  ? find_held_lock+0x2b/0x80
[  112.430937][ T6874]  ? find_held_lock+0x2b/0x80
[  112.430948][ T6874]  ? hook_file_ioctl_common+0x145/0x410
[  112.430961][ T6874]  ? __fget_files+0x20e/0x3c0
[  112.430978][ T6874]  security_file_ioctl_compat+0x9b/0x240
[  112.430991][ T6874]  __do_compat_sys_ioctl+0x4e/0x2c0
[  112.431005][ T6874]  __do_fast_syscall_32+0x73/0x120
[  112.431020][ T6874]  do_fast_syscall_32+0x32/0x80
[  112.431034][ T6874]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  112.431046][ T6874] RIP: 0023:0xf742e579
[  112.431054][ T6874] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  112.431063][ T6874] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  112.431072][ T6874] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000c05064a7
[  112.431078][ T6874] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000
[  112.431083][ T6874] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  112.431088][ T6874] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  112.431094][ T6874] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  112.431106][ T6874]  </TASK>
[  112.431210][ T6874] ERROR: Out of memory at tomoyo_realpath_from_path.
[  112.511888][   T34] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  112.514192][   T34] usb 7-1: config 0 has no interface number 0
[  112.515907][   T34] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  112.518910][   T34] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  112.522347][   T34] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  112.525411][   T34] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  112.528405][   T34] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  112.532024][   T34] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  112.534499][   T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.538174][   T34] usb 7-1: config 0 descriptor??
[  112.540454][ T6866] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  112.544229][   T34] ldusb 7-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[  113.276453][ T6883] random: crng reseeded on system resumption
[  114.458743][ T6015] usb 6-1: USB disconnect, device number 12
[  114.470093][ T6015] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  114.953477][ T6015] usb 9-1: USB disconnect, device number 7
[  115.102993][ T6835] usb 7-1: USB disconnect, device number 9
[  115.111034][ T6835] ldusb 7-1:0.55: LD USB Device #1 now disconnected
[  115.208671][ T6900] netlink: 4 bytes leftover after parsing attributes in process `syz.4.221'.
[  116.030024][ T6018] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  116.194337][ T6018] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  116.197635][ T6018] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  116.201790][ T6018] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  116.205134][ T6018] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  116.209194][ T6018] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  116.215268][ T6018] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  116.219397][ T6018] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  116.222805][ T6018] usb 5-1: Product: syz
[  116.224511][ T6018] usb 5-1: Manufacturer: syz
[  116.235023][ T6911] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  116.239040][ T6018] cdc_wdm 5-1:1.0: skipping garbage
[  116.242179][ T6018] cdc_wdm 5-1:1.0: skipping garbage
[  116.245091][ T6018] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  116.246808][ T6018] cdc_wdm 5-1:1.0: Unknown control protocol
[  116.270320][ T6918] FAULT_INJECTION: forcing a failure.
[  116.270320][ T6918] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  116.273559][ T6918] CPU: 1 UID: 0 PID: 6918 Comm: syz.2.225 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  116.273583][ T6918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  116.273590][ T6918] Call Trace:
[  116.273593][ T6918]  <TASK>
[  116.273597][ T6918]  dump_stack_lvl+0x16c/0x1f0
[  116.273615][ T6918]  should_fail_ex+0x512/0x640
[  116.273629][ T6918]  _copy_from_user+0x2e/0xd0
[  116.273643][ T6918]  memdup_user+0x6b/0xe0
[  116.273654][ T6918]  strndup_user+0x78/0xe0
[  116.273664][ T6918]  __ia32_sys_mount+0x137/0x310
[  116.273674][ T6918]  ? __pfx___ia32_sys_mount+0x10/0x10
[  116.273685][ T6918]  ? rcu_is_watching+0x12/0xc0
[  116.273699][ T6918]  __do_fast_syscall_32+0x73/0x120
[  116.273714][ T6918]  do_fast_syscall_32+0x32/0x80
[  116.273728][ T6918]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  116.273740][ T6918] RIP: 0023:0xf7f31579
[  116.273748][ T6918] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  116.273758][ T6918] RSP: 002b:00000000f501455c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  116.273767][ T6918] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000000
[  116.273773][ T6918] RDX: 0000000080000200 RSI: 00000000000000d4 RDI: 0000000080000180
[  116.273778][ T6918] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  116.273784][ T6918] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  116.273789][ T6918] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  116.273801][ T6918]  </TASK>
[  116.444043][    C3] wdm_int_callback: 372 callbacks suppressed
[  116.444062][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  116.448322][    C3] wdm_int_callback: 372 callbacks suppressed
[  116.448330][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  116.452553][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  116.454403][ T6911] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  116.454810][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  116.457105][ T6911] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  116.459358][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  116.463044][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  116.465455][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  116.467342][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  116.469304][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  116.471175][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  116.473082][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  116.474950][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  116.476897][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  116.479111][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  116.481173][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  116.483403][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  116.485788][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  116.488099][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  116.490141][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  116.492207][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  116.516155][ T1331] usb 5-1: USB disconnect, device number 10
[  116.516309][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  116.586031][ T6922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.226'.
[  117.219890][ T5990] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  117.372308][ T5990] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  117.374461][ T5990] usb 7-1: config 0 has no interface number 0
[  117.379137][ T5990] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  117.382871][ T5990] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  117.386054][ T5990] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  117.389512][ T5990] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  117.392960][ T5990] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  117.396501][ T5990] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  117.399139][ T5990] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.402576][ T5990] usb 7-1: config 0 descriptor??
[  117.405220][ T6924] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  117.409484][ T5990] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  117.480343][   T10] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  117.639870][   T10] usb 9-1: Using ep0 maxpacket: 16
[  117.643457][   T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  117.647026][   T10] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  117.651741][   T10] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  117.655101][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.661756][   T10] usb 9-1: config 0 descriptor??
[  117.666771][   T10] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  118.430176][ T6944] random: crng reseeded on system resumption
[  118.915681][ T6946] FAULT_INJECTION: forcing a failure.
[  118.915681][ T6946] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  118.920556][ T6946] CPU: 3 UID: 0 PID: 6946 Comm: syz.1.232 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  118.920573][ T6946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  118.920580][ T6946] Call Trace:
[  118.920584][ T6946]  <TASK>
[  118.920589][ T6946]  dump_stack_lvl+0x16c/0x1f0
[  118.920607][ T6946]  should_fail_ex+0x512/0x640
[  118.920622][ T6946]  _copy_from_user+0x2e/0xd0
[  118.920636][ T6946]  input_event_from_user+0x22b/0x3b0
[  118.920647][ T6946]  ? __pfx_input_event_from_user+0x10/0x10
[  118.920660][ T6946]  evdev_write+0x37b/0x750
[  118.920671][ T6946]  ? __pfx_evdev_write+0x10/0x10
[  118.920680][ T6946]  ? bpf_lsm_file_permission+0x9/0x10
[  118.920693][ T6946]  ? security_file_permission+0x71/0x210
[  118.920707][ T6946]  ? rw_verify_area+0xcf/0x680
[  118.920721][ T6946]  vfs_write+0x25c/0x1180
[  118.920734][ T6946]  ? __pfx_evdev_write+0x10/0x10
[  118.920745][ T6946]  ? __pfx_vfs_write+0x10/0x10
[  118.920756][ T6946]  ? find_held_lock+0x2b/0x80
[  118.920769][ T6946]  ? __fget_files+0x204/0x3c0
[  118.920785][ T6946]  ? __fget_files+0x20e/0x3c0
[  118.920802][ T6946]  ksys_write+0x205/0x240
[  118.920815][ T6946]  ? __pfx_ksys_write+0x10/0x10
[  118.920829][ T6946]  ? rcu_is_watching+0x12/0xc0
[  118.920844][ T6946]  __do_fast_syscall_32+0x73/0x120
[  118.920859][ T6946]  do_fast_syscall_32+0x32/0x80
[  118.920873][ T6946]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  118.920885][ T6946] RIP: 0023:0xf743e579
[  118.920893][ T6946] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  118.920903][ T6946] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  118.920913][ T6946] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  118.920919][ T6946] RDX: 00000000000012d8 RSI: 0000000000000000 RDI: 0000000000000000
[  118.920924][ T6946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  118.920929][ T6946] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  118.920935][ T6946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  118.920947][ T6946]  </TASK>
[  120.027611][ T6835] usb 7-1: USB disconnect, device number 10
[  120.037249][ T6835] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  120.218890][ T6959] FAULT_INJECTION: forcing a failure.
[  120.218890][ T6959] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.224810][ T6959] CPU: 1 UID: 0 PID: 6959 Comm: syz.0.237 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  120.224835][ T6959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  120.224842][ T6959] Call Trace:
[  120.224846][ T6959]  <TASK>
[  120.224850][ T6959]  dump_stack_lvl+0x16c/0x1f0
[  120.224869][ T6959]  should_fail_ex+0x512/0x640
[  120.224883][ T6959]  _copy_from_user+0x2e/0xd0
[  120.224896][ T6959]  get_compat_msghdr+0xa7/0x170
[  120.224909][ T6959]  ? __pfx_get_compat_msghdr+0x10/0x10
[  120.224922][ T6959]  ? __lock_acquire+0x5ca/0x1ba0
[  120.224934][ T6959]  ___sys_recvmsg+0x191/0x1a0
[  120.224947][ T6959]  ? __pfx____sys_recvmsg+0x10/0x10
[  120.224966][ T6959]  ? get_pid_task+0x40/0x250
[  120.224976][ T6959]  ? __pfx___might_resched+0x10/0x10
[  120.224992][ T6959]  do_recvmmsg+0x568/0x740
[  120.225006][ T6959]  ? __pfx_do_recvmmsg+0x10/0x10
[  120.225028][ T6959]  ? __fget_files+0x20e/0x3c0
[  120.225044][ T6959]  __sys_recvmmsg+0x21c/0x280
[  120.225057][ T6959]  ? __pfx___sys_recvmmsg+0x10/0x10
[  120.225070][ T6959]  ? __pfx_ksys_write+0x10/0x10
[  120.225086][ T6959]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  120.225099][ T6959]  ? lockdep_hardirqs_on+0x7c/0x110
[  120.225113][ T6959]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  120.225127][ T6959]  __do_fast_syscall_32+0x73/0x120
[  120.225142][ T6959]  do_fast_syscall_32+0x32/0x80
[  120.225156][ T6959]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  120.225168][ T6959] RIP: 0023:0xf742e579
[  120.225176][ T6959] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  120.225185][ T6959] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  120.225195][ T6959] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080003700
[  120.225201][ T6959] RDX: 0000000000000600 RSI: 0000000000000000 RDI: 0000000000000000
[  120.225207][ T6959] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  120.225212][ T6959] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  120.225217][ T6959] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  120.225228][ T6959]  </TASK>
[  120.339550][ T6835] usb 9-1: USB disconnect, device number 8
[  120.360766][ T6968] netlink: 4 bytes leftover after parsing attributes in process `syz.2.236'.
[  120.661370][   T34] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  120.821189][   T34] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  120.826012][   T34] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  120.830163][   T34] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  120.832680][   T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  120.836862][   T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  120.844004][   T34] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  120.846706][   T34] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  120.849183][   T34] usb 5-1: Product: syz
[  120.850999][   T34] usb 5-1: Manufacturer: syz
[  120.855127][ T6972] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  120.858436][   T34] cdc_wdm 5-1:1.0: skipping garbage
[  120.861943][   T34] cdc_wdm 5-1:1.0: skipping garbage
[  120.864104][   T34] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  120.865776][   T34] cdc_wdm 5-1:1.0: Unknown control protocol
[  120.882947][ T6978] FAULT_INJECTION: forcing a failure.
[  120.882947][ T6978] name failslab, interval 1, probability 0, space 0, times 0
[  120.886412][ T6978] CPU: 3 UID: 0 PID: 6978 Comm: syz.1.241 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  120.886427][ T6978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  120.886433][ T6978] Call Trace:
[  120.886437][ T6978]  <TASK>
[  120.886441][ T6978]  dump_stack_lvl+0x16c/0x1f0
[  120.886460][ T6978]  should_fail_ex+0x512/0x640
[  120.886472][ T6978]  ? fs_reclaim_acquire+0xae/0x150
[  120.886485][ T6978]  ? tomoyo_encode2+0x100/0x3e0
[  120.886498][ T6978]  should_failslab+0xc2/0x120
[  120.886508][ T6978]  __kmalloc_noprof+0xd2/0x510
[  120.886523][ T6978]  ? d_absolute_path+0x136/0x1a0
[  120.886536][ T6978]  tomoyo_encode2+0x100/0x3e0
[  120.886550][ T6978]  tomoyo_encode+0x29/0x50
[  120.886563][ T6978]  tomoyo_realpath_from_path+0x18f/0x6e0
[  120.886580][ T6978]  tomoyo_path_number_perm+0x245/0x580
[  120.886591][ T6978]  ? tomoyo_path_number_perm+0x237/0x580
[  120.886603][ T6978]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  120.886616][ T6978]  ? find_held_lock+0x2b/0x80
[  120.886639][ T6978]  ? find_held_lock+0x2b/0x80
[  120.886651][ T6978]  ? hook_file_ioctl_common+0x145/0x410
[  120.886665][ T6978]  ? __fget_files+0x20e/0x3c0
[  120.886681][ T6978]  security_file_ioctl_compat+0x9b/0x240
[  120.886695][ T6978]  __do_compat_sys_ioctl+0x4e/0x2c0
[  120.886708][ T6978]  __do_fast_syscall_32+0x73/0x120
[  120.886723][ T6978]  do_fast_syscall_32+0x32/0x80
[  120.886737][ T6978]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  120.886749][ T6978] RIP: 0023:0xf743e579
[  120.886758][ T6978] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  120.886767][ T6978] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  120.886777][ T6978] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c03864bc
[  120.886783][ T6978] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  120.886788][ T6978] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  120.886793][ T6978] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  120.886799][ T6978] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  120.886811][ T6978]  </TASK>
[  120.886821][ T6978] ERROR: Out of memory at tomoyo_realpath_from_path.
[  121.015293][ T6980] 9pnet: p9_errstr2errno: server reported unknown error 1844674407370
[  121.021256][ T6980] netlink: 4 bytes leftover after parsing attributes in process `syz.1.242'.
[  121.062572][ T6963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  121.064866][ T6963] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  121.120365][   T34] usb 5-1: USB disconnect, device number 11
[  121.120479][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  121.431194][ T6018] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  121.896833][ T6018] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  121.899097][ T6018] usb 6-1: config 0 has no interface number 0
[  121.900944][ T6018] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  121.903926][ T6018] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  121.907150][ T6018] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  121.910287][ T6018] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  121.913266][ T6018] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  121.916583][ T6018] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  121.919299][ T6018] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.923282][ T6018] usb 6-1: config 0 descriptor??
[  121.925653][ T6982] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  121.929616][ T6018] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  122.476446][ T6999] FAULT_INJECTION: forcing a failure.
[  122.476446][ T6999] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  122.481198][ T6999] CPU: 1 UID: 0 PID: 6999 Comm: syz.0.247 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  122.481221][ T6999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  122.481228][ T6999] Call Trace:
[  122.481232][ T6999]  <TASK>
[  122.481236][ T6999]  dump_stack_lvl+0x16c/0x1f0
[  122.481254][ T6999]  should_fail_ex+0x512/0x640
[  122.481269][ T6999]  _copy_from_user+0x2e/0xd0
[  122.481281][ T6999]  memdup_user+0x6b/0xe0
[  122.481292][ T6999]  strndup_user+0x78/0xe0
[  122.481305][ T6999]  __ia32_sys_mount+0x137/0x310
[  122.481316][ T6999]  ? __pfx___ia32_sys_mount+0x10/0x10
[  122.481327][ T6999]  ? rcu_is_watching+0x12/0xc0
[  122.481342][ T6999]  __do_fast_syscall_32+0x73/0x120
[  122.481357][ T6999]  do_fast_syscall_32+0x32/0x80
[  122.481371][ T6999]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  122.481384][ T6999] RIP: 0023:0xf742e579
[  122.481392][ T6999] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  122.481401][ T6999] RSP: 002b:00000000f507455c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  122.481411][ T6999] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000000
[  122.481417][ T6999] RDX: 0000000080000200 RSI: 00000000000000d4 RDI: 0000000000000000
[  122.481422][ T6999] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  122.481428][ T6999] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  122.481433][ T6999] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  122.481445][ T6999]  </TASK>
[  122.839881][ T6018] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  122.944671][ T7006] netfs: Couldn't get user pages (rc=-14)
[  123.009842][ T6018] usb 9-1: Using ep0 maxpacket: 16
[  123.013243][ T6018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.015986][ T6018] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  123.019468][ T6018] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  123.022504][ T6018] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.026832][ T6018] usb 9-1: config 0 descriptor??
[  123.032563][ T6018] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  123.320792][ T7014] netlink: 12 bytes leftover after parsing attributes in process `syz.0.251'.
[  123.362191][ T7014] geneve2: entered promiscuous mode
[  123.363903][ T7014] geneve2: entered allmulticast mode
[  123.927060][ T7020] random: crng reseeded on system resumption
[  124.237304][ T4379] usb 6-1: USB disconnect, device number 13
[  124.245969][ T4379] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  124.255734][ T7022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.252'.
[  124.488829][ T7028] netlink: 4 bytes leftover after parsing attributes in process `syz.1.254'.
[  124.549875][ T6018] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  124.701530][ T6018] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  124.704978][ T6018] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  124.713010][ T6018] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  124.715701][ T6018] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.717849][ T6018] usb 7-1: Product: syz
[  124.718985][ T6018] usb 7-1: Manufacturer: syz
[  124.720559][ T6018] usb 7-1: SerialNumber: syz
[  124.723554][ T7024] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  124.889950][   T34] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  124.952484][ T6018] usb 7-1: USB disconnect, device number 11
[  125.051612][   T34] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  125.054515][   T34] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  125.057826][   T34] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  125.061607][   T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  125.064765][   T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  125.068975][   T34] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  125.072350][   T34] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  125.074858][   T34] usb 5-1: Product: syz
[  125.076014][   T34] usb 5-1: Manufacturer: syz
[  125.079028][ T7033] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  125.083245][   T34] cdc_wdm 5-1:1.0: skipping garbage
[  125.084716][   T34] cdc_wdm 5-1:1.0: skipping garbage
[  125.087874][   T34] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  125.090059][   T34] cdc_wdm 5-1:1.0: Unknown control protocol
[  125.283045][    C0] wdm_int_callback: 435 callbacks suppressed
[  125.283061][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  125.286634][    C0] wdm_int_callback: 435 callbacks suppressed
[  125.286644][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  125.290374][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  125.292219][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  125.294324][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  125.296196][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  125.298135][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  125.299948][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  125.301793][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  125.303611][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  125.305443][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  125.307245][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  125.309145][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  125.309826][ T7033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  125.310935][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  125.314074][ T7033] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  125.315174][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  125.318717][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  125.320634][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  125.322472][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  125.324450][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  125.326296][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  125.370655][ T5990] usb 5-1: USB disconnect, device number 12
[  125.370718][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  125.601657][ T7040] netlink: 256 bytes leftover after parsing attributes in process `syz.2.257'.
[  125.661130][ T6835] usb 9-1: USB disconnect, device number 9
[  125.737986][ T7047] netlink: 4 bytes leftover after parsing attributes in process `syz.2.258'.
[  125.780176][ T7047] FAULT_INJECTION: forcing a failure.
[  125.780176][ T7047] name failslab, interval 1, probability 0, space 0, times 0
[  125.783781][ T7047] CPU: 0 UID: 0 PID: 7047 Comm: syz.2.258 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  125.783812][ T7047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  125.783820][ T7047] Call Trace:
[  125.783824][ T7047]  <TASK>
[  125.783829][ T7047]  dump_stack_lvl+0x16c/0x1f0
[  125.783846][ T7047]  should_fail_ex+0x512/0x640
[  125.783861][ T7047]  should_failslab+0xc2/0x120
[  125.783871][ T7047]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  125.783887][ T7047]  ? skb_clone+0x190/0x3f0
[  125.783902][ T7047]  skb_clone+0x190/0x3f0
[  125.783915][ T7047]  netlink_deliver_tap+0xabd/0xd30
[  125.783932][ T7047]  netlink_unicast+0x5df/0x7f0
[  125.783948][ T7047]  ? __pfx_netlink_unicast+0x10/0x10
[  125.783965][ T7047]  netlink_sendmsg+0x8d1/0xdd0
[  125.783981][ T7047]  ? __pfx_netlink_sendmsg+0x10/0x10
[  125.783996][ T7047]  ? __import_iovec+0x1c8/0x660
[  125.784012][ T7047]  ____sys_sendmsg+0xa95/0xc70
[  125.784022][ T7047]  ? __pfx_____sys_sendmsg+0x10/0x10
[  125.784030][ T7047]  ? get_compat_msghdr+0x11a/0x170
[  125.784049][ T7047]  ___sys_sendmsg+0x134/0x1d0
[  125.784062][ T7047]  ? __pfx____sys_sendmsg+0x10/0x10
[  125.784091][ T7047]  __sys_sendmsg+0x16d/0x220
[  125.784104][ T7047]  ? __pfx___sys_sendmsg+0x10/0x10
[  125.784122][ T7047]  ? rcu_is_watching+0x12/0xc0
[  125.784137][ T7047]  __do_fast_syscall_32+0x73/0x120
[  125.784152][ T7047]  do_fast_syscall_32+0x32/0x80
[  125.784166][ T7047]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  125.784178][ T7047] RIP: 0023:0xf7f31579
[  125.784186][ T7047] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  125.784196][ T7047] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  125.784205][ T7047] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000100
[  125.784211][ T7047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  125.784216][ T7047] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  125.784222][ T7047] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  125.784227][ T7047] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  125.784240][ T7047]  </TASK>
[  125.849924][    C0] vkms_vblank_simulate: vblank timer overrun
[  125.891171][ T7050] random: crng reseeded on system resumption
[  126.005172][ T7054] netlink: 4 bytes leftover after parsing attributes in process `syz.4.259'.
[  126.422401][ T7062] FAULT_INJECTION: forcing a failure.
[  126.422401][ T7062] name failslab, interval 1, probability 0, space 0, times 0
[  126.425948][ T7062] CPU: 3 UID: 0 PID: 7062 Comm: syz.1.263 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  126.425962][ T7062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  126.425968][ T7062] Call Trace:
[  126.425972][ T7062]  <TASK>
[  126.425977][ T7062]  dump_stack_lvl+0x16c/0x1f0
[  126.425994][ T7062]  should_fail_ex+0x512/0x640
[  126.426007][ T7062]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  126.426023][ T7062]  should_failslab+0xc2/0x120
[  126.426034][ T7062]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  126.426049][ T7062]  ? __alloc_skb+0x2b2/0x380
[  126.426064][ T7062]  __alloc_skb+0x2b2/0x380
[  126.426075][ T7062]  ? __pfx___alloc_skb+0x10/0x10
[  126.426088][ T7062]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  126.426105][ T7062]  netlink_alloc_large_skb+0x69/0x130
[  126.426120][ T7062]  netlink_sendmsg+0x6a1/0xdd0
[  126.426136][ T7062]  ? __pfx_netlink_sendmsg+0x10/0x10
[  126.426150][ T7062]  ? __import_iovec+0x1c8/0x660
[  126.426167][ T7062]  ____sys_sendmsg+0xa95/0xc70
[  126.426177][ T7062]  ? __pfx_____sys_sendmsg+0x10/0x10
[  126.426185][ T7062]  ? get_compat_msghdr+0x11a/0x170
[  126.426202][ T7062]  ___sys_sendmsg+0x134/0x1d0
[  126.426216][ T7062]  ? __pfx____sys_sendmsg+0x10/0x10
[  126.426243][ T7062]  __sys_sendmsg+0x16d/0x220
[  126.426255][ T7062]  ? __pfx___sys_sendmsg+0x10/0x10
[  126.426273][ T7062]  ? rcu_is_watching+0x12/0xc0
[  126.426290][ T7062]  __do_fast_syscall_32+0x73/0x120
[  126.426312][ T7062]  do_fast_syscall_32+0x32/0x80
[  126.426332][ T7062]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  126.426349][ T7062] RIP: 0023:0xf743e579
[  126.426361][ T7062] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  126.426375][ T7062] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  126.426389][ T7062] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  126.426399][ T7062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  126.426407][ T7062] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  126.426415][ T7062] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  126.426424][ T7062] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  126.426442][ T7062]  </TASK>
[  126.511732][ T6018] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  126.647292][ T7065] netlink: 4 bytes leftover after parsing attributes in process `syz.1.264'.
[  126.663301][ T6018] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  126.665573][ T6018] usb 5-1: config 0 has no interface number 0
[  126.667400][ T6018] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  126.670521][ T6018] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  126.673654][ T6018] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  126.676767][ T6018] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  126.680061][ T6018] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  126.683582][ T6018] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  126.686263][ T6018] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.692202][ T6018] usb 5-1: config 0 descriptor??
[  126.694195][ T7057] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  126.700387][ T6018] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  127.051188][ T7076] xt_policy: output policy not valid in PREROUTING and INPUT
[  127.330031][ T6018] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  127.479915][ T6018] usb 7-1: Using ep0 maxpacket: 16
[  127.482705][ T6018] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  127.485547][ T6018] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  127.489766][ T6018] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  127.492973][ T6018] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.498317][ T6018] usb 7-1: config 0 descriptor??
[  127.503974][ T6018] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  128.181678][ T7083] random: crng reseeded on system resumption
[  128.550175][    T9] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  128.701260][    T9] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  128.703787][    T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  128.706735][    T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  128.710168][    T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  128.713552][    T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  128.720875][    T9] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  128.723546][    T9] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  128.731312][    T9] usb 6-1: Product: syz
[  128.738450][    T9] usb 6-1: Manufacturer: syz
[  128.751828][ T7086] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  128.757049][    T9] cdc_wdm 6-1:1.0: skipping garbage
[  128.759467][    T9] cdc_wdm 6-1:1.0: skipping garbage
[  128.767201][    T9] cdc_wdm 6-1:1.0: cdc-wdm1: USB WDM device
[  128.780816][    T9] cdc_wdm 6-1:1.0: Unknown control protocol
[  128.959753][ T7086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  128.963443][ T7086] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  128.968890][    T9] usb 6-1: USB disconnect, device number 14
[  129.243451][ T6015] usb 5-1: USB disconnect, device number 13
[  129.246739][ T6015] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  129.589883][ T6015] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  129.739887][ T6015] usb 5-1: Using ep0 maxpacket: 16
[  129.743277][ T6015] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  129.746117][ T6015] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  129.749663][ T6015] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  129.752304][ T6015] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.758920][ T6015] usb 5-1: config 0 descriptor??
[  129.763849][ T6015] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  129.820155][    T9] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  129.969948][    T9] usb 9-1: Using ep0 maxpacket: 16
[  129.974784][    T9] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  129.977843][    T9] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  129.981415][    T9] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  129.984050][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.990211][    T9] usb 9-1: config 0 descriptor??
[  129.996135][    T9] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  130.253572][ T6835] usb 7-1: USB disconnect, device number 12
[  130.507801][ T7111] netlink: 24 bytes leftover after parsing attributes in process `syz.2.275'.
[  130.514314][ T7112] random: crng reseeded on system resumption
[  130.523458][ T7111] vxcan3: entered promiscuous mode
[  132.266015][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  132.391697][   T24] usb 5-1: USB disconnect, device number 14
[  132.594892][ T6018] usb 9-1: USB disconnect, device number 10
[  132.849984][   T34] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  133.004138][   T34] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  133.008004][   T34] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  133.010817][   T34] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  133.014091][   T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  133.018364][   T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  133.025779][   T34] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  133.028384][   T34] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  133.030549][   T34] usb 5-1: Product: syz
[  133.032052][   T34] usb 5-1: Manufacturer: syz
[  133.041543][ T7142] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  133.047049][   T34] cdc_wdm 5-1:1.0: skipping garbage
[  133.048839][   T34] cdc_wdm 5-1:1.0: skipping garbage
[  133.052894][   T34] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  133.054754][   T34] cdc_wdm 5-1:1.0: Unknown control protocol
[  133.246879][    C2] wdm_int_callback: 176 callbacks suppressed
[  133.246894][    C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  133.250671][    C2] wdm_int_callback: 176 callbacks suppressed
[  133.250681][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  133.254215][    C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  133.256123][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  133.258184][    C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  133.258899][ T7139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.260438][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  133.261425][    C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  133.264627][ T7139] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.266395][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  133.271091][    C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  133.273008][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  133.275173][    C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  133.277257][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  133.279796][    C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  133.281712][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  133.283691][    C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  133.285728][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  133.287683][    C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  133.289903][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  133.292456][    C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  133.294426][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  133.323740][   T24] usb 5-1: USB disconnect, device number 15
[  133.325888][    C2] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  133.353695][ T7161] Cannot find add_set index 3 as target
[  133.358045][ T7161] erofs (device loop1): cannot find valid erofs superblock
[  134.013114][ T7163] use of bytesused == 0 is deprecated and will be removed in the future,
[  134.015644][ T7163] use the actual size instead.
[  134.879877][    T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  135.106217][    T9] usb 5-1: Using ep0 maxpacket: 16
[  135.115558][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  135.119512][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  135.193864][ T7189] netlink: 24 bytes leftover after parsing attributes in process `syz.2.295'.
[  135.233129][    T9] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  135.235994][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.323823][    T9] usb 5-1: config 0 descriptor??
[  135.339979][    T9] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  136.381689][ T7195] random: crng reseeded on system resumption
[  136.603763][ T7206] Cannot find add_set index 3 as target
[  136.650012][   T34] usb 9-1: new full-speed USB device number 11 using dummy_hcd
[  136.721398][  T834] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  136.801647][   T34] usb 9-1: config 0 has an invalid interface number: 55 but max is 0
[  136.803847][   T34] usb 9-1: config 0 has no interface number 0
[  136.805704][   T34] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  136.809165][   T34] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  136.812694][   T34] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  136.815754][   T34] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  136.819027][   T34] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  136.826490][   T34] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  136.829070][   T34] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.832573][   T34] usb 9-1: config 0 descriptor??
[  136.835216][ T7200] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  136.839298][   T34] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  136.871653][  T834] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  136.874135][  T834] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  136.877010][  T834] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  136.880519][  T834] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  136.884742][  T834] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  136.891615][  T834] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  136.894808][  T834] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  136.897749][  T834] usb 6-1: Product: syz
[  136.899438][  T834] usb 6-1: Manufacturer: syz
[  136.903792][ T7202] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  136.908083][  T834] cdc_wdm 6-1:1.0: skipping garbage
[  136.910348][  T834] cdc_wdm 6-1:1.0: skipping garbage
[  136.913888][  T834] cdc_wdm 6-1:1.0: cdc-wdm1: USB WDM device
[  136.916004][  T834] cdc_wdm 6-1:1.0: Unknown control protocol
[  137.110837][   T10] usb 6-1: USB disconnect, device number 15
[  137.399091][ T7213] netlink: 4 bytes leftover after parsing attributes in process `syz.2.301'.
[  137.402510][ T7213] FAULT_INJECTION: forcing a failure.
[  137.402510][ T7213] name failslab, interval 1, probability 0, space 0, times 0
[  137.407294][ T7213] CPU: 3 UID: 0 PID: 7213 Comm: syz.2.301 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  137.407322][ T7213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  137.407332][ T7213] Call Trace:
[  137.407341][ T7213]  <TASK>
[  137.407349][ T7213]  dump_stack_lvl+0x16c/0x1f0
[  137.407378][ T7213]  should_fail_ex+0x512/0x640
[  137.407397][ T7213]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  137.407446][ T7213]  should_failslab+0xc2/0x120
[  137.407468][ T7213]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  137.407492][ T7213]  ? __alloc_skb+0x2b2/0x380
[  137.407517][ T7213]  __alloc_skb+0x2b2/0x380
[  137.407537][ T7213]  ? __pfx___alloc_skb+0x10/0x10
[  137.407555][ T7213]  ? __pfx_rtnl_dellink+0x10/0x10
[  137.407585][ T7213]  netlink_ack+0x15d/0xb80
[  137.407616][ T7213]  netlink_rcv_skb+0x347/0x440
[  137.407639][ T7213]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  137.407677][ T7213]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  137.407715][ T7213]  ? netlink_deliver_tap+0x1ae/0xd30
[  137.407741][ T7213]  netlink_unicast+0x53a/0x7f0
[  137.407768][ T7213]  ? __pfx_netlink_unicast+0x10/0x10
[  137.407798][ T7213]  netlink_sendmsg+0x8d1/0xdd0
[  137.407825][ T7213]  ? __pfx_netlink_sendmsg+0x10/0x10
[  137.407854][ T7213]  ? __import_iovec+0x1c8/0x660
[  137.407882][ T7213]  ____sys_sendmsg+0xa95/0xc70
[  137.407897][ T7213]  ? init_inodes+0x29d0/0x2eb0
[  137.407916][ T7213]  ? __pfx_____sys_sendmsg+0x10/0x10
[  137.407930][ T7213]  ? get_compat_msghdr+0x11a/0x170
[  137.407962][ T7213]  ___sys_sendmsg+0x134/0x1d0
[  137.407985][ T7213]  ? __pfx____sys_sendmsg+0x10/0x10
[  137.408038][ T7213]  __sys_sendmsg+0x16d/0x220
[  137.408059][ T7213]  ? __pfx___sys_sendmsg+0x10/0x10
[  137.408092][ T7213]  ? rcu_is_watching+0x12/0xc0
[  137.408117][ T7213]  __do_fast_syscall_32+0x73/0x120
[  137.408143][ T7213]  do_fast_syscall_32+0x32/0x80
[  137.408166][ T7213]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  137.408187][ T7213] RIP: 0023:0xf7f31579
[  137.408202][ T7213] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  137.408217][ T7213] RSP: 002b:00000000f503555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  137.408234][ T7213] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800003c0
[  137.408245][ T7213] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000
[  137.408255][ T7213] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  137.408264][ T7213] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  137.408274][ T7213] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  137.408297][ T7213]  </TASK>
[  137.568679][ T6015] usb 5-1: USB disconnect, device number 16
[  137.845891][ T7219] netlink: 4 bytes leftover after parsing attributes in process `syz.0.303'.
[  137.935847][ T7226] netlink: 4 bytes leftover after parsing attributes in process `syz.2.304'.
[  138.030025][ T7231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.305'.
[  138.064272][ T7233] netlink: 4 bytes leftover after parsing attributes in process `syz.1.306'.
[  138.067744][ T7233] netlink: 12 bytes leftover after parsing attributes in process `syz.1.306'.
[  139.413536][   T29] usb 9-1: USB disconnect, device number 11
[  139.438461][   T29] ldusb 9-1:0.55: LD USB Device #0 now disconnected
[  139.459883][ T5990] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  139.460874][ T7272] Cannot find add_set index 3 as target
[  139.463879][ T7273] netlink: 4 bytes leftover after parsing attributes in process `syz.4.312'.
[  139.468408][ T7273] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  139.483287][ T7272] erofs (device loop1): cannot find valid erofs superblock
[  139.527492][ T7273] batman_adv: batadv0: Removing interface: batadv_slave_1
[  139.579887][   T10] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  139.609850][ T5990] usb 5-1: Using ep0 maxpacket: 32
[  139.613606][ T5990] usb 5-1: config 0 has an invalid interface number: 151 but max is 0
[  139.615877][ T5990] usb 5-1: config 0 has no interface number 0
[  139.622196][ T5990] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  139.624986][ T5990] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.627277][ T5990] usb 5-1: Product: syz
[  139.628532][ T5990] usb 5-1: Manufacturer: syz
[  139.630082][ T5990] usb 5-1: SerialNumber: syz
[  139.633183][ T5990] usb 5-1: config 0 descriptor??
[  139.730070][   T10] usb 7-1: Using ep0 maxpacket: 16
[  139.734342][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.737422][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  139.741247][   T10] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  139.743805][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.750218][   T10] usb 7-1: config 0 descriptor??
[  139.756070][   T10] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  139.950356][ T6873] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  140.040267][ T7267] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  140.042811][ T7267] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  140.102521][ T6873] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  140.104980][ T6873] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  140.107848][ T6873] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  140.110804][ T6873] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  140.114618][ T6873] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  140.120063][ T6873] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  140.122620][ T6873] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  140.125072][ T6873] usb 9-1: Product: syz
[  140.126284][ T6873] usb 9-1: Manufacturer: syz
[  140.129408][ T7275] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  140.133655][ T6873] cdc_wdm 9-1:1.0: skipping garbage
[  140.135169][ T6873] cdc_wdm 9-1:1.0: skipping garbage
[  140.137650][ T6873] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  140.139427][ T6873] cdc_wdm 9-1:1.0: Unknown control protocol
[  140.333197][    C2] wdm_int_callback: 161 callbacks suppressed
[  140.333213][    C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  140.336721][    C2] wdm_int_callback: 161 callbacks suppressed
[  140.336729][    C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  140.340778][    C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  140.342621][    C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  140.344573][    C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  140.346436][    C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  140.348641][    C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  140.350501][    C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  140.353018][    C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  140.354827][    C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  140.356966][    C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  140.358830][    C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  140.361373][    C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  140.363951][    C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  140.366488][    C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  140.368982][    C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  140.372663][    C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  140.375352][    C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  140.377458][    C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  140.379331][    C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  140.505340][ T1331] usb 9-1: USB disconnect, device number 12
[  140.507088][    C2] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  140.510073][ T7288] cdc_wdm 9-1:1.0: Tx URB error: -19
[  140.531505][ T7290] random: crng reseeded on system resumption
[  140.611145][ T5990] usb 5-1: USB disconnect, device number 17
[  140.792499][ T5957] udevd[5957]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  140.829336][ T7292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.316'.
[  141.630004][ T6873] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  141.803638][ T6873] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  141.807692][ T6873] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.811278][ T6873] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  141.815810][ T6873] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  141.819120][ T6873] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.826375][ T6873] usb 9-1: config 0 descriptor??
[  141.938958][ T7315] Cannot find add_set index 3 as target
[  141.959505][ T7315] erofs (device loop1): cannot find valid erofs superblock
[  142.241565][ T6873] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd
[  142.245003][ T6873] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  142.251831][ T6873] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  142.363388][ T4379] usb 7-1: USB disconnect, device number 13
[  142.538708][   T40] audit: type=1800 audit(1743881350.291:3): pid=7319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.324" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  142.831006][ T7332] netlink: 4 bytes leftover after parsing attributes in process `syz.1.326'.
[  142.941032][ T6873] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  143.112409][ T6873] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  143.115147][ T6873] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  143.118406][ T6873] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  143.122878][ T6873] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  143.126536][ T6873] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  143.132119][ T6873] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  143.135149][ T6873] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  143.138035][ T6873] usb 5-1: Product: syz
[  143.139526][ T6873] usb 5-1: Manufacturer: syz
[  143.145171][ T7328] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  143.149781][ T6873] cdc_wdm 5-1:1.0: skipping garbage
[  143.152315][ T6873] cdc_wdm 5-1:1.0: skipping garbage
[  143.156718][ T6873] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device
[  143.158626][ T6873] cdc_wdm 5-1:1.0: Unknown control protocol
[  143.271104][   T40] audit: type=1326 audit(1743881351.031:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7316 comm="syz.2.323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f31579 code=0x7fc00000
[  143.513600][ T6873] usb 5-1: USB disconnect, device number 18
[  143.680390][ T5990] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  143.849966][ T5990] usb 7-1: Using ep0 maxpacket: 32
[  143.852821][ T5990] usb 7-1: config 0 has an invalid interface number: 151 but max is 0
[  143.855090][ T5990] usb 7-1: config 0 has no interface number 0
[  143.858921][ T5990] usb 7-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  143.861658][ T5990] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.863889][ T5990] usb 7-1: Product: syz
[  143.865058][ T5990] usb 7-1: Manufacturer: syz
[  143.866371][ T5990] usb 7-1: SerialNumber: syz
[  143.869458][ T5990] usb 7-1: config 0 descriptor??
[  144.192529][   T10] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  144.305058][   T40] audit: type=1800 audit(1743881352.061:5): pid=7347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.332" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  144.349886][   T10] usb 6-1: Using ep0 maxpacket: 8
[  144.355248][   T10] usb 6-1: config 0 has no interfaces?
[  144.360214][   T10] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  144.363420][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.366282][   T10] usb 6-1: Product: syz
[  144.367839][   T10] usb 6-1: Manufacturer: syz
[  144.369549][   T10] usb 6-1: SerialNumber: syz
[  144.374447][   T10] usb 6-1: config 0 descriptor??
[  144.600314][    T9] usb 9-1: reset high-speed USB device number 13 using dummy_hcd
[  144.605129][    T9] usb 9-1: device reset changed ep0 maxpacket size!
[  144.610065][   T34] usb 9-1: USB disconnect, device number 13
[  144.749949][   T34] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  144.899887][   T34] usb 9-1: Using ep0 maxpacket: 16
[  144.904842][   T34] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  144.908837][   T34] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  144.913796][   T34] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  144.917245][   T34] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.923471][   T34] usb 9-1: config 0 descriptor??
[  144.928610][   T34] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  145.710928][ T7361] random: crng reseeded on system resumption
[  146.083182][ T7363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.335'.
[  146.495287][ T5990] usb 7-1: USB disconnect, device number 14
[  146.755990][  T834] usb 6-1: USB disconnect, device number 16
[  146.840322][ T5990] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  146.843571][ T7375] netlink: 'syz.1.338': attribute type 2 has an invalid length.
[  147.023642][ T5990] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  147.025998][ T5990] usb 7-1: config 0 has no interface number 0
[  147.028181][ T5990] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  147.031578][ T5990] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  147.035035][ T5990] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  147.038123][ T5990] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  147.041720][ T5990] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  147.045742][ T5990] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  147.048297][ T5990] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.051787][ T5990] usb 7-1: config 0 descriptor??
[  147.054546][ T7371] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  147.061184][ T5990] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  147.066717][ T5957] udevd[5957]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  147.302979][  T834] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  147.685739][ T7390] netlink: 8 bytes leftover after parsing attributes in process `syz.2.337'.
[  147.691268][  T834] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  147.693701][  T834] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  147.696432][  T834] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  147.698927][  T834] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  147.702373][  T834] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  147.708535][  T834] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  147.711237][  T834] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  147.713485][  T834] usb 6-1: Product: syz
[  147.714666][  T834] usb 6-1: Manufacturer: syz
[  147.718463][ T7381] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  147.721428][  T834] cdc_wdm 6-1:1.0: skipping garbage
[  147.722911][  T834] cdc_wdm 6-1:1.0: skipping garbage
[  147.725085][  T834] cdc_wdm 6-1:1.0: cdc-wdm1: USB WDM device
[  147.726782][  T834] cdc_wdm 6-1:1.0: Unknown control protocol
[  147.824129][ T4379] usb 9-1: USB disconnect, device number 14
[  147.923524][    T9] usb 6-1: USB disconnect, device number 17
[  148.862134][ T7403] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.979949][  T834] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  149.129856][  T834] usb 6-1: Using ep0 maxpacket: 16
[  149.135694][  T834] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  149.138429][  T834] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  149.147218][  T834] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  149.149636][  T834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.153334][  T834] usb 6-1: config 0 descriptor??
[  149.157735][  T834] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  149.206150][ T7430] netlink: 4 bytes leftover after parsing attributes in process `syz.4.349'.
[  149.239116][ T7433] netlink: 4 bytes leftover after parsing attributes in process `syz.0.350'.
[  149.525661][ T4379] usb 7-1: USB disconnect, device number 15
[  149.532661][ T4379] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  149.901804][ T7440] random: crng reseeded on system resumption
[  149.949918][ T4379] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  150.109970][ T4379] usb 7-1: Using ep0 maxpacket: 16
[  150.116530][ T4379] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  150.119340][ T4379] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  150.123114][ T4379] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  150.126133][ T4379] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.133245][ T4379] usb 7-1: config 0 descriptor??
[  150.146018][ T4379] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  150.672283][ T7447] netlink: 60 bytes leftover after parsing attributes in process `syz.0.353'.
[  150.901877][ T6873] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  151.051189][ T6873] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  151.053460][ T6873] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  151.056296][ T6873] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  151.059612][ T6873] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  151.063464][ T6873] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2033, setting to 1024
[  151.068924][ T6873] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  151.071896][ T6873] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  151.074764][ T6873] usb 9-1: Product: syz
[  151.076278][ T6873] usb 9-1: Manufacturer: syz
[  151.080265][ T7443] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  151.086625][ T6873] cdc_wdm 9-1:1.0: skipping garbage
[  151.088550][ T6873] cdc_wdm 9-1:1.0: skipping garbage
[  151.095455][ T6873] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  151.097748][ T6873] cdc_wdm 9-1:1.0: Unknown control protocol
[  151.292507][    C0] wdm_int_callback: 744 callbacks suppressed
[  151.292530][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  151.295951][    C0] wdm_int_callback: 744 callbacks suppressed
[  151.295959][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  151.299438][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  151.301240][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  151.303141][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  151.304964][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  151.306855][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  151.308725][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  151.310639][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  151.312458][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  151.314337][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  151.316161][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  151.318146][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  151.319980][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  151.322138][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  151.323897][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  151.325745][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  151.327577][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  151.329527][    C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  151.331333][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  151.368655][   T24] usb 9-1: USB disconnect, device number 15
[  151.368669][    C0] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  151.857445][   T29] usb 6-1: USB disconnect, device number 18
[  152.372856][ T7482] netlink: 4 bytes leftover after parsing attributes in process `syz.0.367'.
[  152.375046][ T7484] FAULT_INJECTION: forcing a failure.
[  152.375046][ T7484] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  152.378835][ T7484] CPU: 3 UID: 0 PID: 7484 Comm: syz.4.366 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  152.378855][ T7484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  152.378864][ T7484] Call Trace:
[  152.378870][ T7484]  <TASK>
[  152.378876][ T7484]  dump_stack_lvl+0x16c/0x1f0
[  152.378900][ T7484]  should_fail_ex+0x512/0x640
[  152.378920][ T7484]  strncpy_from_user+0x3b/0x2e0
[  152.378934][ T7484]  getname_flags.part.0+0x8b/0x540
[  152.378948][ T7484]  getname_flags+0x93/0xf0
[  152.378961][ T7484]  user_path_at+0x24/0x60
[  152.378975][ T7484]  __ia32_sys_mount+0x1fb/0x310
[  152.378986][ T7484]  ? __pfx___ia32_sys_mount+0x10/0x10
[  152.378997][ T7484]  ? rcu_is_watching+0x12/0xc0
[  152.379011][ T7484]  __do_fast_syscall_32+0x73/0x120
[  152.379026][ T7484]  do_fast_syscall_32+0x32/0x80
[  152.379041][ T7484]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  152.379055][ T7484] RIP: 0023:0xf7f68579
[  152.379063][ T7484] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  152.379073][ T7484] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  152.379081][ T7482] netlink: 'syz.0.367': attribute type 10 has an invalid length.
[  152.379083][ T7484] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000000
[  152.379089][ T7484] RDX: 0000000080000180 RSI: 0000000000800000 RDI: 0000000080000340
[  152.379095][ T7484] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  152.379100][ T7484] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  152.379106][ T7484] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  152.379117][ T7484]  </TASK>
[  152.435232][ T7482] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  152.498162][ T7493] sp0: Synchronizing with TNC
[  152.581926][ T4379] usb 7-1: USB disconnect, device number 16
[  152.709973][ T6873] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  152.748579][ T7497] virt_wifi0 speed is unknown, defaulting to 1000
[  152.809635][ T7499] netlink: 20 bytes leftover after parsing attributes in process `syz.0.371'.
[  152.812415][ T7499] IPv6: Can't replace route, no match found
[  152.859856][ T6873] usb 9-1: Using ep0 maxpacket: 16
[  152.864918][ T6873] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  152.867686][ T6873] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  152.872925][ T6873] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  152.875480][ T6873] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.879865][ T6873] usb 9-1: config 0 descriptor??
[  152.883618][ T6873] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  153.192062][ T7512] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.194372][ T7512] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.291492][ T7512] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  153.451017][ T7512] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  153.453822][ T7512] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  153.456597][ T7512] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  153.459308][ T7512] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  153.880033][  T834] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  153.895901][ T7514] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.899852][ T7514] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.983558][ T7514] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  153.993959][ T7516] random: crng reseeded on system resumption
[  153.994771][ T7514] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  154.030231][  T834] usb 5-1: Using ep0 maxpacket: 16
[  154.034701][  T834] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  154.038306][  T834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  154.043683][  T834] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  154.049577][  T834] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  154.053135][ T7514] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  154.053240][ T7514] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  154.053255][ T7514] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  154.053329][ T7514] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  154.067104][  T834] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  154.070189][  T834] usb 5-1: Manufacturer: syz
[  154.074730][  T834] usb 5-1: config 0 descriptor??
[  154.296898][ T6018] usb 5-1: USB disconnect, device number 19
[  154.400596][ T7532] netlink: 36 bytes leftover after parsing attributes in process `syz.0.382'.
[  154.404121][ T7532] 9pnet_fd: Insufficient options for proto=fd
[  154.430014][  T834] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  154.789905][  T834] usb 6-1: Using ep0 maxpacket: 16
[  154.793417][  T834] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  154.796482][  T834] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  154.800530][  T834] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  154.803195][  T834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.806888][  T834] usb 6-1: config 0 descriptor??
[  154.810561][  T834] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  154.994213][ T7540] netlink: 8 bytes leftover after parsing attributes in process `syz.0.383'.
[  155.493956][ T6873] usb 9-1: USB disconnect, device number 16
[  155.654972][ T7545] netlink: 4 bytes leftover after parsing attributes in process `syz.2.384'.
[  155.709132][ T7553] random: crng reseeded on system resumption
[  156.319276][ T7561] Cannot find add_set index 3 as target
[  156.322713][ T7561] erofs (device loop0): cannot find valid erofs superblock
[  157.082648][ T7572] Cannot find add_set index 3 as target
[  157.367547][ T6835] usb 6-1: USB disconnect, device number 19
[  158.317671][ T7586] netlink: 4 bytes leftover after parsing attributes in process `syz.0.394'.
[  158.359934][ T2294] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  158.529907][ T2294] usb 7-1: Using ep0 maxpacket: 16
[  158.534180][ T2294] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  158.537882][ T2294] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  158.542116][ T2294] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  158.545203][ T2294] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.553086][ T2294] usb 7-1: config 0 descriptor??
[  158.562110][ T2294] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  159.275125][ T7605] random: crng reseeded on system resumption
[  160.040703][  T834] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  160.079924][ T6873] usb 9-1: new full-speed USB device number 17 using dummy_hcd
[  160.200013][  T834] usb 6-1: Using ep0 maxpacket: 16
[  160.205864][  T834] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  160.208776][  T834] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  160.212539][  T834] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  160.215165][  T834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.219595][  T834] usb 6-1: config 0 descriptor??
[  160.223460][  T834] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  160.231351][ T6873] usb 9-1: config 0 has an invalid interface number: 55 but max is 0
[  160.233636][ T6873] usb 9-1: config 0 has no interface number 0
[  160.235393][ T6873] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  160.238524][ T6873] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  160.242184][ T6873] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  160.245565][ T6873] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  160.249225][ T6873] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  160.253072][ T6873] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  160.255628][ T6873] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.259170][ T6873] usb 9-1: config 0 descriptor??
[  160.261909][ T7612] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  160.266705][ T6873] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  160.671457][ T7617] netlink: 8 bytes leftover after parsing attributes in process `syz.4.401'.
[  160.869945][ T2294] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  161.042016][ T2294] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  161.045547][ T2294] usb 5-1: config 0 has no interface number 0
[  161.048739][ T2294] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  161.054595][ T2294] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  161.059034][ T2294] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  161.063267][ T2294] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  161.067473][ T2294] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  161.073131][ T2294] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  161.077613][ T2294] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.086869][ T2294] usb 5-1: config 0 descriptor??
[  161.090374][ T7616] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  161.097950][ T2294] ldusb 5-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[  161.453266][ T6835] usb 7-1: USB disconnect, device number 17
[  161.556805][ T7622] netlink: 8 bytes leftover after parsing attributes in process `syz.0.402'.
[  162.875673][ T6835] usb 9-1: USB disconnect, device number 17
[  162.892974][   T29] usb 6-1: USB disconnect, device number 20
[  162.908427][ T6835] ldusb 9-1:0.55: LD USB Device #0 now disconnected
[  163.086866][ T7633] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  163.088916][ T7633] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  163.093400][ T7633] vhci_hcd vhci_hcd.0: Device attached
[  163.103503][ T7633] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(9)
[  163.106266][ T7633] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  163.110539][ T7633] vhci_hcd vhci_hcd.0: Device attached
[  163.117439][ T7633] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(12)
[  163.120064][ T7633] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  163.123584][ T7633] vhci_hcd vhci_hcd.0: Device attached
[  163.134378][ T7633] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(15)
[  163.136968][ T7633] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  163.140197][ T7633] vhci_hcd vhci_hcd.0: Device attached
[  163.146743][ T7633] vhci_hcd vhci_hcd.0: pdev(1) rhport(4) sockfd(17)
[  163.148740][ T7633] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  163.151083][ T7633] vhci_hcd vhci_hcd.0: Device attached
[  163.162038][ T7633] vhci_hcd vhci_hcd.0: pdev(1) rhport(5) sockfd(19)
[  163.164176][ T7633] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  163.166469][ T7633] vhci_hcd vhci_hcd.0: Device attached
[  163.173019][ T7633] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  163.179143][ T7633] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  163.187226][ T7633] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  163.214537][ T7644] vhci_hcd: connection closed
[  163.214894][ T7642] vhci_hcd: connection closed
[  163.216364][ T7640] vhci_hcd: connection closed
[  163.216439][ T7638] vhci_hcd: connection closed
[  163.221514][ T1136] vhci_hcd: stop threads
[  163.224773][ T1136] vhci_hcd: release socket
[  163.226919][ T1136] vhci_hcd: disconnect device
[  163.228539][ T1136] vhci_hcd: stop threads
[  163.230259][ T1136] vhci_hcd: release socket
[  163.231922][ T7636] vhci_hcd: connection closed
[  163.232728][ T1136] vhci_hcd: disconnect device
[  163.235437][ T7634] vhci_hcd: connection closed
[  163.237635][ T1136] vhci_hcd: stop threads
[  163.241782][ T1136] vhci_hcd: release socket
[  163.243840][ T1136] vhci_hcd: disconnect device
[  163.246695][ T1136] vhci_hcd: stop threads
[  163.248448][ T1136] vhci_hcd: release socket
[  163.251086][ T1136] vhci_hcd: disconnect device
[  163.253216][ T1136] vhci_hcd: stop threads
[  163.255011][ T1136] vhci_hcd: release socket
[  163.257460][ T1136] vhci_hcd: disconnect device
[  163.261283][ T1136] vhci_hcd: stop threads
[  163.263771][ T1136] vhci_hcd: release socket
[  163.265629][ T1136] vhci_hcd: disconnect device
[  163.270006][ T5990] vhci_hcd: vhci_device speed not set
[  163.662695][   T29] usb 5-1: USB disconnect, device number 20
[  163.668003][   T29] ldusb 5-1:0.55: LD USB Device #1 now disconnected
[  163.891222][ T7661] netlink: 4 bytes leftover after parsing attributes in process `syz.0.410'.
[  163.952483][ T7666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.412'.
[  163.956320][ T7666] FAULT_INJECTION: forcing a failure.
[  163.956320][ T7666] name failslab, interval 1, probability 0, space 0, times 0
[  163.961218][ T7666] CPU: 3 UID: 0 PID: 7666 Comm: syz.1.412 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  163.961244][ T7666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  163.961254][ T7666] Call Trace:
[  163.961261][ T7666]  <TASK>
[  163.961269][ T7666]  dump_stack_lvl+0x16c/0x1f0
[  163.961301][ T7666]  should_fail_ex+0x512/0x640
[  163.961323][ T7666]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  163.961352][ T7666]  should_failslab+0xc2/0x120
[  163.961371][ T7666]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  163.961399][ T7666]  ? __alloc_skb+0x2b2/0x380
[  163.961419][ T7666]  ? bpf_lsm_capable+0x9/0x10
[  163.961447][ T7666]  __alloc_skb+0x2b2/0x380
[  163.961469][ T7666]  ? __pfx___alloc_skb+0x10/0x10
[  163.961491][ T7666]  ? genl_rcv_msg+0x4a0/0x800
[  163.961506][ T7666]  ? genl_rcv_msg+0x4bb/0x800
[  163.961528][ T7666]  netlink_ack+0x15d/0xb80
[  163.961555][ T7666]  ? __lock_acquire+0xaa4/0x1ba0
[  163.961580][ T7666]  netlink_rcv_skb+0x347/0x440
[  163.961601][ T7666]  ? __pfx_genl_rcv_msg+0x10/0x10
[  163.961620][ T7666]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  163.961660][ T7666]  ? __pfx_down_read+0x10/0x10
[  163.961686][ T7666]  ? netlink_deliver_tap+0x1ae/0xd30
[  163.961715][ T7666]  genl_rcv+0x28/0x40
[  163.961740][ T7666]  netlink_unicast+0x53a/0x7f0
[  163.961768][ T7666]  ? __pfx_netlink_unicast+0x10/0x10
[  163.961825][ T7666]  netlink_sendmsg+0x8d1/0xdd0
[  163.961855][ T7666]  ? __pfx_netlink_sendmsg+0x10/0x10
[  163.961880][ T7666]  ? __import_iovec+0x1c8/0x660
[  163.961918][ T7666]  ____sys_sendmsg+0xa95/0xc70
[  163.961940][ T7666]  ? __pfx_____sys_sendmsg+0x10/0x10
[  163.961952][ T7666]  ? get_compat_msghdr+0x11a/0x170
[  163.961974][ T7666]  ___sys_sendmsg+0x134/0x1d0
[  163.961991][ T7666]  ? __pfx____sys_sendmsg+0x10/0x10
[  163.962028][ T7666]  __sys_sendmsg+0x16d/0x220
[  163.962045][ T7666]  ? __pfx___sys_sendmsg+0x10/0x10
[  163.962066][ T7666]  ? rcu_is_watching+0x12/0xc0
[  163.962082][ T7666]  ? rcu_is_watching+0x12/0xc0
[  163.962099][ T7666]  __do_fast_syscall_32+0x73/0x120
[  163.962118][ T7666]  do_fast_syscall_32+0x32/0x80
[  163.962136][ T7666]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  163.962152][ T7666] RIP: 0023:0xf743e579
[  163.962165][ T7666] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  163.962177][ T7666] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  163.962189][ T7666] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[  163.962197][ T7666] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  163.962203][ T7666] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  163.962210][ T7666] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  163.962217][ T7666] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  163.962232][ T7666]  </TASK>
[  164.059050][    C3] vkms_vblank_simulate: vblank timer overrun
[  164.329913][ T2294] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  164.493567][ T2294] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  164.496135][ T2294] usb 6-1: config 0 has no interface number 0
[  164.497893][ T2294] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  164.501626][ T2294] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  164.506624][ T2294] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  164.509974][ T2294] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  164.513256][ T2294] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  164.517449][ T2294] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  164.520557][ T2294] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.526476][ T2294] usb 6-1: config 0 descriptor??
[  164.529686][ T7672] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  164.534849][ T2294] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  164.709980][   T10] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  164.859906][   T10] usb 7-1: Using ep0 maxpacket: 16
[  164.869935][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  164.873510][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  164.877117][   T10] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  164.879613][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.885726][   T10] usb 7-1: config 0 descriptor??
[  164.892331][   T10] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  164.973224][ T7676] netlink: 8 bytes leftover after parsing attributes in process `syz.1.413'.
[  165.869549][ T7679] random: crng reseeded on system resumption
[  165.975382][ T7681] FAULT_INJECTION: forcing a failure.
[  165.975382][ T7681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  165.979487][ T7681] CPU: 3 UID: 0 PID: 7681 Comm: syz.0.415 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  165.979501][ T7681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  165.979508][ T7681] Call Trace:
[  165.979512][ T7681]  <TASK>
[  165.979516][ T7681]  dump_stack_lvl+0x16c/0x1f0
[  165.979536][ T7681]  should_fail_ex+0x512/0x640
[  165.979550][ T7681]  _copy_to_user+0x32/0xd0
[  165.979564][ T7681]  simple_read_from_buffer+0xcb/0x170
[  165.979580][ T7681]  proc_fail_nth_read+0x197/0x270
[  165.979594][ T7681]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  165.979609][ T7681]  ? rw_verify_area+0xcf/0x680
[  165.979621][ T7681]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  165.979635][ T7681]  vfs_read+0x1de/0xc70
[  165.979650][ T7681]  ? __pfx___mutex_lock+0x10/0x10
[  165.979664][ T7681]  ? __pfx_vfs_read+0x10/0x10
[  165.979681][ T7681]  ? __fget_files+0x20e/0x3c0
[  165.979698][ T7681]  ksys_read+0x12a/0x240
[  165.979711][ T7681]  ? __pfx_ksys_read+0x10/0x10
[  165.979723][ T7681]  ? rcu_is_watching+0x12/0xc0
[  165.979738][ T7681]  ? rcu_is_watching+0x12/0xc0
[  165.979751][ T7681]  __do_fast_syscall_32+0x73/0x120
[  165.979790][ T7681]  do_fast_syscall_32+0x32/0x80
[  165.979805][ T7681]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  165.979817][ T7681] RIP: 0023:0xf742e579
[  165.979826][ T7681] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  165.979835][ T7681] RSP: 002b:00000000f50b6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  165.979845][ T7681] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50b6620
[  165.979851][ T7681] RDX: 000000000000000f RSI: 00000000f741cff4 RDI: 0000000000000000
[  165.979856][ T7681] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  165.979861][ T7681] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  165.979867][ T7681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  165.979882][ T7681]  </TASK>
[  166.036488][    C3] vkms_vblank_simulate: vblank timer overrun
[  166.158115][ T7685] netlink: 4 bytes leftover after parsing attributes in process `syz.4.417'.
[  166.163622][ T7685] netlink: 4 bytes leftover after parsing attributes in process `syz.4.417'.
[  166.166877][ T7685] netlink: 4 bytes leftover after parsing attributes in process `syz.4.417'.
[  166.185177][ T7685] netlink: 8 bytes leftover after parsing attributes in process `syz.4.417'.
[  166.189228][ T7685] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.388146][ T7690] netlink: 8 bytes leftover after parsing attributes in process `syz.4.419'.
[  166.392454][ T7690] netlink: 24 bytes leftover after parsing attributes in process `syz.4.419'.
[  166.396759][ T7690] netlink: 24 bytes leftover after parsing attributes in process `syz.4.419'.
[  166.412352][ T7690] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  166.425382][ T7690] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[  166.428744][ T7690] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 7690, name: syz.4.419
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  166.433853][ T7690] preempt_count: 0, expected: 0
[  166.435559][ T7690] RCU nest depth: 1, expected: 0
[  166.437179][ T7690] 4 locks held by syz.4.419/7690:
[  166.439012][ T7690]  #0: ffff88802007cef8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370
[  166.442693][ T7690]  #1: ffff88806ba7bb38 (&ovl_i_mutex_dir_key[depth]#2){++++}-{4:4}, at: wrap_directory_iterator+0x54/0xe0
[  166.445976][ T7690]  #2: ffff888078648148 (&type->i_mutex_dir_key#11){.+.+}-{4:4}, at: iterate_dir+0x18b/0xb40
[  166.448873][ T7690]  #3: ffffffff8e3c1580 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x619/0xf50
[  166.452166][ T7690] CPU: 3 UID: 0 PID: 7690 Comm: syz.4.419 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) 
[  166.452188][ T7690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  166.452198][ T7690] Call Trace:
[  166.452203][ T7690]  <TASK>
[  166.452208][ T7690]  dump_stack_lvl+0x16c/0x1f0
[  166.452225][ T7690]  __might_resched+0x3c0/0x5e0
[  166.452241][ T7690]  ? find_held_lock+0x2b/0x80
[  166.452254][ T7690]  ? __pfx___might_resched+0x10/0x10
[  166.452271][ T7690]  ? ovl_cache_entry_new+0x3d/0x730
[  166.452281][ T7690]  __kmalloc_noprof+0x386/0x510
[  166.452301][ T7690]  ovl_cache_entry_new+0x3d/0x730
[  166.452314][ T7690]  ovl_fill_merge+0x2c1/0xa90
[  166.452328][ T7690]  afs_dynroot_readdir+0x9bb/0xf50
[  166.452339][ T7690]  ? __pfx_ovl_fill_merge+0x10/0x10
[  166.452352][ T7690]  ? __pfx_afs_dynroot_readdir+0x10/0x10
[  166.452365][ T7690]  ? apparmor_file_permission+0x251/0x400
[  166.452379][ T7690]  iterate_dir+0x293/0xb40
[  166.452393][ T7690]  ovl_dir_read_merged+0x3ef/0x5d0
[  166.452404][ T7690]  ? __pfx_ovl_dir_read_merged+0x10/0x10
[  166.452418][ T7690]  ? __pfx_ovl_fill_merge+0x10/0x10
[  166.452433][ T7690]  ? kasan_save_track+0x14/0x30
[  166.452483][ T7690]  ovl_iterate+0x86c/0xe40
[  166.452496][ T7690]  ? __pfx_down_read_killable+0x10/0x10
[  166.452508][ T7690]  ? __pfx_ovl_iterate+0x10/0x10
[  166.452520][ T7690]  wrap_directory_iterator+0x9f/0xe0
[  166.452534][ T7690]  iterate_dir+0x293/0xb40
[  166.452550][ T7690]  __ia32_compat_sys_getdents+0x14d/0x2c0
[  166.452563][ T7690]  ? __ia32_sys_futex_time32+0x2fc/0x460
[  166.452579][ T7690]  ? __pfx___ia32_compat_sys_getdents+0x10/0x10
[  166.452592][ T7690]  ? xfd_validate_state+0x5d/0x180
[  166.452605][ T7690]  ? __pfx_compat_filldir+0x10/0x10
[  166.452617][ T7690]  ? rcu_is_watching+0x12/0xc0
[  166.452630][ T7690]  ? rcu_is_watching+0x12/0xc0
[  166.452643][ T7690]  __do_fast_syscall_32+0x73/0x120
[  166.452658][ T7690]  do_fast_syscall_32+0x32/0x80
[  166.452672][ T7690]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  166.452683][ T7690] RIP: 0023:0xf7f68579
[  166.452692][ T7690] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  166.452701][ T7690] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 000000000000008d
[  166.452710][ T7690] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080001fc0
[  166.452716][ T7690] RDX: 00000000000000b8 RSI: 0000000000000000 RDI: 0000000000000000
[  166.452721][ T7690] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  166.452726][ T7690] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  166.452731][ T7690] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  166.452744][ T7690]  </TASK>
[  166.545760][    C3] vkms_vblank_simulate: vblank timer overrun
[  166.901531][   T29] usb 6-1: USB disconnect, device number 21
[  166.905862][   T29] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  167.210136][ T6835] usb 7-1: USB disconnect, device number 18

VM DIAGNOSIS:
19:29:34  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff912717e2 RBX=0000000000000001 RCX=dffffc0000000000 RDX=0000000000000000
RSI=0000000000000002 RDI=ffffffff909fc83c RBP=ffffffff909fc83c RSP=ffffc90003abf050
R8 =ffffffff912717f4 R9 =0000000000000000 R10=0000000000000001 R11=0000000000010603
R12=ffffffff909fc844 R13=ffffffff820603cb R14=ffffffff909fc83c R15=ffffffff909fc83c
RIP=ffffffff8169cf7a RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977b9000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f96e40 CR3=000000000e182000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f742cff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000af2141 RBX=0000000000000001 RCX=ffffffff8b700439 RDX=0000000000000000
RSI=ffffffff8dbeaaf3 RDI=ffffffff8bf45180 RBP=ffffed1003b55488 RSP=ffffc9000046fdf8
R8 =0000000000000001 R9 =ffffed10056665bd R10=ffff88802b332deb R11=0000000000000000
R12=0000000000000001 R13=ffff88801daaa440 R14=ffffffff90867310 R15=0000000000000000
RIP=ffffffff8b6feccf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880978b9000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000008085e000 CR3=000000006fc58000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=ffffffff820823bd RBX=0000000000000001 RCX=ffffc90004350000 RDX=ffffc9000434f901
RSI=ffffc9000434f8f8 RDI=ffffc9000434f8f8 RBP=ffffc9000434ed88 RSP=ffffc9000434ecc8
R8 =ffffffff912728c6 R9 =0000000000000000 R10=0000000000000001 R11=00000000000107e3
R12=ffffc9000434ed90 R13=ffffc9000434ed40 R14=ffffc9000434f900 R15=ffffc9000434ed74
RIP=ffffffff8169cf03 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880979b9000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=0000000078092000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=dffffc0000000000 RBX=ffff888068fb17e0 RCX=ffffffff818339b7 RDX=1ffff1100d1f62fe
RSI=ffffffff818339c5 RDI=ffff888068fb17f0 RBP=0000000000000001 RSP=ffffc900005e8ba8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffff88801b4a8060 R13=ffff88804b61b400 R14=ffff888068fb17e8 R15=ffff88801b4a8060
RIP=ffffffff81833a1e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097ab9000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000569374c0 CR3=0000000056fe6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000