last executing test programs:

33.553555005s ago: executing program 2 (id=6411):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = signalfd(r0, &(0x7f0000000000)={[0x4]}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYRES32=r1], &(0x7f0000000300)='GPL\x00', 0x3, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xfffffffc}, 0x10, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_LOOPBACK(r3, 0x65, 0x3, 0xffffffffffffffff, &(0x7f0000000180))
socket$inet6(0xa, 0x805, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000080)=[{0x25, 0x1, 0x4b, 0x4}]}, 0x10)
openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x24100, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000440)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x5, 0xffffffffffffffff, 0x1, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x158)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050800)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendmmsg$alg(r7, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18, 0x8004}], 0x1, 0x0)
recvmsg(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f00000004c0)=""/91, 0x5b}], 0x2}, 0x20000253)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x13, 0x0, 0xff}})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000004100)={0x2020, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}, 0x2020)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x6)
getsockopt$bt_hci(r7, 0x84, 0x11, &(0x7f00000011c0)=""/4060, &(0x7f0000000280)=0xfdc)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r2, 0xffffffffffffffff, 0x34, 0x0, @val=@uprobe_multi={&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=[0x100000001], 0x0, 0x7b615df3, 0x1, 0x0, r10}}, 0x40)

32.580749614s ago: executing program 2 (id=6412):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000800)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000005f000000000000003e420f79e7c442b0f3970b00000066bad10466ed2e0fc75879660f3881670bb9800000c00f3235010000000f30470f01cb66b8f9008ec0c401a5d35000b988010000b88c000000ba000000000f30c30000000000000000180000000000000002000000000000000200000000000000180000000000000004000000010000000100000000000000880000000000000066baf80cb8fc87868cef66bafc0cb8aa3d0000efc421fe2c811000000066baf80cb8ee8b8c80ef66bafc0c66b86e9366ef66b84c008ee0470f01c40f22c1c744240006000000c744240200000000ff1c24b9800000c00f3235008000000f30b964030000b80b000000ba000000000f302e2e2e660fc736c30000000000000000180000000000000007000000000000000100000000000000890000000000000066baa00066b84b0066ef48b8af156aeb000000000f23d80f21f83a6dfb9883bb83f5abbeb108f84aea35000000500f23f80f01c38f6878c20d04000000170f01d10f20e7c7442400ab84a902c74424020ac30000c7442406000000000f011c240f009e00180000b8010000000f01d948b8de000000000000000f23d00f21f8350000000a0f23f8c301000000000000004800000000000000360f01ca40f444df7c860e440f6ec6360f01c966baf80cb8b20c908aef66bafc0c66ed400f381e91b7ee5e43a4f30fc7746e07470f79dcc30200000000000000180000000000000001010000cacc987d0100000000000000700000000000000048b811d8b7a4e6d0b0750f23c80f21f835040070000f23f866b87a008ee80f01c366ba4100b000ee6666460f3882350000000066baf80cb86c84e989ef66bafc0c66edc4e17f7056c700c4c29db70766b83f018ee86466f30fc7b70c570000c302000000000000001800000000000000030000000300000000000000000000001800000000000000060000000000000002000000000000001800000000000000800000000100000001000000000000006200000000000000c4a27d19bdef2d30020f3acc70850f47d14300470f076766460f64a01500000066bad004b0a5ee66ba6100ed66420f3881a60800000066ba4000b8b8000000efb9c3090000b800800000ba000000000f30c3020000000000000018000000000000000900000075be000001000000000000005a0000000000000066baf80cb86cb01e8aef66bafc0cec64460f30c4a1397c3166b849008ec867f346a766b820008ec8470f01cbc74424002f000000c7442402de730000ff2c2466b8f7000f00d8440f35c30200000000000000180000000000000002000000ffffff7f0100000000000000580000000000000066f22e3e46db1b0f20c035020000000f22c0460f01c236440fc8b9b80200000f3266b8c2000f00d8470f79f0b9800000c00f3235001000000f30440f01c8674d0fc7aaf48affffc3000000000000000018000000000000000500000000000000020000000000000018000000000000000500000009000000020000000000000018000000000000000200000010000000020000000000000018000000000000000300000005000000010000000000000052000000000000004483e98b0f009e47bc000066b87d000f00d064640f1aafb90ad4c2440f01c42e65260f28666666b80a018ed0430f01c5c4e3a95dae036b85db000f79ab2cb8d832c302000000000000001800000000000000070000000700000002000000000000001800000000000000020000001a0d000001000000000000005c00000000000000450f0055e7b805000000b9a40000000f01d9c4a2e2f77500260fc7bb988fffffc4c2fd2338b805000000b96fad194c0f01d9c462f9200500000000f65a2f4a0fc7ae03000000c4e2459addc300000000000000001800000000000000ea00000000000000010000000000000055000000000000000f01cbc4c2f92249dd66baf80cb8d8a9c683ef66bafc0ced2e3e0f01ca66baf80cb8b2392f89ef66bafc0cec3e3e430f79f7c4a275bc"], 0x5bf})
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000000840)={{0x4, 0x0, 0x80, {0x0, 0x8080000, 0x3}}, "d4bf61846cffa78551f6ade7171e14ec6c34d0631ee5529489bbb1cbda4d7a0a146887f37b9ab42fcaf2d2b84af43a59efd5a7cd555b5991811e470e2511196a9390d257fb86f2ca5bf1438c27111af4e3506348fe1af6d877c574e03d9bc1d43b39dc04ceb980a8715aae9b894e58a1c354219725a69210a9a1cff8ff714bdc04d4a7512718f0689591fddfcbcd4004e9950ba0a6dfceca8e9505cf72a36d46aa65ec07066ab58d688b58d822a3259b483aa0c043b609addcab2f2ee6dd4e60995b56bb3298625ead8e397d3d0927d4ee4d22502a7944c3edadf69422e30bb143210487b244eb5506f8b95dcd8dc0439da9c4d8fa449e64d2cd0bd1bcc11d5cf572ba263da1ce82db0b6bb743c9ca6453e625a0529970485bd1aa5a73e3d717763b7c7562dc457e79ffb87fbfdf37f41c08f1b3af41f0205eb9cf5e31fb4baba766b97feda2788f92a0822916c73e51d6b932af03bd9e6d4cafaf774af82695d5135d7df3ec859bf8e983ce9bdc58f326a2b2692d9cfe56b75b806e1dbe58ecad1a481f53d00eb48579afb603d42c86ae457c8f2b3db26ad6d603b73465d11c3de1dd9068f625353852b2f434180de76c5d372627393d1cfa335554dfddc7b1a653ac72183418b7929402036c9f50a2f89ba1dab271a7ffab666abb4964d262708406c39a0811a6aa33738c9666dadedef64dcb7df53cee682e28207717baf0721dd21683203706acd675b9c82420dfb0403efd528c201cf523719e20bc317bf2e330061e5a11113228024bda7f46b17a744a5a4a499bbb70d3feae623925673a414620934d89300476a0c882efc34d37519cf9101dbdba73570f9ea6de741310373d9fafab42ef63f997c7965ee593caa5767b6346810e56aab45d1c15e76c5cad952e04e2cbc9488a13cb63571747c254e89d7aad6190d3cc87d5c81d3ebf16809c77151e070d5b19632ac94e59b46da129dcaa5ecf9dfaac33ef8ff6ed4921486105dfa8e1af76a8cedea3387e8a05c8ead118ab44c259618c0274b77b54779fedc9f3a3da3d91a94535888a68bcf87c24aca369d2a03caf02e62f04ac8544cbfd53353383a57ac1064bc49cb3022b12de15cd8ccd13b1dc055b961784ba3a06fc7196b5eaceab2fa1afa847901fc814345a80631efebe29bd252fe6318ad37efcfc9f369fa1b42931cc3c227cc311fe1a416431b15cfe0f485c8a9f4cb8c0f177da9adfa098c6de0f53687143c8f936d890381ff39ec10d540aaa6d765cce461bd858a9c4fa0e0e29743d530a03744d614570f4022a8218e845c6af02bfae7bd4d640f33cf43056f59d9c066e15794930a035b48b54bd0b91ad23efe42fc7ca1f1dc930f9c8867d7bcecce8e913ebd3b18fa2defe980af717eb9cfb252ba54ee73da22760ca3b08188fd7a13d2999f42f1906a50db1149461799b5aa6a59dd60c8da3c89e0af2eea437ff3ceb18e27bf1258d734f7dd8cf15e6288b4d5a56d785f74ae5445fa8b4df71fbe6ba7d55dce1aee33db5963415eaea137aaa01a4cfd8ce629109c83232b5538b0ac50f8120497af1db2507cfdc4aa8e3f612eee1e3159d619c385e3273c81081ab7ffcf9ffefca66bbfb95bb387d2f1099ec35ac293df6eb4a3126c7c3592f8af11ff0d018a16621f36434ce0cbc8bad62bb4444bb6df492f92506a122e16a358afd39104a75e5f3fdaeaf4b40f49c7c11197f4db7e8df4b78a3ef4e55d2270b0883aed53d4682634a3e50723bda97e3b35446c08102b5716da747231ec37a43b443e7808deb61ea03b73496c3dde1ad166054a9356c45370eb369cb77bf2bc8f50e1346c7b2b7ec736599b726de342dec850d614481d1cd6e22c625a6aeb81ea615532240a99da38fa79dc134b75328763b311c42a5d551bd7b4640794b73747c37a27dc87b7b38353245783519e558388f09db7f747fad74819fc8d6270e4597f93e01c0f9e32a2fb0ea3a38cf5f280565b902f570857f5189a7c55ce82677a0b9b549e083bd5a0948f04f84e88915bc7cf26fcd15419cc094195dffd9f8ae2a26cc435ffdd22644562315e97e6b0a8142bd2b872510c49396748e5b945c0dbfd913b5254720ff3f1764fda2607d94826451f5f0159e2b28454c5e9baf17ebeeb7c99421c672aa73982a600c63892a4574f26355632c5527f7e88a8c607ae71b2bda9dd9d6a1f9c36370745c24e21aad24d6de66e57be7e63beb1632f4aa1c17ff70e013d323b0cb072dbe3d924bb443d2baa10a7e4bc50359e3a6d9c48ef4659fd5264b5bac7b5f6f8fdba1f3e7cd1a21d5788a551f43d73f25341d6c192144507184cca401f2fdf2596fdebc509993f14f1586b743c96e8e589f19a9ca46e282bb96e4a353c334e7bebdb047fba021a25d8421afe64f64d27b2205d87493daccfd13b947071cc1c864f6a7a7bcefc11807b059fc5f6f5fa38897defa0017897d3cbd1a528bcbc02952ad0c8ba4f6faf4853cf21c336b3065de2856d2ea6fb473356a96563792905c13591b275c7aa633fc850116596ccf7a394c41779814277f843dd83a572a03d743287e29dd8b019a789286b9211a9db2b1c5478430ea9e5bf91325e849c62636ae27f1cad85e715ec0f2e3c9449157132b4b81b8d500f72b53488d6c694f7c37f0a683ba71a555b9480a929093ba2ec83a069accbcdcdc2e689c2a424292a970f74b12519a06a751b2b6069e717014c318001d97daf7afe61490bf245ad3710c508d576cd14081149ffd3bb9f5113e7b27380923bb77d8c31f26009ce71b81aa4bb03cea31ac22e3a77c8838f57c9e61913a1db6ec54e9ff1ac7a93c278e1f49ddc1673e22057c4380312da0d1dc5568eeaf95320245afb03e65c0b0763db320b56311e0e7a6eba7e3027fd7f2f827a9ba123214d586a173765b82d43c9ec2f39023cbad811957e4ab0c62e8ffebc178659fbddb369c65154f9dd9a6b8603101af5325c419b24fef50ea29c414710b739549d609b5c6153af2e1b85573b829827337af0be21b74e98ea9abbac1904764c17d07fea28cd02f5722e1348a561d9f3c972a7ce76901b20dce81a62a28cd9587293fbd6eb2051832c589294e3d7841825593694b1eca6a881e0e0be95e2d54b22951e66137e0563aeb59e7355480cd56c92bf0f1d699ad3baa7c1fe0be5ba6de681d550c75fd94687320892bf26ef8d06ff66e4f7f453815a07fed06951d78e8f76a3285058837d964d5816406c413259ef691d324e70c346014a6ffda0f2f43ba3c8573c272e9ba9c4a86f4b4c18b9f62baef03979fa823d057e1439b414b8b6f1dcbc50b9793a2c65eeeb4bf141325722b61d13191ea5142ba0d12e8c6102a05251033cd268459e7416157a5ce1fcdb07132845bf911bff3f712c1433263ceb5ae471f099af82666e302e4c4678b8d40a6e489a42748c1dddb024e2708ce64841b5b6785c5fac633b7ca6d505e7cbc78f3171bdf10c60a158ecebaa650a38d030e686943491db2158a775b66951efa36e3c28bb6f12961cc7beca2631cbad3f096e8ccce05024966edbeb2892f52f2f1bab85bb3c6af4b6e1292fa40b686f8ee07d165ff6659c9d4c5d9c077a26d053f643b7307192735151ecb92a281ec4b2ec2b109ace7073235fcfcc281845bdf7fa56d3296a61a6542d53f02931552c6bd19a644ed96b970cc0c7e7063e51f0cf2ad40d1414f17c4cf6630cb092703c2baa52da780e1cf5011f2304ac5087b733ce60db71f740986d9bf34597e4e8932ffc446b825ce706d41c834b08436c2869a63306176ee4605894fe3eda53ccd2b4a1bdd80efb977e69b8493638029b7228a49350eb67516e5eff7cc3c79c4f3c59282a9de311902a7c36b0287e428c4da3c0ff183dd2dd7c65dd04b08a2cb579b0134864f5be6484b43010643bf025952fe6d7e52cd8012d1cb0d17e6801eb67c31af286a61ccf874d49860cf728138dc8b5852f02f69ee77d8dfaf38eecb54965625c573535e54128ffc531f1370d7b5771eb488a25923b2af55ddbb1e2863c4fdd5b1e22f2b0e8e86cc0031708be6c2bc2c69268926ac5aefba13148ddcce17762533465979287c9a50ca378f1d4da2b84b79528e8d152f65b8f20b5af54c36b0c259cf2a082fa6d05fb4e81a09eeececefc8de58cef240c5230ccff2cfc132a466283bf909900c647703a302b9623f56aced0e11da0bb9a0a9967b299053bd489b7c02343bcffd26504f710a9891a336c40604d743d8f69fd52c45b947f77a88842efb1ed6543eaa60b4106f2e589842e6be2a76a4a82526454f2d4b8e67dd6d59d50417c8474688967a6844fcda2f7049cb077b27d70e03a3530620150f3cebf4c195394d1b0402503a15ce0cc68b7a19b17c647cc0208e7c9eb73cce44c84c60eb828da5a38a9f6d0766ea701a557fb53165a9de767da018c740e7f784d5c98e91688de3ef801fc97b8ab7fbe10d7cb2983a5f81af3d9a65e36db87c697b646a54253995c04b2c617b7390b6d5ccdb1df4ef76446e727b106247fe6dcfac059333b675113ebe4d44936fb412dcb4dfe5376a8a10ce607394420dca057b1ce584536defe12a1dacd1f35c84a50490a355529c773ec2a8bd5aaacdc094ca91687d7d2bd348b01abfd386b17c7cce92ddb9e6a4e964dcdd8d8d4e5a4d3c5aa3b42066ade4ed8a44aabaa9d05703b1f226a2688c792dad373e54d2f32c37c26cb11928fc217dcf9a79062a372fe5ef4b4bdc779fc3101379d44e58dde025a8c8bf01680c62adc8032295bf5eba96204235cab2b902a0766e98b6538785a1ed4c04a71f9332a1534b1600e839c220d30f2d1c7ec1d17b5ac760ce0169560c9238334126eb98b3943f3aee85f6dd9032e19a18f2f77e5d486fa0091c999bf47ad2a28d00231b85d2f53f7c41d3d2e52f8cd86eb9bddc216b2d796059214b832953d9132b91e4b38d69b13dcbd22b18a734685ed6e1fb05108fd59edc4e51d1dbb452fd257ca5a6e493087142c4d7ae80b681315cd5f9c588763ecba278813eae72f806f5dfae7a70405491315013af7cb04fa12e7887efa72bed4036d260abc0f98da3a59cc7492bd4888dc6dd8cbddbf831b71e0040fa746e70a54be47f265f78d07ad79676174fbeda895fc70c39beebae7d2bdeb00ad3ee4872c20bed22748d9c0bceca824ae6fe05131e97845fd05d96cfaf9bbb09af57ee6907084fd25dbf04efb2b80eed805d179be3cf761c970c52e4be8a6858d423bbd9a5c1c421597e41869a7f9c22e8e7dca770070ab549f987d3f3aa029102730e06bd29ca56baf91b6ad646a0cba18bf7f4ea101c2d90a505724d8b1393f127ce94ab844e94940c9ebd841077bb513df151116d04269db7d247ed9bc013195fa36ab84131a65b8549b4e7d1e63884d6bad13b578a5df28e582f707ff07ddbe3d5979ffc568fcc6234a20f1e59b20c53fce09dbb78643b644fdf401cda89f2e82e325a8671564e4476aee3f148f1153341f657c8604db83d32b61fc1fa52f4dd4c28e4ac0466dc720b142b10cc3b4f7da9f242190e9e149b30049748f82f812453d8074bcf46cb8176beccd1198aa3295d18a136ed3e1da89b7c8e75c9216755ab6f79c4f51fe5560ebaf12038305cf6b87b385f57e5648f49f4409d1f1390809e2f2ff5a8f7024ea1a767254c56dc1974f63f804a9e66e8159a2ba8c2fb930259f85e401cae66c4e72c5ee63fa7d22b16548b891580752f2591b4036dbf2af1470deaad617ff93f45d36b0821930958dce53d8a26613334f30372c3f25265fd", "87dab4b0cca183c154337de68c21a169ca14fec434c10b840a246941e2f1d92fee8c53198d61745ce5c3be1cfa5a71f73135f10dcf76d283ddb7d16753ffe46ed8060fc0b0442796cd3c6b92496e7d78f85c81172b143a8db2ff73663cbedfc4a2c5ce97a23ed5a15f92230409b119b59308ab3ffd3994be0ccb8df913cea8fd205d4db7ee237312058c18e041df0a3785fdb30a93d43a99a22b0b1fa5687b862582cc72019a18bec2e705119694bdc7b3547855981e5142222efcadca827bff8e52a75d6ad7c75239964358aa9d3dc7d55db3bbb8a9a5b6c63f13cb8e05bc1550ab6efeb7b5bf11512556a70799b714f563ab788113387d6d992406175e990e08e1e15a4f9eca4a128f94dd5cf221230fb46b59b63eef0fd4e824a5b521cd25b85ea80a63f1451bfbc575a63333034733152a0becd44e101cf9dc1ec06512b329d8907757845da46a153ba721243a3cf935f99e19e0b4a7864b174f68e10d79ce8729e34ccd2358e6640bc6631d5b9b3c070033e6827ff27ce8840c323b0c9f27ea57f0b5ab1d8607fde0c13b0a26705e6e168aeaa442340d5781f52c6ac3b73cecda2616a8ff4a66dd7a89c897ab9494c39767a3053161b7f2692a656e9b0897f920facc56ea225badd2250ae323b2edcd7050f9e6653d1b5bfe99041a1602bdf4420ac9739bc6eff79b0a83093d1c6d350ffd48acf55d3064b6d74537c9adbded65f91a287a5dc9c3753d7a0e9e1959a747c970e9c9730d0e2296375551623fbd1b3041e29cd64e7cbb50bc09ac563a38d4d72ff4a64889bbf066ed411eb0a8b20f6951bf3f5631b00235faa5a29dd98a0cc46b5af62196bd7b39de3417c117ade6c5409da209da0431a471094bd88ecc4b5da557522d7c4fa6edb83c4c492790208e945bde65b63a057e66a3333dd418f82766882ffa3dd86533c02078fe776d2ec7ce113a107078eacb63aae2bb14be03053b5035b249d944b747a85b4d59635b39a579a690f3dbf672db7f242e1043381e346014f7ede9a6e6f4b3e043103a855e736cf86ac9333b3f780e529c0070ffd6de030c3df2fa164073fe8f629e39a81097606bb84536764c6b02fe7c023542fd176c6b9c8cc57140bff60d2d6c0105b2a0373c03095166cd34741d26c0f379d3dae699631562474955781efd02a9378c8def05f76edf62f700a5561314542b907c893dadf055b61a9394b4ab7fbbe55b6335a509b12a9ad82c0057267683079c042fac77f2ffaae6c53e2e033636d7ae4fea724df3f1f6da20bc837f5f529c0d63e36cfb5e9259c5e379565c1665904fabc42c9a1079808658fb5c7234700c47a883b8c15b88c852ac7124b1433da14fd35ea91b1754a0a7d4a24498555a9642bb256b237977e728aee81f4b196733eec951e71cf5ceaae1f01a243eb126c56f02b6a006c24b2868aa3cc68f88da97157ede4e721a6d83dfd71e93242635a04b16c9c122aaae61dbbb060a967623300e53028ec7495eea7b24e3a8fafadc51fe980674575f07ea6ae84a77da1a02fd424675ad885ab06ccb5293948c3311a67f38824d365c24b7a82fc9521300794d45b9f7e706716693312832ae0d53c68555452da9b317d4c1d22d7d6297e492b4487fa105faf4ad4f66ef7295693b0b0e06a3f533fc09e358e41b3f6d2c326ebbedcca33a9dac61c8546b861730e7222afbaaa2e6c3578bb25fba70bd741f1b364ce44a8d93c68c2c395bf749b27e8f9a46a7258c256bbe4259e421ec6c2976e82a9e9a8a215e7ff64ecce125f364118f9977f94c24f45a026b0169199bace0ed94813dc6117fad168c138df7da4d8ce0d366b491974c5f24ca88336ced87826e46c4bd5ab4fda0213d5bdf351bd9af41646f68f97cb0f045de2f0527b835803bc56a91713e8b9b4762793be6774b1ad9dc4653b2a08271f1e0c9e2f632c6db223ee0a33b926dd27122aa2d465449437665b2249374cce2a65227365f1a0e5879268d8131b2047ea2f5474aa3228b5d658e2f18041b5c3bf6a5de0e6f971273979bf6a8eda2dc6cdb588a715281805dff387709502af3627c5be81f3296eccc7e8e3150ac97eef264df5f129634f826b73b7c91c27f927072f1778afa80e8563eea311a7380166298631568a14cbec5834c0d0a96e9b4b745dac8233d3b59f4613b5ea4935d9e75e05a665edb4d0cb828951839ff219a47ffc2fe373e3b17efdbb4310fd0a9ecec07f96dcccbc1471dc52a6c30e0d32ce5c9cf257a2a4f830c9e0ab65684ee4a5bd235f95443d8dffbf03d7b0b973489b403f19e3fca6f51e23058bb95c6cd0d0650c8fe5c061c6767263907a1c5e541ceae2c28b5c4bc777951ca6740ecddd3b75eca35d0315af76056112c01d990baeee98b40be24be2588a0ac04dda05fcbc9064939729ba2a9b9f3cf1e43df49c693140a21dc8553facea3b8305f10c2908694a58e962d855d7122c4bbda03c36cafc4915cc1aa7bc6ac6f37dc818bb62ce2d662640df4368bf65ce1df65167d646e47b4a28295d3ba79b34fef47a8424a7c0bb060df54255e84ef0bdd4467eae951d49bca24d2fa6843040de0a5ccc5adc6805bba48e9bdcbb23583d9be353c672f45eb1a5938f537304863c5f6513e52223396b04a6e8e6012a61503037b79494cc7d39f12f0f0b9cc8f717b411d16e1a041177e961a17fb32b5960c4d2d122d32d1d9fb6b498e9fd6aeebf76155c285620b090b5ed09d6cb9dec13360bc9ccd18958dd05c8967da3225c1a39e40642b015162c626356fd8fe65e7ffb77d23d0bcaad02c2fa5617eccf7d37259d64c1c37b5bf386731ce96713355dcc3d3dca437d9bcdcedb03cddd698af45ec8d07420ea50bdc00e435d92b3b9f4fe19de8f12388b570d3a406aa2291538acc07f2e940c6d125f5041531bab22b5940729ca5c7d8f3cf937641f2dc12205c8adc55dc4d3033ae6158ca21207e809ea2245f3520b8f8e6b5c8d213099c679d4d3f4c9e00925b54bba6f7bbba7c566d5bdf05f697fcfcbaee86c782c24d04b9976019ef2aa72e327a5ffca9e162a7ab7a62b75ee1633f4ebdd23106d7e6e7a6ddf619ff342c3ea6c72c91ab64011a1bd83582a74f32308336ad53aa0ac39518b84f07f89f4e8ee214356862ca6fa1cd3bd2ca182ef3efa2919687520957217cc6858b2a2185a92c334c0dc9a505ff74383e171aca64de74fc24a948e83c9a96c8a1a69303020f8c0d48a79c34e8c4b11f7c47f52b99e5ca01bf0abe7ad73f7cf04068b2f86dc1280b764dc09df2b0966a16ce85fe4ae8aeab48ffe4d472e28a6a020223396c668afd18d4b314a0cefb5f4e4805a1df8df559dc1e7791575a02295851420c831c05daeb54c870eb7ccdb3caa3bae6b435dee98f60716e0a6b9e159d2a8201475ddc0e13e44b72ce2b492181496bc3c571520575c83fadef424d7740107ede3d1d87377b9de43c5ac0a6db195e49451f4798dfbd64c2f3c7c6106d1688a4dbe5e37bf1c50e655020c79994329954bf73eda0d204ef35f13cebe2ea52b46b5a467286bca891ba08a0646eaad9b2befbfa811476c1ebe37790fd61cafac47a25d4703c459a906227aa6ffb53656fbf2991d26c167522dac2f68b63f283a849468d600bff7098092461d7f6f91411255cc999f0cd6df419b77164096cb632063abd834fe079df71172a4fa65e46a73afcf648543b39f6aa4bc4e6ba88669057aaadbb8dda8eb649b230a73c9f124a74cac1f3f0a9e096775ac47649d5a6b4e381b7da2ae2ffc01b239a64ac10b143f15af517f0525006c15e922ab526775e969bf774d3aad097e9be2e8de472d7753136d723d3500a8fa781a4f80de527b85edba174023ed6781e3e4a3522f0730d20a0d7a0d101b948d0b355da5ef9ae21c3fbeda66800ceadd19799e76645a2b095ce99942f58eeaf68a0f0464164c3d9e6ea39a14940086c4fe591acd5964ca214ad5658a6ea98449b26bdc2284b5a5e0f0db873e6a27fd7ed4a63c4c636bc9cd63c3630f1a287c3a16045de9d7c853e32ab05f5cc3cda36991fb6e59c4784d0fd6a193280738ac2c8adb2c0184704daaa3c0c83569ce3d52b930f750537cf5bbbf18f77bd4de44d3021f2ac977d08c443e28ce9ff67f7a133690a5ae05fa32bb22e6a668573e2e3958d0624ceaf13d57c5ec180140926031a622c8d89036f7d007628edcdb0c84729411931b73cc31982b453dcfdbea5d2ff92fd71abd888e29f13107f5d919f47e729aae84ac01bf50e68feb4afe5e605ba9ede9ffbe04319e5886d40abddc90e5bc0d9e75fa656208fd3ec21ccabf6d3ecc36096225bc30d1e0631d18006a4ca6017aba219eb1ef17efa90d1496cf8fe95bbee56575ae4af1e82fa5945eb91b4c9293546ae18ea27f61cafbced9a3341cb41c4b388772e43392d2c196c8d28bead2a1c18b0970cfff6d2da55771a03ece9731dae147db7c3043c0f7999cbbfbd98221e736789df19a248529b772ee5ee7192f9e9a6ab8e2e210c7b7cb76d5b1158a5ce13c79692a96670b1b947ff5353fbbfdcad8315564dd172a615bb4d00d14ede49e715ef93c627ad32b6c85c6612fa59e855d1c98738e343a84386de551c2dc3084647528d6c6457ed3b625c52ba6b818e57f8fc030c50047fee06ffeba8634dc993c5733fdab4ddfd40ea7c75b2cc8a4dbe59361b885766f6bf72d63a9d5490bb6e7c4a1421e8c07a340f567fc309aa4cce938cf83e91569a62d303b4c9b1ea954c50057ba7ab0c29635a1498634c63109b8c51c980f690b1df15dc499ce2bb8806184c50152e72ce765a75fa77a33fd7f1aefd3a20ac4c2a8140105f9e13a63645fa6edcc6d1bcaff51b18a2ac07fce6e5a92426b656d879433dfef1864eb77197652be9c0d9270248b992a3f5300f8a6b5b4c6790137fa2322dd1c11b01ad80f4f587f0018adef5fcb29e232c645e544e1fe54b4eb8b724ef03ada99634ec067fd2da8eca1a6f2da8aa7d7f8985381ee8a6ea7d3f9acebd73ae453fe74771a65c060bd17f6b118594f82d02060b8fdb529734f03f50ddcacaf0b3c49ef3e5bc04fb1c4f9d3cab43f47e17a93a3051026747052db335f93fd7c6ae9e66ecb493978eae8207a6900a4947b9086f689089912d931e6030184cd5402322f423264a7042e2715853e2b27d8a0caf36604352ab61db596f1b5f444f7cfe405b8f4fe1f0ddcdeeb91a3c1e74ee380ef45a01fd8d9fde1efa49cb15f5e0adcd6cd63c4295fe934c1cd3059566dd7140bdc8136bf90e946f22ee06406ed6e15151204d273b02684b5e62eed5194d30beaa8f1e5c9472ac4bf43d99578fc7715bbc4e83d1bcd8feffed970a539b1de89b1b282dd5ad2b6009b0d696ece515068ed82e534be67f3894e4af4c88047201983ba7241f29725c59a3f2112740e2f8ff51e55477f1422afa18ec8293922657c6bef8dc3b8ece825533e1e5eec9d3d333d6fe399849b9d471910a2334a234186909e87b0b8b9391bbd20c267e114833626bbc31234e046c6dd33e2e593751b5d6ef7f70e4a3a65e6ac9be4aa12454c5a904c71bb2cef575fd422f969453a6fbc24906db1d747dd60c800fb49ef177a301c0dfef4e4d931b86c906722f6f09791019cfe7d8cfe6c71442ad85e4ab42270e2379511a83465ea99d95bd7c9ae4d159f490f73ed6383d88f7aa8d701629accfd151c56456034e721cb1ed8f73a86a1e63b835697be1feb555c6104d919a0e6fead299c53bd91521e2d7d8dea677b8fcbfe7b9bea732e6c8a864517eb5d6331d9a"})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000200)={0x10000, 0xc000})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r0])
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r9 = dup(r8)
write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c)
r10 = syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4733, 0x10100, 0x0, 0x24d, 0x0, r9}, &(0x7f00000001c0)=<r11=>0x0, &(0x7f0000000280)=<r12=>0x0)
syz_open_procfs(0x0, 0x0)
syz_io_uring_submit(r11, r12, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x1200}, 0x1})
io_uring_enter(r10, 0x234f, 0xb1e6, 0x1, 0x0, 0x0)
r13 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r13, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r13, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$sock(r13, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1}}], 0x1, 0x40000)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000080)={0x6, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x2, 'dh\x00', 0x0, 0x8, 0x7f}, 0x2c)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000091020000000000000800000008000100"])
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000054000000060a010400000000000000000100000008000b40000000000900010073797a30000000002c0004802800018008000100666962001c00028008000240000000010800034000000001080001400000001414000000110001"], 0xdc}}, 0x400)

31.490149355s ago: executing program 2 (id=6420):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x45)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2, &(0x7f0000000440)=0x40, 0x4)
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, 0x0, &(0x7f0000000180))
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r1)
sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000006c0)=ANY=[@ANYBLOB], 0x100}, 0x1, 0x0, 0x0, 0x20010000}, 0x4088)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
openat$sysctl(0xffffff9c, &(0x7f0000000d40)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2101, 0x0)
write$binfmt_aout(r2, &(0x7f0000000240)=ANY=[], 0xff2e)
r3 = syz_open_pts(r2, 0x101302)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f0000000880)={0x150, r4, 0x2, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x10000, 0x5b}}}}, [@NL80211_ATTR_QOS_MAP={0x36, 0xc7, {[{0x7, 0x5}, {}, {0x0, 0x6}, {0xef, 0x5}, {0x7, 0x5}, {0x7}, {0x4, 0x4}, {0x18, 0x5}, {0x81}, {0xe, 0x1}, {0x80, 0x4}, {0x5, 0x7}, {0x7, 0x3}, {0x5, 0x6}, {0x4, 0x7}, {0x9, 0x5}, {0x1}, {0x6, 0x7}, {0x1, 0x5}, {0x7, 0x7}, {0xf, 0x6}], "a29c90773fcfdcbb"}}, @NL80211_ATTR_QOS_MAP={0xc, 0xc7, {[], "9e633787b94b7724"}}, @NL80211_ATTR_QOS_MAP={0x32, 0xc7, {[{0x3, 0x7}, {0x5, 0x5}, {0x6, 0x3}, {0xff, 0x2}, {0x9, 0x3}, {0x80, 0x1}, {0x43, 0x6}, {0x4, 0x4}, {0xa, 0x5}, {0x1, 0x6}, {0x0, 0x5}, {0x7, 0x2}, {0x4, 0x2}, {0xe0, 0x7}, {0xf8, 0x4}, {0x4, 0x1}, {0x9, 0x7}, {0xb5, 0x4}, {0x81}], "8fcbd1bc02e1f766"}}, @NL80211_ATTR_QOS_MAP={0x24, 0xc7, {[{0x4, 0x5}, {0x9, 0x1}, {0xff, 0x7}, {0x7, 0x3}, {0xfa}, {0x9, 0x2}, {0x4, 0x6}, {0x9, 0x7}, {0x0, 0x3}, {0x3, 0x3}, {0x4, 0x1}, {0x88, 0x7}], "e09d3bdbe3d571b1"}}, @NL80211_ATTR_QOS_MAP={0x20, 0xc7, {[{0x4, 0x7}, {0x2, 0x3}, {0x8, 0x7}, {0x4, 0x3}, {0x6, 0x6}, {0x9, 0x4}, {0x2}, {0x1}, {0x7, 0x6}, {0x81, 0x3}], "6c2d67aef04a825e"}}, @NL80211_ATTR_QOS_MAP={0x32, 0xc7, {[{0x0, 0x3}, {0x80, 0x4}, {0x1, 0x1}, {0x7, 0x1}, {0x5, 0x2}, {0x1, 0x2}, {0x2, 0x5}, {0xba, 0x7}, {0x2, 0x6}, {0x4, 0x6}, {0x4f, 0x6}, {0x1, 0x1}, {0x8, 0x3}, {0xe, 0x5}, {0x2, 0x2}, {0x2, 0x3}, {0x11}, {0x2c, 0x6}, {0x0, 0x7}], "66faee2fd3eeba66"}}, @NL80211_ATTR_QOS_MAP={0x36, 0xc7, {[{0x3, 0x4}, {0xc4, 0x2}, {0xa, 0x6}, {0x2, 0x3}, {0xf, 0x3}, {0x0, 0x1}, {0xb, 0x1}, {0x7f, 0x1}, {}, {0x2, 0x2}, {0xf1, 0x5}, {0xe, 0x7}, {0x4, 0x5}, {0x79, 0x1}, {0x4, 0x2}, {0x10, 0x2}, {0xff, 0x7}, {0x79}, {0xf, 0x2}, {0x50, 0x1}, {0xff, 0x3}], "0f8f4172e3f621f5"}}]}, 0x150}, 0x1, 0x0, 0x0, 0xd042469e7e3c57e9}, 0x800c001)
r5 = dup3(r3, r2, 0x0)
write$binfmt_script(r5, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)

28.092804687s ago: executing program 1 (id=6429):
socket(0x2b, 0x80801, 0x1)
sendmsg$NFT_MSG_GETCHAIN(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x48840}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)

27.949958656s ago: executing program 1 (id=6431):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
io_setup(0x4, &(0x7f0000000280)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}])
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00')
read$eventfd(r5, &(0x7f0000000000), 0x8)
write(r2, 0x0, 0x0)
connect$unix(r3, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e)
r6 = syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x1, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r7, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
removexattr(0x0, 0x0)
ioctl$FS_IOC_RESVSP(r6, 0x80086601, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
fsopen(0x0, 0x1)
r8 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
r9 = fsmount(r8, 0x0, 0x0)
openat$cgroup_pressure(r9, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)

25.808719963s ago: executing program 4 (id=6443):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRESDEC], 0x48)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000065b14493768cc410a400", @ANYRES16=r1, @ANYBLOB="010008000000000000000c000000"], 0x4b}}, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x7, <r2=>0x0}, 0x8)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x8000001e)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x1)
unshare(0x22020600)
fcntl$notify(r4, 0x402, 0x8000003d)
close_range(r3, r4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080000000000000010000009400000007ad4160850000000f0000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="020200090c0000000004000000000000030006000000000002000000ffffffff000000000000000002000100000000000000000001000020030005000000000002000000ac1414aa00000000000000000100150000000000010014"], 0x60}, 0x1, 0x7}, 0x40)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="150a00000000000000180000000000000000000000000000009500"/40], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r2}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xa, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r6}, 0x18)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @empty, @local, {[], @ndisc_ra}}}}}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r7, 0x25, &(0x7f00000000c0))
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000000040)=<r9=>0x0)
timer_settime(r9, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r10, 0x26, &(0x7f0000000000)={0x1})
fcntl$lock(r10, 0x25, &(0x7f00000000c0))
close(r7)

25.709820806s ago: executing program 1 (id=6444):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
prctl$PR_SET_NAME(0x4, 0x0)
process_vm_writev(0x0, &(0x7f00000000c0)=[{&(0x7f00000005c0)=""/257, 0x101}], 0x1, &(0x7f0000000140), 0x0, 0x0)
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)=0x12)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/186, 0xba}], 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
statx(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xf0cb2f4a0c2cfc5d, 0x0)
read$FUSE(r1, &(0x7f0000006380)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000001200)={0x50, 0x0, r2, {0x7, 0x2b, 0x3, 0x200c0400, 0x0, 0x0, 0x0, 0xe382, 0x0, 0x0, 0x8}}, 0x50)
r3 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0)
statx(r1, 0x0, 0x0, 0x40, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000300), 0x752f)
syz_io_uring_setup(0x43f0, &(0x7f0000000040)={0x0, 0xcd2, 0x1000, 0x3, 0x1b6, 0x0, r3}, &(0x7f00000000c0), &(0x7f0000000200)=<r4=>0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000580)=@IORING_OP_RECVMSG={0xa, 0x41, 0x1, 0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000003c0)=""/86, 0x56}, {&(0x7f00000002c0)=""/5, 0x5}, {&(0x7f00000004c0)=""/106, 0x6a}], 0x3}, 0x0, 0x0, 0x0, {0x2, r5}})
read$FUSE(r1, &(0x7f0000004340)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r1, &(0x7f0000000480)={0x10, 0xffffffffffffffda, r6}, 0x10)

25.698110207s ago: executing program 2 (id=6445):
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="1201000000000020ac050f0222000182830109022400010100000009040000020301020009210005000122000009058103"], 0x0)
openat$mice(0xffffff9c, &(0x7f0000000100), 0x40000)

25.240883795s ago: executing program 0 (id=6447):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x161141)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x356}, &(0x7f00000008c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x70a, 0x41e3, 0x0, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r5, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc85eb51b0ace6a", "4617a9f6040839230fb7fead776dd8dc", "3f4051c4", "a44a889722b66244"}, 0x28)
recvmmsg(r5, &(0x7f0000003d40)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000400)=""/247, 0xf7}], 0x1}, 0x3}], 0x1, 0x40010020, 0x0)
socket$kcm(0x2, 0x5, 0x84)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)

25.093335173s ago: executing program 3 (id=6448):
r0 = syz_open_dev$sg(&(0x7f0000001600), 0xa, 0x1)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000040000002e"])

24.948887641s ago: executing program 3 (id=6449):
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x0, &(0x7f00000001c0)}, {0x3, 0x1200, 0x0, 0x0}], 0x2})

24.749763073s ago: executing program 1 (id=6450):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00005fd000/0x4000)=nil, 0x4000, 0x0, 0x5, 0x20000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x5, 0x2)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x40080)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0xffffffff, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x123481, 0x127)
open$dir(&(0x7f0000000000)='./file0\x00', 0x101000, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)
recvmmsg(r0, &(0x7f0000000680)=[{{&(0x7f00000001c0)=@ax25={{}, [@bcast, @bcast, @rose, @default, @null, @remote, @null, @bcast]}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000940)=""/4094, 0xffe}], 0x1, &(0x7f0000000380)=""/3, 0x3}, 0x3ff}, {{&(0x7f00000003c0)=@isdn, 0x80, &(0x7f0000000880)=[{&(0x7f0000000440)=""/36, 0x24}, {&(0x7f0000000700)=""/245, 0xf5}, {&(0x7f0000000800)=""/85, 0x55}], 0x3}, 0x68}], 0x2, 0x74bf125c32bb6db, 0x0)
r4 = socket$inet(0x2, 0x2, 0x5538)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='yeah\x00', 0x5)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000017f03e3f7000000006ee2ffca1b1f00ff0f00000000000050375ed08a56331dbf9ed78105001ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00010004080c00bdad01409bbc7a46e39a54cbbda812176679df069163ce955fed0009d78f0a947ee2b49e33538afaeb2713f450ebd010a20ff27fff", 0x89}], 0x1, 0x0, 0x0, 0x7}, 0x0)

24.749421548s ago: executing program 4 (id=6451):
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000580)={0x0, @bt={0x13, 0x7c5, 0x0, 0x2800, 0xd59f82, 0x2, 0x5, 0xb, 0x8, 0x0, 0x722, 0x1, 0x7, 0x9, 0x2b, 0x0, {0xffff945a, 0x1}, 0x9, 0xf1}})

24.462567103s ago: executing program 0 (id=6452):
socket$kcm(0x2, 0xa, 0x2)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
read$rfkill(r0, &(0x7f0000000040), 0x8)

24.372989802s ago: executing program 4 (id=6453):
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000400)=0xffffffffffffffff, 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2, 0x4, 0x599, 0x1, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001340), &(0x7f0000000900), 0x404, r2, 0x0, 0x1ba8847c99}, 0x38)

24.303476317s ago: executing program 0 (id=6454):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x4e22, @broadcast}, 0x2, 0x9800}}, 0x2e)

24.099939042s ago: executing program 0 (id=6455):
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x5f5400, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1000, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0}, 0x20000000)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
r6 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\xff\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\x912\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebD(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1re\xe86\xcd}\a\a\xf4\t\x11F\xc3\xd4\xdb\xeb\xc48\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf', 0x3)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000140)={r6, 0x0, 0x0, 0x4000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

23.929124187s ago: executing program 2 (id=6456):
r0 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x28, @bt={0x8a5, 0x93, 0x1, 0x1, 0xd59f80, 0x19ef, 0x7, 0x19ef, 0x3, 0x6, 0x27ff, 0x2800, 0x2, 0xbb6, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}})

23.380209394s ago: executing program 2 (id=6457):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0202}]})
prctl$PR_SET_MM(0x4e, 0x3, &(0x7f00002d6000/0x4000)=nil)

23.229876834s ago: executing program 3 (id=6458):
openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x48080, 0x0)
ioctl$TCSETS(r2, 0x5402, 0x0)
splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x7ffff000, 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
socket$inet6_mptcp(0xa, 0x1, 0x106)

22.880311487s ago: executing program 4 (id=6459):
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
prctl$PR_SET_NAME(0x4, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r0, &(0x7f00000000c0)=[{&(0x7f00000005c0)=""/257, 0x101}], 0x1, &(0x7f0000000140)=[{&(0x7f0000000700)=""/215, 0xd7}], 0x1, 0x0)

22.592997699s ago: executing program 0 (id=6460):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
close(0x3)
r1 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x3ff, @empty, 0xfffffff7}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000015c0)=@mangle={'mangle\x00', 0x10, 0x6, 0x4d4, 0x228, 0x2f8, 0xf0, 0x2f8, 0x418, 0x4e8, 0x4e8, 0x4e8, 0x4e8, 0x4e8, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec, 0x0, {0x7a00000000000000}}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@remote, 'hsr0\x00', {0xfffffffffffff800}}}}, {{@ipv6={@dev, @private1={0xfc, 0x1, '\x00', 0x1}, [0x0, 0x0, 0xff000000], [0x0, 0x0, 0xff000000], 'pim6reg\x00', 'geneve1\x00', {}, {0xff}}, 0x0, 0xa4, 0xc8}, @HL={0x24, 'HL\x00', 0x0, {0x2}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x33}, @private2={0xfc, 0x2, '\x00', 0x1}, [0x7f8000ff, 0xffffff00, 0xffffff00], [0xffffff00, 0xffffff00, 0xff000000, 0xffff00], 'wlan1\x00', 'macvtap0\x00', {}, {0xff}, 0x88, 0xb, 0x1, 0x4}, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @local}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xffffffff, 0xffffff00, 0xffffff00, 0xff], [0xff, 0xff000000, 0xffffff00], 'veth1_to_batadv\x00', 'geneve0\x00', {}, {}, 0x3b, 0xe, 0x6, 0x58}, 0x0, 0xa4, 0xc8}, @inet=@TOS={0x24, 'TOS\x00', 0x0, {0x3, 0x9}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x530)

22.55098327s ago: executing program 4 (id=6461):
r0 = syz_open_dev$cec(&(0x7f0000002340), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000080)={"54ec36e6", 0x3, 0x6, 0x4, 0x10001, 0x3, "785144b84ef7ebe60630484ac7b0c8", "391f49c1", '\x00', "b4538793", ["1a99d11773947bbc54a7e33f", "7d2dd431950208ccfab8907c", "113bd782b5dd4faa927d715f", "6e36525b23ac564cef69ea62"]})

22.515180442s ago: executing program 0 (id=6462):
syz_clone3(0x0, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0)
open_tree(0xffffffffffffffff, &(0x7f0000006180)='./mnt\x00', 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/seq/clients\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000280)={0x2020}, 0x2020)
sendto$inet6(r0, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x10162, 0x0)
semctl$GETNCNT(0x0, 0x1, 0xe, 0x0)
memfd_create(&(0x7f0000000740)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c\xfa\xb4q\xbb\x7fN\xd1\r%;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\x12?\xc7zL\x01\r-\x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc\xbe\xb6\xa7w\x9d\xf1\xe5V\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca', 0x8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff05000700"], 0x6c}}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000001e80)=[{&(0x7f0000000080)=""/4094, 0xffe}], 0x1, 0x33, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
setrlimit(0xec2465c563524b53, &(0x7f0000000000)={0x0, 0xfffffffe})
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000380)={[&(0x7f0000000080)='+/-\',.:\'\x00', &(0x7f0000000100)='}]\x00', &(0x7f0000000140)='\x00', &(0x7f0000000180)='\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='\x00']}, 0x0)

22.164894003s ago: executing program 3 (id=6463):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
prctl$PR_SET_NAME(0x4, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r0, &(0x7f00000000c0)=[{&(0x7f00000005c0)=""/257, 0x101}], 0x1, &(0x7f0000000140)=[{&(0x7f0000000700)=""/215, 0xd7}], 0x1, 0x0)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000040)=0x12)
readv(r1, &(0x7f0000000140)=[{&(0x7f0000000080)=""/186, 0xba}], 0x1)

22.009568174s ago: executing program 4 (id=6464):
socket(0x10, 0x3, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x4d, &(0x7f0000000140)=ANY=[], 0x8)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x4000)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x84000)
tee(r0, r2, 0xfffffffffffffc01, 0x0)

21.958798384s ago: executing program 3 (id=6465):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
setpgid(0x0, 0x0)
ioctl$VIDIOC_S_CROP(0xffffffffffffffff, 0x4014563c, &(0x7f000001f9c0)={0x2, {0x8000, 0x200, 0x0, 0x294}})
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100, 0x8000000000001})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x80000)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
r5 = socket(0x15, 0x5, 0x0)
connect$inet(r5, &(0x7f00000004c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt(r5, 0x200000000114, 0x2715, 0x0, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000480)={0x2, 0x7, 0x2, 0xffffff7f, 0x7ff})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r6, 0x89f3, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000040)={'tunl0\x00', 0x0, 0x20, 0x7, 0x7fffffd, 0x2, {{0x5, 0x4, 0x0, 0x16, 0x14, 0xfffc, 0x0, 0x7f, 0x4, 0x0, @local, @empty=0xe000}}}})
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f00000000c0)={0x2, 0x0, 0x0, {0x9, 0x0, 0xffffffff, 0x7fffffff}})
setsockopt$RDS_GET_MR(r2, 0x114, 0x2, 0x0, 0x0)

21.564138758s ago: executing program 3 (id=6466):
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='dctcp\x00', 0x6)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, 0x0, 0x0, 0x805, 0x0, 0x0)

21.495646957s ago: executing program 1 (id=6467):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfc}, 0x1c}, 0x1, 0xf00, 0x0, 0x40}, 0x10000)

21.240987285s ago: executing program 1 (id=6468):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000180))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x4)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
shutdown(r0, 0x1)

0s ago: executing program 32 (id=6462):
syz_clone3(0x0, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0)
open_tree(0xffffffffffffffff, &(0x7f0000006180)='./mnt\x00', 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/seq/clients\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000280)={0x2020}, 0x2020)
sendto$inet6(r0, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x10162, 0x0)
semctl$GETNCNT(0x0, 0x1, 0xe, 0x0)
memfd_create(&(0x7f0000000740)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c\xfa\xb4q\xbb\x7fN\xd1\r%;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\x12?\xc7zL\x01\r-\x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc\xbe\xb6\xa7w\x9d\xf1\xe5V\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca', 0x8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff05000700"], 0x6c}}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000001e80)=[{&(0x7f0000000080)=""/4094, 0xffe}], 0x1, 0x33, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
setrlimit(0xec2465c563524b53, &(0x7f0000000000)={0x0, 0xfffffffe})
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000380)={[&(0x7f0000000080)='+/-\',.:\'\x00', &(0x7f0000000100)='}]\x00', &(0x7f0000000140)='\x00', &(0x7f0000000180)='\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='\x00']}, 0x0)

kernel console output (not intermixed with test programs):

or of length 0, skipping remainder of the config
[ 1529.612815][   T24] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 1529.645202][   T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1529.654456][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1529.675300][   T24] usb 1-1: Product: syz
[ 1529.693751][   T24] usb 1-1: Manufacturer: syz
[ 1529.698352][   T24] usb 1-1: SerialNumber: syz
[ 1530.135892][T26561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1530.147453][T26561] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1530.160233][T26561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1530.183936][T26561] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1530.328329][T26593] netlink: 'syz.3.6018': attribute type 11 has an invalid length.
[ 1530.771413][T26465] team0: Port device team_slave_0 added
[ 1530.795612][T26465] team0: Port device team_slave_1 added
[ 1531.080867][T26465] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1531.087883][T26465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1531.164212][T26465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1531.184314][T26610] kvm: pic: non byte write
[ 1531.227617][T26465] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1531.260749][T26465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1531.287494][T26465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1531.436387][T26465] hsr_slave_0: entered promiscuous mode
[ 1531.453848][T26465] hsr_slave_1: entered promiscuous mode
[ 1531.464905][T26465] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1531.470682][ T5935] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1531.508935][T26465] Cannot create hsr debugfs directory
[ 1531.639893][   T24] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[ 1531.650503][ T5935] usb 3-1: Using ep0 maxpacket: 8
[ 1531.678344][   T24] usb 1-1: USB disconnect, device number 81
[ 1531.698973][ T5935] usb 3-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[ 1531.708606][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1531.718219][ T5935] usb 3-1: Product: syz
[ 1531.726295][ T5935] usb 3-1: Manufacturer: syz
[ 1531.737069][ T5935] usb 3-1: SerialNumber: syz
[ 1531.759390][ T5935] usb 3-1: config 0 descriptor??
[ 1531.798536][ T5935] gspca_main: sq905-2.14.0 probing 2770:9120
[ 1531.854444][ T6136] IPVS: stop unused estimator thread 0...
[ 1532.001621][ T5935] gspca_sq905: sq905_command: usb_control_msg failed (-71)
[ 1532.050009][ T5935] sq905 3-1:0.0: probe with driver sq905 failed with error -71
[ 1532.090764][ T5935] usb 3-1: USB disconnect, device number 57
[ 1532.260736][T23541] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[ 1532.360666][T14564] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[ 1532.447320][T23541] usb 4-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[ 1532.460550][T23541] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1532.493327][T23541] usb 4-1: config 0 descriptor??
[ 1532.517185][T26644] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6029'.
[ 1532.535327][T14564] usb 1-1: Using ep0 maxpacket: 8
[ 1532.558243][T14564] usb 1-1: config 0 descriptor has 1 excess byte, ignoring
[ 1532.570518][T14564] usb 1-1: config 0 has no interfaces?
[ 1532.597390][T14564] usb 1-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1532.617741][T14564] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1532.653209][T14564] usb 1-1: Product: syz
[ 1532.657593][T14564] usb 1-1: Manufacturer: syz
[ 1532.673936][T14564] usb 1-1: SerialNumber: syz
[ 1532.688455][T14564] usb 1-1: config 0 descriptor??
[ 1532.762340][T26648] kvm: pic: non byte write
[ 1532.932252][T14564] usb 1-1: USB disconnect, device number 82
[ 1533.196693][T26660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1533.231132][T26660] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1533.341247][T26465] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1533.367422][T26465] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1533.383592][T26465] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1533.410072][T26465] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1533.818519][T26675] syzkaller1: entered promiscuous mode
[ 1533.830220][T26675] syzkaller1: entered allmulticast mode
[ 1533.890760][T14571] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[ 1533.938552][T26465] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1534.008130][T26465] 8021q: adding VLAN 0 to HW filter on device team0
[ 1534.040641][T14571] usb 1-1: device descriptor read/64, error -71
[ 1534.050169][ T6107] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1534.057423][ T6107] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1534.106088][ T6097] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1534.113359][ T6097] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1534.320781][T14571] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[ 1534.389599][T26465] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1534.472025][T14571] usb 1-1: device descriptor read/64, error -71
[ 1534.506136][T26465] veth0_vlan: entered promiscuous mode
[ 1534.535017][T26465] veth1_vlan: entered promiscuous mode
[ 1534.593383][T14571] usb usb1-port1: attempt power cycle
[ 1534.656389][T26465] veth0_macvtap: entered promiscuous mode
[ 1534.686975][T26465] veth1_macvtap: entered promiscuous mode
[ 1534.777676][T26465] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1534.830261][T26465] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1534.873483][T26465] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1534.895141][T26465] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1534.920258][T26465] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1534.948012][T26465] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1534.960624][T14571] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[ 1534.991547][T14571] usb 1-1: device descriptor read/8, error -71
[ 1535.064755][T23541] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1535.108494][T23541] asix 4-1:0.0: probe with driver asix failed with error -71
[ 1535.194037][T23541] usb 4-1: USB disconnect, device number 85
[ 1535.301302][T14571] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[ 1535.351650][T14571] usb 1-1: device descriptor read/8, error -71
[ 1535.412848][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1535.450836][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1535.491203][T14571] usb usb1-port1: unable to enumerate USB device
[ 1535.573544][ T6107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1535.626515][ T6107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1536.129473][T26704] fuse: Bad value for 'fd'
[ 1536.681369][   T30] kauditd_printk_skb: 90 callbacks suppressed
[ 1536.681388][   T30] audit: type=1326 audit(1752132663.791:8101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26674 comm="syz.2.6035" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff5dfd8e929 code=0x0
[ 1538.710748][ T5856] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[ 1538.960965][ T5856] usb 4-1: too many configurations: 9, using maximum allowed: 8
[ 1538.987611][ T5856] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1539.021183][ T5856] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1539.050230][ T5856] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1539.091472][ T5856] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1539.110921][ T5856] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1539.134658][ T5935] IPVS: starting estimator thread 0...
[ 1539.155546][ T5856] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1539.250874][T26759] IPVS: using max 34 ests per chain, 81600 per kthread
[ 1539.313682][ T5856] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1539.359219][T26762] FAULT_INJECTION: forcing a failure.
[ 1539.359219][T26762] name failslab, interval 1, probability 0, space 0, times 0
[ 1539.401667][ T5856] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1539.413008][ T5856] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1539.419806][T26762] CPU: 0 UID: 0 PID: 26762 Comm: syz.1.6048 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1539.419834][T26762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1539.419845][T26762] Call Trace:
[ 1539.419854][T26762]  <TASK>
[ 1539.419862][T26762]  dump_stack_lvl+0x189/0x250
[ 1539.419884][T26762]  ? __pfx____ratelimit+0x10/0x10
[ 1539.419911][T26762]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1539.419931][T26762]  ? __pfx__printk+0x10/0x10
[ 1539.419958][T26762]  ? __pfx___might_resched+0x10/0x10
[ 1539.419976][T26762]  ? fs_reclaim_acquire+0x7d/0x100
[ 1539.420004][T26762]  should_fail_ex+0x414/0x560
[ 1539.420032][T26762]  ? alloc_netdev_mqs+0xc9e/0x11e0
[ 1539.420055][T26762]  should_failslab+0xa8/0x100
[ 1539.420079][T26762]  __kvmalloc_node_noprof+0x161/0x5f0
[ 1539.420099][T26762]  ? alloc_netdev_mqs+0xc9e/0x11e0
[ 1539.420122][T26762]  ? alloc_netdev_mqs+0xc36/0x11e0
[ 1539.420148][T26762]  alloc_netdev_mqs+0xc9e/0x11e0
[ 1539.420180][T26762]  br_add_bridge+0x39/0xf0
[ 1539.420202][T26762]  br_ioctl_stub+0x526/0xc80
[ 1539.420223][T26762]  ? trace_contention_end+0x39/0x120
[ 1539.420248][T26762]  ? __pfx_br_ioctl_stub+0x10/0x10
[ 1539.420283][T26762]  ? sock_ioctl+0x4b4/0x790
[ 1539.420314][T26762]  ? __lock_acquire+0xab9/0xd20
[ 1539.420347][T26762]  ? __pfx_br_ioctl_stub+0x10/0x10
[ 1539.420361][T26762]  sock_ioctl+0x4d5/0x790
[ 1539.420377][T26762]  ? __pfx_sock_ioctl+0x10/0x10
[ 1539.420391][T26762]  ? __fget_files+0x2a/0x420
[ 1539.420403][T26762]  ? __fget_files+0x3a0/0x420
[ 1539.420415][T26762]  ? __fget_files+0x2a/0x420
[ 1539.420431][T26762]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1539.420447][T26762]  ? __pfx_sock_ioctl+0x10/0x10
[ 1539.420467][T26762]  __se_sys_ioctl+0xfc/0x170
[ 1539.420488][T26762]  do_syscall_64+0xfa/0x3b0
[ 1539.420503][T26762]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1539.420526][T26762]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1539.420544][T26762]  ? clear_bhb_loop+0x60/0xb0
[ 1539.420565][T26762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1539.420582][T26762] RIP: 0033:0x7fbe0138e929
[ 1539.420598][T26762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1539.420614][T26762] RSP: 002b:00007fbe0214e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1539.420633][T26762] RAX: ffffffffffffffda RBX: 00007fbe015b5fa0 RCX: 00007fbe0138e929
[ 1539.420647][T26762] RDX: 0000200000000040 RSI: 00000000000089a0 RDI: 0000000000000003
[ 1539.420659][T26762] RBP: 00007fbe0214e090 R08: 0000000000000000 R09: 0000000000000000
[ 1539.420671][T26762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1539.420683][T26762] R13: 0000000000000000 R14: 00007fbe015b5fa0 R15: 00007fbe016dfa28
[ 1539.420711][T26762]  </TASK>
[ 1539.752044][ T5856] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1539.764475][ T5856] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1539.775894][ T5856] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1539.831252][ T5856] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1539.840192][ T5856] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1539.851198][ T5856] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1540.001767][ T5856] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1540.038938][ T5856] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1540.069712][ T5856] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1540.131587][ T5856] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1540.150620][ T5856] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1540.162851][ T5856] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1540.181056][ T5856] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1540.206409][ T5856] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1540.236667][ T5856] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1540.297532][ T5856] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1540.330979][ T5856] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1540.339373][ T5856] usb 4-1: Product: syz
[ 1540.350632][ T5856] usb 4-1: Manufacturer: syz
[ 1540.355288][ T5856] usb 4-1: SerialNumber: syz
[ 1540.382475][ T5856] usb 4-1: config 0 descriptor??
[ 1540.424266][ T5856] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[ 1540.590902][T23541] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1540.707241][T26790] kvm: pic: non byte write
[ 1540.784684][T23541] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1540.804892][T23541] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1540.821121][   T43] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[ 1540.832789][T23541] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1540.854499][T23541] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1540.869441][T23541] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1540.886009][T23541] usb 3-1: config 0 descriptor??
[ 1541.014278][   T43] usb 1-1: Using ep0 maxpacket: 8
[ 1541.026880][   T43] usb 1-1: config 6 has an invalid interface number: 2 but max is 0
[ 1541.046326][   T43] usb 1-1: config 6 has an invalid descriptor of length 48, skipping remainder of the config
[ 1541.068286][   T43] usb 1-1: config 6 has no interface number 0
[ 1541.075054][   T43] usb 1-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[ 1541.089020][   T43] usb 1-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid maxpacket 12336, setting to 64
[ 1541.113958][   T43] usb 1-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1541.133609][T26779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1541.147068][   T43] usb 1-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1541.185835][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1541.206796][T26779] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1541.226081][   T43] usb 1-1: Product: syz
[ 1541.245582][T26805] binder: 26800:26805 ioctl c0306201 0 returned -14
[ 1541.327286][   T43] usb 1-1: Manufacturer: syz
[ 1541.332727][   T43] usb 1-1: SerialNumber: syz
[ 1541.338298][T26779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1541.351522][   T43] hso 1-1:6.2: Failed to find INT IN ep
[ 1541.358314][T26779] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1541.588603][T26779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1541.598626][T26779] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1541.621192][T26779] netlink: 186416 bytes leftover after parsing attributes in process `syz.2.6054'.
[ 1541.989670][ T5856] usb 1-1: USB disconnect, device number 87
[ 1542.251438][ T5935] usb 2-1: new full-speed USB device number 95 using dummy_hcd
[ 1542.368502][T23541] usbhid 3-1:0.0: can't add hid device: -71
[ 1542.400715][T23541] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1542.659084][T23541] usb 3-1: USB disconnect, device number 58
[ 1542.665412][   T24] usb 4-1: USB disconnect, device number 86
[ 1542.831373][ T5935] usb 2-1: device descriptor read/64, error -71
[ 1542.856096][   T24] yurex 4-1:0.0: USB YUREX #0 now disconnected
[ 1543.071059][ T5935] usb 2-1: new full-speed USB device number 96 using dummy_hcd
[ 1543.190570][   T43] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[ 1543.210802][ T5935] usb 2-1: device descriptor read/64, error -71
[ 1543.333949][ T5935] usb usb2-port1: attempt power cycle
[ 1543.348062][   T43] usb 1-1: Using ep0 maxpacket: 16
[ 1543.405672][   T43] usb 1-1: config 8 has an invalid interface number: 39 but max is 0
[ 1543.418751][   T43] usb 1-1: config 8 has no interface number 0
[ 1543.438199][   T43] usb 1-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[ 1543.492790][   T43] usb 1-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1543.524271][   T43] usb 1-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0
[ 1543.549337][   T43] usb 1-1: config 8 interface 39 has no altsetting 0
[ 1543.608732][   T43] usb 1-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[ 1543.646969][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1543.665005][   T43] usb 1-1: Product: syz
[ 1543.683962][   T43] usb 1-1: Manufacturer: syz
[ 1543.690592][ T5935] usb 2-1: new full-speed USB device number 97 using dummy_hcd
[ 1543.697951][   T43] usb 1-1: SerialNumber: syz
[ 1543.743919][ T5935] usb 2-1: device descriptor read/8, error -71
[ 1544.010867][ T5935] usb 2-1: new full-speed USB device number 98 using dummy_hcd
[ 1544.133438][   T43] ipheth 1-1:8.39: ipheth_get_macaddr: usb_control_msg: short packet: 0 bytes
[ 1544.143487][   T43] ipheth 1-1:8.39: probe with driver ipheth failed with error -22
[ 1544.347621][T26816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1544.366896][T26816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1544.560871][   T43] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[ 1544.744237][   T43] usb 4-1: too many configurations: 9, using maximum allowed: 8
[ 1544.778143][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1544.840580][   T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1544.890841][   T43] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1544.939206][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1544.989392][   T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1545.092421][   T43] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1545.123012][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1545.173870][   T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1545.205115][T26805] syz.1.6059 (26805): drop_caches: 1
[ 1545.213719][   T43] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1545.229702][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1545.260564][   T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1545.291283][   T43] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1545.309328][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1545.319046][ T5935] usb 2-1: device descriptor read/8, error -71
[ 1545.346738][   T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1545.389229][   T43] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1545.411762][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1545.505095][   T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1545.550785][ T5935] usb usb2-port1: unable to enumerate USB device
[ 1545.595646][T26850] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6071'.
[ 1545.728989][   T43] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1545.757618][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1545.769699][   T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1545.796624][   T43] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1545.989533][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1545.999073][   T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1546.020056][   T43] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1546.035155][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.037180][   T43] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1546.042024][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.163387][   T43] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1546.173309][   T43] usb 4-1: Product: syz
[ 1546.177606][   T43] usb 4-1: Manufacturer: syz
[ 1546.182379][   T43] usb 4-1: SerialNumber: syz
[ 1546.190230][   T43] usb 4-1: config 0 descriptor??
[ 1546.201236][   T43] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[ 1546.488932][ T5935] usb 4-1: USB disconnect, device number 87
[ 1546.496773][ T5935] yurex 4-1:0.0: USB YUREX #0 now disconnected
[ 1546.682611][T26864] netlink: 'syz.0.6075': attribute type 3 has an invalid length.
[ 1546.695547][T26864] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.6075'.
[ 1546.890735][T14564] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[ 1547.050549][T14564] usb 2-1: Using ep0 maxpacket: 32
[ 1547.058189][T14564] usb 2-1: config 60 has too many interfaces: 91, using maximum allowed: 32
[ 1547.067655][T14564] usb 2-1: config 60 has an invalid descriptor of length 236, skipping remainder of the config
[ 1547.084088][T14564] usb 2-1: config 60 has 0 interfaces, different from the descriptor's value: 91
[ 1547.099731][T14564] usb 2-1: New USB device found, idVendor=0fe9, idProduct=db98, bcdDevice=ba.5e
[ 1547.109431][T14564] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1547.123085][T14564] usb 2-1: Product: syz
[ 1547.141789][T14564] usb 2-1: Manufacturer: syz
[ 1547.283742][T14564] usb 2-1: SerialNumber: syz
[ 1547.570249][T14564] usb 2-1: USB disconnect, device number 99
[ 1548.128107][T26887] kvm: pic: non byte write
[ 1548.388859][T26893] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6083'.
[ 1549.155521][T26904] netlink: 'syz.3.6078': attribute type 10 has an invalid length.
[ 1549.163545][T26904] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6078'.
[ 1549.353334][T26904] bridge0: port 3(dummy0) entered blocking state
[ 1549.363802][T26904] bridge0: port 3(dummy0) entered disabled state
[ 1549.443319][T26904] dummy0: entered allmulticast mode
[ 1549.492027][T26904] dummy0: entered promiscuous mode
[ 1549.500478][T26904] bridge0: port 3(dummy0) entered blocking state
[ 1549.506992][T26904] bridge0: port 3(dummy0) entered forwarding state
[ 1549.921767][T26907] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6087'.
[ 1550.637349][T26909] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1551.425008][T26930] FAULT_INJECTION: forcing a failure.
[ 1551.425008][T26930] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1551.462408][T26930] CPU: 1 UID: 0 PID: 26930 Comm: syz.1.6091 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1551.462435][T26930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1551.462446][T26930] Call Trace:
[ 1551.462454][T26930]  <TASK>
[ 1551.462461][T26930]  dump_stack_lvl+0x189/0x250
[ 1551.462487][T26930]  ? __pfx____ratelimit+0x10/0x10
[ 1551.462513][T26930]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1551.462534][T26930]  ? __pfx__printk+0x10/0x10
[ 1551.462556][T26930]  ? fs_reclaim_acquire+0x7d/0x100
[ 1551.462586][T26930]  should_fail_ex+0x414/0x560
[ 1551.462615][T26930]  prepare_alloc_pages+0x213/0x610
[ 1551.462646][T26930]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1551.462674][T26930]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1551.462708][T26930]  ? policy_nodemask+0x27c/0x720
[ 1551.462727][T26930]  ? __lock_acquire+0xab9/0xd20
[ 1551.462750][T26930]  alloc_pages_mpol+0x232/0x4a0
[ 1551.462779][T26930]  vma_alloc_folio_noprof+0xe4/0x200
[ 1551.462811][T26930]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1551.462844][T26930]  folio_prealloc+0x30/0x180
[ 1551.462868][T26930]  __handle_mm_fault+0x2c88/0x5620
[ 1551.462909][T26930]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1551.462947][T26930]  ? find_vma+0xe7/0x160
[ 1551.462966][T26930]  ? __pfx_find_vma+0x10/0x10
[ 1551.462990][T26930]  handle_mm_fault+0x40a/0x8e0
[ 1551.463021][T26930]  do_user_addr_fault+0x764/0x1390
[ 1551.463056][T26930]  exc_page_fault+0x76/0xf0
[ 1551.463085][T26930]  asm_exc_page_fault+0x26/0x30
[ 1551.463102][T26930] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 1551.463125][T26930] Code: 00 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 4f 00 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[ 1551.463140][T26930] RSP: 0018:ffffc90004c4fa28 EFLAGS: 00050202
[ 1551.463162][T26930] RAX: ffffffff84c1b701 RBX: 0000000000000060 RCX: 0000000000000060
[ 1551.463175][T26930] RDX: 0000000000000000 RSI: ffffc90004c4fae0 RDI: 0000200000001d40
[ 1551.463188][T26930] RBP: ffffc90004c4fcd0 R08: ffffc90004c4fb3f R09: 1ffff92000989f67
[ 1551.463202][T26930] R10: dffffc0000000000 R11: fffff52000989f68 R12: 0000200000001da0
[ 1551.463215][T26930] R13: 00007ffffffff000 R14: ffffc90004c4fae0 R15: 0000200000001d40
[ 1551.463237][T26930]  ? _copy_from_user+0x61/0xb0
[ 1551.463266][T26930]  _copy_to_user+0x8a/0xb0
[ 1551.463289][T26930]  media_device_get_topology+0x3ea/0x15b0
[ 1551.463326][T26930]  ? __pfx_media_device_get_topology+0x10/0x10
[ 1551.463400][T26930]  media_device_ioctl+0x2c9/0x430
[ 1551.463425][T26930]  ? __pfx_media_device_ioctl+0x10/0x10
[ 1551.463476][T26930]  ? __fget_files+0x3a0/0x420
[ 1551.463498][T26930]  ? __fget_files+0x2a/0x420
[ 1551.463518][T26930]  ? __pfx_media_device_ioctl+0x10/0x10
[ 1551.463543][T26930]  ? media_ioctl+0xfe/0x120
[ 1551.463565][T26930]  ? __pfx_media_ioctl+0x10/0x10
[ 1551.463589][T26930]  __se_sys_ioctl+0xfc/0x170
[ 1551.463610][T26930]  do_syscall_64+0xfa/0x3b0
[ 1551.463627][T26930]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1551.463650][T26930]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1551.463667][T26930]  ? clear_bhb_loop+0x60/0xb0
[ 1551.463688][T26930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1551.463704][T26930] RIP: 0033:0x7fbe0138e929
[ 1551.463720][T26930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1551.463734][T26930] RSP: 002b:00007fbe0214e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1551.463752][T26930] RAX: ffffffffffffffda RBX: 00007fbe015b5fa0 RCX: 00007fbe0138e929
[ 1551.463765][T26930] RDX: 0000200000000280 RSI: 00000000c0487c04 RDI: 0000000000000004
[ 1551.463777][T26930] RBP: 00007fbe0214e090 R08: 0000000000000000 R09: 0000000000000000
[ 1551.463789][T26930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1551.463806][T26930] R13: 0000000000000000 R14: 00007fbe015b5fa0 R15: 00007fbe016dfa28
[ 1551.463836][T26930]  </TASK>
[ 1551.489038][T26907] netlink: 'syz.2.6087': attribute type 1 has an invalid length.
[ 1551.921637][T26907] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.6087'.
[ 1552.041216][T26923] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.6087'.
[ 1552.075487][T26936] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6094'.
[ 1552.120609][T20423] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[ 1552.312961][T20423] usb 4-1: Using ep0 maxpacket: 8
[ 1552.332373][T20423] usb 4-1: config 0 has no interfaces?
[ 1552.353022][T20423] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1552.371140][T20423] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1552.379190][T20423] usb 4-1: Product: syz
[ 1552.411731][T20423] usb 4-1: Manufacturer: syz
[ 1552.416389][T20423] usb 4-1: SerialNumber: syz
[ 1552.458623][T20423] usb 4-1: config 0 descriptor??
[ 1552.601934][T26946] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1552.699218][T20423] usb 4-1: USB disconnect, device number 88
[ 1552.949409][T26956] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6101'.
[ 1552.989408][T20423] usb 1-1: USB disconnect, device number 88
[ 1553.600813][   T43] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[ 1553.700703][T20423] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1553.796448][   T43] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1553.846502][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1553.858504][T20423] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1553.862187][   T43] usb 4-1: Product: syz
[ 1553.908344][T20423] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1553.918984][   T43] usb 4-1: Manufacturer: syz
[ 1553.924068][   T43] usb 4-1: SerialNumber: syz
[ 1553.941461][   T43] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1553.990793][T20423] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1553.998425][   T24] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1554.018001][T20423] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1554.097882][T20423] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1554.097914][T26970] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6107'.
[ 1554.142757][T20423] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1554.165778][T20423] usb 3-1: Product: syz
[ 1554.177329][T20423] usb 3-1: Manufacturer: syz
[ 1554.240000][T20423] cdc_wdm 3-1:1.0: skipping garbage
[ 1554.265443][   T43] usb 4-1: USB disconnect, device number 89
[ 1554.286112][T20423] cdc_wdm 3-1:1.0: skipping garbage
[ 1554.430737][T26965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1554.432226][T20423] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22
[ 1554.439674][T26965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1554.510611][ T5856] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[ 1554.577518][T20423] usb 3-1: USB disconnect, device number 59
[ 1554.677958][ T5856] usb 2-1: device descriptor read/64, error -71
[ 1554.887321][   T30] audit: type=1326 audit(1752132681.991:8102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26976 comm="syz.0.6110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1554.920307][   T30] audit: type=1326 audit(1752132681.991:8103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26976 comm="syz.0.6110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1554.921718][ T5856] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[ 1554.951861][   T30] audit: type=1326 audit(1752132682.001:8104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26976 comm="syz.0.6110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1554.986078][   T30] audit: type=1326 audit(1752132682.001:8105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26976 comm="syz.0.6110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1555.040065][   T30] audit: type=1326 audit(1752132682.001:8106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26976 comm="syz.0.6110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1555.063803][   T30] audit: type=1326 audit(1752132682.001:8107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26976 comm="syz.0.6110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1555.130892][   T24] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[ 1555.146979][   T30] audit: type=1326 audit(1752132682.001:8108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26976 comm="syz.0.6110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1555.176664][   T24] ath9k_htc: Failed to initialize the device
[ 1555.185895][   T43] usb 4-1: ath9k_htc: USB layer deinitialized
[ 1555.194523][   T30] audit: type=1326 audit(1752132682.001:8109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26976 comm="syz.0.6110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1555.219948][   T30] audit: type=1326 audit(1752132682.001:8110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26976 comm="syz.0.6110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1555.259623][   T30] audit: type=1326 audit(1752132682.001:8111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26976 comm="syz.0.6110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1555.380584][ T5856] usb 2-1: device descriptor read/64, error -71
[ 1555.505623][ T5856] usb usb2-port1: attempt power cycle
[ 1555.780879][T14564] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[ 1555.890905][ T5856] usb 2-1: new high-speed USB device number 102 using dummy_hcd
[ 1555.961264][ T5856] usb 2-1: device descriptor read/8, error -71
[ 1555.970825][T14564] usb 1-1: Using ep0 maxpacket: 8
[ 1555.978330][T14564] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1556.003201][T14564] usb 1-1: config 4 interface 0 has no altsetting 0
[ 1556.021239][T14564] usb 1-1: string descriptor 0 read error: -22
[ 1556.027583][T14564] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1556.037895][T14564] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1556.063116][T14564] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1556.087116][T14564] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1556.108944][T14564] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1556.147699][T14564] usb 1-1: media controller created
[ 1556.200760][ T5856] usb 2-1: new high-speed USB device number 103 using dummy_hcd
[ 1556.229842][T14564] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1556.233693][T27004] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6121'.
[ 1556.252024][ T5856] usb 2-1: device descriptor read/8, error -71
[ 1556.265780][T27004] FAULT_INJECTION: forcing a failure.
[ 1556.265780][T27004] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1556.325877][T27004] CPU: 1 UID: 0 PID: 27004 Comm: syz.3.6121 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1556.325903][T27004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1556.325915][T27004] Call Trace:
[ 1556.325922][T27004]  <TASK>
[ 1556.325931][T27004]  dump_stack_lvl+0x189/0x250
[ 1556.325957][T27004]  ? __pfx____ratelimit+0x10/0x10
[ 1556.325983][T27004]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1556.326004][T27004]  ? __pfx__printk+0x10/0x10
[ 1556.326041][T27004]  should_fail_ex+0x414/0x560
[ 1556.326071][T27004]  _copy_to_user+0x31/0xb0
[ 1556.326093][T27004]  simple_read_from_buffer+0xe1/0x170
[ 1556.326121][T27004]  proc_fail_nth_read+0x1df/0x250
[ 1556.326149][T27004]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1556.326176][T27004]  ? rw_verify_area+0x258/0x650
[ 1556.326195][T27004]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1556.326220][T27004]  vfs_read+0x200/0x980
[ 1556.326245][T27004]  ? __pfx___mutex_lock+0x10/0x10
[ 1556.326265][T27004]  ? __pfx_vfs_read+0x10/0x10
[ 1556.326285][T27004]  ? __fget_files+0x2a/0x420
[ 1556.326312][T27004]  ? __fget_files+0x3a0/0x420
[ 1556.326333][T27004]  ? __fget_files+0x2a/0x420
[ 1556.326364][T27004]  ksys_read+0x145/0x250
[ 1556.326386][T27004]  ? __pfx_ksys_read+0x10/0x10
[ 1556.326403][T27004]  ? rcu_is_watching+0x15/0xb0
[ 1556.326430][T27004]  ? do_syscall_64+0xbe/0x3b0
[ 1556.326452][T27004]  do_syscall_64+0xfa/0x3b0
[ 1556.326468][T27004]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1556.326492][T27004]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1556.326510][T27004]  ? clear_bhb_loop+0x60/0xb0
[ 1556.326537][T27004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1556.326554][T27004] RIP: 0033:0x7f5c0c18d33c
[ 1556.326571][T27004] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1556.326586][T27004] RSP: 002b:00007f5c0d046030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1556.326607][T27004] RAX: ffffffffffffffda RBX: 00007f5c0c3b5fa0 RCX: 00007f5c0c18d33c
[ 1556.326620][T27004] RDX: 000000000000000f RSI: 00007f5c0d0460a0 RDI: 0000000000000004
[ 1556.326632][T27004] RBP: 00007f5c0d046090 R08: 0000000000000000 R09: 0000000000000000
[ 1556.326643][T27004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1556.326654][T27004] R13: 0000000000000000 R14: 00007f5c0c3b5fa0 R15: 00007f5c0c4dfa28
[ 1556.326684][T27004]  </TASK>
[ 1556.561148][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1556.578618][ T5856] usb usb2-port1: unable to enumerate USB device
[ 1557.134114][T27019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6127'.
[ 1557.305039][T27025] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6129'.
[ 1557.363681][T27025] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[ 1557.376681][T14564] usb 1-1: USB disconnect, device number 89
[ 1557.474677][T27032] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1557.642403][T27038] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6135'.
[ 1557.667124][T27038] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6135'.
[ 1557.975613][ T5167] Bluetooth: hci3: unexpected cc 0x1405 length: 8 > 4
[ 1558.030549][   T43] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[ 1558.071119][ T5856] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[ 1558.190580][   T43] usb 1-1: Using ep0 maxpacket: 8
[ 1558.197431][   T43] usb 1-1: config 6 has an invalid interface number: 2 but max is 0
[ 1558.206545][   T43] usb 1-1: config 6 has an invalid descriptor of length 48, skipping remainder of the config
[ 1558.227142][   T43] usb 1-1: config 6 has no interface number 0
[ 1558.240699][   T43] usb 1-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[ 1558.249757][ T5856] usb 4-1: Using ep0 maxpacket: 32
[ 1558.280668][   T43] usb 1-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid maxpacket 12336, setting to 64
[ 1558.307045][ T5856] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1558.318598][   T43] usb 1-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1558.325675][ T5856] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.80
[ 1558.341819][   T43] usb 1-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1558.351284][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1558.359326][   T43] usb 1-1: Product: syz
[ 1558.366848][T27059] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1558.371774][ T5856] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1558.382602][   T43] usb 1-1: Manufacturer: syz
[ 1558.382624][   T43] usb 1-1: SerialNumber: syz
[ 1558.406595][   T43] hso 1-1:6.2: Failed to find INT IN ep
[ 1558.433476][ T5856] usb 4-1: config 0 descriptor??
[ 1558.480627][T14564] usb 2-1: new high-speed USB device number 104 using dummy_hcd
[ 1558.640820][T14564] usb 2-1: Using ep0 maxpacket: 8
[ 1558.662260][T14564] usb 2-1: New USB device found, idVendor=061d, idProduct=c120, bcdDevice=e3.67
[ 1558.680523][T14564] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1558.682440][   T43] usb 1-1: USB disconnect, device number 90
[ 1558.712217][T14564] usb 2-1: config 0 descriptor??
[ 1558.720658][T14564] quatech2 2-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected
[ 1558.887734][ T5856] corsair-cpro 0003:1B1C:0C10.0057: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.3-1/input0
[ 1559.065265][T27046] netlink: 64 bytes leftover after parsing attributes in process `syz.3.6136'.
[ 1559.079668][T27070] FAULT_INJECTION: forcing a failure.
[ 1559.079668][T27070] name failslab, interval 1, probability 0, space 0, times 0
[ 1559.150635][T27070] CPU: 1 UID: 0 PID: 27070 Comm: syz.2.6146 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1559.150664][T27070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1559.150677][T27070] Call Trace:
[ 1559.150685][T27070]  <TASK>
[ 1559.150694][T27070]  dump_stack_lvl+0x189/0x250
[ 1559.150722][T27070]  ? __pfx____ratelimit+0x10/0x10
[ 1559.150747][T27070]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1559.150767][T27070]  ? __pfx__printk+0x10/0x10
[ 1559.150795][T27070]  ? __pfx___might_resched+0x10/0x10
[ 1559.150819][T27070]  ? fs_reclaim_acquire+0x7d/0x100
[ 1559.150847][T27070]  should_fail_ex+0x414/0x560
[ 1559.150877][T27070]  should_failslab+0xa8/0x100
[ 1559.150902][T27070]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1559.150923][T27070]  ? __alloc_skb+0x112/0x2d0
[ 1559.150945][T27070]  __alloc_skb+0x112/0x2d0
[ 1559.150967][T27070]  netlink_ack+0x146/0xa50
[ 1559.151014][T27070]  netlink_rcv_skb+0x28c/0x470
[ 1559.151036][T27070]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1559.151064][T27070]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1559.151095][T27070]  ? bpf_lsm_capable+0x9/0x20
[ 1559.151115][T27070]  ? security_capable+0x7e/0x2e0
[ 1559.151147][T27070]  nfnetlink_rcv+0x26a/0x2520
[ 1559.151175][T27070]  ? __dev_queue_xmit+0x1cd7/0x3a70
[ 1559.151202][T27070]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1559.151224][T27070]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1559.151247][T27070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1559.151275][T27070]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1559.151299][T27070]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1559.151336][T27070]  ? ref_tracker_free+0x63a/0x7d0
[ 1559.151359][T27070]  ? __copy_skb_header+0xa7/0x550
[ 1559.151384][T27070]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1559.151407][T27070]  ? __skb_clone+0x63/0x7a0
[ 1559.151434][T27070]  ? __skb_clone+0x483/0x7a0
[ 1559.151463][T27070]  ? skb_clone+0x246/0x3a0
[ 1559.151489][T27070]  ? __netlink_deliver_tap+0x807/0x850
[ 1559.151509][T27070]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1559.151536][T27070]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1559.151555][T27070]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1559.151579][T27070]  netlink_unicast+0x758/0x8d0
[ 1559.151606][T27070]  netlink_sendmsg+0x805/0xb30
[ 1559.151635][T27070]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1559.151657][T27070]  ? aa_sock_msg_perm+0x94/0x160
[ 1559.151683][T27070]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1559.151706][T27070]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1559.151726][T27070]  __sock_sendmsg+0x219/0x270
[ 1559.151755][T27070]  ____sys_sendmsg+0x505/0x830
[ 1559.151784][T27070]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1559.151815][T27070]  ? import_iovec+0x74/0xa0
[ 1559.151839][T27070]  ___sys_sendmsg+0x21f/0x2a0
[ 1559.151864][T27070]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1559.151918][T27070]  ? __fget_files+0x2a/0x420
[ 1559.151941][T27070]  ? __fget_files+0x3a0/0x420
[ 1559.151972][T27070]  __x64_sys_sendmsg+0x19b/0x260
[ 1559.152003][T27070]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1559.152033][T27070]  ? __pfx_ksys_write+0x10/0x10
[ 1559.152051][T27070]  ? rcu_is_watching+0x15/0xb0
[ 1559.152077][T27070]  ? do_syscall_64+0xbe/0x3b0
[ 1559.152099][T27070]  do_syscall_64+0xfa/0x3b0
[ 1559.152116][T27070]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1559.152139][T27070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1559.152155][T27070]  ? clear_bhb_loop+0x60/0xb0
[ 1559.152175][T27070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1559.152190][T27070] RIP: 0033:0x7ff5dfd8e929
[ 1559.152206][T27070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1559.152220][T27070] RSP: 002b:00007ff5e0b13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1559.152240][T27070] RAX: ffffffffffffffda RBX: 00007ff5dffb5fa0 RCX: 00007ff5dfd8e929
[ 1559.152252][T27070] RDX: 0000000004000080 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1559.152264][T27070] RBP: 00007ff5e0b13090 R08: 0000000000000000 R09: 0000000000000000
[ 1559.152275][T27070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1559.152286][T27070] R13: 0000000000000000 R14: 00007ff5dffb5fa0 R15: 00007ff5e00dfa28
[ 1559.152310][T27070]  </TASK>
[ 1559.553235][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1559.745245][T27072] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1559.881337][T27072] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1560.374209][T27080] Cannot find set identified by id 2 to match
[ 1561.359664][T27092] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6153'.
[ 1561.803865][   T30] kauditd_printk_skb: 25 callbacks suppressed
[ 1561.803883][   T30] audit: type=1400 audit(1752132688.911:8137): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=05 pid=27096 comm="syz.4.6155"
[ 1561.958765][   T30] audit: type=1326 audit(1752132689.061:8138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27102 comm="syz.4.6156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1562.051815][   T30] audit: type=1326 audit(1752132689.091:8139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27102 comm="syz.4.6156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1563.140542][   T43] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1563.338099][   T43] usb 3-1: Using ep0 maxpacket: 32
[ 1563.354396][   T43] usb 3-1: no configurations
[ 1563.359034][   T43] usb 3-1: can't read configurations, error -22
[ 1563.580555][   T43] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1563.750720][   T43] usb 3-1: Using ep0 maxpacket: 32
[ 1563.760658][   T43] usb 3-1: no configurations
[ 1563.765300][   T43] usb 3-1: can't read configurations, error -22
[ 1563.781815][T14564] usb 2-1: qt2_attach - failed to power on unit: -110
[ 1563.788765][T14564] quatech2 2-1:0.0: probe with driver quatech2 failed with error -110
[ 1563.805900][   T43] usb usb3-port1: attempt power cycle
[ 1563.827715][T27124] input input120: cannot allocate more than FF_MAX_EFFECTS effects
[ 1563.921035][T27126] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6162'.
[ 1564.122403][ T5856] corsair-cpro 0003:1B1C:0C10.0057: probe with driver corsair-cpro failed with error -110
[ 1564.170928][   T43] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1564.205483][   T43] usb 3-1: Using ep0 maxpacket: 32
[ 1564.214876][   T43] usb 3-1: no configurations
[ 1564.224479][   T43] usb 3-1: can't read configurations, error -22
[ 1564.284291][   T24] usb 4-1: USB disconnect, device number 90
[ 1564.401049][   T43] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[ 1564.427509][T27130] input: syz0 as /devices/virtual/input/input123
[ 1564.483989][   T43] usb 3-1: Using ep0 maxpacket: 32
[ 1564.493930][   T43] usb 3-1: no configurations
[ 1564.502789][   T43] usb 3-1: can't read configurations, error -22
[ 1564.635513][   T43] usb usb3-port1: unable to enumerate USB device
[ 1564.706651][ T5856] usb 2-1: USB disconnect, device number 104
[ 1565.113002][T27134] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6165'.
[ 1565.521364][T27141] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1565.700616][ T5856] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[ 1565.782798][   T30] audit: type=1326 audit(1752132692.891:8140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27145 comm="syz.4.6171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1565.858480][   T30] audit: type=1326 audit(1752132692.891:8141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27145 comm="syz.4.6171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1565.907614][T27153] FAULT_INJECTION: forcing a failure.
[ 1565.907614][T27153] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1565.913250][ T5856] usb 1-1: config 0 interface 0 altsetting 128 bulk endpoint 0xB has invalid maxpacket 1023
[ 1565.961159][T27153] CPU: 1 UID: 0 PID: 27153 Comm: syz.1.6173 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1565.961185][T27153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1565.961196][T27153] Call Trace:
[ 1565.961204][T27153]  <TASK>
[ 1565.961211][T27153]  dump_stack_lvl+0x189/0x250
[ 1565.961238][T27153]  ? __pfx____ratelimit+0x10/0x10
[ 1565.961263][T27153]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1565.961283][T27153]  ? __pfx__printk+0x10/0x10
[ 1565.961306][T27153]  ? __might_fault+0xb0/0x130
[ 1565.961338][T27153]  should_fail_ex+0x414/0x560
[ 1565.961380][T27153]  _copy_from_iter+0x1db/0x16f0
[ 1565.961408][T27153]  ? policy_nodemask+0x27c/0x720
[ 1565.961427][T27153]  ? __pfx__copy_from_iter+0x10/0x10
[ 1565.961448][T27153]  ? set_page_refcounted+0xa0/0x1e0
[ 1565.961467][T27153]  ? page_copy_sane+0x4e/0x280
[ 1565.961486][T27153]  copy_page_from_iter+0xdd/0x170
[ 1565.961507][T27153]  tun_get_user+0x1c4d/0x3ce0
[ 1565.961528][T27153]  ? tun_get_user+0x693/0x3ce0
[ 1565.961559][T27153]  ? aa_file_perm+0x11f/0xed0
[ 1565.961575][T27153]  ? __pfx_tun_get_user+0x10/0x10
[ 1565.961591][T27153]  ? aa_file_perm+0x11f/0xed0
[ 1565.961606][T27153]  ? aa_file_perm+0x3e7/0xed0
[ 1565.961633][T27153]  ? ref_tracker_alloc+0x318/0x460
[ 1565.961654][T27153]  ? __lock_acquire+0xab9/0xd20
[ 1565.961673][T27153]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1565.961700][T27153]  ? tun_get+0x1c/0x2f0
[ 1565.961721][T27153]  ? tun_get+0x1c/0x2f0
[ 1565.961736][T27153]  ? tun_get+0x1c/0x2f0
[ 1565.961756][T27153]  tun_chr_write_iter+0x113/0x200
[ 1565.961777][T27153]  vfs_write+0x54b/0xa90
[ 1565.961799][T27153]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1565.961818][T27153]  ? __pfx_vfs_write+0x10/0x10
[ 1565.961847][T27153]  ? __fget_files+0x2a/0x420
[ 1565.961877][T27153]  ksys_write+0x145/0x250
[ 1565.961899][T27153]  ? __pfx_ksys_write+0x10/0x10
[ 1565.961917][T27153]  ? rcu_is_watching+0x15/0xb0
[ 1565.961940][T27153]  ? do_syscall_64+0xbe/0x3b0
[ 1565.961961][T27153]  do_syscall_64+0xfa/0x3b0
[ 1565.961976][T27153]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1565.961998][T27153]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1565.962016][T27153]  ? clear_bhb_loop+0x60/0xb0
[ 1565.962037][T27153]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1565.962053][T27153] RIP: 0033:0x7fbe0138d3df
[ 1565.962071][T27153] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1565.962086][T27153] RSP: 002b:00007fbe0214e000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1565.962107][T27153] RAX: ffffffffffffffda RBX: 00007fbe015b5fa0 RCX: 00007fbe0138d3df
[ 1565.962120][T27153] RDX: 0000000000000036 RSI: 0000200000000180 RDI: 00000000000000c8
[ 1565.962133][T27153] RBP: 00007fbe0214e090 R08: 0000000000000000 R09: 0000000000000000
[ 1565.962144][T27153] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000001
[ 1565.962155][T27153] R13: 0000000000000000 R14: 00007fbe015b5fa0 R15: 00007fbe016dfa28
[ 1565.962184][T27153]  </TASK>
[ 1565.967409][   T30] audit: type=1326 audit(1752132692.911:8142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27145 comm="syz.4.6171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1565.989989][ T5856] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x6 has an invalid bInterval 209, changing to 11
[ 1565.990026][ T5856] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1565.990064][ T5856] usb 1-1: New USB device found, idVendor=0451, idProduct=f430, bcdDevice=42.7a
[ 1565.990085][ T5856] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1566.004067][ T5856] usb 1-1: config 0 descriptor??
[ 1566.060131][   T30] audit: type=1326 audit(1752132692.961:8143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27151 comm="syz.4.6171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fef75bc11e5 code=0x7ffc0000
[ 1566.177785][T27143] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1566.178978][   T43] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[ 1566.275328][ T5856] ti_usb_3410_5052 1-1:0.0: TI USB 3410 1 port adapter converter detected
[ 1566.429151][   T30] audit: type=1326 audit(1752132692.961:8144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27145 comm="syz.4.6171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1566.452193][   T30] audit: type=1326 audit(1752132692.961:8145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27145 comm="syz.4.6171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1566.476839][   T30] audit: type=1326 audit(1752132693.041:8146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27145 comm="syz.4.6171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1566.544530][T27143] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1566.590621][   T43] usb 4-1: Using ep0 maxpacket: 32
[ 1566.594919][T27143] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1566.605193][   T43] usb 4-1: config 60 has too many interfaces: 91, using maximum allowed: 32
[ 1566.614505][   T43] usb 4-1: config 60 has an invalid descriptor of length 236, skipping remainder of the config
[ 1566.642612][ T5856] ti_usb_3410_5052 1-1:0.0: missing endpoints
[ 1566.665796][   T43] usb 4-1: config 60 has 0 interfaces, different from the descriptor's value: 91
[ 1566.722960][   T43] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db98, bcdDevice=ba.5e
[ 1566.740544][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1566.779050][   T43] usb 4-1: Product: syz
[ 1566.789188][   T43] usb 4-1: Manufacturer: syz
[ 1566.810966][   T43] usb 4-1: SerialNumber: syz
[ 1567.175130][   T43] usb 4-1: USB disconnect, device number 91
[ 1567.956473][T27173] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6178'.
[ 1568.167819][T27181] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6181'.
[ 1568.430294][T20423] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[ 1568.545207][ T5856] usb 1-1: USB disconnect, device number 91
[ 1568.623227][T27185] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1568.789518][T20423] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1568.800832][T20423] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1568.824042][T20423] usb 4-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00
[ 1568.889873][T20423] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1568.937175][T20423] usb 4-1: config 0 descriptor??
[ 1569.451349][T20423] usbhid 4-1:0.0: can't add hid device: -71
[ 1569.457366][T20423] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1569.506042][T20423] usb 4-1: USB disconnect, device number 92
[ 1570.574493][T27213] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 1570.810683][T14571] usb 4-1: new full-speed USB device number 93 using dummy_hcd
[ 1570.877015][T27216] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6191'.
[ 1570.984922][T14571] usb 4-1: config index 0 descriptor too short (expected 31, got 27)
[ 1570.993506][T14571] usb 4-1: config 1 interface 0 has no altsetting 0
[ 1571.018271][T14571] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72
[ 1571.205787][T14571] usb 4-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3
[ 1571.240657][T14571] usb 4-1: Product: syz
[ 1571.270675][T14571] usb 4-1: Manufacturer: syz
[ 1571.293632][T14571] usb 4-1: SerialNumber: syz
[ 1571.675926][T14571] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 93 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[ 1571.707738][T14571] usb 4-1: USB disconnect, device number 93
[ 1571.751966][T14571] usblp0: removed
[ 1571.880890][ T5856] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[ 1572.000859][T27222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6194'.
[ 1572.040509][ T5856] usb 1-1: Using ep0 maxpacket: 32
[ 1572.054279][ T5856] usb 1-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1572.066585][ T5856] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1572.125037][ T5856] usb 1-1: Product: syz
[ 1572.149022][ T5856] usb 1-1: Manufacturer: syz
[ 1572.305744][ T5856] usb 1-1: SerialNumber: syz
[ 1572.314129][ T5856] usb 1-1: config 0 descriptor??
[ 1572.323017][ T5856] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[ 1573.381163][T20423] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[ 1573.509882][T27236] binder: BINDER_SET_CONTEXT_MGR already set
[ 1573.516661][T27236] binder: 27235:27236 ioctl 4018620d 200000000040 returned -16
[ 1573.551145][T20423] usb 4-1: Using ep0 maxpacket: 8
[ 1573.563496][T20423] usb 4-1: config 6 has an invalid interface number: 2 but max is 0
[ 1573.580799][T20423] usb 4-1: config 6 has an invalid descriptor of length 48, skipping remainder of the config
[ 1573.604896][T20423] usb 4-1: config 6 has no interface number 0
[ 1573.630626][T20423] usb 4-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[ 1573.706554][T27239] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6198'.
[ 1573.939300][ T5856] gspca_topro: Sensor soi763a
[ 1573.956143][T20423] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid maxpacket 12336, setting to 64
[ 1573.998454][T20423] usb 4-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1574.069926][T20423] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1574.098904][T20423] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1574.116043][T20423] usb 4-1: Product: syz
[ 1574.126969][T20423] usb 4-1: Manufacturer: syz
[ 1574.151226][T14564] usb 1-1: USB disconnect, device number 92
[ 1574.223395][T20423] usb 4-1: SerialNumber: syz
[ 1574.282947][T20423] hso 4-1:6.2: Failed to find INT IN ep
[ 1574.496216][T27245] kvm: pic: non byte write
[ 1574.527342][   T43] usb 4-1: USB disconnect, device number 94
[ 1574.930354][T27251] macsec1: entered promiscuous mode
[ 1574.948615][T27251] bridge0: entered promiscuous mode
[ 1574.966994][T27251] bridge0: port 1(macsec1) entered blocking state
[ 1574.975339][T27251] bridge0: port 1(macsec1) entered disabled state
[ 1574.982844][T27251] macsec1: entered allmulticast mode
[ 1574.995544][T27251] bridge0: entered allmulticast mode
[ 1575.013098][T27251] macsec1: left allmulticast mode
[ 1575.020764][T27251] bridge0: left allmulticast mode
[ 1575.027616][T27251] bridge0: left promiscuous mode
[ 1575.138375][T27258] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6202'.
[ 1575.335515][   T30] kauditd_printk_skb: 6 callbacks suppressed
[ 1575.335566][   T30] audit: type=1326 audit(1752132702.431:8153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27261 comm="syz.4.6204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1575.506178][   T30] audit: type=1326 audit(1752132702.431:8154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27261 comm="syz.4.6204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1575.629519][   T30] audit: type=1326 audit(1752132702.431:8155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27261 comm="syz.4.6204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1575.724863][T27274] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6207'.
[ 1576.361326][T27267] kvm: pic: non byte write
[ 1576.380578][   T30] audit: type=1326 audit(1752132702.431:8156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27261 comm="syz.4.6204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1576.508360][   T30] audit: type=1326 audit(1752132702.431:8157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27261 comm="syz.4.6204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1576.565453][   T30] audit: type=1326 audit(1752132702.441:8158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27261 comm="syz.4.6204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1576.618608][   T30] audit: type=1326 audit(1752132702.441:8159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27261 comm="syz.4.6204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1576.662362][   T30] audit: type=1326 audit(1752132702.441:8160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27261 comm="syz.4.6204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1576.690867][   T30] audit: type=1326 audit(1752132702.441:8161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27261 comm="syz.4.6204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1576.770758][T14564] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[ 1576.923177][T14564] usb 2-1: Using ep0 maxpacket: 8
[ 1576.968224][T14564] usb 2-1: config index 0 descriptor too short (expected 65535, got 36)
[ 1577.065266][T14564] usb 2-1: config 255 has too many interfaces: 255, using maximum allowed: 32
[ 1577.138610][T14564] usb 2-1: config 255 has an invalid descriptor of length 255, skipping remainder of the config
[ 1577.271350][T14564] usb 2-1: config 255 has 0 interfaces, different from the descriptor's value: 255
[ 1577.284957][T14564] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1577.295566][T14564] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1577.304118][T14564] usb 2-1: Product: syz
[ 1577.310786][T14564] usb 2-1: Manufacturer: syz
[ 1577.315408][T14564] usb 2-1: SerialNumber: syz
[ 1577.498284][T14564] usb 2-1: rejected 1 configuration due to insufficient available bus power
[ 1577.722398][T14564] usb 2-1: no configuration chosen from 1 choice
[ 1577.857225][   T30] audit: type=1326 audit(1752132704.961:8162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27302 comm="syz.4.6214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1578.357860][T27311] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1578.364898][T14571] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[ 1578.536752][T14571] usb 1-1: config 171 has an invalid interface number: 109 but max is 0
[ 1578.545426][T14571] usb 1-1: config 171 has an invalid descriptor of length 0, skipping remainder of the config
[ 1578.556237][T14571] usb 1-1: config 171 has no interface number 0
[ 1578.564610][T14571] usb 1-1: config 171 interface 109 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023
[ 1578.575646][T14571] usb 1-1: config 171 interface 109 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1578.587870][T14571] usb 1-1: config 171 interface 109 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 12
[ 1578.605363][T14571] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=fd.2e
[ 1578.616309][T14571] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1578.642384][T14571] usb 1-1: Product: syz
[ 1578.654107][T14571] usb 1-1: Manufacturer: syz
[ 1578.667176][T14571] usb 1-1: SerialNumber: syz
[ 1578.728251][T27308] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1579.120909][T14571] ath6kl: Failed to submit usb control message: -71
[ 1579.130689][T14571] ath6kl: unable to send the bmi data to the device: -71
[ 1579.137947][T14571] ath6kl: Unable to send get target info: -71
[ 1579.153730][T14571] ath6kl: Failed to init ath6kl core: -71
[ 1579.162253][T14571] ath6kl_usb 1-1:171.109: probe with driver ath6kl_usb failed with error -71
[ 1579.266768][T14571] usb 1-1: USB disconnect, device number 93
[ 1579.543319][ T5935] usb 2-1: USB disconnect, device number 105
[ 1579.789327][T27326] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6220'.
[ 1580.167721][T27327] xt_CT: No such helper "snmp"
[ 1580.220823][T14564] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[ 1580.442202][T14564] usb 4-1: Using ep0 maxpacket: 16
[ 1580.464382][T14564] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1580.496048][T14564] usb 4-1: config 0 has no interface number 0
[ 1580.526777][T14564] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1580.549672][T14564] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1580.568921][T14564] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 1580.606980][T14564] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1580.622332][T14564] usb 4-1: config 0 descriptor??
[ 1581.233357][T14564] uclogic 0003:28BD:0071.0058: pen parameters not found
[ 1581.259085][T14564] uclogic 0003:28BD:0071.0058: interface is invalid, ignoring
[ 1581.523916][T14571] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[ 1581.534145][T27360] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6230'.
[ 1581.909023][T14571] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1581.921108][T14571] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1582.037621][T14571] usb 1-1: Product: syz
[ 1582.056600][T14571] usb 1-1: Manufacturer: syz
[ 1582.232832][T14571] usb 1-1: SerialNumber: syz
[ 1582.245427][T14571] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1582.305585][T23541] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1582.830360][   T24] usb 4-1: USB disconnect, device number 95
[ 1583.374537][T27372] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1583.392791][T27372] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1583.422526][T27381] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6235'.
[ 1583.460824][T20423] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1583.470674][T14564] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[ 1583.619395][T27372] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1583.628847][T14564] usb 4-1: Using ep0 maxpacket: 16
[ 1583.634501][T27372] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1583.643074][T20423] usb 3-1: Using ep0 maxpacket: 8
[ 1583.666029][T14564] usb 4-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[ 1583.677017][T20423] usb 3-1: config index 0 descriptor too short (expected 65535, got 36)
[ 1583.688986][T27372] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1583.698143][T14564] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1583.707394][T20423] usb 3-1: config 255 has too many interfaces: 255, using maximum allowed: 32
[ 1583.719754][T27372] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1583.730206][T20423] usb 3-1: config 255 has an invalid descriptor of length 255, skipping remainder of the config
[ 1583.744529][T20423] usb 3-1: config 255 has 0 interfaces, different from the descriptor's value: 255
[ 1583.755253][T14564] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1583.773842][T14564] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1583.792148][T20423] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1583.803037][T14564] usb 4-1: Product: syz
[ 1583.807318][T14564] usb 4-1: Manufacturer: syz
[ 1583.812374][T20423] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1583.820382][T20423] usb 3-1: Product: syz
[ 1583.824912][T14564] usb 4-1: SerialNumber: syz
[ 1583.831162][T20423] usb 3-1: Manufacturer: syz
[ 1583.846958][T20423] usb 3-1: SerialNumber: syz
[ 1583.878398][T20423] usb 3-1: rejected 1 configuration due to insufficient available bus power
[ 1583.908874][T20423] usb 3-1: no configuration chosen from 1 choice
[ 1584.019442][T23541] usb 1-1: Service connection timeout for: 256
[ 1584.032190][T23541] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1584.061431][T14564] usb 4-1: 0:2 : does not exist
[ 1584.071806][T23541] ath9k_htc: Failed to initialize the device
[ 1584.085910][T23541] usb 1-1: ath9k_htc: USB layer deinitialized
[ 1584.089040][T14564] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1584.121080][T27389] tipc: Started in network mode
[ 1584.126098][T27389] tipc: Node identity 8, cluster identity 5
[ 1584.133137][T27389] tipc: Node number set to 8
[ 1584.146463][T27389] tipc: Cannot configure node identity twice
[ 1584.162592][T27389] fuse: Unknown parameter '0x0000000000000007'
[ 1584.185390][T14564] usb 4-1: USB disconnect, device number 96
[ 1584.338458][ T5935] usb 1-1: USB disconnect, device number 94
[ 1584.993868][   T30] kauditd_printk_skb: 7 callbacks suppressed
[ 1584.993885][   T30] audit: type=1326 audit(1752132712.101:8170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27394 comm="syz.0.6239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1585.253345][   T30] audit: type=1326 audit(1752132712.101:8171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27394 comm="syz.0.6239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1585.339758][   T30] audit: type=1326 audit(1752132712.101:8172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27394 comm="syz.0.6239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1585.416517][   T30] audit: type=1326 audit(1752132712.101:8173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27394 comm="syz.0.6239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1585.536921][   T30] audit: type=1326 audit(1752132712.101:8174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27394 comm="syz.0.6239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1585.589487][   T30] audit: type=1326 audit(1752132712.101:8175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27394 comm="syz.0.6239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1585.644656][   T30] audit: type=1326 audit(1752132712.101:8176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27394 comm="syz.0.6239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1585.751012][   T30] audit: type=1326 audit(1752132712.101:8177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27394 comm="syz.0.6239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1585.826458][   T30] audit: type=1326 audit(1752132712.101:8178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27394 comm="syz.0.6239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7faf8cd8e929 code=0x7ffc0000
[ 1585.900070][   T30] audit: type=1326 audit(1752132712.101:8179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27394 comm="syz.0.6239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faf8cd2ab19 code=0x7ffc0000
[ 1586.190653][ T5935] usb 3-1: USB disconnect, device number 64
[ 1586.772295][   T43] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[ 1586.968287][T27421] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1587.010691][   T43] usb 1-1: Using ep0 maxpacket: 32
[ 1587.139219][T27423] netlink: 'syz.3.6250': attribute type 21 has an invalid length.
[ 1587.147201][T27423] netlink: 128 bytes leftover after parsing attributes in process `syz.3.6250'.
[ 1587.156569][T27423] netlink: 'syz.3.6250': attribute type 4 has an invalid length.
[ 1587.164468][T27423] netlink: 3 bytes leftover after parsing attributes in process `syz.3.6250'.
[ 1587.260855][   T43] usb 1-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1587.280365][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1587.310524][   T43] usb 1-1: Product: syz
[ 1587.329067][   T43] usb 1-1: Manufacturer: syz
[ 1587.329325][T27423] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6250'.
[ 1587.357822][   T43] usb 1-1: SerialNumber: syz
[ 1587.425352][   T43] usb 1-1: config 0 descriptor??
[ 1587.516552][   T43] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[ 1588.280326][T14564] IPVS: starting estimator thread 0...
[ 1588.390873][T27436] IPVS: using max 50 ests per chain, 120000 per kthread
[ 1588.620576][   T24] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[ 1588.790663][   T24] usb 2-1: Using ep0 maxpacket: 8
[ 1588.801252][   T24] usb 2-1: config 0 has an invalid interface number: 122 but max is 0
[ 1588.819972][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1588.862388][   T24] usb 2-1: config 0 has no interface number 0
[ 1588.870941][   T24] usb 2-1: config 0 interface 122 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[ 1588.890019][   T24] usb 2-1: config 0 interface 122 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 8
[ 1588.902609][   T24] usb 2-1: config 0 interface 122 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 1023
[ 1588.914071][   T24] usb 2-1: config 0 interface 122 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1588.926682][   T24] usb 2-1: config 0 interface 122 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1588.948381][   T43] gspca_topro: Sensor cx0342
[ 1588.956985][   T24] usb 2-1: config 0 interface 122 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 8
[ 1588.976354][   T24] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice= 5.b7
[ 1588.990521][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1589.010724][   T24] usb 2-1: Product: syz
[ 1589.014930][   T24] usb 2-1: Manufacturer: syz
[ 1589.029875][   T24] usb 2-1: SerialNumber: syz
[ 1589.060875][   T24] usb 2-1: config 0 descriptor??
[ 1589.082979][T27438] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1589.090293][T27438] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1589.156817][T14571] usb 1-1: USB disconnect, device number 95
[ 1589.369819][   T24] usb 2-1: NFC: intf ffff888052a5b000 id ffffffff8eb53320
[ 1589.378526][T27448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6259'.
[ 1589.395142][T27448] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1589.531803][   T24] nfcmrvl 2-1:0.122: NFC: registered with nci successfully
[ 1589.581137][   T24] usb 2-1: USB disconnect, device number 106
[ 1589.604032][   T24] usb 2-1: NFC: intf ffff888052a5b000
[ 1590.535812][ T5167] Bluetooth: hci3: Malformed LE Event: 0x02
[ 1590.598141][T27472] loop2: detected capacity change from 0 to 7
[ 1590.609512][T21753] Dev loop2: unable to read RDB block 7
[ 1590.616653][T21753]  loop2: AHDI p1 p2 p3
[ 1590.623493][T21753] loop2: partition table partially beyond EOD, truncated
[ 1590.634244][T21753] loop2: p1 start 1601398130 is beyond EOD, truncated
[ 1590.644239][T21753] loop2: p2 start 1702059890 is beyond EOD, truncated
[ 1590.656870][T27472] Dev loop2: unable to read RDB block 7
[ 1590.664881][T27472]  loop2: AHDI p1 p2 p3
[ 1590.669109][T27472] loop2: partition table partially beyond EOD, truncated
[ 1590.678883][T27472] loop2: p1 start 1601398130 is beyond EOD, truncated
[ 1590.687297][T27472] loop2: p2 start 1702059890 is beyond EOD, truncated
[ 1591.181654][T27492] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6272'.
[ 1591.281119][   T43] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[ 1591.404705][T27494] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6274'.
[ 1591.590634][   T43] usb 4-1: Using ep0 maxpacket: 8
[ 1591.612522][   T43] usb 4-1: config 6 has an invalid interface number: 2 but max is 0
[ 1591.630553][   T43] usb 4-1: config 6 has an invalid descriptor of length 48, skipping remainder of the config
[ 1591.680588][   T43] usb 4-1: config 6 has no interface number 0
[ 1591.697039][   T43] usb 4-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[ 1591.846190][   T43] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid maxpacket 12336, setting to 64
[ 1591.877016][   T43] usb 4-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1591.920300][   T43] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1591.938422][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1591.982075][   T43] usb 4-1: Product: syz
[ 1591.994906][   T43] usb 4-1: Manufacturer: syz
[ 1592.006691][   T43] usb 4-1: SerialNumber: syz
[ 1592.045730][   T43] hso 4-1:6.2: Failed to find INT IN ep
[ 1592.302152][T14564] usb 4-1: USB disconnect, device number 97
[ 1592.884656][T27508] ip6t_srh: unknown srh match flags  B153
[ 1592.951893][T27512] binder: BINDER_SET_CONTEXT_MGR already set
[ 1592.967523][T27512] binder: 27509:27512 ioctl 4018620d 2000000000c0 returned -16
[ 1593.180680][ T5856] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[ 1593.199100][T27515] ipvlan2: entered allmulticast mode
[ 1593.204858][T27515] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[ 1593.361250][ T5856] usb 1-1: device descriptor read/64, error -71
[ 1593.613083][ T5856] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[ 1593.750589][ T5856] usb 1-1: device descriptor read/64, error -71
[ 1593.864643][ T5856] usb usb1-port1: attempt power cycle
[ 1593.872868][   T30] kauditd_printk_skb: 143 callbacks suppressed
[ 1593.872882][   T30] audit: type=1326 audit(1752132720.981:8323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27532 comm="syz.2.6289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dfd8e929 code=0x7ffc0000
[ 1593.882793][T27535] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6290'.
[ 1593.901471][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1593.918780][   T30] audit: type=1326 audit(1752132720.981:8324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27532 comm="syz.2.6289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dfd8e929 code=0x7ffc0000
[ 1593.953106][   T30] audit: type=1326 audit(1752132720.981:8325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27532 comm="syz.2.6289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7ff5dfd8e929 code=0x7ffc0000
[ 1594.023291][   T30] audit: type=1326 audit(1752132720.981:8326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27532 comm="syz.2.6289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dfd8e929 code=0x7ffc0000
[ 1594.243121][ T5856] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[ 1594.272139][ T5856] usb 1-1: device descriptor read/8, error -71
[ 1594.330837][ T5935] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[ 1594.570269][ T5935] usb 2-1: Using ep0 maxpacket: 32
[ 1594.590540][ T5856] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[ 1594.609677][ T5935] usb 2-1: config 60 has too many interfaces: 91, using maximum allowed: 32
[ 1594.622393][ T5856] usb 1-1: device descriptor read/8, error -71
[ 1594.633729][ T5935] usb 2-1: config 60 has an invalid descriptor of length 236, skipping remainder of the config
[ 1594.645309][ T5935] usb 2-1: config 60 has 0 interfaces, different from the descriptor's value: 91
[ 1594.666847][ T5935] usb 2-1: New USB device found, idVendor=0fe9, idProduct=db98, bcdDevice=ba.5e
[ 1594.677199][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1594.685992][ T5935] usb 2-1: Product: syz
[ 1594.690347][ T5935] usb 2-1: Manufacturer: syz
[ 1594.713767][ T5935] usb 2-1: SerialNumber: syz
[ 1594.741597][ T5856] usb usb1-port1: unable to enumerate USB device
[ 1595.029203][T27554] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6296'.
[ 1595.069069][ T5935] usb 2-1: USB disconnect, device number 107
[ 1595.959109][T27566] PKCS7: Unknown OID: [5] (bad)
[ 1595.959134][T27566] PKCS7: Only support pkcs7_signedData type
[ 1595.980586][   T43] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[ 1596.130632][   T43] usb 2-1: device descriptor read/64, error -71
[ 1596.330698][   T24] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[ 1596.370633][   T43] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[ 1596.501393][   T24] usb 1-1: config 0 has no interfaces?
[ 1596.521033][   T24] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1596.530191][   T43] usb 2-1: device descriptor read/64, error -71
[ 1596.536552][T14571] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1596.544328][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1596.560734][   T24] usb 1-1: Product: syz
[ 1596.572289][   T24] usb 1-1: Manufacturer: syz
[ 1596.576981][   T24] usb 1-1: SerialNumber: syz
[ 1596.585036][   T24] usb 1-1: config 0 descriptor??
[ 1596.661229][   T43] usb usb2-port1: attempt power cycle
[ 1596.739739][T14571] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1596.758496][T14571] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1596.793335][T14571] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1596.825865][T14571] usb 3-1: config 1 has no interface number 1
[ 1596.845579][T14571] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1596.900361][T14571] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1596.916842][T14571] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1596.925938][T14571] usb 3-1: Product: syz
[ 1596.934597][T14571] usb 3-1: Manufacturer: syz
[ 1596.939335][T14571] usb 3-1: SerialNumber: syz
[ 1597.030823][   T43] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[ 1597.071340][   T43] usb 2-1: device descriptor read/8, error -71
[ 1597.152503][T27579] netlink: 'syz.2.6304': attribute type 1 has an invalid length.
[ 1597.330718][   T43] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[ 1597.375804][   T43] usb 2-1: device descriptor read/8, error -71
[ 1597.386618][T27589] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6307'.
[ 1597.405209][T27579] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1597.521102][   T43] usb usb2-port1: unable to enumerate USB device
[ 1597.625770][T27586] bond1: (slave gretap1): making interface the new active one
[ 1597.686438][T27586] bond1: (slave gretap1): Enslaving as an active interface with an up link
[ 1597.930835][ T5167] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[ 1597.940889][ T5167] Bluetooth: hci3: Injecting HCI hardware error event
[ 1597.950041][ T5167] Bluetooth: hci3: hardware error 0x00
[ 1598.147279][T27589] netlink: 'syz.3.6307': attribute type 1 has an invalid length.
[ 1598.209454][T27589] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.6307'.
[ 1598.393505][T27594] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6308'.
[ 1598.403019][T27594] openvswitch: netlink: Invalid MD length 0 for MD type 0
[ 1598.410391][T27594] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1598.720688][   T24] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[ 1598.814484][T27598] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6310'.
[ 1598.880835][   T24] usb 4-1: Using ep0 maxpacket: 32
[ 1598.894026][   T24] usb 4-1: config 60 has too many interfaces: 91, using maximum allowed: 32
[ 1598.904077][   T24] usb 4-1: config 60 has an invalid descriptor of length 236, skipping remainder of the config
[ 1598.914938][   T24] usb 4-1: config 60 has 0 interfaces, different from the descriptor's value: 91
[ 1598.928495][   T24] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db98, bcdDevice=ba.5e
[ 1598.937945][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1598.946380][   T24] usb 4-1: Product: syz
[ 1598.989619][   T24] usb 4-1: Manufacturer: syz
[ 1598.994681][   T24] usb 4-1: SerialNumber: syz
[ 1599.019540][ T5856] usb 1-1: USB disconnect, device number 100
[ 1599.120633][   T43] usb 2-1: new high-speed USB device number 112 using dummy_hcd
[ 1599.252076][   T24] usb 4-1: USB disconnect, device number 98
[ 1599.259337][T14571] usb 3-1: USB disconnect, device number 65
[ 1599.280632][   T43] usb 2-1: Using ep0 maxpacket: 32
[ 1599.301415][   T43] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[ 1599.329992][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1599.366069][T21753] udevd[21753]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1599.371557][ T5856] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[ 1599.399437][   T43] usb 2-1: config 0 descriptor??
[ 1599.423550][   T43] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[ 1599.560947][ T5856] usb 1-1: Using ep0 maxpacket: 32
[ 1599.571092][ T5856] usb 1-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1599.580382][ T5856] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1599.588507][ T5856] usb 1-1: Product: syz
[ 1599.593223][ T5856] usb 1-1: Manufacturer: syz
[ 1599.597845][ T5856] usb 1-1: SerialNumber: syz
[ 1599.605392][ T5856] usb 1-1: config 0 descriptor??
[ 1599.617821][ T5856] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[ 1599.680930][T14571] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[ 1599.840661][T14571] usb 3-1: Using ep0 maxpacket: 8
[ 1599.848433][T14571] usb 3-1: config 6 has an invalid interface number: 2 but max is 0
[ 1599.858667][T14571] usb 3-1: config 6 has an invalid descriptor of length 48, skipping remainder of the config
[ 1599.869368][T14571] usb 3-1: config 6 has no interface number 0
[ 1599.876325][T14571] usb 3-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[ 1599.888517][T14571] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid maxpacket 12336, setting to 64
[ 1599.899928][T14571] usb 3-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1599.938074][T14571] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1599.957630][T14571] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1599.973201][T14571] usb 3-1: Product: syz
[ 1599.990651][T14571] usb 3-1: Manufacturer: syz
[ 1599.995775][T14571] usb 3-1: SerialNumber: syz
[ 1600.014351][T14571] hso 3-1:6.2: Failed to find INT IN ep
[ 1600.091823][ T5167] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1600.136393][T27613] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6315'.
[ 1600.160763][   T24] usb 4-1: new low-speed USB device number 99 using dummy_hcd
[ 1600.280223][T20423] usb 3-1: USB disconnect, device number 66
[ 1600.290703][   T24] usb 4-1: device descriptor read/64, error -71
[ 1600.550601][   T24] usb 4-1: new low-speed USB device number 100 using dummy_hcd
[ 1600.680932][   T24] usb 4-1: device descriptor read/64, error -71
[ 1600.791433][   T24] usb usb4-port1: attempt power cycle
[ 1601.024785][ T5856] gspca_topro: Sensor cx0342
[ 1601.131748][   T24] usb 4-1: new low-speed USB device number 101 using dummy_hcd
[ 1601.158157][   T24] usb 4-1: device descriptor read/8, error -71
[ 1601.233663][T20423] usb 1-1: USB disconnect, device number 101
[ 1601.240353][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1601.340853][ T5856] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[ 1601.400719][   T24] usb 4-1: new low-speed USB device number 102 using dummy_hcd
[ 1601.421289][   T24] usb 4-1: device descriptor read/8, error -71
[ 1601.491038][ T5856] usb 3-1: Using ep0 maxpacket: 32
[ 1601.498211][ T5856] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[ 1601.507665][ T5856] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1601.518998][ T5856] usb 3-1: config 0 descriptor??
[ 1601.528505][ T5856] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[ 1601.535027][   T24] usb usb4-port1: unable to enumerate USB device
[ 1601.805871][T27626] C: renamed from team_slave_0
[ 1601.814001][T27626] netlink: 'syz.0.6319': attribute type 3 has an invalid length.
[ 1601.823726][T27626] netlink: 152 bytes leftover after parsing attributes in process `syz.0.6319'.
[ 1601.833109][T27626] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[ 1601.860223][T27627] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6318'.
[ 1602.180612][   T24] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[ 1602.310618][   T24] usb 1-1: device descriptor read/64, error -71
[ 1602.454314][   T43] gspca_vc032x: reg_w err -71
[ 1602.459069][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.474032][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.479380][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.487341][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.496821][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.503900][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.509219][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.515960][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.521406][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.526702][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.532064][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.538203][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.543961][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.549313][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.554725][   T24] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[ 1602.562683][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.567997][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.574765][   T43] gspca_vc032x: I2c Bus Busy Wait 00
[ 1602.580152][   T43] gspca_vc032x: Unknown sensor...
[ 1602.585761][   T43] vc032x 2-1:0.0: probe with driver vc032x failed with error -22
[ 1602.601621][   T43] usb 2-1: USB disconnect, device number 112
[ 1602.710595][   T24] usb 1-1: device descriptor read/64, error -71
[ 1602.821021][   T24] usb usb1-port1: attempt power cycle
[ 1603.079779][T27633] netlink: 'syz.1.6322': attribute type 27 has an invalid length.
[ 1603.088268][T27633] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6322'.
[ 1603.098796][T27633] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1603.148244][T27634] kvm: pic: non byte write
[ 1603.170757][   T24] usb 1-1: new high-speed USB device number 104 using dummy_hcd
[ 1603.207770][   T24] usb 1-1: device descriptor read/8, error -71
[ 1603.450615][   T24] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[ 1603.486811][   T24] usb 1-1: device descriptor read/8, error -71
[ 1603.610970][   T24] usb usb1-port1: unable to enumerate USB device
[ 1603.611741][T14564] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[ 1603.790750][T14564] usb 2-1: Using ep0 maxpacket: 8
[ 1603.801059][T14564] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1603.810235][T14564] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1603.818789][T14564] usb 2-1: Product: syz
[ 1603.823280][T14564] usb 2-1: Manufacturer: syz
[ 1603.827920][T14564] usb 2-1: SerialNumber: syz
[ 1603.837203][T14564] usb 2-1: config 0 descriptor??
[ 1604.045678][T14564] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1604.802187][ T5167] Bluetooth: Unexpected continuation frame (len 167)
[ 1604.809917][ T5167] Bluetooth: hci5: connection err: -111
[ 1604.870398][T27662] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6332'.
[ 1604.965578][T27665] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1605.231081][ T5856] gspca_vc032x: reg_w err -71
[ 1605.235848][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.263515][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.303798][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.324812][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.356677][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.391397][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.427250][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.447399][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.470414][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.496909][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.503608][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.509179][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.522513][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.543252][T27670] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6334'.
[ 1605.552689][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.558080][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.564383][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.582121][ T5856] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1605.587539][ T5856] gspca_vc032x: Unknown sensor...
[ 1605.620878][ T5856] vc032x 3-1:0.0: probe with driver vc032x failed with error -22
[ 1605.667629][ T5856] usb 3-1: USB disconnect, device number 67
[ 1605.979387][T27662] team0 (unregistering): Port device team_slave_0 removed
[ 1606.026825][T14564] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1606.047467][T27662] team0 (unregistering): Port device team_slave_1 removed
[ 1606.071903][T14564] usb 2-1: USB disconnect, device number 113
[ 1606.787164][T27698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6341'.
[ 1606.828146][T27700] vlan2: entered promiscuous mode
[ 1606.834242][T27700] macvlan1: entered promiscuous mode
[ 1606.880628][T14564] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[ 1606.951838][ T5920] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[ 1607.118230][T14564] usb 4-1: config 0 has no interfaces?
[ 1607.130835][T14564] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1607.141834][T14564] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1607.150885][ T5920] usb 2-1: device descriptor read/64, error -71
[ 1607.244418][T14564] usb 4-1: Product: syz
[ 1607.248666][T14564] usb 4-1: Manufacturer: syz
[ 1607.253686][T14564] usb 4-1: SerialNumber: syz
[ 1607.261923][T14564] usb 4-1: config 0 descriptor??
[ 1607.453751][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.467990][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.478684][ T5920] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[ 1607.491449][   T24] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[ 1607.553390][T27687] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1607.587064][T20423] usb 4-1: USB disconnect, device number 103
[ 1607.650720][   T24] usb 1-1: Using ep0 maxpacket: 32
[ 1607.658476][   T24] usb 1-1: config 0 has an invalid interface number: 54 but max is 0
[ 1607.667969][   T24] usb 1-1: config 0 has no interface number 0
[ 1607.856978][ T5920] usb 2-1: device descriptor read/64, error -71
[ 1607.936281][   T24] usb 1-1: config 0 interface 54 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[ 1607.972550][ T5920] usb usb2-port1: attempt power cycle
[ 1607.988196][   T24] usb 1-1: config 0 interface 54 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[ 1608.015637][   T24] usb 1-1: config 0 interface 54 has no altsetting 0
[ 1608.026429][   T24] usb 1-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=46.42
[ 1608.036198][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1608.044687][   T24] usb 1-1: Product: syz
[ 1608.049580][   T24] usb 1-1: Manufacturer: syz
[ 1608.056151][   T24] usb 1-1: SerialNumber: syz
[ 1608.075674][   T24] usb 1-1: config 0 descriptor??
[ 1608.086464][T27711] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1608.094879][T27711] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1608.297460][T27714] kvm: pic: non byte write
[ 1608.322001][ T5920] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[ 1608.331992][   T24] ums_eneub6250 1-1:0.54: USB Mass Storage device detected
[ 1608.372141][ T5920] usb 2-1: device descriptor read/8, error -71
[ 1608.386745][   T24] scsi host1: usb-storage 1-1:0.54
[ 1608.510736][   T24] ums_eneub6250 1-1:0.54: probe with driver ums_eneub6250 failed with error 3
[ 1608.554088][   T24] usb 1-1: USB disconnect, device number 106
[ 1608.650788][ T5920] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[ 1608.682028][ T5920] usb 2-1: device descriptor read/8, error -71
[ 1608.810924][ T5920] usb usb2-port1: unable to enumerate USB device
[ 1608.942258][T27734] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6356'.
[ 1609.470758][ T5920] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[ 1609.533363][T27591] Bluetooth: hci5: command 0x0406 tx timeout
[ 1609.675444][ T5920] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1609.700526][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1609.709233][ T5920] usb 1-1: Product: syz
[ 1609.721202][ T5920] usb 1-1: Manufacturer: syz
[ 1609.725852][ T5920] usb 1-1: SerialNumber: syz
[ 1609.766111][ T5920] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1609.806841][   T24] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1609.821368][ T5856] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[ 1610.012755][ T5856] usb 4-1: Using ep0 maxpacket: 16
[ 1610.030103][ T5856] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1610.056909][T27745] FAULT_INJECTION: forcing a failure.
[ 1610.056909][T27745] name failslab, interval 1, probability 0, space 0, times 0
[ 1610.070968][ T5856] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1610.091017][ T5856] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1610.102775][T27749] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6363'.
[ 1610.115423][T27745] CPU: 0 UID: 0 PID: 27745 Comm: syz.2.6361 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1610.115448][T27745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1610.115459][T27745] Call Trace:
[ 1610.115466][T27745]  <TASK>
[ 1610.115475][T27745]  dump_stack_lvl+0x189/0x250
[ 1610.115500][T27745]  ? __pfx____ratelimit+0x10/0x10
[ 1610.115525][T27745]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1610.115543][T27745]  ? __pfx__printk+0x10/0x10
[ 1610.115570][T27745]  ? __pfx___might_resched+0x10/0x10
[ 1610.115588][T27745]  ? fs_reclaim_acquire+0x7d/0x100
[ 1610.115617][T27745]  should_fail_ex+0x414/0x560
[ 1610.115647][T27745]  should_failslab+0xa8/0x100
[ 1610.115671][T27745]  __kmalloc_noprof+0xcb/0x4f0
[ 1610.115691][T27745]  ? kfree+0x4d/0x440
[ 1610.115707][T27745]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1610.115730][T27745]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1610.115750][T27745]  ? tomoyo_domain+0xd9/0x130
[ 1610.115775][T27745]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1610.115798][T27745]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1610.115825][T27745]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1610.115866][T27745]  ? __lock_acquire+0xab9/0xd20
[ 1610.115907][T27745]  ? __fget_files+0x2a/0x420
[ 1610.115932][T27745]  ? __fget_files+0x2a/0x420
[ 1610.115953][T27745]  ? __fget_files+0x3a0/0x420
[ 1610.115973][T27745]  ? __fget_files+0x2a/0x420
[ 1610.115995][T27745]  security_file_ioctl+0xcb/0x2d0
[ 1610.116017][T27745]  __se_sys_ioctl+0x47/0x170
[ 1610.116038][T27745]  do_syscall_64+0xfa/0x3b0
[ 1610.116052][T27745]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1610.116075][T27745]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1610.116093][T27745]  ? clear_bhb_loop+0x60/0xb0
[ 1610.116113][T27745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1610.116128][T27745] RIP: 0033:0x7ff5dfd8e929
[ 1610.116144][T27745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1610.116160][T27745] RSP: 002b:00007ff5e0b13038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1610.116180][T27745] RAX: ffffffffffffffda RBX: 00007ff5dffb5fa0 RCX: 00007ff5dfd8e929
[ 1610.116193][T27745] RDX: 00002000000004c0 RSI: 000000004008ae89 RDI: 0000000000000005
[ 1610.116204][T27745] RBP: 00007ff5e0b13090 R08: 0000000000000000 R09: 0000000000000000
[ 1610.116216][T27745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1610.116227][T27745] R13: 0000000000000000 R14: 00007ff5dffb5fa0 R15: 00007ff5e00dfa28
[ 1610.116251][T27745]  </TASK>
[ 1610.117048][T27745] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1610.372516][ T5856] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1610.379195][ T5856] usb 4-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00
[ 1610.388335][ T5856] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1610.407479][ T5856] usb 4-1: config 0 descriptor??
[ 1610.644299][T27755] kvm: pic: non byte write
[ 1610.796751][T27752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1610.978713][T27752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1611.027145][ T5856] hid-generic 0003:045E:05DA.0059: unknown main item tag 0x0
[ 1611.038294][ T5856] hid-generic 0003:045E:05DA.0059: unknown main item tag 0x0
[ 1611.083568][ T5856] hid-generic 0003:045E:05DA.0059: unknown main item tag 0x0
[ 1611.100913][ T5856] hid-generic 0003:045E:05DA.0059: ignoring exceeding usage max
[ 1611.110370][ T5856] hid-generic 0003:045E:05DA.0059: unknown main item tag 0x0
[ 1611.127938][ T5856] hid-generic 0003:045E:05DA.0059: unknown main item tag 0x0
[ 1611.136695][ T5856] hid-generic 0003:045E:05DA.0059: unbalanced collection at end of report description
[ 1611.165136][ T5856] hid-generic 0003:045E:05DA.0059: probe with driver hid-generic failed with error -22
[ 1611.264668][T27739] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1611.267691][T27752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1611.321138][T27752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1611.329304][ T5856] usb 4-1: USB disconnect, device number 104
[ 1611.366911][T27752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1611.456040][   T24] usb 1-1: Service connection timeout for: 256
[ 1611.466523][   T24] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1611.475555][T27752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1611.817871][T20423] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[ 1611.861032][   T24] ath9k_htc: Failed to initialize the device
[ 1611.897285][   T24] usb 1-1: ath9k_htc: USB layer deinitialized
[ 1611.994405][T20423] usb 2-1: Using ep0 maxpacket: 8
[ 1612.011675][T20423] usb 2-1: config 6 has an invalid interface number: 2 but max is 0
[ 1612.019739][T20423] usb 2-1: config 6 has an invalid descriptor of length 48, skipping remainder of the config
[ 1612.085987][T20423] usb 2-1: config 6 has no interface number 0
[ 1612.093082][T20423] usb 2-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[ 1612.114910][T20423] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid maxpacket 12336, setting to 64
[ 1612.130603][T20423] usb 2-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1612.161661][   T43] usb 1-1: USB disconnect, device number 107
[ 1612.193985][T20423] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1612.203614][T20423] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1612.235657][T20423] usb 2-1: Product: syz
[ 1612.270624][T20423] usb 2-1: Manufacturer: syz
[ 1612.275648][T20423] usb 2-1: SerialNumber: syz
[ 1612.293694][   T30] audit: type=1326 audit(1752132739.401:8327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27776 comm="syz.2.6369" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff5dfd8e929 code=0x0
[ 1612.329882][T20423] hso 2-1:6.2: Failed to find INT IN ep
[ 1612.589517][   T43] usb 2-1: USB disconnect, device number 118
[ 1612.660833][T20423] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[ 1612.820527][T20423] usb 4-1: Using ep0 maxpacket: 8
[ 1612.828296][T20423] usb 4-1: config 0 descriptor has 1 excess byte, ignoring
[ 1612.841489][T20423] usb 4-1: config 0 has no interfaces?
[ 1612.854378][T20423] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1612.870566][T20423] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1612.893474][T20423] usb 4-1: Product: syz
[ 1612.901109][T20423] usb 4-1: Manufacturer: syz
[ 1612.905930][T20423] usb 4-1: SerialNumber: syz
[ 1612.919256][T20423] usb 4-1: config 0 descriptor??
[ 1613.146745][ T5856] usb 4-1: USB disconnect, device number 105
[ 1613.278835][T27789] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6375'.
[ 1613.993426][ T5167] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[ 1614.002520][ T5167] Bluetooth: hci1: Injecting HCI hardware error event
[ 1614.010748][ T5856] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1614.013085][T27591] Bluetooth: hci1: hardware error 0x00
[ 1614.083158][T18447] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1614.097763][T18447] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1614.118369][T18447] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1614.142207][T18447] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1614.151267][T18447] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1614.235307][ T5856] usb 3-1: config 0 has no interfaces?
[ 1614.388827][ T5856] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1614.430526][ T5856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1614.455389][ T5856] usb 3-1: Product: syz
[ 1614.459605][ T5856] usb 3-1: Manufacturer: syz
[ 1614.540836][ T5856] usb 3-1: SerialNumber: syz
[ 1614.566650][ T5856] usb 3-1: config 0 descriptor??
[ 1615.011171][T27811] chnl_net:caif_netlink_parms(): no params data found
[ 1615.894607][T27811] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1615.925323][T27811] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1615.957728][T27811] bridge_slave_0: entered allmulticast mode
[ 1615.979821][T27811] bridge_slave_0: entered promiscuous mode
[ 1616.020194][T27811] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1616.060749][T27811] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1616.089659][T27811] bridge_slave_1: entered allmulticast mode
[ 1616.096506][T27591] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1616.119854][T27811] bridge_slave_1: entered promiscuous mode
[ 1616.250771][T27591] Bluetooth: hci2: command tx timeout
[ 1616.400846][ T5856] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[ 1616.424980][T27811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1616.487294][T27811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1616.592618][ T5856] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1616.658858][ T5856] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1616.679181][ T5856] usb 2-1: Product: syz
[ 1616.690702][ T5856] usb 2-1: Manufacturer: syz
[ 1616.699839][ T5856] usb 2-1: SerialNumber: syz
[ 1616.758354][ T5856] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1616.789764][T20423] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1616.837808][T27811] team0: Port device team_slave_0 added
[ 1616.911083][T27811] team0: Port device team_slave_1 added
[ 1617.125455][T27811] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1617.191067][ T5920] usb 3-1: USB disconnect, device number 68
[ 1617.230894][T27811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1617.321210][T27811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1617.353097][T27811] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1617.406172][T27811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1617.470859][T27811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1617.681738][T27811] hsr_slave_0: entered promiscuous mode
[ 1617.688368][T27811] hsr_slave_1: entered promiscuous mode
[ 1617.760721][T27838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1617.770969][T27838] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1617.812445][T27811] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1617.860682][T27811] Cannot create hsr debugfs directory
[ 1618.031075][T27591] Bluetooth: hci5: Malformed LE Event: 0x02
[ 1618.061112][T27838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1618.095132][T27838] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1618.126483][T27838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1618.156959][T27838] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1618.227230][T27845] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6387'.
[ 1618.276006][T27847] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048)
[ 1618.348921][T27849] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6388'.
[ 1618.358692][T27591] Bluetooth: hci2: command tx timeout
[ 1618.418474][T20423] usb 2-1: Service connection timeout for: 256
[ 1618.448354][T20423] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1618.532732][T20423] ath9k_htc: Failed to initialize the device
[ 1618.579144][T20423] usb 2-1: ath9k_htc: USB layer deinitialized
[ 1618.835543][ T5856] usb 2-1: USB disconnect, device number 119
[ 1618.979685][T27865] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1619.008802][T27811] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1619.230932][T27811] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1619.257183][T27811] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1619.295450][T27811] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1619.366232][T27591] Bluetooth: hci5: Malformed LE Event: 0x02
[ 1619.719876][T27811] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1619.792242][T27811] 8021q: adding VLAN 0 to HW filter on device team0
[ 1620.018394][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1620.025679][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1620.099662][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1620.106852][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1620.470966][T27591] Bluetooth: hci2: command tx timeout
[ 1620.702411][T27811] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1620.719857][T27811] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1620.862375][T27811] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1620.959106][T27811] veth0_vlan: entered promiscuous mode
[ 1621.000104][T27811] veth1_vlan: entered promiscuous mode
[ 1621.100182][T27811] veth0_macvtap: entered promiscuous mode
[ 1621.308926][T27811] veth1_macvtap: entered promiscuous mode
[ 1621.378883][T27811] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1621.530957][T20423] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[ 1621.828336][T27811] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1621.853994][T27811] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1621.904705][T20423] usb 4-1: device descriptor read/64, error -71
[ 1621.956923][T27811] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1622.021359][T27811] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1622.036739][T27811] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1622.150941][T27918] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6409'.
[ 1622.180743][T20423] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[ 1622.354030][T20423] usb 4-1: device descriptor read/64, error -71
[ 1622.460858][T20423] usb usb4-port1: attempt power cycle
[ 1622.490573][T27591] Bluetooth: hci2: command tx timeout
[ 1622.529995][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1622.538502][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1622.568316][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1622.577697][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1622.856665][T20423] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[ 1622.881432][T20423] usb 4-1: device descriptor read/8, error -71
[ 1622.960604][   T24] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[ 1623.041074][   T43] usb 1-1: new high-speed USB device number 108 using dummy_hcd
[ 1623.120698][T20423] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[ 1623.141169][   T24] usb 2-1: Using ep0 maxpacket: 32
[ 1623.141629][T20423] usb 4-1: device descriptor read/8, error -71
[ 1623.154030][   T24] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[ 1623.167231][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1623.178131][   T24] usb 2-1: config 0 descriptor??
[ 1623.196257][   T24] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[ 1623.224416][   T43] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1623.235568][   T43] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1623.246314][   T43] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1623.255905][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1623.261790][T20423] usb usb4-port1: unable to enumerate USB device
[ 1623.264151][   T43] usb 1-1: SerialNumber: syz
[ 1623.486380][   T43] usb 1-1: 0:2 : does not exist
[ 1623.493478][   T43] usb 1-1: unit 2 not found!
[ 1623.514097][   T43] usb 1-1: USB disconnect, device number 108
[ 1623.531460][T27591] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[ 1623.540408][T27591] Bluetooth: hci5: Injecting HCI hardware error event
[ 1623.548802][T27591] Bluetooth: hci5: hardware error 0x00
[ 1623.593043][T21753] udevd[21753]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1625.135239][T27948] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1625.619596][T27591] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[ 1625.818895][T27960] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6422'.
[ 1626.834795][   T24] gspca_vc032x: reg_w err -71
[ 1626.839596][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.868394][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.876342][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.883299][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.901161][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.906513][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.930743][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.938448][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.949080][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.960505][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.965977][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.971925][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.977263][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.983160][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.990516][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1626.995851][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1627.009844][   T24] gspca_vc032x: I2c Bus Busy Wait 3c
[ 1627.017445][   T24] gspca_vc032x: Unknown sensor...
[ 1627.031501][   T24] vc032x 2-1:0.0: probe with driver vc032x failed with error -22
[ 1627.051895][   T24] usb 2-1: USB disconnect, device number 120
[ 1627.081213][ T5856] usb 1-1: new high-speed USB device number 109 using dummy_hcd
[ 1627.254292][ T5856] usb 1-1: Using ep0 maxpacket: 32
[ 1627.269990][ T5856] usb 1-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1627.291302][ T5856] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1627.299333][ T5856] usb 1-1: Product: syz
[ 1627.320950][ T5856] usb 1-1: Manufacturer: syz
[ 1627.325592][ T5856] usb 1-1: SerialNumber: syz
[ 1627.341419][ T5856] usb 1-1: config 0 descriptor??
[ 1627.353355][ T5856] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[ 1627.885821][T27976] fuse: Bad value for 'fd'
[ 1628.483606][T27984] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6429'.
[ 1628.770638][ T5856] gspca_topro: Sensor cx0342
[ 1628.954912][   T30] audit: type=1326 audit(1752132756.051:8328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27994 comm="syz.4.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1628.974981][T14564] usb 1-1: USB disconnect, device number 109
[ 1629.022832][   T30] audit: type=1326 audit(1752132756.051:8329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27994 comm="syz.4.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1629.189210][   T30] audit: type=1326 audit(1752132756.051:8330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27994 comm="syz.4.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1629.228247][   T30] audit: type=1326 audit(1752132756.051:8331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27994 comm="syz.4.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1629.289794][   T30] audit: type=1326 audit(1752132756.051:8332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27994 comm="syz.4.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1629.319552][   T30] audit: type=1326 audit(1752132756.051:8333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27994 comm="syz.4.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1629.372225][   T30] audit: type=1326 audit(1752132756.051:8334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27994 comm="syz.4.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1629.408775][   T30] audit: type=1326 audit(1752132756.051:8335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27994 comm="syz.4.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fef75b858e7 code=0x7ffc0000
[ 1629.443296][   T30] audit: type=1326 audit(1752132756.051:8336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27994 comm="syz.4.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fef75b2ab19 code=0x7ffc0000
[ 1629.480629][   T30] audit: type=1326 audit(1752132756.051:8337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27994 comm="syz.4.6433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1629.701295][T28004] netlink: 'syz.3.6437': attribute type 1 has an invalid length.
[ 1631.160768][   T43] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1631.331348][   T43] usb 3-1: Using ep0 maxpacket: 32
[ 1631.338091][   T43] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1631.358103][   T43] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1631.371186][   T43] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1631.394195][   T43] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[ 1631.410281][   T43] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[ 1631.423786][   T43] usb 3-1: Product: syz
[ 1631.428529][   T43] usb 3-1: Manufacturer: syz
[ 1631.441656][   T43] usb 3-1: SerialNumber: syz
[ 1631.477305][T28035] program syz.3.6448 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1631.521588][   T43] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input124
[ 1631.870704][   T43] usb 3-1: USB disconnect, device number 69
[ 1631.990575][T14564] usb 4-1: new full-speed USB device number 110 using dummy_hcd
[ 1632.052021][   T43] appletouch 3-1:1.0: input: appletouch disconnected
[ 1632.155402][T14564] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1632.174498][T14564] usb 4-1: config 0 has no interface number 0
[ 1632.190871][T14564] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1632.219924][T14564] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1632.248519][T14564] usb 4-1: config 0 descriptor??
[ 1632.265622][T14564] usb 4-1: selecting invalid altsetting 1
[ 1632.302071][T14564] dvb_ttusb_budget: ttusb_init_controller: error
[ 1632.342279][T14564] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1632.860501][T14564] DVB: Unable to find symbol cx22700_attach()
[ 1633.220638][T14564] DVB: Unable to find symbol tda10046_attach()
[ 1633.360796][T14564] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1633.402259][T14564] usb 4-1: USB disconnect, device number 110
[ 1634.718306][   T30] kauditd_printk_skb: 103 callbacks suppressed
[ 1634.718325][   T30] audit: type=1326 audit(1752132761.821:8441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28083 comm="syz.4.6464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1634.822545][T28087] binder: 28086:28087 ioctl 801c581f 200000000480 returned -22
[ 1634.857670][   T30] audit: type=1326 audit(1752132761.821:8442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28083 comm="syz.4.6464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1634.963931][   T30] audit: type=1326 audit(1752132761.861:8443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28083 comm="syz.4.6464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1635.050116][   T30] audit: type=1326 audit(1752132761.861:8444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28083 comm="syz.4.6464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1635.374391][   T30] audit: type=1326 audit(1752132761.861:8445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28083 comm="syz.4.6464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1655.953792][T28084] sched: DL replenish lagged too much
[ 1656.391132][   T30] audit: type=1326 audit(1752132761.871:8446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28083 comm="syz.4.6464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fef75b8e929 code=0x7ffc0000
[ 1761.540476][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1761.547472][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5949/1:b..l P5217/1:b..l P5834/1:b..l
[ 1761.558336][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=222849, q=1015534 ncpus=2)
[ 1761.566567][    C0] task:syz-executor    state:R  running task     stack:21704 pid:5834  tgid:5834  ppid:5833   task_flags:0x400100 flags:0x00004002
[ 1761.581388][    C0] Call Trace:
[ 1761.584699][    C0]  <TASK>
[ 1761.587624][    C0]  __schedule+0x16f5/0x4d00
[ 1761.592148][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1761.598033][    C0]  ? preempt_schedule_irq+0xb5/0x150
[ 1761.603307][    C0]  ? __pfx___schedule+0x10/0x10
[ 1761.608142][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1761.612899][    C0]  ? preempt_schedule_irq+0xaa/0x150
[ 1761.618171][    C0]  preempt_schedule_irq+0xb5/0x150
[ 1761.623450][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1761.629421][    C0]  ? sk_reset_timer+0x37/0xc0
[ 1761.634108][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[ 1761.639901][    C0]  irqentry_exit+0x6f/0x90
[ 1761.644658][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1761.650664][    C0] RIP: 0010:lock_acquire+0x175/0x360
[ 1761.655935][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 9b 20 02 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 1761.675534][    C0] RSP: 0018:ffffc90003fbf698 EFLAGS: 00000206
[ 1761.681596][    C0] RAX: c6da85ea51f2d100 RBX: 0000000000000000 RCX: c6da85ea51f2d100
[ 1761.689984][    C0] RDX: 0000000000000000 RSI: ffffffff8db86104 RDI: ffffffff8be29dc0
[ 1761.697950][    C0] RBP: ffffffff81729ae5 R08: 0000000000000000 R09: ffffffff81729ae5
[ 1761.705904][    C0] R10: ffffc90003fbf858 R11: ffffffff81acf3a0 R12: 0000000000000002
[ 1761.713868][    C0] R13: ffffffff8e13f160 R14: 0000000000000000 R15: 0000000000000246
[ 1761.721828][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1761.726925][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1761.733067][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1761.738173][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1761.743531][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1761.749578][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1761.754671][    C0]  unwind_next_frame+0xc2/0x2390
[ 1761.759590][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1761.764683][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1761.769872][    C0]  ? do_syscall_64+0xfa/0x3b0
[ 1761.774559][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1761.780699][    C0]  arch_stack_walk+0x11c/0x150
[ 1761.785460][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1761.791513][    C0]  stack_trace_save+0x9c/0xe0
[ 1761.796177][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1761.801536][    C0]  save_stack+0xf5/0x1f0
[ 1761.805796][    C0]  ? __pfx_save_stack+0x10/0x10
[ 1761.810637][    C0]  ? __free_frozen_pages+0xc71/0xe70
[ 1761.815903][    C0]  ? __put_partials+0x161/0x1c0
[ 1761.820736][    C0]  ? put_cpu_partial+0x17c/0x250
[ 1761.825685][    C0]  ? __slab_free+0x2f7/0x400
[ 1761.830256][    C0]  ? qlist_free_all+0x97/0x140
[ 1761.835000][    C0]  ? kasan_quarantine_reduce+0x148/0x160
[ 1761.840633][    C0]  ? __kasan_slab_alloc+0x22/0x80
[ 1761.845638][    C0]  ? kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[ 1761.851624][    C0]  ? alloc_inode+0xb8/0x1b0
[ 1761.856108][    C0]  ? create_pipe_files+0x51/0x760
[ 1761.861114][    C0]  ? __do_pipe_flags+0x4c/0x2d0
[ 1761.865944][    C0]  ? do_pipe2+0x9c/0x170
[ 1761.870165][    C0]  ? __x64_sys_pipe2+0x5a/0x70
[ 1761.874917][    C0]  ? do_syscall_64+0xfa/0x3b0
[ 1761.879581][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1761.885632][    C0]  ? page_ext_put+0x97/0xc0
[ 1761.890117][    C0]  __reset_page_owner+0x71/0x1f0
[ 1761.895042][    C0]  __free_frozen_pages+0xc71/0xe70
[ 1761.900144][    C0]  __put_partials+0x161/0x1c0
[ 1761.904815][    C0]  put_cpu_partial+0x17c/0x250
[ 1761.909560][    C0]  ? put_cpu_partial+0x6d/0x250
[ 1761.914394][    C0]  __slab_free+0x2f7/0x400
[ 1761.918799][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1761.925123][    C0]  ? __phys_addr+0xd3/0x180
[ 1761.929613][    C0]  qlist_free_all+0x97/0x140
[ 1761.934218][    C0]  kasan_quarantine_reduce+0x148/0x160
[ 1761.939683][    C0]  __kasan_slab_alloc+0x22/0x80
[ 1761.944621][    C0]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[ 1761.950428][    C0]  ? alloc_inode+0xb8/0x1b0
[ 1761.954935][    C0]  alloc_inode+0xb8/0x1b0
[ 1761.959274][    C0]  create_pipe_files+0x51/0x760
[ 1761.964131][    C0]  ? count_memcg_event_mm+0x21/0x260
[ 1761.969494][    C0]  __do_pipe_flags+0x4c/0x2d0
[ 1761.974158][    C0]  do_pipe2+0x9c/0x170
[ 1761.978335][    C0]  ? __pfx_do_pipe2+0x10/0x10
[ 1761.983003][    C0]  ? ksys_write+0x1e1/0x250
[ 1761.987508][    C0]  __x64_sys_pipe2+0x5a/0x70
[ 1761.992086][    C0]  do_syscall_64+0xfa/0x3b0
[ 1761.996658][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1762.001842][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1762.007888][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1762.012546][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1762.018418][    C0] RIP: 0033:0x7f372f98d649
[ 1762.022818][    C0] RSP: 002b:00007ffdecf3b398 EFLAGS: 00000246 ORIG_RAX: 0000000000000125
[ 1762.031214][    C0] RAX: ffffffffffffffda RBX: 000055557fbddad0 RCX: 00007f372f98d649
[ 1762.039172][    C0] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 00007ffdecf3b3a8
[ 1762.047166][    C0] RBP: 00007ffdecf3b760 R08: 0000000000000007 R09: 000055557fbf85a0
[ 1762.055131][    C0] R10: 1172a2ca3b0b421b R11: 0000000000000246 R12: 00007ffdecf3b7c0
[ 1762.063111][    C0] R13: 000055557fbe24e0 R14: 00007ffdecf3b4e0 R15: 000055557fbe0570
[ 1762.071093][    C0]  </TASK>
[ 1762.074103][    C0] task:udevd           state:R  running task     stack:22920 pid:5217  tgid:5217  ppid:1      task_flags:0x400140 flags:0x00004002
[ 1762.087749][    C0] Call Trace:
[ 1762.091020][    C0]  <TASK>
[ 1762.093938][    C0]  __schedule+0x16f5/0x4d00
[ 1762.098430][    C0]  ? unwind_get_return_address+0x4d/0x90
[ 1762.104054][    C0]  ? xfd_validate_state+0x6d/0x150
[ 1762.109151][    C0]  ? preempt_schedule_notrace+0xd1/0x110
[ 1762.114793][    C0]  ? __pfx___schedule+0x10/0x10
[ 1762.119668][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1762.124530][    C0]  preempt_schedule_notrace+0xd1/0x110
[ 1762.129998][    C0]  ? __pfx_preempt_schedule_notrace+0x10/0x10
[ 1762.136063][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.141169][    C0]  preempt_schedule_notrace_thunk+0x16/0x30
[ 1762.147053][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1762.153194][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.158291][    C0]  rcu_is_watching+0x7f/0xb0
[ 1762.162864][    C0]  lock_acquire+0x5f/0x360
[ 1762.167268][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.172453][    C0]  ? __kmalloc_noprof+0x224/0x4f0
[ 1762.177721][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.182829][    C0]  unwind_next_frame+0xc2/0x2390
[ 1762.187757][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.192858][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.197957][    C0]  ? __kasan_slab_alloc+0x22/0x80
[ 1762.203152][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1762.209295][    C0]  arch_stack_walk+0x11c/0x150
[ 1762.214050][    C0]  ? __kmalloc_noprof+0x224/0x4f0
[ 1762.219066][    C0]  stack_trace_save+0x9c/0xe0
[ 1762.223749][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1762.229229][    C0]  save_stack+0xf5/0x1f0
[ 1762.233479][    C0]  ? __pfx_save_stack+0x10/0x10
[ 1762.238321][    C0]  ? __free_frozen_pages+0xc71/0xe70
[ 1762.243602][    C0]  ? __slab_free+0x326/0x400
[ 1762.248178][    C0]  ? qlist_free_all+0x97/0x140
[ 1762.252931][    C0]  ? kasan_quarantine_reduce+0x148/0x160
[ 1762.258561][    C0]  ? __kasan_slab_alloc+0x22/0x80
[ 1762.263571][    C0]  ? __kmalloc_noprof+0x224/0x4f0
[ 1762.268664][    C0]  ? page_ext_put+0x97/0xc0
[ 1762.273157][    C0]  __reset_page_owner+0x71/0x1f0
[ 1762.278082][    C0]  __free_frozen_pages+0xc71/0xe70
[ 1762.283208][    C0]  __slab_free+0x326/0x400
[ 1762.287617][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1762.293499][    C0]  ? __phys_addr+0xd3/0x180
[ 1762.298020][    C0]  qlist_free_all+0x97/0x140
[ 1762.302632][    C0]  kasan_quarantine_reduce+0x148/0x160
[ 1762.308190][    C0]  __kasan_slab_alloc+0x22/0x80
[ 1762.313117][    C0]  __kmalloc_noprof+0x224/0x4f0
[ 1762.317958][    C0]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1762.323665][    C0]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1762.329203][    C0]  ? tomoyo_domain+0xd9/0x130
[ 1762.333868][    C0]  tomoyo_path_perm+0x213/0x4b0
[ 1762.338705][    C0]  ? tomoyo_path_perm+0x1e3/0x4b0
[ 1762.343801][    C0]  ? __pfx_tomoyo_path_perm+0x10/0x10
[ 1762.349201][    C0]  ? __might_fault+0xb0/0x130
[ 1762.353872][    C0]  security_inode_getattr+0x12f/0x330
[ 1762.359233][    C0]  vfs_statx+0x18e/0x550
[ 1762.363465][    C0]  ? __pfx_vfs_statx+0x10/0x10
[ 1762.368301][    C0]  ? strncpy_from_user+0x150/0x290
[ 1762.373401][    C0]  ? getname_flags+0x1e5/0x540
[ 1762.378181][    C0]  vfs_fstatat+0x118/0x170
[ 1762.382584][    C0]  __x64_sys_newfstatat+0x116/0x190
[ 1762.387780][    C0]  ? __pfx___x64_sys_newfstatat+0x10/0x10
[ 1762.393501][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1762.398267][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1762.403019][    C0]  ? do_syscall_64+0xbe/0x3b0
[ 1762.407778][    C0]  do_syscall_64+0xfa/0x3b0
[ 1762.412263][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1762.418396][    C0]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1762.424005][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1762.428672][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1762.434567][    C0] RIP: 0033:0x7fa5b0711b0a
[ 1762.438965][    C0] RSP: 002b:00007ffc67650488 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
[ 1762.447372][    C0] RAX: ffffffffffffffda RBX: 00005601e6430410 RCX: 00007fa5b0711b0a
[ 1762.455340][    C0] RDX: 00007ffc67650490 RSI: 00005601e641e2a8 RDI: 00000000ffffff9c
[ 1762.463296][    C0] RBP: 0000560209392168 R08: 00063478c1c69200 R09: 7fffffffffffffff
[ 1762.471252][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1762.479203][    C0] R13: 00007ffc67650490 R14: 0000000000000000 R15: 00063478c1c69200
[ 1762.487430][    C0]  </TASK>
[ 1762.490439][    C0] task:udevd           state:R  running task     stack:23528 pid:5949  tgid:5949  ppid:5217   task_flags:0x40014c flags:0x00004002
[ 1762.503926][    C0] Call Trace:
[ 1762.507194][    C0]  <TASK>
[ 1762.510117][    C0]  __schedule+0x16f5/0x4d00
[ 1762.514637][    C0]  ? preempt_schedule_irq+0xb5/0x150
[ 1762.519910][    C0]  ? __pfx___schedule+0x10/0x10
[ 1762.524743][    C0]  ? is_bpf_text_address+0x26/0x2b0
[ 1762.529947][    C0]  ? kernel_text_address+0xa5/0xe0
[ 1762.535069][    C0]  ? unwind_get_return_address+0x4d/0x90
[ 1762.540707][    C0]  ? preempt_schedule_irq+0xaa/0x150
[ 1762.545987][    C0]  preempt_schedule_irq+0xb5/0x150
[ 1762.551088][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1762.556800][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[ 1762.562681][    C0]  irqentry_exit+0x6f/0x90
[ 1762.567082][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1762.573046][    C0] RIP: 0010:lock_acquire+0x175/0x360
[ 1762.578350][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 9b 20 02 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 1762.597964][    C0] RSP: 0018:ffffc90004eff478 EFLAGS: 00000206
[ 1762.604027][    C0] RAX: 0c525db78df53b00 RBX: 0000000000000000 RCX: 0c525db78df53b00
[ 1762.611986][    C0] RDX: 0000000000000000 RSI: ffffffff8db86104 RDI: ffffffff8be29dc0
[ 1762.619938][    C0] RBP: ffffffff81729ae5 R08: 0000000000000000 R09: ffffffff81729ae5
[ 1762.627890][    C0] R10: ffffc90004eff638 R11: ffffffff81acf3a0 R12: 0000000000000002
[ 1762.635843][    C0] R13: ffffffff8e13f160 R14: 0000000000000000 R15: 0000000000000246
[ 1762.643805][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.648903][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1762.655043][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.660149][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.665505][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1762.671555][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.676659][    C0]  unwind_next_frame+0xc2/0x2390
[ 1762.681577][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.686674][    C0]  ? unwind_next_frame+0xa5/0x2390
[ 1762.691783][    C0]  ? do_syscall_64+0xfa/0x3b0
[ 1762.696466][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1762.702606][    C0]  arch_stack_walk+0x11c/0x150
[ 1762.707357][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1762.713413][    C0]  stack_trace_save+0x9c/0xe0
[ 1762.718078][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1762.723434][    C0]  ? __x64_sys_exit_group+0x3f/0x40
[ 1762.728623][    C0]  kasan_save_track+0x3e/0x80
[ 1762.733283][    C0]  ? kasan_save_track+0x3e/0x80
[ 1762.738287][    C0]  ? __kasan_kmalloc+0x93/0xb0
[ 1762.743033][    C0]  ? __kmalloc_cache_noprof+0x230/0x3d0
[ 1762.748564][    C0]  ? kmem_cache_free+0x166/0x400
[ 1762.753480][    C0]  ? exit_mmap+0x53f/0xb50
[ 1762.757885][    C0]  ? __mmput+0x118/0x420
[ 1762.762134][    C0]  ? exit_mm+0x1da/0x2c0
[ 1762.766360][    C0]  ? do_exit+0x648/0x22e0
[ 1762.770671][    C0]  ? do_group_exit+0x21c/0x2d0
[ 1762.775420][    C0]  ? __x64_sys_exit_group+0x3f/0x40
[ 1762.780603][    C0]  ? x64_sys_call+0x21ba/0x21c0
[ 1762.785438][    C0]  ? do_syscall_64+0xfa/0x3b0
[ 1762.790100][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1762.796196][    C0]  __kasan_kmalloc+0x93/0xb0
[ 1762.800779][    C0]  __kmalloc_cache_noprof+0x230/0x3d0
[ 1762.806161][    C0]  ? kmem_cache_free+0x166/0x400
[ 1762.811265][    C0]  ? exit_mmap+0x53f/0xb50
[ 1762.815667][    C0]  kmem_cache_free+0x166/0x400
[ 1762.820418][    C0]  exit_mmap+0x53f/0xb50
[ 1762.824660][    C0]  ? uprobe_clear_state+0x20f/0x290
[ 1762.829851][    C0]  ? __pfx_exit_mmap+0x10/0x10
[ 1762.834601][    C0]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1762.840223][    C0]  ? __pfx_exit_aio+0x10/0x10
[ 1762.844890][    C0]  ? uprobe_clear_state+0x274/0x290
[ 1762.850097][    C0]  __mmput+0x118/0x420
[ 1762.854170][    C0]  exit_mm+0x1da/0x2c0
[ 1762.858241][    C0]  ? __pfx_exit_mm+0x10/0x10
[ 1762.862835][    C0]  ? hrtimer_try_to_cancel+0x3d9/0x420
[ 1762.868284][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1762.873038][    C0]  do_exit+0x648/0x22e0
[ 1762.877185][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1762.882631][    C0]  ? __pfx_do_exit+0x10/0x10
[ 1762.887216][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1762.892406][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1762.897690][    C0]  do_group_exit+0x21c/0x2d0
[ 1762.902535][    C0]  __x64_sys_exit_group+0x3f/0x40
[ 1762.907543][    C0]  x64_sys_call+0x21ba/0x21c0
[ 1762.912203][    C0]  do_syscall_64+0xfa/0x3b0
[ 1762.916689][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1762.921868][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1762.927916][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1762.932576][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1762.938464][    C0] RIP: 0033:0x7fa5b06f16c5
[ 1762.943047][    C0] RSP: 002b:00007ffc676503a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1762.951470][    C0] RAX: ffffffffffffffda RBX: 0000560209393fc0 RCX: 00007fa5b06f16c5
[ 1762.959427][    C0] RDX: 00000000000000e7 RSI: fffffffffffffe68 RDI: 0000000000000000
[ 1762.967407][    C0] RBP: 000056020937f910 R08: 0000000000000000 R09: 0000000000000000
[ 1762.975550][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1762.983517][    C0] R13: 00007ffc676503f0 R14: 0000000000000000 R15: 0000000000000000
[ 1762.991488][    C0]  </TASK>
[ 1762.994504][    C0] rcu: rcu_preempt kthread starved for 10408 jiffies! g222849 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1763.005789][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1763.015747][    C0] rcu: RCU grace-period kthread stack dump:
[ 1763.021649][    C0] task:rcu_preempt     state:R  running task     stack:26888 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[ 1763.035109][    C0] Call Trace:
[ 1763.038380][    C0]  <TASK>
[ 1763.041304][    C0]  __schedule+0x16f5/0x4d00
[ 1763.045911][    C0]  ? schedule+0x165/0x360
[ 1763.050265][    C0]  ? __pfx___schedule+0x10/0x10
[ 1763.055135][    C0]  ? schedule+0x91/0x360
[ 1763.059379][    C0]  schedule+0x165/0x360
[ 1763.063533][    C0]  schedule_timeout+0x12b/0x270
[ 1763.068399][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1763.073758][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1763.079686][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1763.084986][    C0]  ? prepare_to_swait_event+0x341/0x380
[ 1763.090548][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[ 1763.095408][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[ 1763.101988][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1763.107353][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1763.112553][    C0]  rcu_gp_kthread+0x99/0x390
[ 1763.117141][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1763.122325][    C0]  ? __kthread_parkme+0x7b/0x200
[ 1763.127381][    C0]  ? __kthread_parkme+0x1a1/0x200
[ 1763.132409][    C0]  kthread+0x70e/0x8a0
[ 1763.136468][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1763.141650][    C0]  ? __pfx_kthread+0x10/0x10
[ 1763.146226][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1763.151411][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1763.156589][    C0]  ? __pfx_kthread+0x10/0x10
[ 1763.161162][    C0]  ret_from_fork+0x3f9/0x770
[ 1763.165747][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1763.170845][    C0]  ? __switch_to_asm+0x39/0x70
[ 1763.175591][    C0]  ? __switch_to_asm+0x33/0x70
[ 1763.180333][    C0]  ? __pfx_kthread+0x10/0x10
[ 1763.184929][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1763.189718][    C0]  </TASK>
[ 1763.192723][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1763.199035][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1763.204251][    C1] NMI backtrace for cpu 1
[ 1763.204269][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1763.204310][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1763.204332][    C1] RIP: 0010:rcu_is_watching+0x4b/0xb0
[ 1763.204366][    C1] Code: 00 00 fc ff df 4c 8d 34 dd 70 ec bb 8d 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 2c 89 7c 00 48 c7 c3 58 7f a1 92 <49> 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65
[ 1763.204380][    C1] RSP: 0018:ffffc90000a07930 EFLAGS: 00000246
[ 1763.204397][    C1] RAX: 1ffffffff1b77d8f RBX: ffffffff92a17f58 RCX: ea9a3f89f6800600
[ 1763.204410][    C1] RDX: ffffc90000a07a01 RSI: ffffffff8be29da0 RDI: ffffffff8be29d60
[ 1763.204423][    C1] RBP: dffffc0000000000 R08: ffffc90000a08980 R09: 0000000000000000
[ 1763.204435][    C1] R10: ffffc90000a07ad8 R11: fffff52000140f5d R12: ffffc90000a08990
[ 1763.204448][    C1] R13: ffffffff81729ae5 R14: ffffffff8dbbec78 R15: dffffc0000000000
[ 1763.204461][    C1] FS:  0000000000000000(0000) GS:ffff888125d1b000(0000) knlGS:0000000000000000
[ 1763.204475][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1763.204486][    C1] CR2: 00007f5c0c4deccc CR3: 000000005fbc2000 CR4: 00000000003526f0
[ 1763.204501][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1763.204511][    C1] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1763.204522][    C1] Call Trace:
[ 1763.204529][    C1]  <IRQ>
[ 1763.204537][    C1]  ? unwind_next_frame+0xa5/0x2390
[ 1763.204555][    C1]  lock_release+0x4b/0x3e0
[ 1763.204571][    C1]  ? deref_stack_reg+0x19f/0x230
[ 1763.204590][    C1]  ? unwind_next_frame+0xa5/0x2390
[ 1763.204607][    C1]  unwind_next_frame+0x19a9/0x2390
[ 1763.204627][    C1]  ? unwind_next_frame+0xa5/0x2390
[ 1763.204644][    C1]  ? ieee80211_bss_info_update+0x746/0x9e0
[ 1763.204669][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1763.204689][    C1]  arch_stack_walk+0x11c/0x150
[ 1763.204711][    C1]  ? ieee80211_scan_rx+0x593/0xa20
[ 1763.204733][    C1]  stack_trace_save+0x9c/0xe0
[ 1763.204752][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[ 1763.204775][    C1]  ? unwind_next_frame+0xa5/0x2390
[ 1763.204791][    C1]  ? unwind_next_frame+0x19ae/0x2390
[ 1763.204808][    C1]  kasan_save_track+0x3e/0x80
[ 1763.204825][    C1]  ? kasan_save_track+0x3e/0x80
[ 1763.204841][    C1]  ? __kasan_kmalloc+0x93/0xb0
[ 1763.204857][    C1]  ? __kmalloc_noprof+0x27a/0x4f0
[ 1763.204874][    C1]  ? ieee802_11_parse_elems_full+0x152/0x2b20
[ 1763.204890][    C1]  ? ieee80211_inform_bss+0x10c/0x10a0
[ 1763.204909][    C1]  ? cfg80211_inform_single_bss_data+0xd05/0x1ac0
[ 1763.204930][    C1]  ? cfg80211_inform_bss_data+0x1fb/0x3b20
[ 1763.204950][    C1]  ? cfg80211_inform_bss_frame_data+0x3d7/0x730
[ 1763.204971][    C1]  ? ieee80211_bss_info_update+0x746/0x9e0
[ 1763.205012][    C1]  ? __cfg80211_bss_update+0x147/0x2120
[ 1763.205034][    C1]  __kasan_kmalloc+0x93/0xb0
[ 1763.205052][    C1]  __kmalloc_noprof+0x27a/0x4f0
[ 1763.205068][    C1]  ? ieee802_11_parse_elems_full+0x152/0x2b20
[ 1763.205087][    C1]  ieee802_11_parse_elems_full+0x152/0x2b20
[ 1763.205110][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1763.205131][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1763.205153][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1763.205173][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1763.205202][    C1]  ? __pfx_ieee802_11_parse_elems_full+0x10/0x10
[ 1763.205217][    C1]  ? cfg80211_update_known_bss+0x803/0x1330
[ 1763.205239][    C1]  ? cmp_bss+0x8b3/0xe80
[ 1763.205261][    C1]  ieee80211_inform_bss+0x10c/0x10a0
[ 1763.205283][    C1]  ? __cfg80211_bss_update+0x101a/0x2120
[ 1763.205306][    C1]  ? __pfx_ieee80211_inform_bss+0x10/0x10
[ 1763.205324][    C1]  ? do_raw_spin_lock+0x121/0x290
[ 1763.205348][    C1]  ? trace_kmalloc+0x1f/0xd0
[ 1763.205371][    C1]  ? __pfx_ieee80211_inform_bss+0x10/0x10
[ 1763.205391][    C1]  cfg80211_inform_single_bss_data+0xd05/0x1ac0
[ 1763.205418][    C1]  ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[ 1763.205450][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1763.205471][    C1]  ? queue_work_on+0x1ed/0x270
[ 1763.205490][    C1]  ? cfg80211_inform_bss_data+0x1e8/0x3b20
[ 1763.205514][    C1]  cfg80211_inform_bss_data+0x1fb/0x3b20
[ 1763.205535][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1763.205556][    C1]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1763.205573][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1763.205594][    C1]  ? ieee80211_rx_handlers+0xbc67/0xbce0
[ 1763.205616][    C1]  ? ieee80211_rx_handlers+0xbc67/0xbce0
[ 1763.205640][    C1]  ? __pfx_cfg80211_inform_bss_data+0x10/0x10
[ 1763.205671][    C1]  ? __pfx_ieee80211_rx_handlers+0x10/0x10
[ 1763.205708][    C1]  ? ieee80211_bss_info_update+0x2dc/0x9e0
[ 1763.205730][    C1]  cfg80211_inform_bss_frame_data+0x3d7/0x730
[ 1763.205755][    C1]  ? ieee80211_bss_info_update+0x2dc/0x9e0
[ 1763.205778][    C1]  ieee80211_bss_info_update+0x746/0x9e0
[ 1763.205801][    C1]  ? __pfx_ieee80211_bss_info_update+0x10/0x10
[ 1763.205830][    C1]  ? ieee80211_get_channel_khz+0x15b/0x8a0
[ 1763.205851][    C1]  ieee80211_scan_rx+0x593/0xa20
[ 1763.205876][    C1]  ieee80211_rx_list+0x22fc/0x2d80
[ 1763.205904][    C1]  ? __pfx_ieee80211_rx_list+0x10/0x10
[ 1763.205932][    C1]  ? ieee80211_rx_napi+0xca/0x3d0
[ 1763.205953][    C1]  ? ieee80211_rx_napi+0xca/0x3d0
[ 1763.205980][    C1]  ? ieee80211_rx_napi+0xca/0x3d0
[ 1763.205999][    C1]  ieee80211_rx_napi+0x1a8/0x3d0
[ 1763.206022][    C1]  ? __pfx_ieee80211_rx_napi+0x10/0x10
[ 1763.206046][    C1]  ? skb_dequeue+0x10e/0x150
[ 1763.206063][    C1]  ieee80211_handle_queued_frames+0xe8/0x1f0
[ 1763.206086][    C1]  tasklet_action_common+0x36c/0x580
[ 1763.206104][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1763.206126][    C1]  ? __pfx_tasklet_action_common+0x10/0x10
[ 1763.206144][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1763.206164][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1763.206186][    C1]  ? workqueue_softirq_action+0xd4/0x150
[ 1763.206206][    C1]  handle_softirqs+0x286/0x870
[ 1763.206225][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[ 1763.206245][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1763.206265][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[ 1763.206287][    C1]  __irq_exit_rcu+0xca/0x1f0
[ 1763.206304][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[ 1763.206326][    C1]  irq_exit_rcu+0x9/0x30
[ 1763.206341][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1763.206367][    C1]  </IRQ>
[ 1763.206373][    C1]  <TASK>
[ 1763.206380][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1763.206396][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1763.206417][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 2d 19 00 f3 0f 1e fa fb f4 <e9> c8 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1763.206431][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[ 1763.206444][    C1] RAX: ea9a3f89f6800600 RBX: ffffffff81975c78 RCX: ea9a3f89f6800600
[ 1763.206457][    C1] RDX: 0000000000000001 RSI: ffffffff8d998685 RDI: ffffffff8be29dc0
[ 1763.206469][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[ 1763.206481][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa1eff0
[ 1763.206493][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a57b40
[ 1763.206507][    C1]  ? do_idle+0x1e8/0x510
[ 1763.206529][    C1]  default_idle+0x13/0x20
[ 1763.206544][    C1]  default_idle_call+0x74/0xb0
[ 1763.206560][    C1]  do_idle+0x1e8/0x510
[ 1763.206577][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1763.206599][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1763.206620][    C1]  ? do_idle+0x15/0x510
[ 1763.206641][    C1]  cpu_startup_entry+0x44/0x60
[ 1763.206658][    C1]  start_secondary+0x101/0x110
[ 1763.206672][    C1]  common_startup_64+0x13e/0x147
[ 1763.206700][    C1]  </TASK>
[ 1764.059181][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1764.098316][ T1301] ieee802154 phy1 wpan1: encryption failed: -22