last executing test programs:

3m42.379648163s ago: executing program 4 (id=683):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x40c01)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000b00))
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x1a5982)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000100003040000", @ANYRES32=0x0, @ANYBLOB="a5fdad88402000002400128009000100626f6e64000000001400028005000d0002000000ff8b000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x404c804}, 0x4000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x44, 0x1, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @private}}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x899}]}]}, 0x44}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a01010044", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
r6 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
r7 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r6, r7, r6}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
dup(r9)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4138ae84, &(0x7f0000000c40)=@x86={0xab, 0xd, 0x18, 0x0, 0x100, 0x8, 0x7, 0x0, 0x40, 0x3, 0xc, 0xfd, 0x0, 0x1, 0xa, 0x8a, 0x7, 0x14, 0x33, '\x00', 0x8, 0x2})
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000e006"])

3m41.54757593s ago: executing program 4 (id=688):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x8c0802, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
userfaultfd(0x181c00)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
sendmsg$NL80211_CMD_VENDOR(r1, 0x0, 0x804)
r3 = socket$inet6(0xa, 0x3, 0x88)
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r4)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r6, <r7=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={r7, 0x0, 0x0, 0x0, 0x3, [<r8=>0x0, 0x0, 0x0, <r9=>0x0], [0x800000], [0x0, 0x1001000], [0x0, 0x200000, 0xe8a6]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r8, 0x0, 0x0, r9], [0x2b8]})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000280)={&(0x7f00000000c0)=[<r10=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_RMFB(r4, 0xc00464af, &(0x7f0000000480)=r10)
syz_io_uring_setup(0xed1, &(0x7f0000000400)={0x0, 0x586d, 0x10300, 0xfffffffd, 0x103}, &(0x7f00000004c0)=<r11=>0x0, &(0x7f0000000600)=<r12=>0x0)
syz_io_uring_submit(r11, r12, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})

3m40.471219561s ago: executing program 4 (id=690):
r0 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0xfb6e, 0x38c1, 0x4, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
io_uring_register$IORING_REGISTER_FILES(r0, 0x20, &(0x7f0000000000)=[r0], 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[], 0x24}}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffa5}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x20011814)
r5 = syz_io_uring_setup(0x3f97, &(0x7f0000000000)={0x0, 0xe9bd, 0x0, 0x9, 0x3ce}, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000780))
ppoll(&(0x7f0000000140)=[{r5}], 0x1, 0x0, 0x0, 0x0)
r7 = syz_io_uring_setup(0x3734, &(0x7f0000000580)={0x0, 0x139b, 0x4, 0x1, 0x16a, 0x0, r5}, &(0x7f0000000600), &(0x7f0000000900))
syz_io_uring_setup(0x5b86, &(0x7f0000000880)={0x0, 0x1, 0x20000, 0x2, 0x2000000, 0x0, r7}, &(0x7f0000000280), 0x0)
r8 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000940)=ANY=[@ANYRESHEX=r2, @ANYRES32, @ANYRES16=r2, @ANYRES8=r6, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="1808000000000000000000007fffffff85100000000000e018100040", @ANYRES32=r8, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000360a000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r9, 0x58, &(0x7f0000000500)}, 0x10)
syz_io_uring_setup(0x1868, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x10}, &(0x7f0000000700)=<r10=>0x0, 0x0)
syz_io_uring_submit(r10, 0x0, 0x0)

3m39.1316399s ago: executing program 4 (id=693):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002)
r2 = dup(r1)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)={0x78, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x42, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}, 0x0, @random=0x7, 0x1, @void, @void, @void, @val={0x4, 0x6, {0xf0, 0x2, 0x7f, 0xa706}}, @void, @val={0x5, 0x3, {0x6, 0xb6, 0xff}}, @val={0x25, 0x3, {0x1, 0x8c, 0x8}}, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x78}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)

3m38.719398106s ago: executing program 4 (id=695):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
readv(r0, &(0x7f0000000b80)=[{&(0x7f00000004c0)=""/223, 0xdf}, {&(0x7f00000006c0)=""/193, 0xc1}, {&(0x7f00000007c0)=""/246, 0xf6}, {&(0x7f00000005c0)=""/142, 0x8e}, {&(0x7f0000000080)=""/33, 0x21}, {&(0x7f00000008c0)=""/182, 0xb6}, {&(0x7f0000000980)=""/212, 0xd4}, {&(0x7f0000000a80)=""/106, 0x6a}, {&(0x7f0000000b00)=""/126, 0x7e}], 0x9)

3m38.339914223s ago: executing program 4 (id=697):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0000b9cc00000010000040000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x5, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x91, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x2a73}, 0x94)
r4 = syz_open_dev$video4linux(&(0x7f0000000000), 0x7, 0x103100)
ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc0585605, &(0x7f0000001180)={0x0, 0x0, {0x7adf, 0xff, 0x2007, 0x6, 0x7, 0x6, 0x2, 0x5}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r3}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r5}, 0x10)
setitimer(0x1, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r7)
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[], 0x38}}, 0x10)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x501d41, 0x0)
close(r8)
r9 = socket$unix(0x1, 0x1, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001600)=@newqdisc={0x84, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x54, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffb, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0xfffffffffffffff8}, @TCA_NETEM_SLOT={0x2c, 0xc, {0xca, 0x5f4e, 0x80, 0x0, 0x32a, 0x401}}]}}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x80000, {0x0, 0x0, 0x0, r11, {}, {0xd, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x1d96}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f00000003c0)={0x2000000005, 0x4000, 0x4, r9, 0x9})
ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f0000000100)={0x3, 0x0, 0x2, r14, 0xa})
ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

3m37.817925229s ago: executing program 32 (id=697):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0000b9cc00000010000040000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x5, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x91, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x2a73}, 0x94)
r4 = syz_open_dev$video4linux(&(0x7f0000000000), 0x7, 0x103100)
ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc0585605, &(0x7f0000001180)={0x0, 0x0, {0x7adf, 0xff, 0x2007, 0x6, 0x7, 0x6, 0x2, 0x5}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r3}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r5}, 0x10)
setitimer(0x1, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r7)
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[], 0x38}}, 0x10)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x501d41, 0x0)
close(r8)
r9 = socket$unix(0x1, 0x1, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001600)=@newqdisc={0x84, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x54, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffb, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0xfffffffffffffff8}, @TCA_NETEM_SLOT={0x2c, 0xc, {0xca, 0x5f4e, 0x80, 0x0, 0x32a, 0x401}}]}}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x80000, {0x0, 0x0, 0x0, r11, {}, {0xd, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x1d96}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f00000003c0)={0x2000000005, 0x4000, 0x4, r9, 0x9})
ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f0000000100)={0x3, 0x0, 0x2, r14, 0xa})
ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

8.313228453s ago: executing program 1 (id=1619):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000002c0), 0x151440, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000480)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000001b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x801, 0x0, 0x0, {0x3, 0x0, 0x5}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x1}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWTABLE={0x6c, 0x0, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x31, 0x6, "bcda65b9743359c507ddba0e12d59388c679568f2f25cd022d6c8b1f80d735022400cc3a7547889a91b378cbd5"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSET={0x1c, 0xb, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x4}, [@NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x9}]}, @NFT_MSG_DELFLOWTABLE={0x22c, 0x18, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK={0x100, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0xb8, 0x3, 0x0, 0x1, [{0x14, 0x1, 'macsec0\x00'}, {0x14, 0x1, 'ip6gretap0\x00'}, {0x14, 0x1, 'gretap0\x00'}, {0x14, 0x1, 'ip_vti0\x00'}, {0x14, 0x1, 'veth1_to_bridge\x00'}, {0x14, 0x1, 'wlan0\x00'}, {0x14, 0x1, 'pim6reg1\x00'}, {0x14, 0x1, 'veth1_macvtap\x00'}, {0x14, 0x1, 'veth1_to_team\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vcan0\x00'}, {0x14, 0x1, 'veth0_to_batadv\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x5}, @NFTA_FLOWTABLE_HOOK={0xc0, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'bond_slave_1\x00'}, {0x14, 0x1, 'veth0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x90, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve1\x00'}, {0x14, 0x1, 'dvmrp0\x00'}, {0x14, 0x1, 'virt_wifi0\x00'}, {0x14, 0x1, 'ip6gre0\x00'}, {0x14, 0x1, 'veth0_to_hsr\x00'}, {0x14, 0x1, 'pim6reg0\x00'}, {0x14, 0x1, 'erspan0\x00'}]}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x218, 0x18, 0xa, 0x101, 0x0, 0x0, {0x9bcc0ff7695d3815, 0x0, 0xa}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x5}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1d8, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ip_vti0\x00'}, {0x14, 0x1, 'ip6erspan0\x00'}, {0x14, 0x1, 'nr0\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0xa4, 0x3, 0x0, 0x1, [{0x14, 0x1, 'team0\x00'}, {0x14, 0x1, 'macvtap0\x00'}, {0x14, 0x1, 'bridge0\x00'}, {0x14, 0x1, 'xfrm0\x00'}, {0x14, 0x1, 'vcan0\x00'}, {0x14, 0x1, 'tunl0\x00'}, {0x14, 0x1, 'veth0_to_batadv\x00'}, {0x14, 0x1, 'veth0_vlan\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2934000}, @NFTA_FLOWTABLE_HOOK_DEVS={0x90, 0x3, 0x0, 0x1, [{0x14, 0x1, 'gre0\x00'}, {0x14, 0x1, 'tunl0\x00'}, {0x14, 0x1, 'veth0_to_bond\x00'}, {0x14, 0x1, 'bond0\x00'}, {0x14, 0x1, 'veth1_to_team\x00'}, {0x14, 0x1, 'dvmrp1\x00'}, {0x14, 0x1, 'veth1_to_batadv\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_vlan\x00'}, {0x14, 0x1, 'geneve1\x00'}, {0x14, 0x1, 'veth1_to_bridge\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3}]}]}, @NFT_MSG_NEWRULE={0x198, 0x6, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_RULE_EXPRESSIONS={0x148, 0x4, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_SOCKET_LEVEL={0x8, 0x3, 0x6e}, @NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x8c}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_DREG={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}, {0x10, 0x1, 0x0, 0x1, @target={{0xb}, @void}}, {0x30, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_FLAGS={0x8}, @NFTA_CONNLIMIT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_CONNLIMIT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}}}, {0x4c, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0xdc}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0x4d}, @NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x6}, @NFTA_HASH_TYPE={0x8}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0x44}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0xa1}, @NFTA_HASH_OFFSET={0x8, 0x6, 0x1, 0x0, 0x5}]}}}, {0x20, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_FWD_SREG_DEV={0x8}]}}}, {0x44, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x8}, @NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x3}, @NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x1}, @NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x8}, @NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x6}]}}}, {0x10, 0x1, 0x0, 0x1, @tunnel={{0xb}, @void}}]}]}, @NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x720}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r4 = io_uring_setup(0xf08, &(0x7f0000000100)={0x0, 0xfb6e, 0x38c1, 0xfffffffd, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000bf00)=@newtaction={0x104, 0x30, 0x200, 0x70bd29, 0x25dfdbfc, {}, [{0xf0, 0x1, [@m_police={0xec, 0x18, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0xffffffffffffffff, 0x4, 0x3, 0x1, {0x95, 0x1, 0xb, 0x8, 0xf6, 0xfffffffa}, {0x9, 0x0, 0xff, 0x8, 0x1bed, 0x9}, 0x0, 0x80000001, 0x3e}}]]}, {0x83, 0x6, "d087ea06528c49fdd2f8773f075474c04e24bc674ffa7ff4197b8c118cc36a8e001b7d028a120757d4654d50a353ead91a7a8f546058e1e06aeba141f04e8c8f60d4a6dd1d10e16ae223becd5c2583c59cc4e64da4c9326fcb393fb3bb6f5f78d65fac872fcc3379a2a19a96bc60620de4fbf47ad7465e3d683e455b7be48a"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x104}, 0x1, 0x0, 0x0, 0x80}, 0x4000080)
io_uring_register$IORING_REGISTER_FILES(r4, 0x20, &(0x7f0000000000)=[r4], 0x1)
r5 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000002006a402505a1a440000102030109025c00020100e0000904000001020d0000052406000105240000000d240f0103000000080000000006241a000014090581c6000400f2000904010000020d00000904010102020d0000090582020002000900090503020002040300"], 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r6, &(0x7f000000c800)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/25, 0x19}, {&(0x7f0000000380)=""/93, 0x5d}, {&(0x7f0000000940)=""/132, 0x84}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000000500)=""/217, 0xd9}, {&(0x7f0000001a80)=""/102, 0x66}], 0x6}, 0xc}, {{0x0, 0x0, 0x0}, 0x24c9ddb}, {{0x0, 0x0, 0x0}, 0xf04}, {{0x0, 0x0, 0x0}, 0x1}], 0x4, 0x40000000, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x20, 0x80, 0x1c, {0x26, 0x10, 0x10, 0x10, 0x10, 0x10, 0x90, 0x10, 0x10, 0x0, 0xd, 0x2010}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)

7.443452529s ago: executing program 0 (id=1624):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x40c01)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000b00))
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x1a5982)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000100003040000", @ANYRES32=0x0, @ANYBLOB="a5fdad88402000002400128009000100626f6e64000000001400028005000d0002000000ff8b000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x404c804}, 0x4000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x44, 0x1, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @private}}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x899}]}]}, 0x44}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[], 0x0)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
dup(r7)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4138ae84, &(0x7f0000000c40)=@x86={0xab, 0xd, 0x18, 0x0, 0x100, 0x8, 0x7, 0x0, 0x40, 0x3, 0xc, 0xfd, 0x0, 0x1, 0xa, 0x8a, 0x7, 0x14, 0x33, '\x00', 0x8, 0x2})
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000e0"])

6.691235082s ago: executing program 2 (id=1626):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, <r3=>0xffffffffffffffff]}}], 0x78}, 0x0)
sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000180)={0x0, 0x2f, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000001", @ANYRES16=r3, @ANYBLOB="010028bd70000700000002000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)

6.419117341s ago: executing program 2 (id=1627):
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400))
openat$cgroup_ro(r0, &(0x7f0000000380)='cgroup.freeze\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000c00), 0x242880, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_netdev_private(r1, 0x8927, &(0x7f0000001fc0)="fa7c813a")
creat(&(0x7f00000011c0)='./file0/file0\x00', 0x40)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket(0x15, 0x4, 0x5)

6.172480918s ago: executing program 0 (id=1628):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000040)=[@window={0x3, 0xb}, @window={0x3, 0x2, 0x1}, @mss={0x2, 0x9}, @window={0x3, 0x8, 0xfff5}, @window={0x3, 0x2, 0x1ff}, @sack_perm, @sack_perm, @sack_perm], 0x8)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x8004)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)

5.904926586s ago: executing program 2 (id=1629):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="b0fdffff7d01000006f1000000000400000000000000040000000000000000000000000000000200000000000000000000001f00046e6f6465767b6376666f7825ffffff8102000000000031ffcebc920000003800704a86cec602007dfa673effeb09b5351f5bde224000000000187b8200b500003b595fcb14034354b9fd9ef196a51cd5157adc8105b494e11200cfc2001000000000000000000000f313f6005500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050021000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8d489da649a3700ca5ffe522b1235a9c7ef6f36eb6419ecdfba48b890f93e0aec8918454df8592c016f6465762d6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b4105c21bb461688aba2e7de05b62ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d1ea6c01bd529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88b"], 0x232)

5.729570438s ago: executing program 5 (id=1630):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6gre0\x00', <r2=>r1, 0x4, 0x3, 0xc, 0x3, 0x8, @local, @loopback, 0x10, 0x7800, 0xffffffff, 0xb}})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180200000000000000000000000000008500000036000000c50000002a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r3, r1}, 0x40)
syz_emit_ethernet(0xfdef, &(0x7f00000006c0)=ANY=[], 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x30, 0x1411, 0x300, 0x70bd29, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x3}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x8010}, 0x40000)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x63, &(0x7f0000000c80)={'HL\x00'}, &(0x7f0000000cc0)=0x1e)

5.679099918s ago: executing program 2 (id=1632):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x13, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7786}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}, {0x85, 0x0, 0x0, 0xa0}}, @printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0xc}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3}, 0x8)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r2, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="6400000002060103"], 0x64}, 0x1, 0x0, 0x0, 0x4000001}, 0x40)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])

5.388004232s ago: executing program 5 (id=1634):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x3, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="180200008000000000000000000000008500000018000000850000000700000095"], &(0x7f0000000680)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="5becbc0e0d7cca6073a4f11d1b00", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000280)={'filter\x00', 0x0, 0x0, 0x0, [0x5, 0x9, 0x695, 0x3, 0x8b, 0x9], 0x3, &(0x7f0000000000)=[{}, {}, {}], 0x0, [{}, {}, {}]}, 0xa8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r2, &(0x7f0000000200)="6aab22f24233a5447f57562a8c383ce69455f4708f2fe4ad050511351cef2807b18cac0d18c8dd09f078529a1782b502a031e9b304338d805675264c23761936bb0f2c942e87b80037b36505d600000d0000000000", 0x0, 0x4}, 0x20)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0xab, 0xf6, 0x24, 0x40, 0xeb1a, 0x2800, 0x8cf6, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xeb, 0x0, 0x2, 0xe5, 0x44, 0xf0, 0x0, [], [{{0x9, 0x5, 0x4, 0x8, 0x8, 0x0, 0x3, 0x1}}, {{0x9, 0x5, 0x87, 0x2, 0x400, 0xb, 0x7f, 0x14}}]}}]}}]}}, 0x0)

5.339615117s ago: executing program 3 (id=1635):
r0 = socket$nl_route(0x10, 0x3, 0x0)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r3, 0x0, 0xb, &(0x7f0000000080)=0x80000001, 0x4)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000e00)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}], 0x1, 0x240080a0)
setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000001140)=0x2, 0x4)
sendmmsg$inet(r3, &(0x7f0000005700)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000b80)="6870f038c53094b1edfba05540c3fbcd107be1021bad83bb6e88af42b2e2209284b03a6d4aa2cf5b65c8e62309de960fc279cfddc119510b1f899581ada38248cc6f0997e197bf09e647a8f8ce802fcb833ea90711ab59a9beac79fa634d8a276466790a3a4c7ae040e9ad09d5b859830cb8a93fe75021f316756e345200a6d0f0bc1015371f443b2e6f6bc17dcec3dee88f320459b9981109bd5c6e7704d68e4c271d3a13063860877edf38ab9067e70806", 0xb2}, {&(0x7f0000000c40)="7c8a365265b40ce966bf4b65964dc9d76c26a0017060951f978b718294105e13246c91bf165fa99f6806c287a004267de0175bd7e0b7995ad4e02b9033236a4b4ee49b8ae8ee95d1776da62d402b9a66fe288f3ee52a597f5ce675918601a1d9104522765fb803b7c7024db0c4f42a8b3a5370258709c2e2cfad1559326a7d2e0e81a261b7b1bde7829c8cc2d02b511858f77bcae5ac7ff334b5444424ed8008233430ff955b8315a70abbfe162b316ff6c433482594e5d03f1578435fbc46fb7b161e05", 0xc4}, {&(0x7f0000001180)="40b45d991c3dbecd3dfbd178ebd3837571244b7fe8a505456fd09154c6ce3ed4947da069d7b23b4f667650656ae46eb7c393e09b025cbbf580956bb303d7d565ce6aab2bee9137146f50db0e31a6c23afeb1fdb62250c5aba7ac9a987947760d4122924bb15ade5d0d67cb6f2992065f2fa8b106c7c29e7d5a816c7cc3396ec9626cbf7914221ddffad4d81e70095110cdd407a6f2dddfe05248cac3a390594920e3d17d8a6bc9d3ec893730bb78deea6f2a9696ddf4f5a136a9a130550c8daf8211056d5e57193f7fd90c88526d4bc0aa4c1f748a3fc111bb4aab090d8ffd53b155e71eb4355db2b19cd5212b9fea9b4710751a36e01947dff2b132bcf86746c8f1d19a297dcd07e9cad67ce6eb912036d7c42013ec1b80e78e06f10180543119f46d17eff13de6dd2eda779c6fc70c55c34923a780b94dfac01f0e11e4dfd2044dba45027c66f542fb75ab9db0e1ab1e28edb7e397d11f659043f1849fda143ba582ee723365fccbebe8c808e408f4dc05017adbe45f3717a579d52d85007d630536fd2ee4fdb18393e1f4faa371195aca54c7809aabe25b850a2b8324163b768c206d3d3fa7b64c79e8cc34032579e1ac5554129ac9dcf7591af7471a217e5376ed1e37e21b72814d0478100da6e883623c96a082c2658d6375967040021d3818f34db4b6da280fe4daeaee38e97db097cb79a4b6d636c3f6bf4c81e4a2a2634a5e25df2b0aa4813362d7b9c5ba491675062bcc93fbfb156b6c383498a978a2d26386f03e3e33d9de0ad0d6ae004765ce38b13cdd72450a125ed90cf7f3dcb4607f483ad3b22843bef46833a5c9b0111ac6fea4bfc36270591a7b19b40822607bc20af5a2640e1a36092ec507154b3886256b937779d4cd5c40af9646b99d717c6ed92d1633c6ae670ae3b99b3cc31043a13959e9d97d47ee47e5cbd009408406f54259b7af1a3237933cd1455f15ed744242bd02eb4e63e7116213aa11679c73f806aff1f8d744c3c943894d795126047db4e0d55f75f3edc9c8b17fd7085543dc51b8be61bd396582e5a0c251cff13fbfe52b94962d70d9a77d7a48820a61811555e46e8ac3c0fa277ac460cf12cdf9e03c19d5cc404d2263b8e347753c5a1be26583e6d27ad521f4bfa57f5954c5c247eec6b250f97d85e71860d302b19d4decede6998f23e2df348a78f7933aed297bb628531b921bf5f1b1609bec92a2e3b4ef7c72c6ad2c47d50166aad43ef9249bd5f610234c9d21270aaf19392e3fa59e155dd15e5602a7d4dc1e5e520e61bba01659e6632d86ce761cc8996e4111cb88a4b5c0df1c79bc9ae495ad7b276972bed9d92bd714ab762918dcab5a9bba6f62b57622ffb63a4baf19461c9eed6d9deed3eb0e290f7cbd98f6c98acbdd575d01ab98dd87e308d5e1c46b229931d2a90b5ceb64a1bd424491050ab6fec85c12acfc25d24ae3a659a6dc81a0c164b6b6d627f0ae4a821cdbf16e94e6df2288ba17181e35474d8d529a74c68a30f99f97b183e7454b5fde4ab86500a89d916db80ffba4a1da5fdd586f", 0x44b}], 0x3}}], 0x1, 0x0)
recvfrom$inet(r3, 0x0, 0x0, 0x40002061, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ENDIAN(r2, 0x4008af13, &(0x7f0000000240))
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001a00010000000080fbdbdf250a808000000000000000000008001c00", @ANYRES32=0x0, @ANYRESHEX=r0, @ANYRES32], 0x2c}}, 0x20000050)
mq_open(&(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x5a, &(0x7f00000000c0)={0x56, 0x6aca, 0xffffffffffffffff, 0x74b3})

5.170088808s ago: executing program 0 (id=1636):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a32000000001400000011"], 0x7c}, 0x1, 0x0, 0x0, 0x44080}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706b86e6520436170745572652720303030303030"], 0xb8)
r5 = openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup3(r5, r4, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20)
sendmsg$inet6(r7, 0x0, 0x0)
connect$inet(r6, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
r8 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x25dfdbfc, {0x7a, 0x0, 0x0, r9}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa888}, @IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

5.152002425s ago: executing program 3 (id=1637):
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x439, 0x70bd2a, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x3, 0x610c3}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0xffffffff}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000040)={0xa2, 0x6576, 0xd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r4, 0x100000000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000400)={'batadv_slave_1\x00', <r5=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x500)
quotactl_fd$Q_QUOTAON(r0, 0xffffffff80000202, r6, &(0x7f0000000200)='./file0\x00')
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10)
ppoll(&(0x7f0000000500)=[{r7}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x7fffffff, 0x7, 0x4, 0x1000000, 0x800, 0x8, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x1, 0x8, 0x3f9a, 0x0, 0x8000000010001, 0x3}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
close(r0)

4.195833623s ago: executing program 0 (id=1638):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)={0x78, r2, 0x5, 0x0, 0x6000000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x42, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}, 0x0, @random=0x7, 0x1, @void, @void, @void, @val={0x4, 0x6, {0xf0, 0x2, 0x7f, 0xa706}}, @void, @val={0x5, 0x3, {0x6, 0xb6, 0xff}}, @val={0x25, 0x3, {0x1, 0x8c, 0x8}}, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x78}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)

3.946173104s ago: executing program 0 (id=1639):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x40c01)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000b00))
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x1a5982)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000100003040000", @ANYRES32=0x0, @ANYBLOB="a5fdad88402000002400128009000100626f6e64000000001400028005000d0002000000ff8b000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x404c804}, 0x4000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x44, 0x1, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @private}}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x899}]}]}, 0x44}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[], 0x0)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
dup(r7)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4138ae84, &(0x7f0000000c40)=@x86={0xab, 0xd, 0x18, 0x0, 0x100, 0x8, 0x7, 0x0, 0x40, 0x3, 0xc, 0xfd, 0x0, 0x1, 0xa, 0x8a, 0x7, 0x14, 0x33, '\x00', 0x8, 0x2})
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000e006"])

3.919789614s ago: executing program 1 (id=1640):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x40c01)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000b00))
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x1a5982)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000100003040000", @ANYRES32=0x0, @ANYBLOB="a5fdad88402000002400128009000100626f6e64000000001400028005000d0002000000ff8b000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x404c804}, 0x4000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x44, 0x1, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @private}}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x899}]}]}, 0x44}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[], 0x0)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
dup(r7)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4138ae84, &(0x7f0000000c40)=@x86={0xab, 0xd, 0x18, 0x0, 0x100, 0x8, 0x7, 0x0, 0x40, 0x3, 0xc, 0xfd, 0x0, 0x1, 0xa, 0x8a, 0x7, 0x14, 0x33, '\x00', 0x8, 0x2})
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000e006"]) (fail_nth: 1)

3.327070824s ago: executing program 0 (id=1641):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x20, 0x0, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0x4}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x2000881}, 0x4004)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60}, 0x40)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
syz_clone(0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0)
capset(&(0x7f0000a31000)={0x20080521}, 0x0)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x601, 0x0, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000680)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010028bd7000fbdbdf251a00000004002e8008000300", @ANYRES32=r8, @ANYBLOB='4\x00.'], 0x6c}, 0x1, 0x0, 0x0, 0x20040040}, 0x20040)

3.231245198s ago: executing program 1 (id=1642):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x40c01)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000b00))
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x1a5982)
pivot_root(&(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240)='./file0/file0\x00')
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000100003040000", @ANYRES32=0x0, @ANYBLOB="a5fdad88402000002400128009000100626f6e64000000001400028005000d0002000000ff8b000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x404c804}, 0x4000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x44, 0x1, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @private}}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x899}]}]}, 0x44}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[], 0x0)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r7 = memfd_create(&(0x7f0000000500)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F', 0x1)
write$binfmt_script(r7, &(0x7f0000000280)={'#! ', './file0/file0'}, 0x11)
execveat(r7, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
dup(r8)
shutdown(0xffffffffffffffff, 0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@bridge_getlink={0xc0, 0x12, 0x8, 0x70bd27, 0x25dfdbfb, {0x7, 0x0, 0x0, 0x0, 0x8000, 0x1004}, [@IFLA_VF_PORTS={0x8c, 0x18, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "e6e6c657d7c2486453b11d10626d96af"}]}, {0x38, 0x1, 0x0, 0x1, [@IFLA_PORT_VF={0x8, 0x1, 0xfc3}, @IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_VF={0x8, 0x1, 0xfffffff0}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x6}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "ffd0c6327026b35f1a521855f6ee033f"}]}, {0x38, 0x1, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "36bad2d4ed5539769cdaedcbe213ef9b"}, @IFLA_PORT_VF={0x8, 0x1, 0x4}, @IFLA_PORT_VF={0x8, 0x1, 0x94}, @IFLA_PORT_REQUEST={0x5, 0x6, 0xf6}, @IFLA_PORT_PROFILE={0x6, 0x2, '$\x00'}]}]}, @IFLA_OPERSTATE={0x5, 0x10, 0x5e}, @IFLA_BROADCAST={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}}]}, 0xc0}, 0x1, 0x0, 0x0, 0x1}, 0x20040000)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4138ae84, &(0x7f0000000c40)=@x86={0xab, 0xd, 0x18, 0x0, 0x100, 0x8, 0x7, 0x0, 0x40, 0x3, 0xc, 0xfd, 0x0, 0x1, 0xa, 0x8a, 0x7, 0x14, 0x33, '\x00', 0x8, 0x2})
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000e006"])

3.162515907s ago: executing program 2 (id=1643):
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400))
openat$cgroup_ro(r0, &(0x7f0000000380)='cgroup.freeze\x00', 0x0, 0x0)
acct(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = msgget(0x0, 0x40)
msgctl$MSG_INFO(r2, 0xc, &(0x7f00000000c0)=""/173)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x26, &(0x7f0000000000)={0x1, 0x0, 0x56b, 0xfffffffffffffffc})
fcntl$lock(r3, 0x24, &(0x7f0000000040)={0x2, 0x2, 0x1, 0x7})
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB], 0x20)
unshare(0x20000400)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x62000000, 0x0, 0x0, 0x0, 0x0, 0x0)
clock_gettime(0x6, 0x0)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
lsm_set_self_attr(0x6a, 0x0, 0x0, 0x0)
readv(r4, 0x0, 0x0)
gettid()
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

2.926039438s ago: executing program 5 (id=1644):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x4003, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x1d, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000004000)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000540)=0x5, 0x4)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)

2.695102062s ago: executing program 1 (id=1645):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'sit0\x00', <r4=>0x0})
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000240)=0x4000, 0x4)
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r4}, 0x10)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x1000000, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

2.653377239s ago: executing program 3 (id=1646):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="b0fdffff7d01000005f7000000000400000000000000040000000000000000000000000000000200000000000000000000001f00046e6f6465767b6376666f7825ffffff8102000000000031ffcebc920000003800704a86cec602007dfa673effeb09b5351f5bde224000000000187b8200b500003b595fcb14034354b9fd9ef196a51cd5157adc8105b494e11200cfc2001000000000000000000000f313f6005500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050021000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8d489da649a3700ca5ffe522b1235a9c7ef6f36eb6419ecdfba48b890f93e0aec8918454df8592c016f6465762d6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b4105c21bb461688aba2e7de05b62ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d1ea6c01bd529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88b"], 0x232)

2.147733291s ago: executing program 3 (id=1647):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000040)=[@window={0x3, 0xb}, @window={0x3, 0x2, 0x1}, @mss={0x2, 0x9}, @window={0x3, 0x8, 0xfff5}, @window={0x3, 0x2, 0x1ff}, @sack_perm, @sack_perm, @sack_perm], 0x8)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x8004)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)

1.675420256s ago: executing program 5 (id=1648):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a32000000001400000011"], 0x7c}, 0x1, 0x0, 0x0, 0x44080}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706b86e6520436170745572652720303030303030"], 0xb8)
r5 = openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup3(r5, r4, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20)
sendmsg$inet6(r7, 0x0, 0x0)
connect$inet(r6, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
r8 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x25dfdbfc, {0x7a, 0x0, 0x0, r9}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa888}, @IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

1.654724456s ago: executing program 1 (id=1649):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r1=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000140)={r1, 0x1, 0x6, @local}, 0x10)
r2 = socket$phonet(0x23, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'hsr0\x00', <r3=>0x0})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r5 = socket(0x10, 0x803, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bdaa, 0xffffffff, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x74, 0x2c, 0xd27, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r7, {0xc, 0xffe0}, {}, {0xf, 0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_EMATCHES={0x40, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x34, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0x5, 0x0, 0x200}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x5, 0x8, 0xc4}, {0x4, 0x0, 0x1}}}]}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40010}, 0x20040054)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000200)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x10)
setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000580)={r1, 0x1, 0x6, @local}, 0x10)

634.885644ms ago: executing program 5 (id=1650):
r0 = socket(0xb, 0x2, 0x1)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000810000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
syslog(0x0, 0x0, 0xfffffef6)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x8000, 0x0)
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af03, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f00000002c0), 0x2)
readv(r4, &(0x7f0000001780)=[{&(0x7f0000000200)=""/167, 0xa7}, {0x0}], 0x2)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
ptrace$cont(0x9, r5, 0x1, 0x80000001)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r4, &(0x7f0000000140)={0x16, 0x98, 0xfa00, {0x0, 0x6, 0xffffffffffffffff, 0x0, 0x0, @in6={0xa, 0x51, 0x8, @dev={0xfe, 0x80, '\x00', 0x41}, 0x71}}}, 0xa0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'team_slave_0\x00', 0x2})
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[], 0x3c}}, 0x0)
connect$inet6(r0, &(0x7f00000005c0)={0xa, 0x4e23, 0x8, @loopback, 0x1}, 0x1c)
r7 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000380)={0xa, @pix_mp={0x7fffffd, 0x0, 0x32525942, 0x2, 0x0, [{}, {0x0, 0xffffffff}, {}, {}, {}, {0x0, 0x6}, {0x6}], 0x0, 0x8, 0x16, 0x1, 0x7}})
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, 0x0, 0x0)

532.75459ms ago: executing program 1 (id=1651):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, 0x0, 0x4000000)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f00000001c0)={0xc, 0x8, 0xfa00, {0x0}}, 0x10)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x305080, 0x0)
ioctl$UFFDIO_POISON(r3, 0xc020aa08, &(0x7f0000000180)={{&(0x7f00009dd000/0x4000)=nil, 0x4000}, 0x1})

531.30416ms ago: executing program 3 (id=1652):
mount(0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x0, 0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0))
r0 = socket$alg(0x26, 0x5, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$alg(r0, &(0x7f0000000a00)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg$unix(r1, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0xfff0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r2 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

530.590724ms ago: executing program 2 (id=1653):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0xa, 0x3, 0x3a)
r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x80004, 0x10100, 0x1, 0x2ad}, &(0x7f0000000100), &(0x7f0000000080))
syz_usb_connect(0x0, 0x38, &(0x7f00000001c0)=ANY=[@ANYBLOB="120120021bd459088904b5e02aae0102030109022600010701e00509040000029722185c090507", @ANYRES64=r0], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0})
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x6, &(0x7f0000006680)) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x6, &(0x7f0000006680))
faccessat(0xffffffffffffffff, 0x0, 0x6)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x0, 0x0) (async)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
socket$rds(0x15, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
r8 = socket$kcm(0xa, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1d, 0x19, 0xbb12, 0xc, 0x70480, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x3}, 0x50) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1d, 0x19, 0xbb12, 0xc, 0x70480, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x3}, 0x50)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x890b, &(0x7f0000000000)) (async)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x890b, &(0x7f0000000000))

38.058642ms ago: executing program 5 (id=1654):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000040)=0x100000001, 0x4)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r1, 0x400, 0x70bd27, 0x25dfdbfc, {{}, {}, {0x8, 0x2, 0x6}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x4040040}, 0x4)
setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f00000000c0)=0x5, 0x4)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
sendmmsg$inet(r5, 0x0, 0x0, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
open(0x0, 0x0, 0x0)
open(0x0, 0x0, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x11, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000001540)=@raw={'raw\x00', 0x3c1, 0x3, 0x14d8, 0x1290, 0x5802, 0x294, 0x1290, 0x294, 0x1408, 0x325, 0x378, 0x1408, 0x378, 0x3, 0x0, {[{{@ipv6={@loopback, @empty, [0x0, 0x0, 0x0, 0xff000000], [], 'pimreg0\x00', 'macsec0\x00', {0xff}, {}, 0x0, 0x0, 0x3}, 0x0, 0x1228, 0x1290, 0x52020000, {}, [@common=@inet=@hashlimit2={{0x150}, {'gre0\x00', {0x0, 0x4, 0x60, 0x0, 0x0, 0x6, 0x7fffffff, 0x0, 0x8}}}, @common=@unspec=@cgroup1={{0x1030}, {0x0, 0xfc, 0xfd, 0x0, './cgroup.net/syz1\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x108, 0x178, 0x0, {}, [@common=@ah={{0x30}}, @common=@frag={{0x30}, {[0x0, 0x101]}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0xcfd, 0x8000, 0x8, 0x1, 0x0, "40384e1aa968ae1a869c8ce9a46b9ff41931137193fc6c2a5d28667be0e6c0e8dd7ab2a2560d636022502c16f2d80f7e97c47fa0a3d21b373dc257058a128931"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1538)
r6 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r6, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94)
sendmsg(r6, &(0x7f00000000c0)={0x0, 0x9584, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x16, 0x5, &(0x7f0000000bc0)=ANY=[], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x1, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x800}, {0x0, 0x4d9, 0x0, 0x2000000000}}, [@tmpl={0x84, 0x5, [{{@in6=@remote, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x0, 0x40}, {{@in=@remote, 0x0, 0x32}, 0x0, @in6=@private1, 0x0, 0x5}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

0s ago: executing program 3 (id=1655):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x40c01)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000b00))
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x1a5982)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000100003040000", @ANYRES32=0x0, @ANYBLOB="a5fdad88402000002400128009000100626f6e64000000001400028005000d0002000000ff8b000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x404c804}, 0x4000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x44, 0x1, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @private}}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x899}]}]}, 0x44}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[], 0x0)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
dup(r7)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4138ae84, &(0x7f0000000c40)=@x86={0xab, 0xd, 0x18, 0x0, 0x100, 0x8, 0x7, 0x0, 0x40, 0x3, 0xc, 0xfd, 0x0, 0x1, 0xa, 0x8a, 0x7, 0x14, 0x33, '\x00', 0x8, 0x2})
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000e006"]) (fail_nth: 2)

kernel console output (not intermixed with test programs):

9][T10107]  ? do_syscall_64+0xbe/0x3b0
[  391.043228][T10107]  do_syscall_64+0xfa/0x3b0
[  391.043251][T10107]  ? lockdep_hardirqs_on+0x9c/0x150
[  391.043274][T10107]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.043296][T10107]  ? clear_bhb_loop+0x60/0xb0
[  391.043322][T10107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.043344][T10107] RIP: 0033:0x7f504f18ebe9
[  391.043364][T10107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.043383][T10107] RSP: 002b:00007f505004a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  391.043406][T10107] RAX: ffffffffffffffda RBX: 00007f504f3b5fa0 RCX: 00007f504f18ebe9
[  391.043423][T10107] RDX: 000000000000008b RSI: 0000200000000400 RDI: 0000000000000003
[  391.043436][T10107] RBP: 00007f505004a090 R08: 0000000000000000 R09: 0000000000000000
[  391.043450][T10107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.043463][T10107] R13: 00007f504f3b6038 R14: 00007f504f3b5fa0 R15: 00007ffddd60dae8
[  391.043497][T10107]  </TASK>
[  391.452290][ T5900] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  391.602289][ T5900] usb 6-1: Using ep0 maxpacket: 32
[  391.622716][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  391.642410][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  391.652408][ T5900] usb 6-1: New USB device found, idVendor=258a, idProduct=0033, bcdDevice= 0.00
[  391.661493][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.677419][ T5900] usb 6-1: config 0 descriptor??
[  392.110256][T10116] loop6: detected capacity change from 0 to 7
[  392.112591][ T5900] glorious 0003:258A:0033.000A: hidraw0: USB HID v0.00 Device [Glorious Model D] on usb-dummy_hcd.5-1/input0
[  392.127362][T10116] Dev loop6: unable to read RDB block 7
[  392.145770][T10116]  loop6: AHDI p1 p2 p3
[  392.150120][T10116] loop6: partition table partially beyond EOD, truncated
[  392.168663][T10116] loop6: p1 start 1405162169 is beyond EOD, truncated
[  392.187050][T10116] loop6: p2 size 46 extends beyond EOD, truncated
[  392.318786][T10109] syzkaller1: entered promiscuous mode
[  392.328398][T10109] syzkaller1: entered allmulticast mode
[  392.338855][ T8441] usb 6-1: USB disconnect, device number 14
[  392.514314][T10127] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1142'.
[  392.742595][ T8470] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  392.916735][ T8470] usb 2-1: config 0 has an invalid interface number: 92 but max is 1
[  392.925269][ T8470] usb 2-1: config 0 has an invalid interface number: 104 but max is 1
[  392.944029][ T8470] usb 2-1: config 0 has no interface number 0
[  392.952309][ T8470] usb 2-1: config 0 has no interface number 1
[  392.958486][ T8470] usb 2-1: config 0 interface 92 altsetting 0 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  393.007089][ T8470] usb 2-1: config 0 interface 92 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  393.042290][ T8470] usb 2-1: config 0 interface 92 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  393.072433][ T8470] usb 2-1: config 0 interface 92 altsetting 0 has a duplicate endpoint with address 0x1, skipping
[  393.095140][ T8470] usb 2-1: config 0 interface 92 altsetting 0 has a duplicate endpoint with address 0x1, skipping
[  393.107047][ T8470] usb 2-1: config 0 interface 92 altsetting 0 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  393.118785][ T8470] usb 2-1: config 0 interface 104 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  393.130031][ T8470] usb 2-1: config 0 interface 104 altsetting 9 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  393.141425][ T8470] usb 2-1: config 0 interface 104 altsetting 9 endpoint 0xC has invalid maxpacket 512, setting to 64
[  393.153849][ T8470] usb 2-1: config 0 interface 104 altsetting 9 has a duplicate endpoint with address 0x1, skipping
[  393.168662][ T8470] usb 2-1: config 0 interface 104 altsetting 9 has a duplicate endpoint with address 0x3, skipping
[  393.181734][ T8470] usb 2-1: config 0 interface 104 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  393.197323][ T8470] usb 2-1: config 0 interface 104 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  393.211071][ T8470] usb 2-1: config 0 interface 104 altsetting 9 has a duplicate endpoint with address 0x9, skipping
[  393.225923][ T8470] usb 2-1: config 0 interface 104 has no altsetting 0
[  393.235783][ T8470] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a1, bcdDevice=54.54
[  393.256436][ T8470] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.272394][ T8470] usb 2-1: Product: syz
[  393.281558][ T8470] usb 2-1: Manufacturer: syz
[  393.307150][ T8470] usb 2-1: SerialNumber: syz
[  393.328339][ T8470] usb 2-1: config 0 descriptor??
[  393.435407][T10145] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  393.444861][T10146] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  393.452166][T10145] syzkaller0: entered promiscuous mode
[  393.460663][T10145] syzkaller0: entered allmulticast mode
[  393.469659][T10146] syzkaller0: entered promiscuous mode
[  393.479931][T10146] syzkaller0: entered allmulticast mode
[  393.522142][T10145] tipc: Resetting bearer <eth:syzkaller0>
[  393.531312][T10144] tipc: Resetting bearer <eth:syzkaller0>
[  393.576266][ T8470] dvb-usb: found a 'Terratec Cinergy DT USB XS Diversity/ T5' in cold state, will try to load a firmware
[  393.609292][T10144] tipc: Disabling bearer <eth:syzkaller0>
[  393.620711][T10140] tipc: Resetting bearer <eth:syzkaller0>
[  393.653163][ T8470] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  393.664116][T10140] tipc: Disabling bearer <eth:syzkaller0>
[  393.671579][ T8470] dib0700: firmware download failed at 7 with -8
[  393.721852][ T8470] dvb-usb: found a 'Terratec Cinergy DT USB XS Diversity/ T5' in cold state, will try to load a firmware
[  393.754289][ T8470] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  393.776290][ T8470] dib0700: firmware download failed at 7 with -8
[  393.841496][ T5900] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  393.933148][ T8470] usb 2-1: USB disconnect, device number 25
[  394.012381][ T5900] usb 6-1: device descriptor read/64, error -71
[  394.673229][ T5900] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  394.882511][ T5900] usb 6-1: device descriptor read/64, error -71
[  395.093663][ T5900] usb usb6-port1: attempt power cycle
[  395.310171][T10169] IPVS: length: 24 != 4248
[  395.473106][ T5900] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  395.515021][ T5900] usb 6-1: device descriptor read/8, error -71
[  395.773135][ T5900] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[  395.831246][ T5900] usb 6-1: device descriptor read/8, error -71
[  395.973247][ T5900] usb usb6-port1: unable to enumerate USB device
[  397.025232][T10185] new mount options do not match the existing superblock, will be ignored
[  397.063987][T10185] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  397.097567][T10185] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1160'.
[  398.289016][   T51] Bluetooth: hci2: hardware error 0x00
[  398.342808][ T8470] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  398.539587][ T8470] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  398.549125][ T8470] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  398.574589][ T8470] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  398.586959][ T8470] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  398.601249][ T8470] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  398.622342][ T8470] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  398.632031][ T8470] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.661279][ T8470] usb 6-1: config 0 descriptor??
[  398.686741][T10198] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  398.702367][ T5900] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  398.882669][ T5900] usb 3-1: Using ep0 maxpacket: 8
[  398.936283][ T5900] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  398.946009][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.960814][ T5900] usb 3-1: config 0 descriptor??
[  399.126662][T10214] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  399.151032][ T8470] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  399.182303][ T8470] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  399.200072][ T8470] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  399.222658][ T8470] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  399.244540][ T8470] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  399.252167][ T8470] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  399.270123][ T8470] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  399.436172][ T8470] usb 6-1: USB disconnect, device number 19
[  399.578195][ T5900] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  399.589711][ T5900] asix 3-1:0.0: probe with driver asix failed with error -32
[  399.856302][T10236] xt_CT: No such helper "syz0"
[  400.073927][T10241] FAULT_INJECTION: forcing a failure.
[  400.073927][T10241] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  400.092633][T10241] CPU: 0 UID: 0 PID: 10241 Comm: syz.5.1180 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  400.092659][T10241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  400.092672][T10241] Call Trace:
[  400.092680][T10241]  <TASK>
[  400.092689][T10241]  dump_stack_lvl+0x189/0x250
[  400.092716][T10241]  ? __pfx____ratelimit+0x10/0x10
[  400.092756][T10241]  ? __pfx_dump_stack_lvl+0x10/0x10
[  400.092780][T10241]  ? __pfx__printk+0x10/0x10
[  400.092807][T10241]  ? __might_fault+0xb0/0x130
[  400.092840][T10241]  should_fail_ex+0x414/0x560
[  400.092867][T10241]  _copy_from_user+0x2d/0xb0
[  400.092898][T10241]  snd_seq_oss_write+0x515/0x930
[  400.092941][T10241]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  400.092970][T10241]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  400.093000][T10241]  ? security_file_permission+0x75/0x290
[  400.093028][T10241]  odev_write+0x5a/0x80
[  400.093044][T10241]  ? __pfx_odev_write+0x10/0x10
[  400.093062][T10241]  vfs_write+0x27e/0xa90
[  400.093085][T10241]  ? __pfx_vfs_write+0x10/0x10
[  400.093104][T10241]  ? __fget_files+0x2a/0x420
[  400.093130][T10241]  ? __fget_files+0x2a/0x420
[  400.093149][T10241]  ? __fget_files+0x3a0/0x420
[  400.093171][T10241]  ? __fget_files+0x2a/0x420
[  400.093197][T10241]  ksys_write+0x145/0x250
[  400.093225][T10241]  ? __pfx_ksys_write+0x10/0x10
[  400.093237][T10241]  ? rcu_is_watching+0x15/0xb0
[  400.093259][T10241]  ? do_syscall_64+0xbe/0x3b0
[  400.093281][T10241]  do_syscall_64+0xfa/0x3b0
[  400.093297][T10241]  ? lockdep_hardirqs_on+0x9c/0x150
[  400.093326][T10241]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.093342][T10241]  ? clear_bhb_loop+0x60/0xb0
[  400.093362][T10241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.093378][T10241] RIP: 0033:0x7f34da78ebe9
[  400.093394][T10241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.093409][T10241] RSP: 002b:00007f34db5b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  400.093426][T10241] RAX: ffffffffffffffda RBX: 00007f34da9b5fa0 RCX: 00007f34da78ebe9
[  400.093437][T10241] RDX: 0000000000000232 RSI: 0000200000000740 RDI: 0000000000000003
[  400.093447][T10241] RBP: 00007f34db5b5090 R08: 0000000000000000 R09: 0000000000000000
[  400.093456][T10241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.093465][T10241] R13: 00007f34da9b6038 R14: 00007f34da9b5fa0 R15: 00007ffdc4716b38
[  400.093489][T10241]  </TASK>
[  400.357928][   T51] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  401.480019][ T8470] usb 3-1: USB disconnect, device number 41
[  401.561133][T10250] 9pnet_fd: Insufficient options for proto=fd
[  402.837445][T10283] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1192'.
[  402.857660][T10279] ptm ptm5: ldisc open failed (-12), clearing slot 5
[  402.870031][T10283] netlink: 'syz.0.1192': attribute type 2 has an invalid length.
[  402.908191][T10283] netlink: 'syz.0.1192': attribute type 2 has an invalid length.
[  402.960927][T10283] netlink: 'syz.0.1192': attribute type 2 has an invalid length.
[  403.034950][T10283] netlink: 'syz.0.1192': attribute type 1 has an invalid length.
[  403.069073][T10283] netlink: 'syz.0.1192': attribute type 2 has an invalid length.
[  403.491545][T10294] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  404.462232][T10322] FAULT_INJECTION: forcing a failure.
[  404.462232][T10322] name failslab, interval 1, probability 0, space 0, times 0
[  404.473865][T10315] XFS (nullb0): Invalid superblock magic number
[  404.485123][T10322] CPU: 0 UID: 0 PID: 10322 Comm: syz.1.1200 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  404.485152][T10322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  404.485166][T10322] Call Trace:
[  404.485176][T10322]  <TASK>
[  404.485185][T10322]  dump_stack_lvl+0x189/0x250
[  404.485214][T10322]  ? __pfx____ratelimit+0x10/0x10
[  404.485239][T10322]  ? __pfx_dump_stack_lvl+0x10/0x10
[  404.485263][T10322]  ? __pfx__printk+0x10/0x10
[  404.485298][T10322]  ? __pfx___might_resched+0x10/0x10
[  404.485328][T10322]  should_fail_ex+0x414/0x560
[  404.485358][T10322]  should_failslab+0xa8/0x100
[  404.485385][T10322]  __kmalloc_cache_noprof+0x70/0x3d0
[  404.485406][T10322]  ? snd_seq_port_connect+0x6b/0x430
[  404.485434][T10322]  snd_seq_port_connect+0x6b/0x430
[  404.485455][T10322]  ? do_raw_read_unlock+0x3d/0x80
[  404.485485][T10322]  ? _raw_read_unlock+0x28/0x50
[  404.485512][T10322]  snd_seq_ioctl_subscribe_port+0x339/0x710
[  404.485562][T10322]  ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10
[  404.485587][T10322]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  404.485633][T10322]  snd_seq_oss_midi_open+0x39d/0x7b0
[  404.485656][T10322]  ? is_bpf_text_address+0x26/0x2b0
[  404.485699][T10322]  ? __pfx_snd_seq_oss_midi_open+0x10/0x10
[  404.485733][T10322]  ? snd_seq_oss_process_event+0x9bd/0x2a80
[  404.485758][T10322]  snd_seq_oss_process_event+0xd26/0x2a80
[  404.485785][T10322]  ? __pfx_snd_seq_oss_process_event+0x10/0x10
[  404.485815][T10322]  snd_seq_oss_write+0x4b7/0x930
[  404.485853][T10322]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  404.485881][T10322]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  404.485907][T10322]  ? security_file_permission+0x75/0x290
[  404.485933][T10322]  odev_write+0x5a/0x80
[  404.485950][T10322]  ? __pfx_odev_write+0x10/0x10
[  404.485969][T10322]  vfs_write+0x27e/0xa90
[  404.485997][T10322]  ? __pfx_vfs_write+0x10/0x10
[  404.486019][T10322]  ? __fget_files+0x2a/0x420
[  404.486045][T10322]  ? __fget_files+0x2a/0x420
[  404.486071][T10322]  ? __fget_files+0x3a0/0x420
[  404.486092][T10322]  ? __fget_files+0x2a/0x420
[  404.486124][T10322]  ksys_write+0x145/0x250
[  404.486146][T10322]  ? __pfx_ksys_write+0x10/0x10
[  404.486166][T10322]  ? rcu_is_watching+0x15/0xb0
[  404.486188][T10322]  ? trace_sys_enter+0x25/0x120
[  404.486212][T10322]  do_syscall_64+0xfa/0x3b0
[  404.486236][T10322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.486256][T10322]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  404.486278][T10322]  ? clear_bhb_loop+0x60/0xb0
[  404.486302][T10322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.486322][T10322] RIP: 0033:0x7f504f18ebe9
[  404.486336][T10322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.486351][T10322] RSP: 002b:00007f505004a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  404.486368][T10322] RAX: ffffffffffffffda RBX: 00007f504f3b5fa0 RCX: 00007f504f18ebe9
[  404.486379][T10322] RDX: 0000000000000232 RSI: 0000200000000740 RDI: 0000000000000003
[  404.486390][T10322] RBP: 00007f505004a090 R08: 0000000000000000 R09: 0000000000000000
[  404.486400][T10322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.486410][T10322] R13: 00007f504f3b6038 R14: 00007f504f3b5fa0 R15: 00007ffddd60dae8
[  404.486450][T10322]  </TASK>
[  405.093911][T10334] netlink: 5404 bytes leftover after parsing attributes in process `syz.0.1204'.
[  405.103547][T10334] netlink: 5404 bytes leftover after parsing attributes in process `syz.0.1204'.
[  407.302386][ T5849] Bluetooth: hci4: command 0x0401 tx timeout
[  409.182061][T10357] [U] ²§N�{st3	ö)ŸLÌó´ñb§o7UˆÑŽÌNQþʈt™²
­QöZ4s 
[  411.238185][T10387] sctp: [Deprecated]: syz.1.1219 (pid 10387) Use of struct sctp_assoc_value in delayed_ack socket option.
[  411.238185][T10387] Use struct sctp_sack_info instead
[  412.861770][T10401] binfmt_misc: register: failed to install interpreter file ./file0
[  412.971891][   T31] kauditd_printk_skb: 15 callbacks suppressed
[  412.971910][   T31] audit: type=1326 audit(1754814095.296:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10398 comm="syz.2.1224" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9daa58ebe9 code=0x0
[  413.692467][ T8441] usb 6-1: new low-speed USB device number 20 using dummy_hcd
[  414.788698][ T8441] usb 6-1: config index 0 descriptor too short (expected 1307, got 27)
[  414.802343][ T8441] usb 6-1: config 0 has an invalid interface number: 0 but max is -1
[  414.810598][ T8441] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 0
[  414.861895][ T8441] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  414.882247][ T8441] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  414.902289][ T8441] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 39, setting to 8
[  414.922869][ T8441] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  414.945398][ T8441] usb 6-1: string descriptor 0 read error: -22
[  414.951901][ T8441] usb 6-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  414.982061][ T8441] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.990787][ T8432] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  415.009339][T10448] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  415.025175][ T8441] usb 6-1: config 0 descriptor??
[  415.041269][T10409] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  415.058701][T10448] overlayfs: overlapping lowerdir path
[  415.072857][ T8441] hub 6-1:0.0: bad descriptor, ignoring hub
[  415.526551][ T8441] hub 6-1:0.0: probe with driver hub failed with error -5
[  415.546306][ T8441] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input10
[  415.610093][ T8432] usb 2-1: config 0 has an invalid interface number: 176 but max is 2
[  415.633170][    C0] usb_acecad 6-1:0.0: can't resubmit intr, dummy_hcd.5-1/input0, status -1
[  415.651558][ T8432] usb 2-1: config 0 has an invalid interface number: 4 but max is 2
[  415.669840][ T8432] usb 2-1: config 0 has no interface number 0
[  415.677355][    C1] usb_acecad 6-1:0.0: can't resubmit intr, dummy_hcd.5-1/input0, status -1
[  415.679358][ T8432] usb 2-1: config 0 has no interface number 1
[  415.700090][ T8432] usb 2-1: too many endpoints for config 0 interface 4 altsetting 255: 255, using maximum allowed: 30
[  415.728875][ T8432] usb 2-1: config 0 interface 4 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  415.745192][ T8432] usb 2-1: config 0 interface 4 has no altsetting 0
[  415.752127][ T8432] usb 2-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  415.763655][ T8432] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.780142][ T8432] usb 2-1: config 0 descriptor??
[  415.999776][ T8432] usb 2-1: Could not set interface, error -71
[  416.036640][ T8432] usb 2-1: selecting invalid altsetting 0
[  416.043743][ T8432] usb 2-1: Could not set interface, error -22
[  416.053934][ T8432] usb 2-1: USB disconnect, device number 26
[  416.178209][T10457] FAULT_INJECTION: forcing a failure.
[  416.178209][T10457] name failslab, interval 1, probability 0, space 0, times 0
[  416.191153][T10457] CPU: 1 UID: 0 PID: 10457 Comm: syz.2.1240 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  416.191180][T10457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  416.191194][T10457] Call Trace:
[  416.191202][T10457]  <TASK>
[  416.191212][T10457]  dump_stack_lvl+0x189/0x250
[  416.191242][T10457]  ? __pfx____ratelimit+0x10/0x10
[  416.191265][T10457]  ? __pfx_dump_stack_lvl+0x10/0x10
[  416.191290][T10457]  ? __pfx__printk+0x10/0x10
[  416.191323][T10457]  ? __pfx___might_resched+0x10/0x10
[  416.191346][T10457]  ? fs_reclaim_acquire+0x7d/0x100
[  416.191378][T10457]  should_fail_ex+0x414/0x560
[  416.191406][T10457]  should_failslab+0xa8/0x100
[  416.191432][T10457]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  416.191454][T10457]  ? __alloc_skb+0x112/0x2d0
[  416.191489][T10457]  __alloc_skb+0x112/0x2d0
[  416.191534][T10457]  netlink_ack+0x146/0xa50
[  416.191559][T10457]  ? __pfx_genl_rcv_msg+0x10/0x10
[  416.191579][T10457]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  416.191597][T10457]  ? __pfx_nl80211_post_doit+0x10/0x10
[  416.191651][T10457]  netlink_rcv_skb+0x28c/0x470
[  416.191691][T10457]  ? __pfx_genl_rcv_msg+0x10/0x10
[  416.191715][T10457]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  416.191765][T10457]  ? down_read+0x1ad/0x2e0
[  416.191794][T10457]  genl_rcv+0x28/0x40
[  416.191813][T10457]  netlink_unicast+0x75c/0x8e0
[  416.191858][T10457]  netlink_sendmsg+0x805/0xb30
[  416.191899][T10457]  ? __pfx_netlink_sendmsg+0x10/0x10
[  416.191941][T10457]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  416.191963][T10457]  ? __pfx_netlink_sendmsg+0x10/0x10
[  416.191994][T10457]  __sock_sendmsg+0x21c/0x270
[  416.192023][T10457]  ____sys_sendmsg+0x505/0x830
[  416.192063][T10457]  ? __pfx_____sys_sendmsg+0x10/0x10
[  416.192108][T10457]  ? import_iovec+0x74/0xa0
[  416.192142][T10457]  ___sys_sendmsg+0x21f/0x2a0
[  416.192178][T10457]  ? __pfx____sys_sendmsg+0x10/0x10
[  416.192252][T10457]  ? __fget_files+0x2a/0x420
[  416.192276][T10457]  ? __fget_files+0x3a0/0x420
[  416.192311][T10457]  __x64_sys_sendmsg+0x19b/0x260
[  416.192347][T10457]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  416.192390][T10457]  ? __pfx_ksys_write+0x10/0x10
[  416.192406][T10457]  ? rcu_is_watching+0x15/0xb0
[  416.192435][T10457]  ? do_syscall_64+0xbe/0x3b0
[  416.192463][T10457]  do_syscall_64+0xfa/0x3b0
[  416.192484][T10457]  ? lockdep_hardirqs_on+0x9c/0x150
[  416.192506][T10457]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.192527][T10457]  ? clear_bhb_loop+0x60/0xb0
[  416.192553][T10457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.192574][T10457] RIP: 0033:0x7f9daa58ebe9
[  416.192592][T10457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.192611][T10457] RSP: 002b:00007f9dab3d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  416.192632][T10457] RAX: ffffffffffffffda RBX: 00007f9daa7b5fa0 RCX: 00007f9daa58ebe9
[  416.192648][T10457] RDX: 0000000004000004 RSI: 0000200000000200 RDI: 0000000000000003
[  416.192662][T10457] RBP: 00007f9dab3d6090 R08: 0000000000000000 R09: 0000000000000000
[  416.192682][T10457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  416.192695][T10457] R13: 00007f9daa7b6038 R14: 00007f9daa7b5fa0 R15: 00007ffd472280f8
[  416.192730][T10457]  </TASK>
[  416.507552][    C1] vkms_vblank_simulate: vblank timer overrun
[  416.556776][ T8454] usb 6-1: USB disconnect, device number 20
[  416.603719][T10459] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1241'.
[  416.982389][ T8454] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  417.572562][ T8431] usb 3-1: new full-speed USB device number 42 using dummy_hcd
[  417.803508][ T8431] usb 3-1: too many configurations: 12, using maximum allowed: 8
[  417.911694][ T8431] usb 3-1: unable to read config index 0 descriptor/start: -61
[  417.973368][ T8431] usb 3-1: can't read configurations, error -61
[  418.030915][T10473] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1246'.
[  418.102375][ T8454] usb 6-1: Using ep0 maxpacket: 16
[  418.116371][ T8454] usb 6-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[  418.126851][ T8454] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  418.142443][ T8431] usb 3-1: new full-speed USB device number 43 using dummy_hcd
[  418.154707][ T8454] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  418.165659][ T8454] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.182429][ T8454] usb 6-1: Product: syz
[  418.187058][ T8454] usb 6-1: Manufacturer: syz
[  418.202282][ T8454] usb 6-1: SerialNumber: syz
[  418.306891][ T8431] usb 3-1: too many configurations: 12, using maximum allowed: 8
[  418.328865][ T8431] usb 3-1: unable to read config index 0 descriptor/start: -61
[  418.350319][ T8431] usb 3-1: can't read configurations, error -61
[  418.370339][ T8431] usb usb3-port1: attempt power cycle
[  418.416333][T10489] comedi comedi0: comedi_config --init_data is deprecated
[  418.426811][ T8454] usb 6-1: 0:2 : does not exist
[  418.457110][ T8454] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  418.507816][ T8454] usb 6-1: USB disconnect, device number 21
[  418.724718][ T8431] usb 3-1: new full-speed USB device number 44 using dummy_hcd
[  418.785570][ T8431] usb 3-1: too many configurations: 12, using maximum allowed: 8
[  418.812347][ T8470] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  418.959865][ T8431] usb 3-1: unable to read config index 0 descriptor/start: -61
[  418.968195][ T8431] usb 3-1: can't read configurations, error -61
[  418.985076][ T8470] usb 4-1: no configurations
[  419.125652][ T8431] usb 3-1: new full-speed USB device number 45 using dummy_hcd
[  419.280037][ T8431] usb 3-1: too many configurations: 12, using maximum allowed: 8
[  419.384802][ T8431] usb 3-1: unable to read config index 0 descriptor/start: -61
[  419.481486][ T8431] usb 3-1: can't read configurations, error -61
[  419.555702][ T8431] usb usb3-port1: unable to enumerate USB device
[  419.849835][ T8470] usb 4-1: can't read configurations, error -22
[  419.942742][T10520] FAULT_INJECTION: forcing a failure.
[  419.942742][T10520] name failslab, interval 1, probability 0, space 0, times 0
[  419.982564][ T8470] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  420.092541][T10520] CPU: 1 UID: 0 PID: 10520 Comm: syz.5.1260 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  420.092568][T10520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  420.092580][T10520] Call Trace:
[  420.092589][T10520]  <TASK>
[  420.092596][T10520]  dump_stack_lvl+0x189/0x250
[  420.092631][T10520]  ? __pfx____ratelimit+0x10/0x10
[  420.092652][T10520]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.092674][T10520]  ? __pfx__printk+0x10/0x10
[  420.092704][T10520]  ? __pfx___might_resched+0x10/0x10
[  420.092725][T10520]  ? fs_reclaim_acquire+0x7d/0x100
[  420.092754][T10520]  should_fail_ex+0x414/0x560
[  420.092779][T10520]  should_failslab+0xa8/0x100
[  420.092803][T10520]  __kmalloc_noprof+0xcb/0x4f0
[  420.092821][T10520]  ? __sta_info_alloc+0x93/0x2630
[  420.092848][T10520]  __sta_info_alloc+0x93/0x2630
[  420.092882][T10520]  ieee80211_add_station+0x3cc/0x6a0
[  420.092909][T10520]  rdev_add_station+0x108/0x290
[  420.092938][T10520]  nl80211_new_station+0x1723/0x1b40
[  420.092977][T10520]  ? __pfx_nl80211_new_station+0x10/0x10
[  420.092997][T10520]  ? netdev_run_todo+0xe1d/0xea0
[  420.093044][T10520]  ? nl80211_pre_doit+0x4f1/0x930
[  420.093071][T10520]  genl_family_rcv_msg_doit+0x215/0x300
[  420.093101][T10520]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  420.093136][T10520]  ? bpf_lsm_capable+0x9/0x20
[  420.093160][T10520]  ? security_capable+0x7e/0x2e0
[  420.093193][T10520]  genl_rcv_msg+0x60e/0x790
[  420.093221][T10520]  ? __pfx_genl_rcv_msg+0x10/0x10
[  420.093239][T10520]  ? ref_tracker_free+0x63a/0x7d0
[  420.093259][T10520]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  420.093276][T10520]  ? __pfx_nl80211_new_station+0x10/0x10
[  420.093296][T10520]  ? __pfx_nl80211_post_doit+0x10/0x10
[  420.093316][T10520]  ? __pfx_ref_tracker_free+0x10/0x10
[  420.093349][T10520]  netlink_rcv_skb+0x205/0x470
[  420.093378][T10520]  ? __pfx_genl_rcv_msg+0x10/0x10
[  420.093401][T10520]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  420.093446][T10520]  ? down_read+0x1ad/0x2e0
[  420.093473][T10520]  genl_rcv+0x28/0x40
[  420.093492][T10520]  netlink_unicast+0x75c/0x8e0
[  420.093530][T10520]  netlink_sendmsg+0x805/0xb30
[  420.093572][T10520]  ? __pfx_netlink_sendmsg+0x10/0x10
[  420.093615][T10520]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  420.093635][T10520]  ? __pfx_netlink_sendmsg+0x10/0x10
[  420.093664][T10520]  __sock_sendmsg+0x21c/0x270
[  420.093692][T10520]  ____sys_sendmsg+0x505/0x830
[  420.093728][T10520]  ? __pfx_____sys_sendmsg+0x10/0x10
[  420.093769][T10520]  ? import_iovec+0x74/0xa0
[  420.093801][T10520]  ___sys_sendmsg+0x21f/0x2a0
[  420.093834][T10520]  ? __pfx____sys_sendmsg+0x10/0x10
[  420.093904][T10520]  ? __fget_files+0x2a/0x420
[  420.093925][T10520]  ? __fget_files+0x3a0/0x420
[  420.093958][T10520]  __x64_sys_sendmsg+0x19b/0x260
[  420.093992][T10520]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  420.094033][T10520]  ? __pfx_ksys_write+0x10/0x10
[  420.094067][T10520]  ? rcu_is_watching+0x15/0xb0
[  420.094096][T10520]  ? do_syscall_64+0xbe/0x3b0
[  420.094125][T10520]  do_syscall_64+0xfa/0x3b0
[  420.094146][T10520]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.094169][T10520]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.094190][T10520]  ? clear_bhb_loop+0x60/0xb0
[  420.094215][T10520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.094236][T10520] RIP: 0033:0x7f34da78ebe9
[  420.094255][T10520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.094274][T10520] RSP: 002b:00007f34db5b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  420.094296][T10520] RAX: ffffffffffffffda RBX: 00007f34da9b5fa0 RCX: 00007f34da78ebe9
[  420.094312][T10520] RDX: 0000000004000004 RSI: 0000200000000200 RDI: 0000000000000003
[  420.094326][T10520] RBP: 00007f34db5b5090 R08: 0000000000000000 R09: 0000000000000000
[  420.094339][T10520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.094352][T10520] R13: 00007f34da9b6038 R14: 00007f34da9b5fa0 R15: 00007ffdc4716b38
[  420.094386][T10520]  </TASK>
[  420.484508][    C1] vkms_vblank_simulate: vblank timer overrun
[  420.653852][ T8470] usb 4-1: no configurations
[  420.658627][ T8470] usb 4-1: can't read configurations, error -22
[  420.666673][ T8470] usb usb4-port1: attempt power cycle
[  421.022743][ T8470] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  421.057662][ T8470] usb 4-1: no configurations
[  421.062950][ T8470] usb 4-1: can't read configurations, error -22
[  421.121524][T10534] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1261'.
[  421.141250][T10534] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1261'.
[  421.212107][T10534] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  421.252436][ T8470] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  421.290994][ T8470] usb 4-1: no configurations
[  421.316888][ T8470] usb 4-1: can't read configurations, error -22
[  421.359959][ T8470] usb usb4-port1: unable to enumerate USB device
[  421.389322][T10538] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1264'.
[  421.878811][T10534] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1261'.
[  422.363937][T10553] netlink: 'syz.1.1269': attribute type 8 has an invalid length.
[  423.605607][T10559] syzkaller1: entered promiscuous mode
[  423.611266][T10559] syzkaller1: entered allmulticast mode
[  423.696810][T10561] netlink: 'syz.3.1272': attribute type 3 has an invalid length.
[  423.785510][T10565] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  423.988411][ T8431] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  424.305638][T10570] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1276'.
[  424.513691][ T8431] usb 3-1: config index 0 descriptor too short (expected 65069, got 45)
[  424.522138][ T8431] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[  424.540024][ T8431] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[  424.553789][ T8431] usb 3-1: config 0 has an invalid descriptor of length 177, skipping remainder of the config
[  424.594790][ T8431] usb 3-1: config 0 has no interfaces?
[  424.600348][ T8431] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  424.627237][ T8431] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.640533][ T8431] usb 3-1: config 0 descriptor??
[  424.814543][T10583] FAULT_INJECTION: forcing a failure.
[  424.814543][T10583] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  424.828929][T10583] CPU: 1 UID: 0 PID: 10583 Comm: syz.1.1280 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  424.828965][T10583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  424.828978][T10583] Call Trace:
[  424.828986][T10583]  <TASK>
[  424.828994][T10583]  dump_stack_lvl+0x189/0x250
[  424.829021][T10583]  ? __pfx____ratelimit+0x10/0x10
[  424.829040][T10583]  ? __pfx_dump_stack_lvl+0x10/0x10
[  424.829056][T10583]  ? __pfx__printk+0x10/0x10
[  424.829074][T10583]  ? __might_fault+0xb0/0x130
[  424.829095][T10583]  should_fail_ex+0x414/0x560
[  424.829114][T10583]  _copy_from_user+0x2d/0xb0
[  424.829135][T10583]  snd_seq_oss_write+0x515/0x930
[  424.829163][T10583]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  424.829182][T10583]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  424.829203][T10583]  ? security_file_permission+0x75/0x290
[  424.829223][T10583]  odev_write+0x5a/0x80
[  424.829235][T10583]  ? __pfx_odev_write+0x10/0x10
[  424.829249][T10583]  vfs_write+0x27e/0xa90
[  424.829268][T10583]  ? __pfx_vfs_write+0x10/0x10
[  424.829282][T10583]  ? __fget_files+0x2a/0x420
[  424.829300][T10583]  ? __fget_files+0x2a/0x420
[  424.829315][T10583]  ? __fget_files+0x3a0/0x420
[  424.829330][T10583]  ? __fget_files+0x2a/0x420
[  424.829351][T10583]  ksys_write+0x145/0x250
[  424.829366][T10583]  ? __pfx_ksys_write+0x10/0x10
[  424.829376][T10583]  ? rcu_is_watching+0x15/0xb0
[  424.829395][T10583]  ? do_syscall_64+0xbe/0x3b0
[  424.829414][T10583]  do_syscall_64+0xfa/0x3b0
[  424.829429][T10583]  ? lockdep_hardirqs_on+0x9c/0x150
[  424.829443][T10583]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.829457][T10583]  ? clear_bhb_loop+0x60/0xb0
[  424.829474][T10583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.829488][T10583] RIP: 0033:0x7f504f18ebe9
[  424.829500][T10583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  424.829513][T10583] RSP: 002b:00007f505004a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  424.829528][T10583] RAX: ffffffffffffffda RBX: 00007f504f3b5fa0 RCX: 00007f504f18ebe9
[  424.829539][T10583] RDX: 0000000000000232 RSI: 0000200000000740 RDI: 0000000000000003
[  424.829548][T10583] RBP: 00007f505004a090 R08: 0000000000000000 R09: 0000000000000000
[  424.829556][T10583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  424.829565][T10583] R13: 00007f504f3b6038 R14: 00007f504f3b5fa0 R15: 00007ffddd60dae8
[  424.829586][T10583]  </TASK>
[  424.882621][ T8441] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  424.884759][    C1] vkms_vblank_simulate: vblank timer overrun
[  425.081787][    C1] vkms_vblank_simulate: vblank timer overrun
[  425.716799][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  425.772361][ T8441] usb 6-1: unable to get BOS descriptor or descriptor too short
[  425.801683][ T8441] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  425.829415][ T8441] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  425.848844][ T5967] usb 3-1: USB disconnect, device number 46
[  425.875528][ T8441] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  425.902258][ T8441] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  425.939009][ T8441] usb 6-1: config 1 has no interface number 1
[  425.954009][   T26] wlan1: Trigger new scan to find an IBSS to join
[  425.957791][ T8441] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  425.985087][ T8441] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  425.996393][ T8441] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.016210][ T8441] usb 6-1: Product: syz
[  426.020552][ T8441] usb 6-1: Manufacturer: syz
[  426.046507][ T8441] usb 6-1: SerialNumber: syz
[  426.068419][T10593] netlink: 'syz.1.1285': attribute type 1 has an invalid length.
[  426.318131][T10579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  426.347562][T10579] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.724280][ T8441] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[  428.732170][ T8441] usb 6-1: found format II with max.bitrate = 8, frame size=9
[  428.747609][ T8441] usb 6-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  428.771317][T10626] FAULT_INJECTION: forcing a failure.
[  428.771317][T10626] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  428.783768][ T8441] usb 6-1: USB disconnect, device number 22
[  428.785194][ T8470] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  428.818993][T10626] CPU: 1 UID: 0 PID: 10626 Comm: syz.2.1296 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  428.819021][T10626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  428.819040][T10626] Call Trace:
[  428.819052][T10626]  <TASK>
[  428.819065][T10626]  dump_stack_lvl+0x189/0x250
[  428.819095][T10626]  ? __pfx____ratelimit+0x10/0x10
[  428.819118][T10626]  ? __pfx_dump_stack_lvl+0x10/0x10
[  428.819143][T10626]  ? __pfx__printk+0x10/0x10
[  428.819171][T10626]  ? __might_fault+0xb0/0x130
[  428.819205][T10626]  should_fail_ex+0x414/0x560
[  428.819233][T10626]  _copy_from_user+0x2d/0xb0
[  428.819264][T10626]  kstrtouint_from_user+0xc4/0x170
[  428.819291][T10626]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  428.819346][T10626]  proc_fail_nth_write+0x88/0x240
[  428.819370][T10626]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  428.819400][T10626]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  428.819426][T10626]  vfs_write+0x27e/0xa90
[  428.819454][T10626]  ? __pfx_vfs_write+0x10/0x10
[  428.819474][T10626]  ? __fget_files+0x2a/0x420
[  428.819502][T10626]  ? __fget_files+0x3a0/0x420
[  428.819523][T10626]  ? __fget_files+0x2a/0x420
[  428.819554][T10626]  ksys_write+0x145/0x250
[  428.819575][T10626]  ? __pfx_ksys_write+0x10/0x10
[  428.819591][T10626]  ? rcu_is_watching+0x15/0xb0
[  428.819618][T10626]  ? do_syscall_64+0xbe/0x3b0
[  428.819651][T10626]  do_syscall_64+0xfa/0x3b0
[  428.819671][T10626]  ? lockdep_hardirqs_on+0x9c/0x150
[  428.819692][T10626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.819712][T10626]  ? clear_bhb_loop+0x60/0xb0
[  428.819736][T10626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.819756][T10626] RIP: 0033:0x7f9daa58d69f
[  428.819773][T10626] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  428.819790][T10626] RSP: 002b:00007f9dab3d6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  428.819811][T10626] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9daa58d69f
[  428.819825][T10626] RDX: 0000000000000001 RSI: 00007f9dab3d60a0 RDI: 0000000000000004
[  428.819837][T10626] RBP: 00007f9dab3d6090 R08: 0000000000000000 R09: 0000000000000000
[  428.819849][T10626] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  428.819861][T10626] R13: 00007f9daa7b6038 R14: 00007f9daa7b5fa0 R15: 00007ffd472280f8
[  428.819892][T10626]  </TASK>
[  429.227931][ T8470] usb 2-1: Using ep0 maxpacket: 8
[  429.241347][ T8470] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  429.251183][ T8470] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.259285][ T8470] usb 2-1: Product: syz
[  429.265292][ T8470] usb 2-1: Manufacturer: syz
[  429.269939][ T8470] usb 2-1: SerialNumber: syz
[  429.278870][ T8470] usb 2-1: config 0 descriptor??
[  429.615242][ T8441] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  429.625669][ T8470] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  429.834902][ T8441] usb 3-1: Using ep0 maxpacket: 8
[  429.933902][ T8441] usb 3-1: config 127 has an invalid interface number: 171 but max is 1
[  429.972455][ T8441] usb 3-1: config 127 has no interface number 1
[  429.978819][ T8441] usb 3-1: config 127 interface 0 altsetting 10 has an endpoint descriptor with address 0x91, changing to 0x81
[  430.002249][ T8441] usb 3-1: config 127 interface 171 has no altsetting 0
[  430.009256][ T8441] usb 3-1: config 127 interface 0 has no altsetting 0
[  430.026111][ T8441] usb 3-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9
[  430.041750][ T8441] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.052869][ T8441] usb 3-1: Product: syz
[  430.057112][ T8441] usb 3-1: Manufacturer: syz
[  430.061837][ T8441] usb 3-1: SerialNumber: syz
[  430.305911][ T8441] xr_serial 3-1:127.171: xr_serial converter detected
[  430.329270][ T8441] xr_serial ttyUSB0: Failed to set reg 0x1a: -71
[  430.340603][ T8441] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  430.376126][ T8441] usb 3-1: USB disconnect, device number 47
[  430.394059][ T8441] xr_serial 3-1:127.171: device disconnected
[  430.890649][T10660] loop6: detected capacity change from 0 to 7
[  430.898589][T10660] Dev loop6: unable to read RDB block 7
[  430.905840][   T26] wlan1: Trigger new scan to find an IBSS to join
[  430.918448][T10660]  loop6: AHDI p1 p2 p3
[  430.922734][T10660] loop6: partition table partially beyond EOD, truncated
[  430.929881][T10660] loop6: p1 start 1405162169 is beyond EOD, truncated
[  430.939706][T10660] loop6: p2 size 46 extends beyond EOD, truncated
[  431.070079][T10664] FAULT_INJECTION: forcing a failure.
[  431.070079][T10664] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  431.090807][T10622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.091084][T10664] CPU: 1 UID: 0 PID: 10664 Comm: syz.2.1310 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  431.091114][T10664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  431.091135][T10664] Call Trace:
[  431.091144][T10664]  <TASK>
[  431.091154][T10664]  dump_stack_lvl+0x189/0x250
[  431.091187][T10664]  ? __pfx____ratelimit+0x10/0x10
[  431.091214][T10664]  ? __pfx_dump_stack_lvl+0x10/0x10
[  431.091243][T10664]  ? __pfx__printk+0x10/0x10
[  431.091274][T10664]  ? __might_fault+0xb0/0x130
[  431.091312][T10664]  should_fail_ex+0x414/0x560
[  431.091357][T10664]  _copy_from_user+0x2d/0xb0
[  431.091391][T10664]  snd_seq_oss_write+0x515/0x930
[  431.091439][T10664]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  431.091472][T10664]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  431.091503][T10664]  ? security_file_permission+0x75/0x290
[  431.091536][T10664]  odev_write+0x5a/0x80
[  431.091555][T10664]  ? __pfx_odev_write+0x10/0x10
[  431.091579][T10664]  vfs_write+0x27e/0xa90
[  431.091611][T10664]  ? __pfx_vfs_write+0x10/0x10
[  431.091636][T10664]  ? __fget_files+0x2a/0x420
[  431.091667][T10664]  ? __fget_files+0x2a/0x420
[  431.091691][T10664]  ? __fget_files+0x3a0/0x420
[  431.091715][T10664]  ? __fget_files+0x2a/0x420
[  431.091759][T10664]  ksys_write+0x145/0x250
[  431.091786][T10664]  ? __pfx_ksys_write+0x10/0x10
[  431.091806][T10664]  ? rcu_is_watching+0x15/0xb0
[  431.091836][T10664]  ? do_syscall_64+0xbe/0x3b0
[  431.091868][T10664]  do_syscall_64+0xfa/0x3b0
[  431.091893][T10664]  ? lockdep_hardirqs_on+0x9c/0x150
[  431.091916][T10664]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.091940][T10664]  ? clear_bhb_loop+0x60/0xb0
[  431.091968][T10664]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.091991][T10664] RIP: 0033:0x7f9daa58ebe9
[  431.092011][T10664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  431.092033][T10664] RSP: 002b:00007f9dab3d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  431.092057][T10664] RAX: ffffffffffffffda RBX: 00007f9daa7b5fa0 RCX: 00007f9daa58ebe9
[  431.092075][T10664] RDX: 0000000000000232 RSI: 0000200000000740 RDI: 0000000000000003
[  431.092090][T10664] RBP: 00007f9dab3d6090 R08: 0000000000000000 R09: 0000000000000000
[  431.092105][T10664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  431.092118][T10664] R13: 00007f9daa7b6038 R14: 00007f9daa7b5fa0 R15: 00007ffd472280f8
[  431.092156][T10664]  </TASK>
[  431.352430][T10622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.403782][ T8470] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  431.426361][ T8470] usb 2-1: USB disconnect, device number 27
[  431.592325][ T8432] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[  431.747973][ T8432] usb 4-1: config 1 interface 0 has no altsetting 0
[  431.766076][ T8432] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  431.780357][ T8432] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.792861][ T8432] usb 4-1: Product: syz
[  431.797082][ T8432] usb 4-1: Manufacturer: syz
[  431.801860][ T8432] usb 4-1: SerialNumber: syz
[  431.846021][   T26] wlan1: Creating new IBSS network, BSSID ae:81:64:88:5d:d0
[  432.592428][ T8441] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  432.776447][ T8441] usb 2-1: unable to get BOS descriptor or descriptor too short
[  432.804256][ T8441] usb 2-1: config 6 has an invalid interface number: 46 but max is 0
[  432.832304][ T8441] usb 2-1: config 6 has no interface number 0
[  432.852228][ T8441] usb 2-1: config 6 interface 46 has no altsetting 0
[  432.896175][ T8441] usb 2-1: New USB device found, idVendor=046d, idProduct=0850, bcdDevice=66.9c
[  432.921196][ T8441] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.947110][T10714] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1323'.
[  432.962241][ T8441] usb 2-1: Product: syz
[  432.966643][ T8441] usb 2-1: Manufacturer: syz
[  432.971322][ T8441] usb 2-1: SerialNumber: syz
[  433.236991][ T8432] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 31 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  433.253033][ T8441] gspca_main: STV06xx-2.14.0 probing 046d:0850
[  433.274659][ T8441] usb 2-1: Audio class v2/v3 interfaces need an interface association
[  433.324172][ T8441] snd-usb-audio 2-1:6.46: probe with driver snd-usb-audio failed with error -22
[  433.335485][ T8441] usb 2-1: USB disconnect, device number 28
[  433.562304][ T5900] usb 3-1: new full-speed USB device number 48 using dummy_hcd
[  433.736028][ T5900] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  433.761798][ T5900] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  433.778619][ T5900] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  433.822381][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.838340][ T5900] usb 3-1: config 0 descriptor??
[  433.848214][ T5900] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  433.863712][ T5900] dvb-usb: bulk message failed: -22 (3/0)
[  433.873099][ T5900] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  433.882646][ T5900] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  433.889810][ T5900] usb 3-1: media controller created
[  433.901915][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  433.939554][T10744] syzkaller1: entered promiscuous mode
[  433.945212][T10744] syzkaller1: entered allmulticast mode
[  433.953133][T10744] PF_CAN: dropped non conform CAN skbuff: dev type 775, len 324
[  433.968677][ T5900] dvb-usb: bulk message failed: -22 (6/0)
[  433.988723][ T5900] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  434.025128][ T5900] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input12
[  434.049314][T10724] dvb-usb: bulk message failed: -22 (4/0)
[  434.069682][ T5900] dvb-usb: schedule remote query interval to 150 msecs.
[  434.100772][ T5900] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  434.128137][T10748] FAULT_INJECTION: forcing a failure.
[  434.128137][T10748] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  434.150588][T10748] CPU: 0 UID: 0 PID: 10748 Comm: syz.0.1330 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  434.150626][T10748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  434.150644][T10748] Call Trace:
[  434.150651][T10748]  <TASK>
[  434.150659][T10748]  dump_stack_lvl+0x189/0x250
[  434.150684][T10748]  ? __pfx____ratelimit+0x10/0x10
[  434.150705][T10748]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.150726][T10748]  ? __pfx__printk+0x10/0x10
[  434.150763][T10748]  should_fail_ex+0x414/0x560
[  434.150788][T10748]  _copy_to_user+0x31/0xb0
[  434.150817][T10748]  simple_read_from_buffer+0xe1/0x170
[  434.150842][T10748]  proc_fail_nth_read+0x1df/0x250
[  434.150869][T10748]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  434.150895][T10748]  ? rw_verify_area+0x258/0x650
[  434.150923][T10748]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  434.150948][T10748]  vfs_read+0x200/0x980
[  434.150982][T10748]  ? __pfx___mutex_lock+0x10/0x10
[  434.151004][T10748]  ? __pfx_vfs_read+0x10/0x10
[  434.151035][T10748]  ? __fget_files+0x2a/0x420
[  434.151060][T10748]  ? __fget_files+0x3a0/0x420
[  434.151080][T10748]  ? __fget_files+0x2a/0x420
[  434.151110][T10748]  ksys_read+0x145/0x250
[  434.151126][T10748]  ? __fget_files+0x3a0/0x420
[  434.151148][T10748]  ? __pfx_ksys_read+0x10/0x10
[  434.151171][T10748]  ? do_syscall_64+0xbe/0x3b0
[  434.151196][T10748]  do_syscall_64+0xfa/0x3b0
[  434.151216][T10748]  ? lockdep_hardirqs_on+0x9c/0x150
[  434.151235][T10748]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.151254][T10748]  ? clear_bhb_loop+0x60/0xb0
[  434.151278][T10748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.151296][T10748] RIP: 0033:0x7fd3def8d5fc
[  434.151312][T10748] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  434.151327][T10748] RSP: 002b:00007fd3dfd75030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  434.151346][T10748] RAX: ffffffffffffffda RBX: 00007fd3df1b5fa0 RCX: 00007fd3def8d5fc
[  434.151360][T10748] RDX: 000000000000000f RSI: 00007fd3dfd750a0 RDI: 0000000000000006
[  434.151372][T10748] RBP: 00007fd3dfd75090 R08: 0000000000000000 R09: 0000000000000000
[  434.151383][T10748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.151393][T10748] R13: 00007fd3df1b6038 R14: 00007fd3df1b5fa0 R15: 00007ffe0c23e108
[  434.151429][T10748]  </TASK>
[  434.228142][T10752] loop6: detected capacity change from 0 to 7
[  434.395922][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  434.401694][ T5900] dvb-usb: error while querying for an remote control event.
[  434.416264][T10752] Dev loop6: unable to read RDB block 7
[  434.442472][T10752]  loop6: AHDI p1 p2 p3
[  434.448096][T10752] loop6: partition table partially beyond EOD, truncated
[  434.454170][T10757] FAULT_INJECTION: forcing a failure.
[  434.454170][T10757] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  434.460976][T10752] loop6: p1 start 1405162169 is beyond EOD, 
[  434.477097][T10757] CPU: 0 UID: 0 PID: 10757 Comm: syz.0.1334 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  434.477132][T10757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  434.477146][T10757] Call Trace:
[  434.477155][T10757]  <TASK>
[  434.477163][T10757]  dump_stack_lvl+0x189/0x250
[  434.477193][T10757]  ? __pfx____ratelimit+0x10/0x10
[  434.477215][T10757]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.477239][T10757]  ? __pfx__printk+0x10/0x10
[  434.477274][T10757]  ? __might_fault+0xb0/0x130
[  434.477307][T10757]  should_fail_ex+0x414/0x560
[  434.477335][T10757]  _copy_from_user+0x2d/0xb0
[  434.477365][T10757]  snd_seq_oss_write+0x515/0x930
[  434.477408][T10757]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  434.477438][T10757]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  434.477468][T10757]  ? security_file_permission+0x75/0x290
[  434.477498][T10757]  odev_write+0x5a/0x80
[  434.477516][T10757]  ? __pfx_odev_write+0x10/0x10
[  434.477537][T10757]  vfs_write+0x27e/0xa90
[  434.477566][T10757]  ? __pfx_vfs_write+0x10/0x10
[  434.477588][T10757]  ? __fget_files+0x2a/0x420
[  434.477615][T10757]  ? __fget_files+0x2a/0x420
[  434.477637][T10757]  ? __fget_files+0x3a0/0x420
[  434.477659][T10757]  ? __fget_files+0x2a/0x420
[  434.477701][T10757]  ksys_write+0x145/0x250
[  434.477722][T10757]  ? __pfx_ksys_write+0x10/0x10
[  434.477738][T10757]  ? rcu_is_watching+0x15/0xb0
[  434.477764][T10757]  ? do_syscall_64+0xbe/0x3b0
[  434.477790][T10757]  do_syscall_64+0xfa/0x3b0
[  434.477811][T10757]  ? lockdep_hardirqs_on+0x9c/0x150
[  434.477832][T10757]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.477852][T10757]  ? clear_bhb_loop+0x60/0xb0
[  434.477876][T10757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.477896][T10757] RIP: 0033:0x7fd3def8ebe9
[  434.477913][T10757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.477929][T10757] RSP: 002b:00007fd3dfd75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  434.477949][T10757] RAX: ffffffffffffffda RBX: 00007fd3df1b5fa0 RCX: 00007fd3def8ebe9
[  434.477964][T10757] RDX: 0000000000000232 RSI: 0000200000000740 RDI: 0000000000000003
[  434.477976][T10757] RBP: 00007fd3dfd75090 R08: 0000000000000000 R09: 0000000000000000
[  434.477988][T10757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  434.478000][T10757] R13: 00007fd3df1b6038 R14: 00007fd3df1b5fa0 R15: 00007ffe0c23e108
[  434.478030][T10757]  </TASK>
[  434.478454][T10752] truncated
[  434.732349][ T8470] dvb-usb: bulk message failed: -22 (1/0)
[  434.738121][ T8470] dvb-usb: error while querying for an remote control event.
[  434.746146][T10752] loop6: p2 size 46 extends beyond EOD, truncated
[  434.903717][ T8470] dvb-usb: bulk message failed: -22 (1/0)
[  434.911419][ T8470] dvb-usb: error while querying for an remote control event.
[  434.994358][ T8441] usb 4-1: USB disconnect, device number 31
[  435.024894][ T8441] usblp0: removed
[  435.103770][ T8470] dvb-usb: bulk message failed: -22 (1/0)
[  435.109833][ T8470] dvb-usb: error while querying for an remote control event.
[  435.292527][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  435.298412][ T5900] dvb-usb: error while querying for an remote control event.
[  435.462603][ T8470] dvb-usb: bulk message failed: -22 (1/0)
[  435.469776][ T8470] dvb-usb: error while querying for an remote control event.
[  435.515254][ T8441] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  435.645049][ T8470] dvb-usb: bulk message failed: -22 (1/0)
[  435.650877][ T8470] dvb-usb: error while querying for an remote control event.
[  435.685976][ T8441] usb 6-1: Using ep0 maxpacket: 16
[  435.705799][ T8441] usb 6-1: New USB device found, idVendor=04dd, idProduct=8002, bcdDevice=fc.b6
[  435.728468][ T8441] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.750430][ T8441] usb 6-1: Product: syz
[  435.755614][ T8441] usb 6-1: Manufacturer: syz
[  435.760545][ T8441] usb 6-1: SerialNumber: syz
[  435.778116][ T8441] usb 6-1: config 0 descriptor??
[  435.790225][ T8441] safe_serial 6-1:0.0: safe_serial converter detected
[  435.804601][ T5900] usb 4-1: new low-speed USB device number 32 using dummy_hcd
[  435.817095][ T8441] usb 6-1: safe_serial converter now attached to ttyUSB0
[  435.832388][ T8470] dvb-usb: bulk message failed: -22 (1/0)
[  435.838311][ T8470] dvb-usb: error while querying for an remote control event.
[  435.854858][T10799] syzkaller1: entered promiscuous mode
[  435.860686][T10799] syzkaller1: entered allmulticast mode
[  435.952309][ T5900] usb 4-1: device descriptor read/64, error -71
[  436.002443][ T8470] dvb-usb: bulk message failed: -22 (1/0)
[  436.009003][ T8470] dvb-usb: error while querying for an remote control event.
[  436.076458][ T8441] usb 6-1: USB disconnect, device number 23
[  436.114420][ T8441] safe_serial ttyUSB0: safe_serial converter now disconnected from ttyUSB0
[  436.128242][ T8441] safe_serial 6-1:0.0: device disconnected
[  436.226453][ T8470] dvb-usb: bulk message failed: -22 (1/0)
[  436.232575][ T8470] dvb-usb: error while querying for an remote control event.
[  436.247582][ T8432] usb 3-1: USB disconnect, device number 48
[  436.273526][ T8432] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  436.355617][ T5900] usb 4-1: new low-speed USB device number 33 using dummy_hcd
[  436.525611][T10815] FAULT_INJECTION: forcing a failure.
[  436.525611][T10815] name failslab, interval 1, probability 0, space 0, times 0
[  436.544801][T10815] CPU: 1 UID: 0 PID: 10815 Comm: syz.2.1357 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  436.544831][T10815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  436.544846][T10815] Call Trace:
[  436.544854][T10815]  <TASK>
[  436.544863][T10815]  dump_stack_lvl+0x189/0x250
[  436.544894][T10815]  ? __pfx____ratelimit+0x10/0x10
[  436.544917][T10815]  ? __pfx_dump_stack_lvl+0x10/0x10
[  436.544950][T10815]  ? __pfx__printk+0x10/0x10
[  436.544984][T10815]  ? __pfx___might_resched+0x10/0x10
[  436.545014][T10815]  should_fail_ex+0x414/0x560
[  436.545043][T10815]  should_failslab+0xa8/0x100
[  436.545070][T10815]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  436.545093][T10815]  ? __alloc_skb+0x112/0x2d0
[  436.545128][T10815]  __alloc_skb+0x112/0x2d0
[  436.545162][T10815]  netlink_sendmsg+0x5c6/0xb30
[  436.545205][T10815]  ? __pfx_netlink_sendmsg+0x10/0x10
[  436.545245][T10815]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  436.545267][T10815]  ? __pfx_netlink_sendmsg+0x10/0x10
[  436.545299][T10815]  __sock_sendmsg+0x21c/0x270
[  436.545329][T10815]  ____sys_sendmsg+0x505/0x830
[  436.545369][T10815]  ? __pfx_____sys_sendmsg+0x10/0x10
[  436.545412][T10815]  ? import_iovec+0x74/0xa0
[  436.545448][T10815]  ___sys_sendmsg+0x21f/0x2a0
[  436.545492][T10815]  ? __pfx____sys_sendmsg+0x10/0x10
[  436.545578][T10815]  ? __fget_files+0x2a/0x420
[  436.545602][T10815]  ? __fget_files+0x3a0/0x420
[  436.545643][T10815]  __x64_sys_sendmsg+0x19b/0x260
[  436.545683][T10815]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  436.545728][T10815]  ? __pfx_ksys_write+0x10/0x10
[  436.545754][T10815]  ? do_syscall_64+0xbe/0x3b0
[  436.545788][T10815]  do_syscall_64+0xfa/0x3b0
[  436.545811][T10815]  ? lockdep_hardirqs_on+0x9c/0x150
[  436.545833][T10815]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.545854][T10815]  ? clear_bhb_loop+0x60/0xb0
[  436.545880][T10815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.545900][T10815] RIP: 0033:0x7f9daa58ebe9
[  436.545925][T10815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.545951][T10815] RSP: 002b:00007f9dab3d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  436.545974][T10815] RAX: ffffffffffffffda RBX: 00007f9daa7b5fa0 RCX: 00007f9daa58ebe9
[  436.545990][T10815] RDX: 0000000000000800 RSI: 0000200000000380 RDI: 0000000000000003
[  436.546004][T10815] RBP: 00007f9dab3d6090 R08: 0000000000000000 R09: 0000000000000000
[  436.546017][T10815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  436.546030][T10815] R13: 00007f9daa7b6038 R14: 00007f9daa7b5fa0 R15: 00007ffd472280f8
[  436.546063][T10815]  </TASK>
[  436.822718][ T5900] usb 4-1: device descriptor read/64, error -71
[  436.830526][T10817] overlayfs: missing 'lowerdir'
[  436.844065][T10817] FAULT_INJECTION: forcing a failure.
[  436.844065][T10817] name failslab, interval 1, probability 0, space 0, times 0
[  436.870856][T10817] CPU: 1 UID: 0 PID: 10817 Comm: syz.1.1358 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  436.870882][T10817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  436.870895][T10817] Call Trace:
[  436.870903][T10817]  <TASK>
[  436.870911][T10817]  dump_stack_lvl+0x189/0x250
[  436.870940][T10817]  ? __pfx____ratelimit+0x10/0x10
[  436.870964][T10817]  ? __pfx_dump_stack_lvl+0x10/0x10
[  436.870995][T10817]  ? __pfx__printk+0x10/0x10
[  436.871030][T10817]  ? __pfx___might_resched+0x10/0x10
[  436.871052][T10817]  ? fs_reclaim_acquire+0x7d/0x100
[  436.871082][T10817]  should_fail_ex+0x414/0x560
[  436.871110][T10817]  should_failslab+0xa8/0x100
[  436.871135][T10817]  __kmalloc_noprof+0xcb/0x4f0
[  436.871153][T10817]  ? kfree+0x4d/0x440
[  436.871182][T10817]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  436.871216][T10817]  tomoyo_realpath_from_path+0xe3/0x5d0
[  436.871246][T10817]  ? tomoyo_domain+0xda/0x130
[  436.871280][T10817]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  436.871303][T10817]  tomoyo_path_number_perm+0x1e8/0x5a0
[  436.871329][T10817]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  436.871371][T10817]  ? __lock_acquire+0xab9/0xd20
[  436.871432][T10817]  ? __fget_files+0x2a/0x420
[  436.871460][T10817]  ? __fget_files+0x2a/0x420
[  436.871484][T10817]  ? __fget_files+0x3a0/0x420
[  436.871507][T10817]  ? __fget_files+0x2a/0x420
[  436.871535][T10817]  security_file_ioctl+0xcb/0x2d0
[  436.871563][T10817]  __se_sys_ioctl+0x47/0x170
[  436.871611][T10817]  do_syscall_64+0xfa/0x3b0
[  436.871634][T10817]  ? lockdep_hardirqs_on+0x9c/0x150
[  436.871656][T10817]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.871678][T10817]  ? clear_bhb_loop+0x60/0xb0
[  436.871704][T10817]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.871724][T10817] RIP: 0033:0x7f504f18ebe9
[  436.871743][T10817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.871761][T10817] RSP: 002b:00007f505004a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  436.871783][T10817] RAX: ffffffffffffffda RBX: 00007f504f3b5fa0 RCX: 00007f504f18ebe9
[  436.871799][T10817] RDX: 0000200000001fc0 RSI: 0000000000008927 RDI: 0000000000000005
[  436.871812][T10817] RBP: 00007f505004a090 R08: 0000000000000000 R09: 0000000000000000
[  436.871825][T10817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  436.871837][T10817] R13: 00007f504f3b6038 R14: 00007f504f3b5fa0 R15: 00007ffddd60dae8
[  436.871869][T10817]  </TASK>
[  437.119399][T10817] ERROR: Out of memory at tomoyo_realpath_from_path.
[  437.129849][ T5900] usb usb4-port1: attempt power cycle
[  437.153230][T10821] overlayfs: missing 'lowerdir'
[  437.473954][ T5900] usb 4-1: new low-speed USB device number 34 using dummy_hcd
[  437.500898][ T5900] usb 4-1: device descriptor read/8, error -71
[  437.708761][T10844] sit2: entered allmulticast mode
[  437.737102][T10843] sit2: entered allmulticast mode
[  437.752362][ T5900] usb 4-1: new low-speed USB device number 35 using dummy_hcd
[  437.774115][ T5900] usb 4-1: device descriptor read/8, error -71
[  437.812458][ T8432] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  437.882871][ T5900] usb usb4-port1: unable to enumerate USB device
[  437.962273][ T8432] usb 3-1: Using ep0 maxpacket: 16
[  437.972393][ T8441] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  437.983220][ T8432] usb 3-1: config 0 has an invalid interface number: 203 but max is 0
[  438.022591][ T8432] usb 3-1: config 0 has no interface number 0
[  438.029743][ T8432] usb 3-1: config 0 interface 203 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80
[  438.043841][ T8432] usb 3-1: New USB device found, idVendor=0499, idProduct=1026, bcdDevice=e8.af
[  438.053042][ T8432] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.061132][ T8432] usb 3-1: Product: syz
[  438.065397][ T8432] usb 3-1: Manufacturer: syz
[  438.069993][ T8432] usb 3-1: SerialNumber: syz
[  438.082151][ T8432] usb 3-1: config 0 descriptor??
[  438.090438][T10829] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  438.102321][ T8432] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  438.201250][ T8441] usb 6-1: config 0 has an invalid interface number: 93 but max is 0
[  438.222733][ T8441] usb 6-1: config 0 has no interface number 0
[  438.237038][ T8441] usb 6-1: New USB device found, idVendor=1a0a, idProduct=0104, bcdDevice=7f.ac
[  438.246314][ T8441] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.254544][ T8441] usb 6-1: Product: syz
[  438.260541][ T8441] usb 6-1: Manufacturer: syz
[  438.268760][ T8441] usb 6-1: SerialNumber: syz
[  438.276130][ T8441] usb 6-1: config 0 descriptor??
[  438.504929][ T8441] usb_ehset_test 6-1:0.93: probe with driver usb_ehset_test failed with error -32
[  438.612576][ T5967] usb 3-1: USB disconnect, device number 49
[  438.660994][ T8441] usb 6-1: USB disconnect, device number 24
[  438.880137][T10859] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1372'.
[  439.237640][ T5967] usb 4-1: new full-speed USB device number 36 using dummy_hcd
[  439.535339][T10873] loop7: detected capacity change from 0 to 7
[  439.539313][ T5967] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  439.557680][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  439.567087][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  439.576495][ T5967] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  439.586401][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  439.586436][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  439.614219][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  439.623528][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  439.643320][ T5967] usb 4-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00
[  439.664601][T10878] Invalid logical block size (6)
[  439.674286][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  439.683613][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  439.692818][ T5967] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.692977][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  439.710153][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  439.713360][ T5967] usb 4-1: config 0 descriptor??
[  439.723747][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  439.732957][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  439.741079][T10875] svc: failed to register nfsdv3 RPC service (errno 111).
[  439.742335][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  439.757475][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  439.765701][T10873] ldm_validate_partition_table(): Disk read failed.
[  439.771914][T10875] svc: failed to register nfsaclv3 RPC service (errno 111).
[  439.787278][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  439.796525][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  439.806102][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  439.815353][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  439.824793][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  439.834042][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  439.846177][T10873] Dev loop7: unable to read RDB block 0
[  439.855370][T10873]  loop7: unable to read partition table
[  439.861226][T10873] loop7: partition table beyond EOD, truncated
[  439.869640][T10873] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  440.563464][ T5967] hid-generic 0003:04F3:0754.000C: failed to start in urb: -90
[  440.576797][ T5967] hid-generic 0003:04F3:0754.000C: hidraw0: USB HID v1.01 Device [HID 04f3:0754] on usb-dummy_hcd.3-1/input0
[  440.603788][T10887] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1381'.
[  440.635500][T10889] syzkaller1: entered promiscuous mode
[  440.641292][T10889] syzkaller1: entered allmulticast mode
[  440.799620][ T5967] usb 4-1: USB disconnect, device number 36
[  441.263563][ T5967] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  441.525044][ T5967] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  441.626009][ T5967] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  441.739141][ T5967] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  441.815472][ T5967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  441.909324][ T5967] usb 2-1: SerialNumber: syz
[  442.185344][ T8441] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[  442.601032][ T8441] usb 6-1: config 1 interface 0 has no altsetting 0
[  443.272599][ T8441] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  443.370735][ T8441] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.473579][ T8441] usb 6-1: Product: syz
[  443.535197][ T8441] usb 6-1: Manufacturer: syz
[  443.606253][ T8441] usb 6-1: SerialNumber: syz
[  445.177382][ T8441] usb 6-1: can't set config #1, error -71
[  445.194156][ T8441] usb 6-1: USB disconnect, device number 25
[  445.435519][T10926] netlink: 'syz.5.1393': attribute type 8 has an invalid length.
[  446.188086][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  446.193919][ T5967] usb 2-1: 0:2 : does not exist
[  446.305206][T10935] overlayfs: missing 'lowerdir'
[  446.336255][ T5967] usb 2-1: USB disconnect, device number 29
[  446.403498][T10938] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1395'.
[  446.430791][T10941] FAULT_INJECTION: forcing a failure.
[  446.430791][T10941] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  446.448431][T10941] CPU: 0 UID: 0 PID: 10941 Comm: syz.5.1397 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  446.448459][T10941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  446.448472][T10941] Call Trace:
[  446.448480][T10941]  <TASK>
[  446.448490][T10941]  dump_stack_lvl+0x189/0x250
[  446.448519][T10941]  ? __pfx____ratelimit+0x10/0x10
[  446.448542][T10941]  ? __pfx_dump_stack_lvl+0x10/0x10
[  446.448566][T10941]  ? __pfx__printk+0x10/0x10
[  446.448593][T10941]  ? __might_fault+0xb0/0x130
[  446.448626][T10941]  should_fail_ex+0x414/0x560
[  446.448664][T10941]  _copy_from_user+0x2d/0xb0
[  446.448692][T10941]  snd_seq_oss_write+0x515/0x930
[  446.448732][T10941]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  446.448759][T10941]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  446.448798][T10941]  ? security_file_permission+0x75/0x290
[  446.448824][T10941]  odev_write+0x5a/0x80
[  446.448839][T10941]  ? __pfx_odev_write+0x10/0x10
[  446.448858][T10941]  vfs_write+0x27e/0xa90
[  446.448884][T10941]  ? __pfx_vfs_write+0x10/0x10
[  446.448903][T10941]  ? __fget_files+0x2a/0x420
[  446.448926][T10941]  ? __fget_files+0x2a/0x420
[  446.448946][T10941]  ? __fget_files+0x3a0/0x420
[  446.448966][T10941]  ? __fget_files+0x2a/0x420
[  446.448995][T10941]  ksys_write+0x145/0x250
[  446.449015][T10941]  ? __pfx_ksys_write+0x10/0x10
[  446.449030][T10941]  ? rcu_is_watching+0x15/0xb0
[  446.449055][T10941]  ? do_syscall_64+0xbe/0x3b0
[  446.449079][T10941]  do_syscall_64+0xfa/0x3b0
[  446.449099][T10941]  ? lockdep_hardirqs_on+0x9c/0x150
[  446.449118][T10941]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.449136][T10941]  ? clear_bhb_loop+0x60/0xb0
[  446.449159][T10941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.449176][T10941] RIP: 0033:0x7f34da78ebe9
[  446.449192][T10941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  446.449208][T10941] RSP: 002b:00007f34db5b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  446.449226][T10941] RAX: ffffffffffffffda RBX: 00007f34da9b5fa0 RCX: 00007f34da78ebe9
[  446.449240][T10941] RDX: 0000000000000232 RSI: 0000200000000740 RDI: 0000000000000003
[  446.449252][T10941] RBP: 00007f34db5b5090 R08: 0000000000000000 R09: 0000000000000000
[  446.449263][T10941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  446.449274][T10941] R13: 00007f34da9b6038 R14: 00007f34da9b5fa0 R15: 00007ffdc4716b38
[  446.449303][T10941]  </TASK>
[  446.690539][    C0] vkms_vblank_simulate: vblank timer overrun
[  446.922254][ T8441] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  447.110164][ T8441] usb 3-1: Using ep0 maxpacket: 32
[  447.129738][ T8441] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  447.159089][ T8441] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  447.176610][ T8441] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  447.185772][ T8441] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.223431][ T8441] usb 3-1: config 0 descriptor??
[  447.239401][ T8441] hub 3-1:0.0: USB hub found
[  447.259694][T10954] 9pnet_fd: Insufficient options for proto=fd
[  447.347829][ T8441] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  447.428717][ T8441] usbhid 3-1:0.0: can't add hid device: -71
[  447.444800][ T8441] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  447.521946][ T8441] usb 3-1: USB disconnect, device number 50
[  447.952709][ T5900] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  448.112434][ T5900] usb 4-1: Using ep0 maxpacket: 16
[  448.332468][ T5967] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  448.395874][T10975] FAULT_INJECTION: forcing a failure.
[  448.395874][T10975] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  448.480856][T10975] CPU: 0 UID: 0 PID: 10975 Comm: syz.5.1409 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  448.480886][T10975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  448.480898][T10975] Call Trace:
[  448.480908][T10975]  <TASK>
[  448.480916][T10975]  dump_stack_lvl+0x189/0x250
[  448.480998][T10975]  ? __pfx____ratelimit+0x10/0x10
[  448.481020][T10975]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.481042][T10975]  ? __pfx__printk+0x10/0x10
[  448.481068][T10975]  ? __might_fault+0xb0/0x130
[  448.481098][T10975]  should_fail_ex+0x414/0x560
[  448.481131][T10975]  _copy_from_user+0x2d/0xb0
[  448.481166][T10975]  snd_seq_oss_write+0x515/0x930
[  448.481206][T10975]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  448.481232][T10975]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  448.481259][T10975]  ? security_file_permission+0x75/0x290
[  448.481287][T10975]  odev_write+0x5a/0x80
[  448.481304][T10975]  ? __pfx_odev_write+0x10/0x10
[  448.481324][T10975]  vfs_write+0x27e/0xa90
[  448.481350][T10975]  ? __pfx_vfs_write+0x10/0x10
[  448.481371][T10975]  ? __fget_files+0x2a/0x420
[  448.481397][T10975]  ? __fget_files+0x2a/0x420
[  448.481417][T10975]  ? __fget_files+0x3a0/0x420
[  448.481438][T10975]  ? __fget_files+0x2a/0x420
[  448.481468][T10975]  ksys_write+0x145/0x250
[  448.481489][T10975]  ? __pfx_ksys_write+0x10/0x10
[  448.481505][T10975]  ? rcu_is_watching+0x15/0xb0
[  448.481532][T10975]  ? do_syscall_64+0xbe/0x3b0
[  448.481559][T10975]  do_syscall_64+0xfa/0x3b0
[  448.481579][T10975]  ? lockdep_hardirqs_on+0x9c/0x150
[  448.481600][T10975]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.481620][T10975]  ? clear_bhb_loop+0x60/0xb0
[  448.481644][T10975]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.481663][T10975] RIP: 0033:0x7f34da78ebe9
[  448.481681][T10975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.481697][T10975] RSP: 002b:00007f34db5b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  448.481719][T10975] RAX: ffffffffffffffda RBX: 00007f34da9b5fa0 RCX: 00007f34da78ebe9
[  448.481733][T10975] RDX: 0000000000000232 RSI: 0000200000000740 RDI: 0000000000000003
[  448.481746][T10975] RBP: 00007f34db5b5090 R08: 0000000000000000 R09: 0000000000000000
[  448.481758][T10975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  448.481777][T10975] R13: 00007f34da9b6038 R14: 00007f34da9b5fa0 R15: 00007ffdc4716b38
[  448.481820][T10975]  </TASK>
[  448.721053][    C0] vkms_vblank_simulate: vblank timer overrun
[  448.824185][ T5967] usb 2-1: config 1 interface 0 has no altsetting 0
[  448.837530][ T5967] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  448.846748][ T5967] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.854815][ T5967] usb 2-1: Product: syz
[  448.859032][ T5967] usb 2-1: Manufacturer: syz
[  448.863702][ T5967] usb 2-1: SerialNumber: syz
[  449.382314][ T5967] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 30 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  450.060979][ T8443] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  450.160151][ T8443] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  450.442337][ T5900] usb 4-1: unable to get BOS descriptor or descriptor too short
[  450.451945][ T5900] usb 4-1: unable to read config index 0 descriptor/start: -71
[  450.460207][ T5900] usb 4-1: can't read configurations, error -71
[  450.889717][ T8443] usb 2-1: USB disconnect, device number 30
[  450.912799][ T8443] usblp0: removed
[  451.488991][T11037] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1429'.
[  452.355212][T11048] syzkaller1: entered promiscuous mode
[  452.360744][T11048] syzkaller1: entered allmulticast mode
[  453.672624][T11055] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  453.873577][T11081] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1441'.
[  454.042404][ T5900] usb 4-1: new full-speed USB device number 39 using dummy_hcd
[  454.214385][ T5900] usb 4-1: unable to read config index 0 descriptor/start: -61
[  454.222952][ T5900] usb 4-1: can't read configurations, error -61
[  454.297696][T11097] overlayfs: missing 'lowerdir'
[  454.306501][T11097] FAULT_INJECTION: forcing a failure.
[  454.306501][T11097] name failslab, interval 1, probability 0, space 0, times 0
[  454.321042][T11097] CPU: 1 UID: 0 PID: 11097 Comm: syz.5.1444 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  454.321067][T11097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  454.321080][T11097] Call Trace:
[  454.321088][T11097]  <TASK>
[  454.321097][T11097]  dump_stack_lvl+0x189/0x250
[  454.321125][T11097]  ? __pfx____ratelimit+0x10/0x10
[  454.321147][T11097]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.321188][T11097]  ? __pfx__printk+0x10/0x10
[  454.321217][T11097]  ? __pfx___might_resched+0x10/0x10
[  454.321241][T11097]  ? fs_reclaim_acquire+0x7d/0x100
[  454.321272][T11097]  should_fail_ex+0x414/0x560
[  454.321316][T11097]  should_failslab+0xa8/0x100
[  454.321342][T11097]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  454.321364][T11097]  ? __request_module+0x2d1/0x5e0
[  454.321391][T11097]  kstrdup+0x42/0x100
[  454.321420][T11097]  __request_module+0x2d1/0x5e0
[  454.321454][T11097]  ? __pfx___request_module+0x10/0x10
[  454.321479][T11097]  ? rcu_is_watching+0x15/0xb0
[  454.321506][T11097]  ? safesetid_security_capable+0xa9/0x1a0
[  454.321533][T11097]  ? security_capable+0x7e/0x2e0
[  454.321565][T11097]  ? dev_load+0x21/0x1f0
[  454.321591][T11097]  dev_load+0x190/0x1f0
[  454.321618][T11097]  dev_ioctl+0x429/0x1150
[  454.321649][T11097]  sock_do_ioctl+0x22c/0x300
[  454.321677][T11097]  ? __pfx_sock_do_ioctl+0x10/0x10
[  454.321698][T11097]  ? __lock_acquire+0xab9/0xd20
[  454.321722][T11097]  ? __asan_memset+0x22/0x50
[  454.321769][T11097]  ? smack_file_ioctl+0x24a/0x340
[  454.321797][T11097]  sock_ioctl+0x576/0x790
[  454.321823][T11097]  ? __pfx_sock_ioctl+0x10/0x10
[  454.321848][T11097]  ? __fget_files+0x2a/0x420
[  454.321871][T11097]  ? __fget_files+0x3a0/0x420
[  454.321894][T11097]  ? __fget_files+0x2a/0x420
[  454.321923][T11097]  ? bpf_lsm_file_ioctl+0x9/0x20
[  454.321948][T11097]  ? __pfx_sock_ioctl+0x10/0x10
[  454.321972][T11097]  __se_sys_ioctl+0xfc/0x170
[  454.322007][T11097]  do_syscall_64+0xfa/0x3b0
[  454.322030][T11097]  ? lockdep_hardirqs_on+0x9c/0x150
[  454.322053][T11097]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.322075][T11097]  ? clear_bhb_loop+0x60/0xb0
[  454.322102][T11097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.322123][T11097] RIP: 0033:0x7f34da78ebe9
[  454.322142][T11097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.322161][T11097] RSP: 002b:00007f34db5b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  454.322187][T11097] RAX: ffffffffffffffda RBX: 00007f34da9b5fa0 RCX: 00007f34da78ebe9
[  454.322204][T11097] RDX: 0000200000001fc0 RSI: 0000000000008927 RDI: 0000000000000005
[  454.322218][T11097] RBP: 00007f34db5b5090 R08: 0000000000000000 R09: 0000000000000000
[  454.322232][T11097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  454.322244][T11097] R13: 00007f34da9b6038 R14: 00007f34da9b5fa0 R15: 00007ffdc4716b38
[  454.322278][T11097]  </TASK>
[  454.649908][ T5900] usb 4-1: new full-speed USB device number 40 using dummy_hcd
[  454.733106][T11098] xt_CT: No such helper "snmp"
[  454.926236][ T5900] usb 4-1: unable to read config index 0 descriptor/start: -61
[  454.934145][ T5900] usb 4-1: can't read configurations, error -61
[  454.941035][ T5900] usb usb4-port1: attempt power cycle
[  455.312311][ T5900] usb 4-1: new full-speed USB device number 41 using dummy_hcd
[  455.372728][T11119] FAULT_INJECTION: forcing a failure.
[  455.372728][T11119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  455.464922][ T5900] usb 4-1: unable to read config index 0 descriptor/start: -61
[  455.475937][ T5900] usb 4-1: can't read configurations, error -61
[  455.492521][T11119] CPU: 0 UID: 0 PID: 11119 Comm: syz.5.1450 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  455.492545][T11119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  455.492557][T11119] Call Trace:
[  455.492565][T11119]  <TASK>
[  455.492573][T11119]  dump_stack_lvl+0x189/0x250
[  455.492599][T11119]  ? __pfx____ratelimit+0x10/0x10
[  455.492619][T11119]  ? __pfx_dump_stack_lvl+0x10/0x10
[  455.492639][T11119]  ? __pfx__printk+0x10/0x10
[  455.492663][T11119]  ? __might_fault+0xb0/0x130
[  455.492692][T11119]  should_fail_ex+0x414/0x560
[  455.492717][T11119]  _copy_from_user+0x2d/0xb0
[  455.492743][T11119]  snd_seq_oss_write+0x515/0x930
[  455.492781][T11119]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  455.492806][T11119]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  455.492832][T11119]  ? security_file_permission+0x75/0x290
[  455.492858][T11119]  odev_write+0x5a/0x80
[  455.492873][T11119]  ? __pfx_odev_write+0x10/0x10
[  455.492891][T11119]  vfs_write+0x27e/0xa90
[  455.492917][T11119]  ? __pfx_vfs_write+0x10/0x10
[  455.492935][T11119]  ? __fget_files+0x2a/0x420
[  455.492959][T11119]  ? __fget_files+0x2a/0x420
[  455.492978][T11119]  ? __fget_files+0x3a0/0x420
[  455.492997][T11119]  ? __fget_files+0x2a/0x420
[  455.493026][T11119]  ksys_write+0x145/0x250
[  455.493045][T11119]  ? __pfx_ksys_write+0x10/0x10
[  455.493060][T11119]  ? rcu_is_watching+0x15/0xb0
[  455.493084][T11119]  ? do_syscall_64+0xbe/0x3b0
[  455.493109][T11119]  do_syscall_64+0xfa/0x3b0
[  455.493128][T11119]  ? lockdep_hardirqs_on+0x9c/0x150
[  455.493147][T11119]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.493165][T11119]  ? clear_bhb_loop+0x60/0xb0
[  455.493188][T11119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.493205][T11119] RIP: 0033:0x7f34da78ebe9
[  455.493222][T11119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.493238][T11119] RSP: 002b:00007f34db5b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  455.493257][T11119] RAX: ffffffffffffffda RBX: 00007f34da9b5fa0 RCX: 00007f34da78ebe9
[  455.493271][T11119] RDX: 0000000000000232 RSI: 0000200000000740 RDI: 0000000000000003
[  455.493282][T11119] RBP: 00007f34db5b5090 R08: 0000000000000000 R09: 0000000000000000
[  455.493294][T11119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  455.493304][T11119] R13: 00007f34da9b6038 R14: 00007f34da9b5fa0 R15: 00007ffdc4716b38
[  455.493338][T11119]  </TASK>
[  455.812557][ T5900] usb 4-1: new full-speed USB device number 42 using dummy_hcd
[  455.839405][ T5900] usb 4-1: unable to read config index 0 descriptor/start: -61
[  455.848681][ T5900] usb 4-1: can't read configurations, error -61
[  455.865689][ T5900] usb usb4-port1: unable to enumerate USB device
[  456.030357][    C1] vcan0: j1939_tp_rxtimer: 0xffff888034f8e400: rx timeout, send abort
[  456.439783][T11136] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present
[  456.471233][T11136] ALSA: mixer_oss: invalid OSS volume 'LI'
[  456.530479][    C1] vcan0: j1939_tp_rxtimer: 0xffff888034f8c400: rx timeout, send abort
[  456.538904][    C1] vcan0: j1939_tp_rxtimer: 0xffff888034f8e400: abort rx timeout. Force session deactivation
[  457.038770][    C1] vcan0: j1939_tp_rxtimer: 0xffff888034f8c400: abort rx timeout. Force session deactivation
[  457.289322][T11149] overlayfs: missing 'lowerdir'
[  457.356003][T11152] FAULT_INJECTION: forcing a failure.
[  457.356003][T11152] name failslab, interval 1, probability 0, space 0, times 0
[  457.404395][T11152] CPU: 1 UID: 0 PID: 11152 Comm: syz.1.1459 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  457.404441][T11152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  457.404483][T11152] Call Trace:
[  457.404492][T11152]  <TASK>
[  457.404501][T11152]  dump_stack_lvl+0x189/0x250
[  457.404532][T11152]  ? __pfx____ratelimit+0x10/0x10
[  457.404557][T11152]  ? __pfx_dump_stack_lvl+0x10/0x10
[  457.404582][T11152]  ? __pfx__printk+0x10/0x10
[  457.404617][T11152]  ? __pfx___might_resched+0x10/0x10
[  457.404647][T11152]  should_fail_ex+0x414/0x560
[  457.404676][T11152]  should_failslab+0xa8/0x100
[  457.404702][T11152]  __kmalloc_cache_noprof+0x70/0x3d0
[  457.404725][T11152]  ? call_usermodehelper_setup+0x8e/0x270
[  457.404746][T11152]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  457.404774][T11152]  call_usermodehelper_setup+0x8e/0x270
[  457.404795][T11152]  ? __pfx_free_modprobe_argv+0x10/0x10
[  457.404822][T11152]  __request_module+0x39f/0x5e0
[  457.404851][T11152]  ? __pfx___request_module+0x10/0x10
[  457.404878][T11152]  ? rcu_is_watching+0x15/0xb0
[  457.404906][T11152]  ? safesetid_security_capable+0xa9/0x1a0
[  457.404933][T11152]  ? security_capable+0x7e/0x2e0
[  457.404967][T11152]  ? dev_load+0x21/0x1f0
[  457.404993][T11152]  dev_load+0x190/0x1f0
[  457.405022][T11152]  dev_ioctl+0x429/0x1150
[  457.405054][T11152]  sock_do_ioctl+0x22c/0x300
[  457.405083][T11152]  ? __pfx_sock_do_ioctl+0x10/0x10
[  457.405105][T11152]  ? __lock_acquire+0xab9/0xd20
[  457.405130][T11152]  ? __asan_memset+0x22/0x50
[  457.405160][T11152]  ? smack_file_ioctl+0x24a/0x340
[  457.405189][T11152]  sock_ioctl+0x576/0x790
[  457.405216][T11152]  ? __pfx_sock_ioctl+0x10/0x10
[  457.405240][T11152]  ? __fget_files+0x2a/0x420
[  457.405263][T11152]  ? __fget_files+0x3a0/0x420
[  457.405286][T11152]  ? __fget_files+0x2a/0x420
[  457.405315][T11152]  ? bpf_lsm_file_ioctl+0x9/0x20
[  457.405340][T11152]  ? __pfx_sock_ioctl+0x10/0x10
[  457.405367][T11152]  __se_sys_ioctl+0xfc/0x170
[  457.405402][T11152]  do_syscall_64+0xfa/0x3b0
[  457.405434][T11152]  ? lockdep_hardirqs_on+0x9c/0x150
[  457.405457][T11152]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.405479][T11152]  ? clear_bhb_loop+0x60/0xb0
[  457.405506][T11152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.405527][T11152] RIP: 0033:0x7f504f18ebe9
[  457.405547][T11152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.405566][T11152] RSP: 002b:00007f5050029038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  457.405600][T11152] RAX: ffffffffffffffda RBX: 00007f504f3b6090 RCX: 00007f504f18ebe9
[  457.405616][T11152] RDX: 0000200000001fc0 RSI: 0000000000008927 RDI: 0000000000000005
[  457.405629][T11152] RBP: 00007f5050029090 R08: 0000000000000000 R09: 0000000000000000
[  457.405642][T11152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  457.405655][T11152] R13: 00007f504f3b6128 R14: 00007f504f3b6090 R15: 00007ffddd60dae8
[  457.405699][T11152]  </TASK>
[  458.306710][T11168] syzkaller1: entered promiscuous mode
[  458.320544][T11168] syzkaller1: entered allmulticast mode
[  460.631082][T11189] netlink: 'syz.5.1473': attribute type 21 has an invalid length.
[  460.639949][T11189] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1473'.
[  460.702257][T11189] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1473'.
[  461.042273][ T8431] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  461.247245][T11209] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  461.258653][T11209] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  461.824470][ T8431] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  461.852218][ T8431] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  461.882284][ T8431] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  461.892270][ T7575] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  461.937391][ T8431] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.993916][ T8431] usb 4-1: config 0 descriptor??
[  462.226121][T11194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.266817][T11194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  462.347533][ T8431] usbhid 4-1:0.0: can't add hid device: -71
[  462.363676][ T8431] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  462.395386][ T8431] usb 4-1: USB disconnect, device number 43
[  462.514611][   T31] audit: type=1326 audit(1754814144.916:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11219 comm="syz.1.1481" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f504f18ebe9 code=0x0
[  462.563937][   T31] audit: type=1326 audit(1754814144.976:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11219 comm="syz.1.1481" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f504f18ebe9 code=0x0
[  463.112543][T11210] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1478'.
[  463.287608][T11210] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1478'.
[  463.502638][ T8431] usb 4-1: new full-speed USB device number 44 using dummy_hcd
[  463.570946][T11232] : entered promiscuous mode
[  463.695905][ T8431] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  463.719911][ T8431] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  463.750013][ T8431] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  463.769537][ T8431] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.795394][ T8431] usb 4-1: Product: syz
[  463.808620][ T8431] usb 4-1: Manufacturer: syz
[  463.826385][ T8431] usb 4-1: SerialNumber: syz
[  463.832413][ T5967] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  463.973002][ T5967] usb 6-1: device descriptor read/64, error -71
[  464.053986][ T8431] usb 4-1: 0:2 : does not exist
[  464.068150][ T8431] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  464.100329][ T8431] usb 4-1: USB disconnect, device number 44
[  464.222341][ T5967] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  464.372460][ T5967] usb 6-1: device descriptor read/64, error -71
[  464.492948][ T5967] usb usb6-port1: attempt power cycle
[  464.862690][ T5967] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  464.911933][ T5967] usb 6-1: device descriptor read/8, error -71
[  465.173194][ T5967] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  465.223441][ T5967] usb 6-1: device descriptor read/8, error -71
[  465.247994][T11245] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  465.277931][T11245] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  465.313197][ T8443] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  465.338379][T11247] syzkaller1: entered promiscuous mode
[  465.346913][T11247] syzkaller1: entered allmulticast mode
[  465.353047][ T5967] usb usb6-port1: unable to enumerate USB device
[  465.742757][ T5969] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  465.882285][ T5969] usb 4-1: device descriptor read/64, error -71
[  466.361622][ T8443] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  466.383015][   T13] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  466.452504][ T5969] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  466.912255][ T5969] usb 4-1: device descriptor read/64, error -71
[  467.032548][ T5969] usb usb4-port1: attempt power cycle
[  467.392410][ T5969] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  467.393113][ T1104] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  467.414209][ T5969] usb 4-1: device descriptor read/8, error -71
[  467.421209][ T1104] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  467.446299][T11281] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1503'.
[  467.870580][ T8443] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  467.949298][T11286] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1505'.
[  467.992349][ T5969] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  468.013029][ T5969] usb 4-1: device descriptor read/8, error -71
[  468.123564][ T5969] usb usb4-port1: unable to enumerate USB device
[  468.202380][ T5900] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  468.362280][ T5900] usb 6-1: Using ep0 maxpacket: 16
[  468.369814][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.381281][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.391508][ T5900] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  468.400927][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.419129][ T5900] usb 6-1: config 0 descriptor??
[  468.869590][T11301] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1509'.
[  470.019125][ T5900] usbhid 6-1:0.0: can't add hid device: -71
[  470.032090][ T5900] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  470.054866][ T5900] usb 6-1: USB disconnect, device number 30
[  470.258546][T11313] fuse: Unknown parameter '(&!*]'
[  470.262350][ T8454] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  470.403353][T11321] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1517'.
[  470.881307][T11325] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  470.942341][ T8454] usb 3-1: device descriptor read/64, error -71
[  471.302382][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  471.482255][ T8454] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  472.037906][T11337] overlayfs: missing 'lowerdir'
[  472.042663][ T8454] usb 3-1: device descriptor read/64, error -71
[  472.154557][ T8454] usb usb3-port1: attempt power cycle
[  472.223677][T11346] sctp: [Deprecated]: syz.1.1524 (pid 11346) Use of int in max_burst socket option deprecated.
[  472.223677][T11346] Use struct sctp_assoc_value instead
[  472.271354][T11347] sctp: [Deprecated]: syz.1.1524 (pid 11347) Use of int in max_burst socket option deprecated.
[  472.271354][T11347] Use struct sctp_assoc_value instead
[  472.532861][ T8454] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  472.597309][ T8454] usb 3-1: device descriptor read/8, error -71
[  472.917278][ T8454] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  472.956652][ T8454] usb 3-1: device descriptor read/8, error -71
[  472.982374][ T5969] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  473.072523][ T8454] usb usb3-port1: unable to enumerate USB device
[  473.154989][ T5969] usb 6-1: Using ep0 maxpacket: 16
[  473.173864][ T5969] usb 6-1: config 254 has an invalid interface number: 235 but max is 0
[  473.196629][ T5969] usb 6-1: config 254 has no interface number 0
[  473.203465][ T5969] usb 6-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32
[  473.218742][ T5969] usb 6-1: config 254 interface 235 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  473.235865][ T5969] usb 6-1: config 254 interface 235 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  473.352840][ T5969] usb 6-1: config 254 interface 235 has no altsetting 0
[  473.387272][ T5969] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1
[  473.402063][ T5969] usb 6-1: New USB device strings: Mfr=1, Product=251, SerialNumber=3
[  473.492430][ T5969] usb 6-1: Product: syz
[  473.500106][ T5969] usb 6-1: Manufacturer: syz
[  473.508198][ T5969] usb 6-1: SerialNumber: syz
[  473.516747][T11354] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  473.993499][T11354] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  474.140932][ T5969] usbtest 6-1:254.235: Linux gadget zero
[  474.193727][ T5969] usbtest 6-1:254.235: high-speed {control in/out bulk-out int-in} tests (+alt)
[  474.347274][ T5969] usb 6-1: USB disconnect, device number 31
[  476.702289][ T8431] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  476.882294][ T8431] usb 6-1: device descriptor read/64, error -71
[  477.249184][ T8431] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  477.456994][T11391] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  477.572530][ T8431] usb 6-1: device descriptor read/64, error -71
[  477.619857][T11419] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1542'.
[  477.696391][ T8431] usb usb6-port1: attempt power cycle
[  477.712406][ T5900] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[  477.852384][ T5900] usb 2-1: device descriptor read/64, error -71
[  477.982353][ T8443] usb 3-1: new full-speed USB device number 55 using dummy_hcd
[  478.052308][ T8431] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  478.074573][ T8431] usb 6-1: device descriptor read/8, error -71
[  478.092579][ T5900] usb 2-1: new full-speed USB device number 32 using dummy_hcd
[  478.135381][ T8443] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  478.146593][ T8443] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  478.156495][ T8443] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  478.170349][ T8443] usb 3-1: New USB device found, idVendor=056a, idProduct=005d, bcdDevice= 0.00
[  478.179536][ T8443] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  478.192847][ T8443] usb 3-1: config 0 descriptor??
[  478.232435][ T5900] usb 2-1: device descriptor read/64, error -71
[  478.312322][ T8431] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  478.342902][ T5900] usb usb2-port1: attempt power cycle
[  478.343275][ T8431] usb 6-1: device descriptor read/8, error -71
[  478.469679][ T8431] usb usb6-port1: unable to enumerate USB device
[  478.609435][ T8443] wacom 0003:056A:005D.000E: unbalanced collection at end of report description
[  478.621831][ T8443] wacom 0003:056A:005D.000E: parse failed
[  478.630954][ T8443] wacom 0003:056A:005D.000E: probe with driver wacom failed with error -22
[  478.666341][T11425] xt_hashlimit: size too large, truncated to 1048576
[  478.782416][ T8443] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  478.818263][ T8454] usb 3-1: USB disconnect, device number 55
[  478.832402][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  478.965638][ T8443] usb 4-1: config 0 has an invalid interface number: 199 but max is 1
[  478.978346][ T8443] usb 4-1: config 0 has no interface number 1
[  478.987258][ T8443] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  478.998904][ T8443] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  479.017553][ T8443] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  479.026956][ T8443] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  479.036197][ T8443] usb 4-1: SerialNumber: syz
[  479.044953][ T8443] usb 4-1: config 0 descriptor??
[  479.054316][ T8443] usb 4-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  479.061391][ T8443] usb 4-1: No valid video chain found.
[  479.102349][ T5969] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  479.262849][T11423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  479.271719][T11423] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  479.281913][ T8443] usb 4-1: USB disconnect, device number 49
[  479.293750][ T5969] usb 6-1: Using ep0 maxpacket: 32
[  479.302720][ T5969] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  479.310896][ T5969] usb 6-1: config 0 has no interface number 0
[  479.319654][ T5969] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  479.329158][ T5969] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.337879][ T5969] usb 6-1: Product: syz
[  479.342415][ T5969] usb 6-1: Manufacturer: syz
[  479.347162][ T5969] usb 6-1: SerialNumber: syz
[  479.354874][ T5969] usb 6-1: config 0 descriptor??
[  479.363781][ T5969] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  479.580277][ T5969] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  479.604182][ T5969] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  479.679098][T11446] nfs: Deprecated parameter 'nointr'
[  479.851993][T11448] svc: failed to register nfsdv3 RPC service (errno 111).
[  479.875797][T11448] svc: failed to register nfsaclv3 RPC service (errno 111).
[  479.940125][T11455] overlayfs: missing 'lowerdir'
[  481.032056][T11482] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1563'.
[  481.105936][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  481.107303][ T8431] usb 6-1: USB disconnect, device number 36
[  481.143942][ T8431] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  481.194332][ T8431] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  481.233108][ T8431] quatech2 6-1:0.51: device disconnected
[  481.302670][ T8454] usb 4-1: new low-speed USB device number 50 using dummy_hcd
[  481.360947][T11489] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  481.402397][ T5900] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  481.473676][ T8454] usb 4-1: Invalid ep0 maxpacket: 64
[  481.570024][ T5900] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  481.585373][ T5900] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  481.604974][ T5900] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  481.625147][ T8454] usb 4-1: new low-speed USB device number 51 using dummy_hcd
[  481.645689][ T5900] usb 3-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  481.661781][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.674653][ T5900] usb 3-1: Product: syz
[  481.678869][ T5900] usb 3-1: Manufacturer: syz
[  481.685382][ T5900] usb 3-1: SerialNumber: syz
[  481.695405][ T5900] usb 3-1: config 0 descriptor??
[  481.704547][ T5900] usb 3-1: Found UVC 34.00 device syz (8086:0b5b)
[  481.711024][ T5900] usb 3-1: No valid video chain found.
[  481.813379][ T8454] usb 4-1: Invalid ep0 maxpacket: 64
[  481.831284][ T8454] usb usb4-port1: attempt power cycle
[  481.937596][ T5900] usb 3-1: USB disconnect, device number 56
[  482.016911][T11490] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1566'.
[  482.026144][T11490] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1566'.
[  482.173293][ T8454] usb 4-1: new low-speed USB device number 52 using dummy_hcd
[  482.202863][ T8454] usb 4-1: Invalid ep0 maxpacket: 64
[  482.334051][ T8454] usb 4-1: new low-speed USB device number 53 using dummy_hcd
[  482.365871][T11511] svc: failed to register nfsdv3 RPC service (errno 111).
[  482.377122][ T8454] usb 4-1: Invalid ep0 maxpacket: 64
[  482.382975][ T8454] usb usb4-port1: unable to enumerate USB device
[  482.384157][T11511] svc: failed to register nfsaclv3 RPC service (errno 111).
[  482.827249][T11517] xt_hashlimit: overflow, rate too high: 0
[  483.206607][T11524] xt_hashlimit: overflow, rate too high: 0
[  483.902014][T11537] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  484.052487][T11544] syzkaller1: entered promiscuous mode
[  484.068673][T11544] syzkaller1: entered allmulticast mode
[  484.438799][T11534] netlink: 324 bytes leftover after parsing attributes in process `syz.1.1577'.
[  484.450389][T11534] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 11534 comm: syz.1.1577)
[  484.522379][   T31] audit: type=1800 audit(1754814166.876:150): pid=11534 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.1577" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=33546 res=0 errno=0
[  484.682462][T11564] netlink: 'syz.0.1585': attribute type 8 has an invalid length.
[  485.362405][ T8431] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  485.551430][ T8431] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  485.562699][ T8454] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  485.573789][ T8431] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  485.602324][ T8431] usb 2-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice=e5.83
[  485.631698][ T8431] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.647564][ T8431] usb 2-1: Product: syz
[  485.661980][ T8431] usb 2-1: Manufacturer: syz
[  485.666698][ T8431] usb 2-1: SerialNumber: syz
[  485.686146][ T8431] usb 2-1: config 0 descriptor??
[  485.722422][ T8454] usb 3-1: Using ep0 maxpacket: 16
[  485.734424][ T8454] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  485.772622][ T8454] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  485.802407][ T8454] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  485.825623][ T8454] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  485.850347][ T8454] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.877411][ T8454] usb 3-1: config 0 descriptor??
[  486.003889][T11547] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1582'.
[  486.013017][T11547] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1582'.
[  486.735829][ T8454] usbhid 3-1:0.0: can't add hid device: -71
[  486.750673][ T8454] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  486.794050][ T8454] usb 3-1: USB disconnect, device number 57
[  486.893823][T11591] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  486.953906][ T8443] usb 2-1: USB disconnect, device number 34
[  487.031006][ T8431] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  487.117043][T11597] vivid-000: disconnect
[  487.195262][ T8431] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  487.247982][T11597] vivid-000: reconnect
[  487.330312][ T8431] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  487.362245][ T8431] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  487.387098][ T8431] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  487.406252][ T8431] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.537481][ T8431] usb 4-1: rejected 1 configuration due to insufficient available bus power
[  487.569468][ T8431] usb 4-1: no configuration chosen from 1 choice
[  487.655573][T11608] netlink: 'syz.0.1598': attribute type 8 has an invalid length.
[  488.682725][ T5900] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  488.862620][ T5900] usb 2-1: Using ep0 maxpacket: 16
[  488.887860][ T5900] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  488.925867][ T5900] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  488.960394][ T5900] usb 2-1: config 0 has no interface number 0
[  488.991346][ T5900] usb 2-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  489.001261][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  489.009533][ T5900] usb 2-1: Product: syz
[  489.014153][ T5900] usb 2-1: Manufacturer: syz
[  489.019031][ T5900] usb 2-1: SerialNumber: syz
[  489.061385][ T5900] usb 2-1: config 0 descriptor??
[  489.149296][ T5900] usb 2-1: Found UVC 0.00 device syz (046c:14e8)
[  489.156171][ T5900] usb 2-1: No valid video chain found.
[  489.452115][T11635] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1605'.
[  489.756073][ T5900] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  489.779182][ T8441] usb 4-1: USB disconnect, device number 54
[  489.819043][T11643] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  489.912283][ T5900] usb 6-1: Using ep0 maxpacket: 16
[  489.919760][ T5900] usb 6-1: config 8 has an invalid interface number: 39 but max is 0
[  489.928696][ T5900] usb 6-1: config 8 has no interface number 0
[  489.935536][ T5900] usb 6-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  489.948929][ T5900] usb 6-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[  489.959299][ T5900] usb 6-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0
[  489.969470][ T5900] usb 6-1: config 8 interface 39 has no altsetting 0
[  489.985967][ T5900] usb 6-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  489.999902][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.008065][ T5900] usb 6-1: Product: syz
[  490.012383][ T5900] usb 6-1: Manufacturer: syz
[  490.017008][ T5900] usb 6-1: SerialNumber: syz
[  490.272604][ T5900] ipheth 6-1:8.39: ipheth_get_macaddr: usb_control_msg: -71
[  490.309146][ T5900] ipheth 6-1:8.39: probe with driver ipheth failed with error -71
[  490.496416][ T5900] usb 6-1: USB disconnect, device number 37
[  490.672279][ T8431] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  490.824612][ T8431] usb 4-1: Using ep0 maxpacket: 16
[  490.835825][ T8431] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  490.850908][ T8431] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  490.860906][ T8431] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  490.877784][ T8431] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  490.886983][ T8431] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  490.897038][ T8431] usb 4-1: config 0 descriptor??
[  491.092317][ T5900] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  491.242376][ T5900] usb 6-1: Using ep0 maxpacket: 16
[  491.250725][ T5900] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  491.261436][ T5900] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  491.272553][ T5900] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  491.288256][ T5900] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  491.297582][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  491.305663][ T5900] usb 6-1: SerialNumber: syz
[  491.316166][ T5900] cdc_acm 6-1:1.0: skipping garbage
[  491.404652][ T5900] usb 2-1: USB disconnect, device number 35
[  491.534339][T11653] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1609'.
[  491.557527][T11653] unsupported nlmsg_type 40
[  491.570088][T11653] 9pnet_fd: Insufficient options for proto=fd
[  491.596593][ T8441] usb 6-1: USB disconnect, device number 38
[  491.882399][ T8431] usbhid 4-1:0.0: can't add hid device: -71
[  491.888424][ T8431] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  491.901592][ T8431] usb 4-1: USB disconnect, device number 55
[  492.034525][T11662] netlink: 'syz.1.1610': attribute type 8 has an invalid length.
[  492.689813][T11664] svc: failed to register nfsdv3 RPC service (errno 111).
[  492.718782][T11664] svc: failed to register nfsaclv3 RPC service (errno 111).
[  493.192676][ T1097] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  493.626498][ T8441] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  493.812235][ T8441] usb 6-1: Using ep0 maxpacket: 16
[  494.101394][ T8441] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  494.117877][ T8441] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  494.127836][ T8441] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  494.176890][ T8441] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  494.426021][ T5900] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  494.475277][ T8441] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.663537][T11703] netlink: 'syz.3.1623': attribute type 8 has an invalid length.
[  494.822609][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  495.084816][ T8441] usb 6-1: config 0 descriptor??
[  495.097201][ T5900] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024
[  495.244008][ T5900] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  495.257045][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  495.284171][ T5900] usb 2-1: Product: syz
[  495.288379][ T5900] usb 2-1: Manufacturer: syz
[  495.318928][ T5900] usb 2-1: SerialNumber: syz
[  495.359486][T11692] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  495.692115][T11715] overlayfs: missing 'lowerdir'
[  495.716409][ T8441] usbhid 6-1:0.0: can't add hid device: -71
[  495.722917][ T8441] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  495.734809][ T8441] usb 6-1: USB disconnect, device number 39
[  496.592330][ T8470] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  496.753232][ T8470] usb 3-1: Using ep0 maxpacket: 32
[  496.772982][ T8470] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  496.851690][ T8470] usb 3-1: config 0 has no interface number 0
[  497.026846][ T8470] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  497.041383][ T8470] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.049531][ T8470] usb 3-1: Product: syz
[  497.053806][ T8470] usb 3-1: Manufacturer: syz
[  497.058456][ T8470] usb 3-1: SerialNumber: syz
[  497.069650][ T8470] usb 3-1: config 0 descriptor??
[  497.082248][ T8454] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  497.172275][T11742] netlink: 'syz.0.1636': attribute type 8 has an invalid length.
[  497.673544][ T8470] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  497.839793][ T8470] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  497.899596][ T8470] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  497.974619][ T8454] usb 6-1: config 0 has an invalid interface number: 235 but max is 0
[  498.001709][ T5900] cdc_ncm 2-1:1.0: bind() failure
[  498.012096][ T5900] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  498.019198][ T8454] usb 6-1: config 0 has no interface number 0
[  498.025687][ T8454] usb 6-1: config 0 interface 235 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 1024
[  498.037989][ T5900] cdc_ncm 2-1:1.1: bind() failure
[  498.053289][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - port change to invalid port: 105
[  498.067882][ T5900] usb 2-1: USB disconnect, device number 36
[  498.081235][ T8454] usb 6-1: New USB device found, idVendor=eb1a, idProduct=2800, bcdDevice=8c.f6
[  498.095378][ T8454] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.108587][ T8454] usb 6-1: Product: syz
[  498.112851][ T8454] usb 6-1: Manufacturer: syz
[  498.117708][ T8454] usb 6-1: SerialNumber: syz
[  498.144426][ T8454] usb 6-1: config 0 descriptor??
[  498.156824][T11737] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  498.232949][T11751] FAULT_INJECTION: forcing a failure.
[  498.232949][T11751] name failslab, interval 1, probability 0, space 0, times 0
[  498.259450][    C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  498.269203][ T8454] usb 3-1: USB disconnect, device number 58
[  498.280819][T11751] CPU: 0 UID: 0 PID: 11751 Comm: syz.1.1640 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  498.280845][T11751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  498.280857][T11751] Call Trace:
[  498.280866][T11751]  <TASK>
[  498.280874][T11751]  dump_stack_lvl+0x189/0x250
[  498.280903][T11751]  ? __pfx____ratelimit+0x10/0x10
[  498.280924][T11751]  ? __pfx_dump_stack_lvl+0x10/0x10
[  498.280947][T11751]  ? __pfx__printk+0x10/0x10
[  498.280978][T11751]  ? __pfx___might_resched+0x10/0x10
[  498.280999][T11751]  ? fs_reclaim_acquire+0x7d/0x100
[  498.281027][T11751]  should_fail_ex+0x414/0x560
[  498.281054][T11751]  should_failslab+0xa8/0x100
[  498.281077][T11751]  __kmalloc_noprof+0xcb/0x4f0
[  498.281094][T11751]  ? kfree+0x4d/0x440
[  498.281120][T11751]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  498.281152][T11751]  tomoyo_realpath_from_path+0xe3/0x5d0
[  498.281181][T11751]  ? tomoyo_domain+0xda/0x130
[  498.281213][T11751]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  498.281234][T11751]  tomoyo_path_number_perm+0x1e8/0x5a0
[  498.281258][T11751]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  498.281297][T11751]  ? __lock_acquire+0xab9/0xd20
[  498.281338][T11751]  ? __fget_files+0x2a/0x420
[  498.281363][T11751]  ? __fget_files+0x2a/0x420
[  498.281382][T11751]  ? __fget_files+0x3a0/0x420
[  498.281402][T11751]  ? __fget_files+0x2a/0x420
[  498.281428][T11751]  security_file_ioctl+0xcb/0x2d0
[  498.281453][T11751]  __se_sys_ioctl+0x47/0x170
[  498.281467][ T8454] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  498.281486][T11751]  do_syscall_64+0xfa/0x3b0
[  498.281508][T11751]  ? lockdep_hardirqs_on+0x9c/0x150
[  498.281528][T11751]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.281551][T11751]  ? clear_bhb_loop+0x60/0xb0
[  498.281596][T11751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.281620][T11751] RIP: 0033:0x7f504f18ebe9
[  498.281642][T11751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  498.281663][T11751] RSP: 002b:00007f505004a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  498.281717][T11751] RAX: ffffffffffffffda RBX: 00007f504f3b5fa0 RCX: 00007f504f18ebe9
[  498.281733][T11751] RDX: 0000200000000040 RSI: 00000000c008ae88 RDI: 0000000000000005
[  498.281747][T11751] RBP: 00007f505004a090 R08: 0000000000000000 R09: 0000000000000000
[  498.281761][T11751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  498.281775][T11751] R13: 00007f504f3b6038 R14: 00007f504f3b5fa0 R15: 00007ffddd60dae8
[  498.281810][T11751]  </TASK>
[  498.281819][T11751] ERROR: Out of memory at tomoyo_realpath_from_path.
[  498.368683][ T8454] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  498.448432][ T8431] usb 6-1: USB disconnect, device number 40
[  498.574856][ T8454] quatech2 3-1:0.51: device disconnected
[  498.890190][T11758] overlayfs: missing 'lowerdir'
[  500.120161][T11759] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1641'.
[  500.241010][T11759] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1641'.
[  500.448821][T11782] hsr0: entered promiscuous mode
[  500.644085][T11781] hsr0: left promiscuous mode
[  500.726320][T11784] netlink: 'syz.5.1648': attribute type 8 has an invalid length.
[  501.952442][ T8470] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  502.106398][T11799] FAULT_INJECTION: forcing a failure.
[  502.106398][T11799] name failslab, interval 1, probability 0, space 0, times 0
[  502.152154][T11799] CPU: 0 UID: 0 PID: 11799 Comm: syz.3.1655 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  502.152186][T11799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  502.152201][T11799] Call Trace:
[  502.152210][T11799]  <TASK>
[  502.152219][T11799]  dump_stack_lvl+0x189/0x250
[  502.152251][T11799]  ? __pfx____ratelimit+0x10/0x10
[  502.152276][T11799]  ? __pfx_dump_stack_lvl+0x10/0x10
[  502.152301][T11799]  ? __pfx__printk+0x10/0x10
[  502.152334][T11799]  ? __pfx___might_resched+0x10/0x10
[  502.152359][T11799]  ? fs_reclaim_acquire+0x7d/0x100
[  502.152392][T11799]  should_fail_ex+0x414/0x560
[  502.152422][T11799]  should_failslab+0xa8/0x100
[  502.152449][T11799]  __kmalloc_noprof+0xcb/0x4f0
[  502.152470][T11799]  ? tomoyo_encode+0x28b/0x550
[  502.152505][T11799]  tomoyo_encode+0x28b/0x550
[  502.152541][T11799]  tomoyo_realpath_from_path+0x58d/0x5d0
[  502.152573][T11799]  ? tomoyo_domain+0xda/0x130
[  502.152610][T11799]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  502.152635][T11799]  tomoyo_path_number_perm+0x1e8/0x5a0
[  502.152670][T11799]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  502.152715][T11799]  ? __lock_acquire+0xab9/0xd20
[  502.152760][T11799]  ? __fget_files+0x2a/0x420
[  502.152789][T11799]  ? __fget_files+0x2a/0x420
[  502.152813][T11799]  ? __fget_files+0x3a0/0x420
[  502.152837][T11799]  ? __fget_files+0x2a/0x420
[  502.152867][T11799]  security_file_ioctl+0xcb/0x2d0
[  502.152896][T11799]  __se_sys_ioctl+0x47/0x170
[  502.152932][T11799]  do_syscall_64+0xfa/0x3b0
[  502.152960][T11799]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.152981][T11799]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  502.153004][T11799]  ? clear_bhb_loop+0x60/0xb0
[  502.153031][T11799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.153053][T11799] RIP: 0033:0x7ff00078ebe9
[  502.153074][T11799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  502.153093][T11799] RSP: 002b:00007ff001660038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  502.153117][T11799] RAX: ffffffffffffffda RBX: 00007ff0009b5fa0 RCX: 00007ff00078ebe9
[  502.153133][T11799] RDX: 0000200000000040 RSI: 00000000c008ae88 RDI: 0000000000000005
[  502.153147][T11799] RBP: 00007ff001660090 R08: 0000000000000000 R09: 0000000000000000
[  502.153161][T11799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  502.153175][T11799] R13: 00007ff0009b6038 R14: 00007ff0009b5fa0 R15: 00007fff6130b9e8
[  502.153210][T11799]  </TASK>
[  502.398522][ T8470] usb 3-1: Using ep0 maxpacket: 8
[  502.551053][T11799] ERROR: Out of memory at tomoyo_realpath_from_path.
[  502.646205][T11800] xt_hashlimit: overflow, rate too high: 0
[  525.542355][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  589.542320][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  607.862142][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  607.869127][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P11796/1:b..l P11801/1:b..l
[  607.878793][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=54849, q=367 ncpus=2)
[  607.886532][    C0] task:modprobe        state:R  running task     stack:24104 pid:11801 tgid:11801 ppid:6191   task_flags:0x400000 flags:0x00004000
[  607.900820][    C0] Call Trace:
[  607.904104][    C0]  <TASK>
[  607.907031][    C0]  __schedule+0x16aa/0x4c90
[  607.911565][    C0]  ? call_rcu+0x6ff/0x9c0
[  607.915917][    C0]  ? preempt_schedule_notrace+0xd1/0x110
[  607.921550][    C0]  ? __pfx___schedule+0x10/0x10
[  607.926418][    C0]  ? mas_find_child+0x1c0/0x5a0
[  607.931285][    C0]  ? __lock_acquire+0xab9/0xd20
[  607.936154][    C0]  preempt_schedule_notrace+0xd1/0x110
[  607.941612][    C0]  ? __pfx_preempt_schedule_notrace+0x10/0x10
[  607.947679][    C0]  ? unwind_next_frame+0xa5/0x2390
[  607.952799][    C0]  preempt_schedule_notrace_thunk+0x16/0x30
[  607.958731][    C0]  rcu_is_watching+0x7f/0xb0
[  607.963328][    C0]  ? unwind_next_frame+0xa5/0x2390
[  607.968444][    C0]  unwind_next_frame+0x1965/0x2390
[  607.973564][    C0]  ? unwind_next_frame+0xa5/0x2390
[  607.978683][    C0]  ? kasan_save_stack+0x3e/0x60
[  607.983547][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  607.989727][    C0]  arch_stack_walk+0x11c/0x150
[  607.994504][    C0]  ? kasan_record_aux_stack+0xbd/0xd0
[  607.999905][    C0]  stack_trace_save+0x9c/0xe0
[  608.004609][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  608.009995][    C0]  ? kernel_text_address+0xa5/0xe0
[  608.015132][    C0]  kasan_save_stack+0x3e/0x60
[  608.019824][    C0]  ? kasan_save_stack+0x3e/0x60
[  608.024728][    C0]  kasan_record_aux_stack+0xbd/0xd0
[  608.029936][    C0]  ? __pfx_mt_free_rcu+0x10/0x10
[  608.034883][    C0]  call_rcu+0x157/0x9c0
[  608.039048][    C0]  ? mas_leaf_max_gap+0x497/0x670
[  608.044076][    C0]  ? __pfx_call_rcu+0x10/0x10
[  608.048766][    C0]  ? mas_replace_node+0x472/0x7b0
[  608.053819][    C0]  mas_wr_store_entry+0x1f1b/0x25b0
[  608.059041][    C0]  ? __pfx_mas_wr_store_entry+0x10/0x10
[  608.064600][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  608.069911][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  608.075121][    C0]  ? kernel_text_address+0xa5/0xe0
[  608.080244][    C0]  ? __kernel_text_address+0xd/0x40
[  608.085447][    C0]  ? unwind_get_return_address+0x4d/0x90
[  608.091083][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  608.097239][    C0]  ? arch_stack_walk+0xfc/0x150
[  608.102099][    C0]  ? stack_trace_save+0x9c/0xe0
[  608.106977][    C0]  ? stack_depot_save_flags+0x40/0x900
[  608.112450][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  608.117685][    C0]  ? kasan_save_track+0x4f/0x80
[  608.122552][    C0]  ? kasan_save_track+0x3e/0x80
[  608.127432][    C0]  ? __kasan_slab_alloc+0x6c/0x80
[  608.132455][    C0]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  608.138084][    C0]  ? mas_alloc_nodes+0x2e9/0x8e0
[  608.143021][    C0]  ? mas_preallocate+0x3ad/0x6f0
[  608.147955][    C0]  ? __split_vma+0x2fa/0xa00
[  608.152550][    C0]  ? vms_gather_munmap_vmas+0x4ab/0x12b0
[  608.158188][    C0]  ? mmap_region+0x678/0x1f30
[  608.162869][    C0]  ? do_mmap+0xc45/0x10d0
[  608.167211][    C0]  ? vm_mmap_pgoff+0x31b/0x4c0
[  608.171986][    C0]  ? ksys_mmap_pgoff+0x51f/0x760
[  608.176938][    C0]  ? do_syscall_64+0xfa/0x3b0
[  608.181618][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.187727][    C0]  ? trace_ma_write+0x87/0x1f0
[  608.192504][    C0]  mas_store_prealloc+0xb00/0xf60
[  608.197551][    C0]  ? __pfx_mas_store_prealloc+0x10/0x10
[  608.203116][    C0]  ? vma_iter_store_overwrite+0x340/0x8e0
[  608.208864][    C0]  vma_complete+0x224/0xae0
[  608.213394][    C0]  ? vma_prepare+0x485/0x4b0
[  608.218008][    C0]  ? vma_adjust_trans_huge+0x286/0x370
[  608.223499][    C0]  __split_vma+0x8a6/0xa00
[  608.227927][    C0]  ? __pfx___split_vma+0x10/0x10
[  608.232901][    C0]  vms_gather_munmap_vmas+0x4ab/0x12b0
[  608.238381][    C0]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  608.244296][    C0]  mmap_region+0x678/0x1f30
[  608.248820][    C0]  ? __pfx_mmap_region+0x10/0x10
[  608.253771][    C0]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  608.259407][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  608.264439][    C0]  ? rcu_is_watching+0x15/0xb0
[  608.269206][    C0]  ? process_measurement+0x15c3/0x1a40
[  608.274710][    C0]  ? mm_get_unmapped_area_vmflags+0xb3/0xe0
[  608.280608][    C0]  ? thp_get_unmapped_area_vmflags+0x161/0x310
[  608.286769][    C0]  ? cap_mmap_addr+0xb0/0x100
[  608.291453][    C0]  ? bpf_lsm_mmap_addr+0x9/0x20
[  608.296309][    C0]  ? security_mmap_addr+0x71/0x270
[  608.301423][    C0]  ? shmem_mapping+0xd/0x50
[  608.305931][    C0]  ? memfd_check_seals_mmap+0xc5/0x200
[  608.311402][    C0]  do_mmap+0xc45/0x10d0
[  608.315597][    C0]  ? __pfx_do_mmap+0x10/0x10
[  608.320214][    C0]  ? down_write_killable+0x178/0x230
[  608.325529][    C0]  ? __pfx_down_write_killable+0x10/0x10
[  608.331178][    C0]  vm_mmap_pgoff+0x31b/0x4c0
[  608.335801][    C0]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  608.340938][    C0]  ? __fget_files+0x2a/0x420
[  608.345553][    C0]  ? __fget_files+0x3a0/0x420
[  608.350250][    C0]  ? __fget_files+0x2a/0x420
[  608.354888][    C0]  ksys_mmap_pgoff+0x51f/0x760
[  608.359665][    C0]  do_syscall_64+0xfa/0x3b0
[  608.364183][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  608.369400][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.375481][    C0]  ? clear_bhb_loop+0x60/0xb0
[  608.380202][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.386115][    C0] RIP: 0033:0x7fe7e5e87242
[  608.390550][    C0] RSP: 002b:00007ffe10d156d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[  608.398978][    C0] RAX: ffffffffffffffda RBX: 00007fe7e5d86000 RCX: 00007fe7e5e87242
[  608.406980][    C0] RDX: 0000000000000003 RSI: 0000000000006000 RDI: 00007fe7e5d86000
[  608.414960][    C0] RBP: 0000000000000812 R08: 0000000000000000 R09: 00000000001cc000
[  608.422947][    C0] R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffe10d15798
[  608.430941][    C0] R13: 00007fe7e5e5b5f0 R14: 00007ffe10d15f10 R15: 00000fffc21a2ade
[  608.438932][    C0]  </TASK>
[  608.441970][    C0] task:syz.1.1651      state:R  running task     stack:25096 pid:11796 tgid:11793 ppid:5837   task_flags:0x400040 flags:0x00004000
[  608.455462][    C0] Call Trace:
[  608.458749][    C0]  <TASK>
[  608.461692][    C0]  __schedule+0x16aa/0x4c90
[  608.466254][    C0]  ? preempt_schedule_irq+0xb5/0x150
[  608.471550][    C0]  ? __pfx___schedule+0x10/0x10
[  608.476410][    C0]  ? preempt_schedule_irq+0xaa/0x150
[  608.481713][    C0]  preempt_schedule_irq+0xb5/0x150
[  608.486829][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  608.492571][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  608.498388][    C0]  irqentry_exit+0x6f/0x90
[  608.502839][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  608.508825][    C0] RIP: 0010:__task_pid_nr_ns+0x14c/0x470
[  608.514472][    C0] Code: 0f b6 04 28 84 c0 0f 85 08 03 00 00 8b 43 04 48 c1 e0 04 4c 8d 34 03 49 81 c6 00 01 00 00 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 <74> 08 4c 89 f7 e8 fa e5 92 00 4d 8b 36 eb 08 e8 b0 fe 32 00 45 31
[  608.534090][    C0] RSP: 0018:ffffc9000ba7fea8 EFLAGS: 00000246
[  608.540161][    C0] RAX: 1ffff11006322512 RBX: ffff888031912780 RCX: 0000000000080000
[  608.548200][    C0] RDX: ffffc9000cef5000 RSI: 000000000000c8d8 RDI: ffff888031912784
[  608.556218][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff818d25d8
[  608.564206][    C0] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: 0000000000000001
[  608.572202][    C0] R13: dffffc0000000000 R14: ffff888031912890 R15: ffff88802370da00
[  608.580233][    C0]  ? __task_pid_nr_ns+0x28/0x470
[  608.585213][    C0]  ? __task_pid_nr_ns+0x116/0x470
[  608.590342][    C0]  ? __task_pid_nr_ns+0x28/0x470
[  608.595318][    C0]  __ia32_sys_getpid+0x1e/0x30
[  608.600098][    C0]  do_syscall_64+0xfa/0x3b0
[  608.604619][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.610695][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  608.616874][    C0]  ? clear_bhb_loop+0x60/0xb0
[  608.621562][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.627472][    C0] RIP: 0033:0x7f504f185ba7
[  608.631907][    C0] RSP: 002b:00007f5050028b08 EFLAGS: 00000202 ORIG_RAX: 0000000000000027
[  608.640326][    C0] RAX: ffffffffffffffda RBX: 00007f5050028c70 RCX: 00007f504f185ba7
[  608.648308][    C0] RDX: 00007f5050028b40 RSI: 00007f5050028c70 RDI: 0000000000000021
[  608.656292][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  608.664274][    C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  608.672292][    C0] R13: 00007f504f3b6128 R14: 00007ffddd60da00 R15: 00007ffddd60dae8
[  608.680289][    C0]  </TASK>
[  608.683316][    C0] rcu: rcu_preempt kthread starved for 9708 jiffies! g54849 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  608.694442][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  608.704497][    C0] rcu: RCU grace-period kthread stack dump:
[  608.710411][    C0] task:rcu_preempt     state:R  running task     stack:26792 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  608.723924][    C0] Call Trace:
[  608.727232][    C0]  <TASK>
[  608.730222][    C0]  __schedule+0x16aa/0x4c90
[  608.734773][    C0]  ? schedule+0x165/0x360
[  608.739174][    C0]  ? __pfx___schedule+0x10/0x10
[  608.744062][    C0]  ? schedule+0x91/0x360
[  608.748327][    C0]  schedule+0x165/0x360
[  608.752503][    C0]  schedule_timeout+0x12b/0x270
[  608.757374][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  608.762757][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  608.768671][    C0]  ? __pfx_process_timeout+0x10/0x10
[  608.773986][    C0]  ? prepare_to_swait_event+0x341/0x380
[  608.779540][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[  608.784427][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  608.789623][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  608.795798][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  608.801084][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  608.806298][    C0]  ? finish_swait+0xcd/0x1f0
[  608.810926][    C0]  rcu_gp_kthread+0x99/0x390
[  608.815528][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  608.820747][    C0]  ? __kthread_parkme+0x7b/0x200
[  608.825710][    C0]  ? __kthread_parkme+0x1a1/0x200
[  608.830773][    C0]  kthread+0x70e/0x8a0
[  608.834861][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  608.840061][    C0]  ? __pfx_kthread+0x10/0x10
[  608.844660][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  608.849858][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  608.855058][    C0]  ? __pfx_kthread+0x10/0x10
[  608.859658][    C0]  ret_from_fork+0x3fc/0x770
[  608.864253][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  608.869371][    C0]  ? __switch_to_asm+0x39/0x70
[  608.874178][    C0]  ? __switch_to_asm+0x33/0x70
[  608.878966][    C0]  ? __pfx_kthread+0x10/0x10
[  608.883562][    C0]  ret_from_fork_asm+0x1a/0x30
[  608.888344][    C0]  </TASK>
[  608.891368][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  608.897696][    C0] Sending NMI from CPU 0 to CPUs 1:
[  608.902942][    C1] NMI backtrace for cpu 1
[  608.902957][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  608.902978][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  608.902989][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  608.903010][    C1] Code: 53 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 ad 21 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  608.903026][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c2
[  608.903042][    C1] RAX: 263e4f2746412400 RBX: ffffffff81976918 RCX: 263e4f2746412400
[  608.903056][    C1] RDX: 0000000000000001 RSI: ffffffff8d982fba RDI: ffffffff8be1ba40
[  608.903069][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[  608.903083][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa0b3f0
[  608.903096][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a57b40
[  608.903108][    C1] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  608.903122][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  608.903135][    C1] CR2: 00007fddf68d934d CR3: 0000000031588000 CR4: 00000000003526f0
[  608.903151][    C1] Call Trace:
[  608.903158][    C1]  <TASK>
[  608.903164][    C1]  default_idle+0x13/0x20
[  608.903185][    C1]  default_idle_call+0x74/0xb0
[  608.903207][    C1]  do_idle+0x1e8/0x510
[  608.903240][    C1]  ? __pfx_do_idle+0x10/0x10
[  608.903256][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  608.903283][    C1]  cpu_startup_entry+0x44/0x60
[  608.903301][    C1]  start_secondary+0x101/0x110
[  608.903336][    C1]  common_startup_64+0x13e/0x147
[  608.903366][    C1]  </TASK>
[  609.258911][ T6270] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  609.575064][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  609.583659][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  609.721608][ T5921] kworker/0:5 (5921) used greatest stack depth: 14136 bytes left
[  609.991519][ T8470] usb 3-1: device descriptor read/all, error -71
SYZFAIL: failed to send rpc
fd=3 want=536 sent=0 n=-1 (errno 32: Broken pipe)
[  610.447187][ T5849] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  610.464805][ T5849] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  610.473970][ T5849] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  610.498931][ T5849] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  610.507433][ T5849] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  611.737398][ T6270] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.056096][ T6270] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.166441][ T6270] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.260615][ T6270] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.502660][ T6270] bridge_slave_1: left allmulticast mode
[  612.512397][ T6270] bridge_slave_1: left promiscuous mode
[  612.519042][ T6270] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.553469][ T6270] bridge_slave_0: left allmulticast mode
[  612.562358][ T6270] bridge_slave_0: left promiscuous mode
[  612.571970][ T6270] bridge0: port 1(bridge_slave_0) entered disabled state
[  612.947443][ T6270] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  612.958336][ T6270] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  612.968330][ T6270] bond0 (unregistering): Released all slaves
[  613.198934][ T6270] hsr_slave_0: left promiscuous mode
[  613.204965][ T6270] hsr_slave_1: left promiscuous mode
[  613.210796][ T6270] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  613.218285][ T6270] batman_adv: batadv0: Removing interface: batadv_slave_0
[  613.226697][ T6270] batman_adv: batadv0: Removing interface: batadv_slave_1
[  613.246361][ T6270] veth1_macvtap: left promiscuous mode
[  613.251907][ T6270] veth0_macvtap: left promiscuous mode
[  613.258819][ T6270] veth1_vlan: left promiscuous mode
[  613.264351][ T6270] veth0_vlan: left promiscuous mode
[  613.665494][ T6270] team0 (unregistering): Port device team_slave_1 removed
[  613.708577][ T6270] team0 (unregistering): Port device team_slave_0 removed
[  614.372475][ T6270] ------------[ cut here ]------------
[  614.378038][ T6270] WARNING: CPU: 1 PID: 6270 at net/xfrm/xfrm_state.c:3284 xfrm_state_fini+0x270/0x2f0
[  614.387704][ T6270] Modules linked in:
[  614.392045][ T6270] CPU: 1 UID: 0 PID: 6270 Comm: kworker/u8:11 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  614.402327][ T6270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  614.412460][ T6270] Workqueue: netns cleanup_net
[  614.417266][ T6270] RIP: 0010:xfrm_state_fini+0x270/0x2f0
[  614.422970][ T6270] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 d8 e3 10 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 36 f4 f1 f7 e8 81 fc b0 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 73 fc b0 f7 90 0f 0b 90 e9 60 fe ff ff
[  614.442676][ T6270] RSP: 0018:ffffc9000baff898 EFLAGS: 00010293
[  614.448753][ T6270] RAX: ffffffff8a0f293f RBX: ffff888032624100 RCX: ffff88807e730000
[  614.456808][ T6270] RDX: 0000000000000000 RSI: ffffffff8db6fcc6 RDI: ffff88807e730000
[  614.465256][ T6270] RBP: ffffc9000baff9b0 R08: ffffffff8fa0b3f7 R09: 1ffffffff1f4167e
[  614.473914][ T6270] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: ffffffff8f6054a0
[  614.482008][ T6270] R13: 1ffff9200175ff40 R14: ffff8880326255c0 R15: dffffc0000000000
[  614.490065][ T6270] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  614.499161][ T6270] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  614.505893][ T6270] CR2: 000020000001b000 CR3: 000000000df38000 CR4: 00000000003526f0
[  614.513950][ T6270] Call Trace:
[  614.517236][ T6270]  <TASK>
[  614.520171][ T6270]  xfrm_net_exit+0x2d/0x70
[  614.524672][ T6270]  ops_undo_list+0x497/0x990
[  614.529305][ T6270]  ? __pfx_ops_undo_list+0x10/0x10
[  614.534549][ T6270]  cleanup_net+0x4c5/0x800
[  614.538987][ T6270]  ? __pfx_cleanup_net+0x10/0x10
[  614.544054][ T6270]  ? _raw_spin_unlock_irq+0x23/0x50
[  614.549274][ T6270]  ? process_scheduled_works+0x9ef/0x17b0
[  614.555059][ T6270]  ? process_scheduled_works+0x9ef/0x17b0
[  614.560816][ T6270]  process_scheduled_works+0xade/0x17b0
[  614.567000][ T6270]  ? __pfx_process_scheduled_works+0x10/0x10
[  614.573699][ T6270]  worker_thread+0x8a0/0xda0
[  614.578349][ T6270]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  614.584773][ T6270]  ? __kthread_parkme+0x7b/0x200
[  614.589728][ T6270]  kthread+0x70e/0x8a0
[  614.593914][ T6270]  ? __pfx_worker_thread+0x10/0x10
[  614.599051][ T6270]  ? __pfx_kthread+0x10/0x10
[  614.603769][ T6270]  ? _raw_spin_unlock_irq+0x23/0x50
[  614.608998][ T6270]  ? lockdep_hardirqs_on+0x9c/0x150
[  614.614312][ T6270]  ? __pfx_kthread+0x10/0x10
[  614.618931][ T6270]  ret_from_fork+0x3fc/0x770
[  614.623598][ T6270]  ? __pfx_ret_from_fork+0x10/0x10
[  614.628735][ T6270]  ? __switch_to_asm+0x39/0x70
[  614.633587][ T6270]  ? __switch_to_asm+0x33/0x70
[  614.638372][ T6270]  ? __pfx_kthread+0x10/0x10
[  614.643046][ T6270]  ret_from_fork_asm+0x1a/0x30
[  614.647868][ T6270]  </TASK>
[  614.650900][ T6270] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  614.658182][ T6270] CPU: 1 UID: 0 PID: 6270 Comm: kworker/u8:11 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  614.668345][ T6270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  614.678422][ T6270] Workqueue: netns cleanup_net
[  614.683195][ T6270] Call Trace:
[  614.686470][ T6270]  <TASK>
[  614.689398][ T6270]  dump_stack_lvl+0x99/0x250
[  614.693997][ T6270]  ? __asan_memcpy+0x40/0x70
[  614.698595][ T6270]  ? __pfx_dump_stack_lvl+0x10/0x10
[  614.703808][ T6270]  ? __pfx__printk+0x10/0x10
[  614.708439][ T6270]  panic+0x2db/0x790
[  614.712358][ T6270]  ? __pfx_panic+0x10/0x10
[  614.716794][ T6270]  ? ret_from_fork_asm+0x1a/0x30
[  614.721741][ T6270]  __warn+0x31b/0x4b0
[  614.725732][ T6270]  ? xfrm_state_fini+0x270/0x2f0
[  614.730684][ T6270]  ? xfrm_state_fini+0x270/0x2f0
[  614.735625][ T6270]  report_bug+0x2be/0x4f0
[  614.739980][ T6270]  ? xfrm_state_fini+0x270/0x2f0
[  614.744928][ T6270]  ? xfrm_state_fini+0x270/0x2f0
[  614.749975][ T6270]  ? xfrm_state_fini+0x272/0x2f0
[  614.754930][ T6270]  handle_bug+0x84/0x160
[  614.759193][ T6270]  exc_invalid_op+0x1a/0x50
[  614.763703][ T6270]  asm_exc_invalid_op+0x1a/0x20
[  614.768572][ T6270] RIP: 0010:xfrm_state_fini+0x270/0x2f0
[  614.774135][ T6270] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 d8 e3 10 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 36 f4 f1 f7 e8 81 fc b0 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 73 fc b0 f7 90 0f 0b 90 e9 60 fe ff ff
[  614.794185][ T6270] RSP: 0018:ffffc9000baff898 EFLAGS: 00010293
[  614.800259][ T6270] RAX: ffffffff8a0f293f RBX: ffff888032624100 RCX: ffff88807e730000
[  614.808239][ T6270] RDX: 0000000000000000 RSI: ffffffff8db6fcc6 RDI: ffff88807e730000
[  614.816237][ T6270] RBP: ffffc9000baff9b0 R08: ffffffff8fa0b3f7 R09: 1ffffffff1f4167e
[  614.824233][ T6270] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: ffffffff8f6054a0
[  614.832228][ T6270] R13: 1ffff9200175ff40 R14: ffff8880326255c0 R15: dffffc0000000000
[  614.840214][ T6270]  ? xfrm_state_fini+0x26f/0x2f0
[  614.845178][ T6270]  ? xfrm_state_fini+0x26f/0x2f0
[  614.850138][ T6270]  xfrm_net_exit+0x2d/0x70
[  614.854583][ T6270]  ops_undo_list+0x497/0x990
[  614.859196][ T6270]  ? __pfx_ops_undo_list+0x10/0x10
[  614.864328][ T6270]  cleanup_net+0x4c5/0x800
[  614.868784][ T6270]  ? __pfx_cleanup_net+0x10/0x10
[  614.873742][ T6270]  ? _raw_spin_unlock_irq+0x23/0x50
[  614.878947][ T6270]  ? process_scheduled_works+0x9ef/0x17b0
[  614.884682][ T6270]  ? process_scheduled_works+0x9ef/0x17b0
[  614.890413][ T6270]  process_scheduled_works+0xade/0x17b0
[  614.895989][ T6270]  ? __pfx_process_scheduled_works+0x10/0x10
[  614.902003][ T6270]  worker_thread+0x8a0/0xda0
[  614.906600][ T6270]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  614.912947][ T6270]  ? __kthread_parkme+0x7b/0x200
[  614.917896][ T6270]  kthread+0x70e/0x8a0
[  614.921975][ T6270]  ? __pfx_worker_thread+0x10/0x10
[  614.927106][ T6270]  ? __pfx_kthread+0x10/0x10
[  614.931728][ T6270]  ? _raw_spin_unlock_irq+0x23/0x50
[  614.936937][ T6270]  ? lockdep_hardirqs_on+0x9c/0x150
[  614.942148][ T6270]  ? __pfx_kthread+0x10/0x10
[  614.946770][ T6270]  ret_from_fork+0x3fc/0x770
[  614.951373][ T6270]  ? __pfx_ret_from_fork+0x10/0x10
[  614.956509][ T6270]  ? __switch_to_asm+0x39/0x70
[  614.961284][ T6270]  ? __switch_to_asm+0x33/0x70
[  614.966060][ T6270]  ? __pfx_kthread+0x10/0x10
[  614.970664][ T6270]  ret_from_fork_asm+0x1a/0x30
[  614.975463][ T6270]  </TASK>
[  614.978899][ T6270] Kernel Offset: disabled
[  614.983246][ T6270] Rebooting in 86400 seconds..