last executing test programs:

10m2.253327952s ago: executing program 4 (id=2246):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x8, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0xd, 0x2, 0x1, "4448fad630faf1aff4000e000000000000000000000000000c00000080008b00", 0x30314442})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, &(0x7f0000000100)="26c2", 0xfffff, 0xffffffffffffffff)

10m1.318874765s ago: executing program 4 (id=2256):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x1, 0x2, 0x2, {0x4, 0x1}, 0x3, 0x800}) (fail_nth: 2)

10m0.442021707s ago: executing program 4 (id=2259):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f0000000280)=@abs={0x1}, 0x6e)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)={0x40, 0x0, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x1}, @ETHTOOL_A_BITSET_VALUE={0x4}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
connect$pppl2tp(r7, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
syz_emit_ethernet(0x83, &(0x7f0000000400)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x4d, 0x11, 0x0, @remote, @local, {[], {0x3, 0xe22, 0x4d, 0x0, @gue={{0x2, 0x1, 0x1, 0x2, 0x100, @val=0x80}, "2bac20af85b2dd7868321994735f732494e7431fbcf4fe9133a213660ac4ec73d7517f0bae9fa5df5f2001fb63e3f6b22d94ce9b99bf15f5de0fd7a29a"}}}}}}}, 0x0)

9m56.690980942s ago: executing program 4 (id=2274):
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ff"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x18, &(0x7f0000000600)=ANY=[@ANYRESOCT=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000055090100000000009500000000000000181100000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xed41d0969ec4053c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r1, &(0x7f0000000340)=[{0x84, 0x77, 0x0, 0x0, @tick, {0x0, 0x1}, {}, @raw32={[0x5, 0x2000002]}}, {0x7, 0x3, 0x0, 0x4, @tick=0xeaed, {0x6, 0x2e}, {0x5, 0x81}, @connect={{0x4, 0x6}, {0x9, 0x1}}}, {0x2, 0x0, 0x81, 0x59, @tick=0x3, {0xd, 0x1}, {}, @time=@time={0x704, 0x3a2c}}], 0x54)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000009c0), &(0x7f0000000a00)=0x4)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000b00)={@initdev, @local}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f00000000c0)={0x40000039})

9m56.33797498s ago: executing program 4 (id=2278):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xffffffffffffffc0, 0x10}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x24}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000100))
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x6, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0xffffffff}, 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r3, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1a, 0x2, 0x4})
sendmmsg$inet6(r2, &(0x7f0000000680)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[], 0x80}}], 0x1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000006000000040000000100000000000000", @ANYBLOB="000000000000b779ddd684f2974d475a04000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r4}, &(0x7f0000000840), &(0x7f0000000880)=r0, 0x1000000}, 0x20)
pipe(&(0x7f0000000080))

9m55.253387975s ago: executing program 4 (id=2281):
r0 = fanotify_init(0xf00, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x420141, 0x125)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb299b000)
capset(0x0, &(0x7f0000000080))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="180900000000000000000000030000001ca100000000000085100000fcffffff95"], &(0x7f0000000080)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ff}, 0x27)
mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0xf000, 0x3, &(0x7f0000009000/0xf000)=nil)
mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil)
r2 = syz_io_uring_setup(0xdd4, &(0x7f0000000140)={0x0, 0xce2b, 0x8, 0x3, 0x352}, &(0x7f00000005c0), &(0x7f0000000300))
io_uring_register$IORING_REGISTER_CLOCK(r2, 0x1d, 0x0, 0x0)
syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
creat(&(0x7f00000001c0)='./file1\x00', 0x184)
syz_usb_connect(0x6, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r3, 0x400448cb, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000600)='.\x00', 0x0, 0x6)
getdents64(r1, &(0x7f0000001f80)=""/4102, 0x1006)
fanotify_mark(r0, 0x541, 0x103a, r1, 0x0)
pipe2(&(0x7f00000000c0)={<r5=>0x0, <r6=>0x0}, 0x0)
vmsplice(r4, &(0x7f0000000080)=[{&(0x7f0000000340)="dd7698ea1445e41e223554124112131bd69d846e4ec7ae79054f1c643377ca7536fbd8a45d3b6c07bc15bc7732ff04b837fda271a0fd461127b7ad98e842083d47d9a3f5aec603335bb102de89b33ad9de4cd91dcb06964ac6b02bf04830b954c2d4718706dbf4916b93f94711544b9e2e3691c51720f68f74c439cc7fd3220c213c4377e96d08953524cfa05dbd1559072f55fc690fce249ede15ef25a2666b86462801324eea6a9bac76ae7d066de33336df85f73a132a4acd10894482e8ac3e08abf356d2cc2756861784318228e600"/224, 0xe0}, {&(0x7f0000000700)="e60a000000000000003ab0a9506062f04eb2b98e77d9e9ec1c5c88982139192fb0c3af7219f647cb985489ba27494a36a90d1e94e1578b92af584ae84c26ff1b0ea566b2da9ab965c3bba224a43427c46b66b6da4a566a192262821db0bb2a44311a661f605a20919908000000ae585f270e00000000000000936590fe1c7ce1870310083dd9aac11fd301ed14b3d8bbda9fbccae4e168237f39f987a21c7e85bf7cf02a2ff22f7a4c028c7db8acb49b7ded1a6dc2ed3989a6746ccce2b6127f24c803eee1d33334c53de68d62b32277e5aea00322bab173f4baf64126880683c9be4566683700000000000000007b74d9772c33100c3d58f1732bc47eef099e0ae54057c85e6f220e61a6f5b9d8502ea557252a37baeb63245403f44cc5d366050118ae31440f8a84ccd9f5943733000000", 0x132}, {&(0x7f0000000100)="decfd26c1d9001fdf4f8427f11fff4", 0xf}, {&(0x7f0000000200)="88eaae0bb71657e108fc0ab938b32e0ad52b403b2ca8d85723891f24d9c3cfdbeaccc98b755261b7afcf17f7c8f022dd578912e8049c3965e2691219b4053941677eb8bfed5f0aad075ea199787f2c45f42b3524627f0b140211ee8eb0aba66b374d6c81461b737c26dbeaef5d74baee5ac847e4af4dd6639bb236263412ff5ef1ca54137aa1eb9a97161565f982121c6d9b20b8392cec0f409169f5dc95ad4ecc4e119da10718234aa6ab535daa87a1fee052a3cea85e8eb060ff", 0xbb}], 0x4, 0x5)
syz_kvm_setup_syzos_vm$x86(r6, &(0x7f0000bfe000/0x400000)=nil)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x84)
splice(r5, 0x0, r7, 0x0, 0x1, 0xb)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r8, 0xc0045009, 0x0)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x48})
syz_usb_connect$hid(0x2, 0x36, 0x0, 0x0)

9m39.756525872s ago: executing program 32 (id=2281):
r0 = fanotify_init(0xf00, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x420141, 0x125)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb299b000)
capset(0x0, &(0x7f0000000080))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="180900000000000000000000030000001ca100000000000085100000fcffffff95"], &(0x7f0000000080)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ff}, 0x27)
mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0xf000, 0x3, &(0x7f0000009000/0xf000)=nil)
mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil)
r2 = syz_io_uring_setup(0xdd4, &(0x7f0000000140)={0x0, 0xce2b, 0x8, 0x3, 0x352}, &(0x7f00000005c0), &(0x7f0000000300))
io_uring_register$IORING_REGISTER_CLOCK(r2, 0x1d, 0x0, 0x0)
syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
creat(&(0x7f00000001c0)='./file1\x00', 0x184)
syz_usb_connect(0x6, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r3, 0x400448cb, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000600)='.\x00', 0x0, 0x6)
getdents64(r1, &(0x7f0000001f80)=""/4102, 0x1006)
fanotify_mark(r0, 0x541, 0x103a, r1, 0x0)
pipe2(&(0x7f00000000c0)={<r5=>0x0, <r6=>0x0}, 0x0)
vmsplice(r4, &(0x7f0000000080)=[{&(0x7f0000000340)="dd7698ea1445e41e223554124112131bd69d846e4ec7ae79054f1c643377ca7536fbd8a45d3b6c07bc15bc7732ff04b837fda271a0fd461127b7ad98e842083d47d9a3f5aec603335bb102de89b33ad9de4cd91dcb06964ac6b02bf04830b954c2d4718706dbf4916b93f94711544b9e2e3691c51720f68f74c439cc7fd3220c213c4377e96d08953524cfa05dbd1559072f55fc690fce249ede15ef25a2666b86462801324eea6a9bac76ae7d066de33336df85f73a132a4acd10894482e8ac3e08abf356d2cc2756861784318228e600"/224, 0xe0}, {&(0x7f0000000700)="e60a000000000000003ab0a9506062f04eb2b98e77d9e9ec1c5c88982139192fb0c3af7219f647cb985489ba27494a36a90d1e94e1578b92af584ae84c26ff1b0ea566b2da9ab965c3bba224a43427c46b66b6da4a566a192262821db0bb2a44311a661f605a20919908000000ae585f270e00000000000000936590fe1c7ce1870310083dd9aac11fd301ed14b3d8bbda9fbccae4e168237f39f987a21c7e85bf7cf02a2ff22f7a4c028c7db8acb49b7ded1a6dc2ed3989a6746ccce2b6127f24c803eee1d33334c53de68d62b32277e5aea00322bab173f4baf64126880683c9be4566683700000000000000007b74d9772c33100c3d58f1732bc47eef099e0ae54057c85e6f220e61a6f5b9d8502ea557252a37baeb63245403f44cc5d366050118ae31440f8a84ccd9f5943733000000", 0x132}, {&(0x7f0000000100)="decfd26c1d9001fdf4f8427f11fff4", 0xf}, {&(0x7f0000000200)="88eaae0bb71657e108fc0ab938b32e0ad52b403b2ca8d85723891f24d9c3cfdbeaccc98b755261b7afcf17f7c8f022dd578912e8049c3965e2691219b4053941677eb8bfed5f0aad075ea199787f2c45f42b3524627f0b140211ee8eb0aba66b374d6c81461b737c26dbeaef5d74baee5ac847e4af4dd6639bb236263412ff5ef1ca54137aa1eb9a97161565f982121c6d9b20b8392cec0f409169f5dc95ad4ecc4e119da10718234aa6ab535daa87a1fee052a3cea85e8eb060ff", 0xbb}], 0x4, 0x5)
syz_kvm_setup_syzos_vm$x86(r6, &(0x7f0000bfe000/0x400000)=nil)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x84)
splice(r5, 0x0, r7, 0x0, 0x1, 0xb)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r8, 0xc0045009, 0x0)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x48})
syz_usb_connect$hid(0x2, 0x36, 0x0, 0x0)

2m30.152211245s ago: executing program 0 (id=3382):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
rt_sigpending(0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_usb_control_io$sierra_net(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x2000000000000, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x1, @remote, 0x5}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f00000002c0)="2cc57362b802ee7cfe1b1af0019df64c", 0x10}], 0x1)

2m29.103503961s ago: executing program 0 (id=3385):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x140)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000001980)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x63)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
mknodat$loop(r0, &(0x7f0000000200)='./file1\x00', 0x800, 0x1)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_setup(0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$alg(0xffffffffffffffff, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58)
r4 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000b80), 0x0, 0x8004)
accept4(r1, 0x0, 0x0, 0x800)
write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000080)={0x13, 0x10, 0xfa00, {&(0x7f00000002c0), 0xffffffffffffffff, 0x1}}, 0x18)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)

2m27.923682416s ago: executing program 0 (id=3387):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20004450)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB], 0x30}}, 0x0)

2m27.758690277s ago: executing program 0 (id=3389):
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r0 = socket$rds(0x15, 0x5, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x4, 0x1c, 0x66, 0x100, 0x7, 0x2, 0x0, @private=0xa010102, @local}, {0x12, 0xff, 0x0, @empty}}}}}, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48)
prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffffff7)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000000)=0x2, 0x4)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
keyctl$get_keyring_id(0x0, 0x0, 0x1)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_open_dev$usbmon(&(0x7f0000000240), 0x8, 0x0)
syz_open_procfs(0x0, 0x0)
r3 = socket(0x10, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x8000, 0x1)
socket(0x29, 0x3, 0x0)
r4 = creat(&(0x7f0000000580)='./file0\x00', 0x0)
r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r4, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000340)=0x7)

2m26.286062337s ago: executing program 0 (id=3391):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpgid(0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f00000010c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000000010000001900004c957d7862fdd49d00"], 0x0, 0x28, 0x0, 0x1, 0x13e}, 0x28)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x2800, 0x0)
ioctl$TIOCSERGETLSR(r2, 0x5459, &(0x7f00000000c0))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r5 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0)
fcntl$setlease(r5, 0x400, 0x1)
r6 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r6, 0x29, 0x31, &(0x7f0000000100)=0xffff, 0x4)
sendto$inet6(r6, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x4000, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
recvmmsg(r6, &(0x7f0000000380)=[{{&(0x7f0000000640)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000140)=""/144}, {&(0x7f0000000200)=""/230}, {&(0x7f0000000300)=""/86, 0xfffffe94}, {&(0x7f00000003c0)=""/253}, {&(0x7f00000004c0)=""/208}]}, 0x3422a61a}], 0x4000000000003c9, 0x10102, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r7}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
ioctl$VIDIOC_S_PRIORITY(r5, 0x40045644, 0x1)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)

2m25.147295334s ago: executing program 0 (id=3396):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
rt_sigpending(0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_usb_control_io$sierra_net(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x2000000000000, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x1, @remote, 0x5}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f00000002c0)="2cc57362b802ee7cfe1b1af0019df64c", 0x10}], 0x1)

2m17.652606549s ago: executing program 2 (id=3419):
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0)

2m17.330066179s ago: executing program 2 (id=3423):
r0 = socket$inet6(0xa, 0x803, 0x5)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000180)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x2, 0x0) (fail_nth: 7)

2m17.262852413s ago: executing program 2 (id=3424):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x1000, 0x2, 0x6, 0xfffa}, 0x23b, [0x8000, 0xc95a, 0xf, 0x0, 0x83, 0x2, 0x3, 0x200007f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x6, 0x7fff, 0x7, 0x3c5b, 0x1, 0x24, 0x10, 0x5, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0xffff, 0x242, 0x3, 0xe, 0x4, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x200006, 0xffff, 0x454c, 0x6, 0x80004, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x0, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2be, 0x6c6, 0x2, 0xffffffff, 0x5, 0x0, 0x0, 0x5, 0x1, 0xe, 0x1, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x9, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0xfffff575, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x47, 0x6, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fffffff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0xfffffffa, 0xb, 0x40000005, 0x2, 0x2, 0x400003, 0x20000008, 0x4, 0x6d01, 0x6, 0x4038, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0x1000, 0x5, 0xb1, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x200807ff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb35, 0x7, 0xb, 0x5, 0x4, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x0, 0x2, 0x4184, 0x5, 0x1, 0x2, 0x10000, 0x4, 0x7fff, 0x2ffff, 0xa620, 0x1, 0x5, 0x8, 0x2000002, 0x14c, 0x60a7, 0x6, 0x1, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x0, 0x8, 0x100, 0x961e, 0x1000007, 0xaf, 0x20000008, 0x5, 0x226, 0xffffffff, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000183b9220b113420016580102030109021b00010000000009040000012e459e000905", @ANYRESDEC], 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendto$inet6(r0, &(0x7f0000000440)='\x00\x00', 0x2, 0x20003bc4, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

2m15.904413882s ago: executing program 2 (id=3429):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$unix(0x1, 0x1, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r4, 0x0, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)={0x40, r7, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x1}, @ETHTOOL_A_BITSET_VALUE={0x4}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
connect$pppl2tp(r5, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
syz_emit_ethernet(0x0, 0x0, 0x0)

2m14.097772151s ago: executing program 2 (id=3431):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2ecdac547792d1b2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x93a, 0x8002, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x4, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xc6, 0x0, 0x40}}}}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8)
mknodat$loop(r3, &(0x7f0000000000)='./file0\x00', 0x4, 0x0)
syz_usb_control_io(r2, &(0x7f0000000040)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="200ff732ffff0300547d"], 0x0, 0x0, 0x0, 0x0}, 0x0)
mknodat$loop(r3, 0x0, 0x400, 0x1)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
socket$inet6(0xa, 0x2, 0x3a)
memfd_secret(0x80000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_SET(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRESHEX=r0, @ANYRESDEC=r4], 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x840)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
pipe2$9p(&(0x7f0000000180), 0x80000)
syz_emit_ethernet(0x15b, &(0x7f00000003c0)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x125, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @private1, [{0x4, 0x1f, "9595f429ae08a565c9a41d416c70a44d2e6f790a3872d50bb14d25344dc5b3a281f175f5ee04aab21301b94d966c72c15a143c69205625466855101cf44d89d9f6ee47d77c0d4e53e34b67c542fc6f6f6c60139c43b78286f5bb8f4f11d164af24e2633a45bf4ed944b0ef6a7b7167f73cf54e78686ac09402659c29eb0ce380654c1bb0f61d255b1556b7a311096b7aab867396997ffab76abca01185b08d1e29ee14d8fe61245487104b1c5205c6adc794ba413b92d2d208b86f40983c4819c33b59c1abe2a4b0aa661fcb54e0855d6bb5dd267878ff59bcfc6079e7a5e0135118be22dc6c97e730f7053d6ec34ca11b5c7c3830af6b26868600"}]}}}}}}, 0x0)
sendmsg$nl_route(r6, 0x0, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
recvmmsg(r7, 0x0, 0x0, 0x120, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0xa9, 0xcd, 0x7, 0x40, 0x421, 0x178, 0xc1ca, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5f, 0x65, 0x60, 0x70, [{{0x9, 0x4, 0xaf, 0x48, 0x0, 0x2, 0x2, 0xff, 0x9}}]}}]}}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x0, 0x0}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x82c}}]})

2m10.997308248s ago: executing program 2 (id=3440):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$unix(0x1, 0x1, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r4, 0x0, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)={0x40, r7, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x1}, @ETHTOOL_A_BITSET_VALUE={0x4}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
connect$pppl2tp(r5, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
syz_emit_ethernet(0x0, 0x0, 0x0)

1m55.732320505s ago: executing program 33 (id=3440):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$unix(0x1, 0x1, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r4, 0x0, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)={0x40, r7, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x1}, @ETHTOOL_A_BITSET_VALUE={0x4}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
connect$pppl2tp(r5, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
syz_emit_ethernet(0x0, 0x0, 0x0)

12.791429771s ago: executing program 3 (id=3671):
openat$tun(0xffffffffffffff9c, 0x0, 0x22000, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010d0000000708b5192100c7000000000109021b00022071ac00090400000107000009090585cf"], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r5, 0x0, 0x0)

9.013637588s ago: executing program 3 (id=3679):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, <r1=>0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={r1, 0x0, &(0x7f0000001780)=""/4096}, 0x20)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'erspan0\x00', &(0x7f00000000c0)={'syztnl2\x00', <r2=>0x0, 0x700, 0x8000, 0x1, 0x8, {{0x8, 0x4, 0x1, 0x15, 0x20, 0x65, 0x0, 0x5, 0x29, 0x0, @multicast2, @local, {[@generic={0x82, 0xb, "fdd7d65ba3a024b9a9"}, @noop]}}}}})
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff, {0x2}}, './file0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0xde50, 0x2, 0x8, 0x10000, r1, 0x1, '\x00', r2, 0xffffffffffffffff, 0x2, 0x2, 0x0, 0xd, @void, @value, @value=r3}, 0x50)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002780)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x8c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x923fe45acb80a2a8, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000004}, 0x94)
r8 = syz_usb_connect$uac1(0x1, 0x9c, &(0x7f0000000c40)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x2571669c4e36e0d1, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8a, 0x3, 0x1, 0x0, 0x60, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0x1}, [@output_terminal={0x9, 0x24, 0x3, 0x3, 0x206, 0x2, 0x2, 0xd7}, @processing_unit={0x9, 0x24, 0x7, 0x1, 0x4, 0x1, "a258"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x402a, 0x0, 0x10, "bdbe97119031e22710"}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x4, 0x4, 0xe, {0x7, 0x25, 0x1, 0x83, 0xd, 0x3}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0xf, 0x6, 0x4}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x0, 0xf, 0x3, {0x7, 0x25, 0x1, 0x3, 0x33, 0x5}}}}}}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x250, 0x40, 0x0, 0x2, 0x8, 0x9}, 0xeb, &(0x7f0000000180)={0x5, 0xf, 0xeb, 0x6, [@ssp_cap={0x20, 0x10, 0xa, 0x1, 0x5, 0x4276172, 0xf, 0x9, [0x30, 0x0, 0xff0000, 0x0, 0x3ff0]}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0x2}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0x7, 0x4, 0x60d}, @ss_container_id={0x14, 0x10, 0x4, 0x81, "7868ecb071c995e7582de873eec7fadc"}, @ptm_cap={0x3}, @generic={0x9e, 0x10, 0x2, "613d7eeea90bd3e498cb58f72b7bc654fd9f3e5fd1c45c13b56955520b10e04534c9c447475e0826a66b4db3fac7dbb7734d9620f6ec7e2daa0941fcfde206d0b285a65aa8c476917585c5a337f120f96643bf73c94a426a670c2ebf5e01786e87798a84fed3af96977a68ddce078e84d75d5f24689207f4416f96d140de2c503924511c3de6274e84002f4fc04b174a886bf4478203916c4e0159"}]}, 0x1, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x458}}]})
syz_usb_control_io(r8, &(0x7f0000000640)={0x2c, &(0x7f0000000400)={0x0, 0x22, 0x5a, {0x5a, 0x24, "93ae4e4deea956de4254cf85e860fb6b926de3f98eceac18997e71dcbabf0cb602eb649fa925c65b6ed42a5ec486954d1c5f1d35b02144713af90be19cb039f06430fe977c4c4ba3d96c6771668292d44095750b3eedfb9a"}}, &(0x7f0000000480)={0x0, 0x3, 0xcf, @string={0xcf, 0x3, "490496af4e2574fa21d7f10617db836b914abd0a5dacaf100a87cb9850ff98e37fa13c570560d6d6f6efdd6cc180c9d1116b5d963c0e5dcff3888ec80202d57e8105bd4cbc75a9b1ef4e6a30a022b8fe0097cada2d8c01beada52135702950a77cf2d6ff33d0101ff0d849f5da85bd941d1242738a599d16e8602586e7979d2ca77dffc1841d6b85e1186bec7defe1c591684bbe4c58a72f7a1b26ca43c454ecc8538894664834ed5d3ad06fed2943a067bba144d56eb76b647a830f6e0c2c4b5fd0af50cd162666db44033104"}}, &(0x7f0000000580)={0x0, 0xf, 0x8, {0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}}, &(0x7f00000005c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0xf, 0x0, 0x64, 0x7c, "8ce2c225", "777d58af"}}, &(0x7f0000000600)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x2, 0x10, 0x6, 0xf, 0x9, 0x3, 0xd243}}}, &(0x7f0000000ac0)={0x84, &(0x7f0000000680)={0x20, 0xd, 0x72, "0ba301b4cdeefa9bc6398e8fbcc823bbd37ec07d131fadd875d90bfc89c6c6fd7aa15872d87e7b4ce737bcfff36658905a427c474695ab6776b69d3ff69c9f8a9fb62803f72c46516e847140391e5d3bf6b78a3d8b44bcb63c30e2b43239600886471f295c2268ed6850b24ed7a886faafe0"}, &(0x7f0000000700)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000740)={0x0, 0x8, 0x1, 0x31}, &(0x7f0000000780)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f00000007c0)={0x20, 0x0, 0x4, {0x200, 0x10}}, &(0x7f0000000800)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000840)={0x40, 0x9, 0x1, 0x2}, &(0x7f0000000880)={0x40, 0xb, 0x2, "f564"}, &(0x7f00000008c0)={0x40, 0xf, 0x2, 0x9}, &(0x7f0000000900)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}}, &(0x7f0000000940)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000980)={0x40, 0x19, 0x2, "2eae"}, &(0x7f00000009c0)={0x40, 0x1a, 0x2, 0x5}, &(0x7f0000000a00)={0x40, 0x1c, 0x1, 0x4}, &(0x7f0000000a40)={0x40, 0x1e, 0x1, 0x5}, &(0x7f0000000a80)={0x40, 0x21, 0x1}})
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r6, 0x4018aebd, &(0x7f0000000040))
r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x40)
ioctl$KVM_SET_IRQCHIP(r9, 0x4020aeb2, 0x0)

7.779359091s ago: executing program 1 (id=3685):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="fc0100001900010025bd700001000000fe8800000000000000000000000001010000000000000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000002004000000000000001000000000044010500ac1414aa000000000000000000000000000000003300000000000000640101000000000000000000000000000000000000000000000000000000000040000000fe8000000000000000000000000000bb000020003c00000002000000fe80000000000000000000000000000000000000000000000000000000000000000000007f000001000000000000000000000000000000006c00000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000ac141443000000000000000000000000000000003300000000000000ac1414bb000000000000000000000000000000000000000000000000000000000000000020010000000000000000000000000000000004d26c000000000000000000000000000000000000000000000100000000040040000c00"/436], 0x1fc}, 0x1, 0x0, 0x0, 0x1}, 0x4000)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x72f2000000000000, 0x103480)
ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f00000000c0)=0x40)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0xce)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAPCLR(r3, 0x4b68, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000022c0)={'wlan0\x00'})
pivot_root(0x0, 0x0)
r4 = socket(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'lo\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP(r5, 0x3b85, &(0x7f0000000200)={0x28, 0x3, r6, 0x0, &(0x7f0000000a40)="7f", 0x1, 0x4})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f00000002c0)={0x28, 0x4, r6, 0x0, &(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x7})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r5, 0x3ba0, &(0x7f0000000300)={0x48, 0x5, r6})
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)='\xa3<\xa1\xb5\xd2\xd4\x93\x86\xe3\xd5\t\x85|v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xea\xff\xff\xe3\x00\x00\x00\x00\xd3\xbb\xeb9L\x03\x0e\xdc}U\x8c\xdd\n\xaaq\x1d\x9em_\x97\xccN\b\x06\x00\x00\x00\xb5\x12\x8cv\xe4_\x91\xa8G!mm\fq\x91\xcd\x8etu\xa1^ds\x0f\xd3\x8dI>\x11-\xbe\x89y\xd2\x8dm&\xd6[\xf3\xe09f\xb6\xc9I\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00', 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r8, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4008ae93, &(0x7f0000000040)=0x1000)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000600)=ANY=[@ANYBLOB="0100000000000000730000400000000081"])
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})

6.588565751s ago: executing program 1 (id=3688):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000009c0)="18acf8b1ed479de320cdbff21bc648a4423880b9fb95564f48c38e3fdaea755288c2a91a1ef344702de01af77d599320e22a0ea41b13aa09f1b359b0e2d2e8b6074bb4119ea219d2055df8bab18280f3c3ea8e45510d60a28f7af2a9c471dbe0a88f57ae4580b0b420f5f90b70efb6805d81812d5d64c87c99f9c75e9f656dfd6e0cb005b1abd4d879a097dd9d3e6e12f85505cd45c840f9503b2fff6c33e6a675512ab99729da82acc41b65a398d515700ba76224267cdabfb9576027eb82a82c337e379c488d47691d7fe2c55bbe29a7a37633648559a31b90f145d0f5a2d8d9499f100ba95da30ce9df964d2af22e6551f8a35878071d2b5477c0f1c0ab067a8bd9368c04ed9b6e1547f04d022d726bb32daf66bded05624baa409848f50d96df5d0a86c6ce2b9b0767e85c5233c1e30aaad953301d7294b375db43804290971c857070e9d2c8b6397ab8d56358476fc0359ee79b7956f0ef1ce2edefc6bd340037706a57aa98105019c21be58ce8c868c90db57bfe8304416b3e7e02837ea3ce01ce463321f2ea429ee0c42b27d28c2b6063eb5cd746e26ade0c9ae3049ebb8c5038b01281f26c9777fb1263a5ba1262fa783e07ef5ded966eb85a4a811f5aab0d9575551239e9b0f76e5217744b0a8edcb1504774e36818033e3ab03ca6164df64fdf4352b9c88bfa91add131e13bee44e7eb4e38e613f3bab3c6c8a5038e446d57c9058b975f05f36e0e49171b426b99aa82a0656d7ffc46169ee20456aab06ee429bff9408fb1961e3976e288bee69e9ec6dc72862e1cfcc6c4804457285efcb056b0d834666748129994a3fc172c4c9c622a0c4ddd84bce972d56c70f3687222e5857f9a24b0e138a8359409f5b4ba3206c1a7f35c9e90f3ad903715ab7283e700f9ec2c641f38e998122266a8b1731ce1f03d12a643f281b3ace22f1e403dfe05052fdca3da258f8f1bd7c88949d2a14510b4116c5e403b6cee434d4969113ff8eebc1052e6a1dfa710cadfa0dbd96afa3dd1ab32b10e97d4c015e357bb938d5c2420ed83fff6a17ca9c334fc1b1a3b171f3ca2f4f88a66c59477a73265a8dc10c6d0e5ab2f595e4b9bdd160f35a7917d46df4a50b7651a5991f2444fc0a235f210e8ce8afede0b725d0cabfa20e4d36a836314d180f66614db4fbbd15ef7a947247f7f6f0eb34af0b7aeaaa9210154285dcd0389de273ad3459a1d87f062d9a050c57b6325750aeb9f47d7242117d8e0d38ae1e6ce", 0x37a}], 0x1}}], 0x1, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r1, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=""/73, 0x49}, 0x0, 0x2, 0x1, {0x1}})
io_uring_enter(r2, 0x47f6, 0x0, 0x4, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
r5 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r7, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
close_range(r6, 0xffffffffffffffff, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "c94ffb00"}]}}, 0x0}, 0x0)
r8 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r8, 0x720, &(0x7f0000000380)={0x0, 0xfd, 0x6, &(0x7f0000000040)={0xf, "c6c1f7b51030c4a4c54bf2e474d312000000000000bc117b5452b3b94bce47509d"}})
syz_emit_ethernet(0x356, &(0x7f0000000880)={@local, @multicast, @val={@val={0x88a8, 0x1, 0x1, 0x1}, {0x8100, 0x5, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x2, 0x6, "01005e", 0x318, 0x3a, 0x1, @empty, @private1, {[@dstopts={0x33, 0x4e, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @generic={0x0, 0x25, "fa5c5be5176c6c978d5ba16407cd8f4040efdf185702770edcf1ee2b4fe6d840e0ecbbe3b2"}, @calipso={0x7, 0x8, {0x1, 0x0, 0xec, 0x5}}, @pad1, @generic={0x49, 0x35, "305047a26341f91fefed5c4632b782495d47aa13f30f386c7646be452466ab3d2244344bc427f45353072429d2cb27f90e4fb7be10"}, @generic={0x67, 0xfa, "8140a85ce9a2c2474a6f7cc2c51f21ee9a76255d16fc5df64eec94ecea3e26c780f24bf4b549f6d96c0aa73ba3ffe0a0b555ac6cb3c1fb69c013a485ec9a5b2e4db2b89482f778dcd34b7b52499740e2c68646a3a4489c1ad07265b85e18c8a29c343053e00f3f4e0a7d0794116aeb3a0deddc762ce4606b604584dd006c43658d4b0eaaaed95e82d80606c9f57aaef13a17dcf13d4ef74f1da791974b458eb553aee8971181290a27e03533c992d521e1202e2b87375c453854f31ae3bc37c56195d3d77fa8a48f142d5bbd9eb9c54a7f20d35b22ac2c323801c034ce8c567fb3c9277e52c403ed7c4ee9195464b5dc9aa1506a6887d4ce7a7b"}, @generic={0x3, 0xf8, "6d247d6f11aa5d829d502b9968f5016fcd7f37877d144e745519a4d01f2defb91e745de8c8cda41ad0c991e715a2290d780913cb3729ceb655090609b660e0427db266b505385642df4537cf4f6471f8f7991c23510e32a050100ce5e7ae9a71463d182dc9d5cd152dce4ad0ca845f30f8d6945bad9e808ffa5c1fec14e1fa17ffdc08c513bda14c4c00679060de2ebd2eb24bbe214f9866b7413276a8bb6e7e53a682079a594e75262cb43bda278ce6c10f9ae68b3b232025a6e4be57aa80a2a96180cc58aab33877e997678732715aa71507bdcd1c4026384b70ba4120aca39fcf77a8995b9963884862980f85766ea0256eb109474c4b"}]}], @param_prob={0x4, 0x1, 0x0, 0x4e5, {0x9, 0x6, "a6d24f", 0x5, 0x3b, 0x1, @local, @private1={0xfc, 0x1, '\x00', 0x1}, [@dstopts={0x5e, 0x3, '\x00', [@pad1, @enc_lim={0x4, 0x1, 0xfe}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, @hopopts={0x16, 0x1, '\x00', [@jumbo={0xc2, 0x4, 0xa}, @jumbo={0xc2, 0x4, 0x1}]}, @fragment={0x62, 0x0, 0x0, 0x0, 0x0, 0x19, 0x67}, @dstopts={0xff, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x8}]}, @fragment={0x33, 0x0, 0x4, 0x1, 0x0, 0x4, 0x66}, @hopopts={0x0, 0x0, '\x00', [@enc_lim]}]}}}}}}}, 0x0)
r9 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r9, &(0x7f0000000580)={0x2, 0x4e24, @remote}, 0x10)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r9, 0x111, 0x2, 0x1, 0x4)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r11)
sendmsg$NLBL_CALIPSO_C_ADD(r11, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000000)={0x24, r12, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0xc840}, 0x20020000)

5.676396072s ago: executing program 3 (id=3689):
r0 = syz_io_uring_setup(0x498, &(0x7f0000000f80)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
r3 = eventfd(0x401)
io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000040)=r3, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001060000000000000000004e001a28000000000adf00000000005e1affd502000000080001"], 0x7c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_CQM(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="34020000", @ANYRES16=r5, @ANYBLOB="050000000000000000003f00000008000300", @ANYRES32=r6, @ANYBLOB="6c005e80080003000300000008000200a609000008000600c0dc00000800090005000000080007009801000020"], 0x234}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x8, 0x2000, @fd=r0, 0x4, 0x6, 0xe, 0x14, 0x0, {0x1}})
io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0)

4.555416856s ago: executing program 1 (id=3690):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x8, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2)
gettid()
shmget$private(0x0, 0x2000, 0x100, &(0x7f0000ff9000/0x2000)=nil)
sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20104}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x2c, 0x0, 0xb, 0x201, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_COMPAT_REV={0x8}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x20044840)
r5 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0)
r6 = signalfd(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x64, 0x0, 0xa, 0x900, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_USERDATA={0x50, 0x6, "68346946699ebc8135ef987053e4ea6097313b3d10fee1fb5540332f0b68d5051915e4b00ea639572be84d4cc6a743e350f1135356eb5be22c75286f2a285323776699a7a15cda7de97ca823"}]}], {0x14}}, 0x8c}}, 0x4000)
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, &(0x7f0000000100)="26c2", 0xfffff, 0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0xa, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r5}})
ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0xffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0xf0f041, 0x0, '\x00', @ptr}})

3.251400686s ago: executing program 1 (id=3691):
openat$rtc(0xffffff9c, &(0x7f0000000480), 0x0, 0x0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000400)={0x53, 0xfffffffffffffffe, 0x1, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000240)="a8", 0x0, 0x8, 0x0, 0x1, 0x0})
r0 = syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x4, 0x312}, &(0x7f00000029c0)=<r1=>0x0, &(0x7f0000000300)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7})
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x20, 0x0, @fd, 0x5, 0x0, 0xb, 0x7})
r4 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
r5 = socket$packet(0x11, 0x2, 0x300)
getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140))
r7 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
close(0x3)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
writev(r7, &(0x7f0000000880)=[{&(0x7f0000000280)="a5", 0x1}], 0x1)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x2, 0x0, 0x1, {0xc, 0x1, 0x0, 0x1, [{0x8}]}}]}]}, 0x34}}, 0x0)
io_uring_enter(r0, 0x7277, 0x0, 0x28, 0x0, 0x0)

2.907928684s ago: executing program 5 (id=3692):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x80fff, @empty, 0xfffffffc}, {0xa, 0x4e1d, 0x3bb, @mcast2, 0x7}, r1, 0x10000007}}, 0x48) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f00000001c0)={0x4, 0x8, 0xfa00, {r1, 0x136b}}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000066a6600836ffff3b006f375d7152f009f6294e51ee19025b084d77c2a0c8ae95f26a19b1298ba9fe", @ANYRES16=0x0, @ANYBLOB="020026bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0x15}, 0x20000806) (async)
socket$unix(0x1, 0x5, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2000, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x80100, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xffb3}, {0x0}], 0x2) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) (async)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) (async)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) (async)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
mremap(&(0x7f00003ab000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f000024a000/0x1000)=nil)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000180)={0x3ff, 0x8, 0x5}) (async)
r5 = syz_io_uring_setup(0xec5, &(0x7f0000000440), &(0x7f0000000080)=<r6=>0x0, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
io_uring_enter(r5, 0x95d, 0xfa39, 0xc1, 0x0, 0x0) (async)
io_uring_enter(r5, 0xedd, 0x8acb, 0x41, 0x0, 0x0) (async)
modify_ldt$write(0x1, &(0x7f0000000040)={0xd35, 0x1000, 0x4000}, 0x10) (async)
modify_ldt$write2(0x11, &(0x7f0000000080)={0x5, 0x1000, 0x4000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, 0x0)

2.889453822s ago: executing program 5 (id=3693):
r0 = fanotify_init(0xf00, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x420141, 0x125)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb299b000)
capset(0x0, &(0x7f0000000080))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f00000006c0)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ff}, 0x94)
mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0xf000, 0x3, &(0x7f0000009000/0xf000)=nil)
mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil)
r2 = syz_io_uring_setup(0xdd4, &(0x7f0000000140)={0x0, 0xce2b, 0x8, 0x3, 0x352}, &(0x7f00000005c0), &(0x7f0000000300))
io_uring_register$IORING_REGISTER_CLOCK(r2, 0x1d, 0x0, 0x0)
syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
creat(&(0x7f00000001c0)='./file1\x00', 0x184)
syz_usb_connect(0x6, 0x0, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x400448cb, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000600)='.\x00', 0x0, 0x6)
getdents64(r1, &(0x7f0000001f80)=""/4102, 0x1006)
syz_usb_connect(0x6, 0x2d, &(0x7f0000002fc0)=ANY=[@ANYBLOB="fc6d09bd6358ffd882065daf6c8b11d12c11c8fe027025b38732b03d7977c982a059421296f0e809287db057e01fa96fc41954485b372cd22f226015366c52d1361a4a92f311cd6387d1805b5a8be6b555ffac8f4b35930389cb9bc9b538457c0af835f8900ecf17c515ab3328d1d0c3f9a362e25099b9b6723a5af188d43dcd3b9c6718ab0c793188dad025ce1e6d4293f0e6d848c05073836ec7772f1a7d1b3f77bdfb408f09713b62c722f88e888c8cba8928b1a14cba0b03c07495baf6db36e0dfd3ac15a793243f9a9d64d9f2ca1f8495e205865f31170aaf79d95a5d89713dca84c56bce48d66c1574ee3e48f1c764803c6e30e9a56207cbadea274c53a68ea6e679291fec708a95aa38d8d85ba626b0de1033e456365ccafa608032e1938a9374eea6ebbac6c8b0d9ab90342278c0e38d3a115f004eecac432b262446e7284aa0e78264f0ed28c99ece9651661dc132ced1f9c4767e2a3b5a15c991e056a9196766f84d12d891273f768da0c3fd4dcbe7ea8ed09076910e5fb1b9459303bc9970d0b6d7ccdd5ebef6bcae57a1c8e69b29f6118da9ceaacbed86b0b6d7e5cea0be0bcf9f0795cb0162322537fa733a695f7d27ae685a4ee002714fbe45f142d2128dc01b8a6ed9b5bbf3f1695399ca343c994ede7a325ec68d07c3f4273730d84c33b0a915e29b33932f229921e576e4bc4246c2a1da9363094c6085b8d1d2679fdfb929294c0659300e0abe7e7d828a7972eba8254355e32af33d01ce29ead5808946187077a0fad901a7d9b66f4fb67b70eb1c332eb7b78ca77d24787dbfd5edae9f216345f282a2d6d5dd6ba58f4b03deeb4564c0a42cf8849d2f4ed3277e9526d1d2467ddcdaa8e5269abdf11fa71cd88cacd44588cea1b64010401d406061d7d397f90d27e9ee7e5b2909ad5804f5a7fc8907ef3d74f4630f7f8ebb12798e3bc375147a4f0626796c650cd6915eebf49fd329d33094b69a77a242f2a933fa6d4d3e737d068208d44112b8e9542523ab47768ec5c9cb3e8f30bea5f000e2df4912806754028494ac740588171d09200c83232d84a91262aeac3dd898a372254b4cb8fd03a1b55c97d5ed11725afb18412c74342c0c7aeeeb05e5f45f5c56378f1a7ecc65ddf34704e6082152beccdb07e877307b271ad4345e314bf33ad47ce73f33f3a0442ca5cbf06eebddfefb441d9844846a11a06cca232884f94c76c52dfed7b5ef554e64d15df9d67483058fc90b2708a348d73a2818072d48859396c2c346739df6617a31eb62890100cd9a7237d3e5e5b96a1414a3a21032f7f9ec780cec772fb9dc438ab5759d4fede14a87ff3af43fb5a91bef0a4cbbb5f0f9c5e441b2abbbfa6f0b443a3ba08fbd901d883dddb5058b6534c119d5167583c4f5da831453ec83bf88ece7d1878b8b2ad9f1d6bb4e1120f00a44624ceb57b8db15f0ab8bb9f8850c4588e5a6b1130202f04cf9b4124ce3a426ac561bde54456d88d95db7e20ee1c86ee054597fbf9399ef866e94b12b2b6afb0bf90e3f522a0aff8bb1fd5acbaebb49f6ce7f16c1d7f616c3a9e00e86044d780650a940be449edbfd46c1908ac341ae7688a2a50684c6e8b0d5231a0bd28042a2d22b22c04a048fd6e17c9fa89e21d8e202ce777dfe010482dff7742b548209f85563df48d7ed7c39949a19d8675c41e9f20e48a07dfbd7d7bd70ad1b5bb161e1ba0348c5ce83081b5a46b7d01a5d8f4189c83edb5d0cd2519116f7338a9b254b557a58e0ef1f68f02036eadcee7ae48feb23826f7a786cf2638a0391607722976b758d9a0419669c67eb369d18476a77a96e237cb5a4d0b5c3d45ee98d3ca6bd2a28995a46fc703d8b6d3119ceec7968be0f0432796919d04feb7cabda1f589e9ffa4980a273e30206d5e9b4afc0166f1081265d5b4b1783afde8203de1169f634a718b934fd41637ba7e3b03b60e54ef3611b9bb95ddf07717bee9d05b22db45c7d01025dbc55022fa188f8ff198428aaf37ee18c250b774e12f8c6c2725637134dc1b1517be843b5d297b957fa4df9664141de441b0a147e18052a78d4276412760895164328d6af735f026ac082beda9078cccb5e4d144362e9ffa75586a749b710c36ef3cf959804b4ee9504cc10adde7b58ad8a91a0c4061ca446038f8732fb557a6866f078dfdab9bd6ea402d70d09c57b7c4fa166d75b2bec47343675c4652413767a8811676f8f58599881e0f8cbb856ea6385ae1a4072bd7e02ae933dd58487f76f449ce5a3d8ff6b620c3f702786d5ab7b65babe54e70aa4ba0479bcfbd9de39713bc20e68d6070f23994f9de5ba1abc24493b188ef3c755620c3c69d2b5610842363cbe5489d0657392820ddb3c959c4d42c397e0cdb462fa257e36ea45a8eb8cb1bc75a8dda7820c6924b62a0f98a7673e9123c4599c06d0009ea2a600867c1f1851d60fa3c96c274aaf06b77d8c5bfef4fdfaca7e3183ac6255eafc50c2d05a342f90e20b872180388975c1340fc47375ae8d0d2f08719efc22748d26534629c4263addde830187ed81967b9bd375403eaee88cf6146ecf85bcdb55ce94ff846bfbac8f2b4649d676c03e0241812048cc1a285fa319f37fe3d65b51aba8755354a5e5041c6137629299b6bf44fe006361a726e83539778dfa78b5fdc18bee1118cca6f4f2ff510f32aee8df788e820926ff976c526444b6e1c477364000162d61d5a84aa7c2b4cecacb4b6d042eca211385283b0064f0bd12327c575cde097f4f499980957d74786a35ff5d47a1f4020f609bf7acbbb8eb039ecbcee44395e9cbb938077594fcec1ef4ffbe41b9e35b278accc5aca97b99dba62c08bada48b101239f82c27d4b08d50d4968dedde8dbd2834188a9cefa77b74bd63672858aadb62b8125c68602bf986364b66b6a6e503e423f4007565728ebfff79e10b2169d16ee21488f61d5f18e5f4d53219af24c98ae5e968fd39cd07dbf774fc6b075f0de641edc4e381ec09091b4d7aa593207f319ac01a96265c6e9c5950c39ad65f1db4182e0a6a3dd7a6507817a793dda9077ef27d1e039348884f6140cf3ef090b1b8e6f27c5acfcc697da8f2f8d2a649bdb7c151b0725c5626208a1d0f5fb9d0ebdf829003a6bc6fcfd8259022c075a6e390d9d808a393879f22631d93b81132fc51ec972ffbcdf513aa08486e9a068df24e3472ccfcaf7092987c6b41f4afc1998e5df5695121c0e1be982699d56278b7599046c37247870860cf78f11c96a9998472b1e2f2bda649c6e76e6cf1aedc93edaf0dac1cd56035d3b0a643ce78a87a21552e209737ea2d8f2b7742a6cb10b9a10b8a07a120d3847785c9d15f2f4277b2991691eb054d459f281ac5e8b23eb9e6b714ee5bfd71be3051edb2af082f72e2ef68a85aaea5248804031dfafeda49fc4cd79f514736236405d500f78c1468c237e53182a0faa48c2f8558d1337d52544ee1241b82be09cf32b3bd7037eb941c081327d3e8857fc18c7e6cff55fffb6e4e15e39b2f8c174b3801a8d1b18723adf029080db496a28da06aa67be8a3a2f5d8a1bd64472c116b2d7c48700cdc9b4cc2deeee8399c2d575f5cbe3ea6b0f9fc021dfba85d02f409740de48a6d677d40e1999eaab9de2a686693f3105cc79f9333fd8dae816dd03673d5a296503b88277e1656fbdba75f75df94c1e1f43b1116edaff8b840d594904fa714f731db22e3a937a1ec61ae34590e13a7bfdcec6aabc8f3a3818280c203029f331e938d916209038d5e87f6f7f47bb89469841c13a6d6efee1ddd3d6513f1e51e3f64c0492c10d5ddaca0601c184937fea01c45af4ebba0d27b4fb8d6ac012be050303153944203c4b6079bb7251cad5940a0b72d2edc22a95e205711d9124019335e73a4039c58702162c5ec8f62df95868ac906162b1e2c9b464cd603de6f99970caa5c89e854fc7d30a0a9ba6e165efec9ca946cae83514b3e6fbca7645ebc681f92907c8c15b4a8181ceb1999a6ce6a2150f85728ea4d322258f09d85fa5c044359297c2a53e94ba3a517e87ee26fb9244289cc9a3b13066c7e3fcbd1219961a39db97f1c56f12a8922843cb6e98c876fe934c32a7ca9f9637a0f03d1ff204e596660dd6dbe265127dc47a9616f80d1eb277b307fa52052bebdcaa89acf871d020e3d68c4f77725f7fabc809b449bd9401e7144a61886fe8024d7a1e21a971df2940838655d8be7b885580eb6c704a29eea281ab9206fb227c5dc1912df5c6160139a0c97847d57f354ef25ec204b181d987ff0eb3ba9b7579629f25473d721aae38b4dfb6c90dd95eac905992740dd045efe9b6b1c708f3b4a7fdc7e1b9686da6dd6ac7fc65749c0be214925c15e02581b00ee827fa0d4342f68132b32888ff1450ef87020e801c8c4d6a1082c6634b7e64", @ANYRES64=r3], 0x0)
fanotify_mark(r0, 0x541, 0x103a, r1, 0x0)
pipe2(&(0x7f00000000c0)={<r6=>0x0, <r7=>0x0}, 0x0)
vmsplice(r5, &(0x7f0000000080)=[{&(0x7f0000000340)="dd7698ea1445e41e223554124112131bd69d846e4ec7ae79054f1c643377ca7536fbd8a45d3b6c07bc15bc7732ff04b837fda271a0fd461127b7ad98e842083d47d9a3f5aec603335bb102de89b33ad9de4cd91dcb06964ac6b02bf04830b954c2d4718706dbf4916b93f94711544b9e2e3691c51720f68f74c439cc7fd3220c213c4377e96d08953524cfa05dbd1559072f55fc690fce249ede15ef25a2666b86462801324eea6a9bac76ae7d066de33336df85f73a132a4acd10894482e8ac3e08abf356d2cc2756861784318228e600"/224, 0xe0}, {&(0x7f0000000700)="e60a000000000000003ab0a9506062f04eb2b98e77d9e9ec1c5c88982139192fb0c3af7219f647cb985489ba27494a36a90d1e94e1578b92af584ae84c26ff1b0ea566b2da9ab965c3bba224a43427c46b66b6da4a566a192262821db0bb2a44311a661f605a20919908000000ae585f270e00000000000000936590fe1c7ce1870310083dd9aac11fd301ed14b3d8bbda9fbccae4e168237f39f987a21c7e85bf7cf02a2ff22f7a4c028c7db8acb49b7ded1a6dc2ed3989a6746ccce2b6127f24c803eee1d33334c53de68d62b32277e5aea00322bab173f4baf64126880683c9be4566683700000000000000007b74d9772c33100c3d58f1732bc47eef099e0ae54057c85e6f220e61a6f5b9d8502ea557252a37baeb63245403f44cc5d366050118ae31440f8a84ccd9f5943733000000", 0x132}, {&(0x7f0000000100)="decfd26c1d9001fdf4f8427f11fff4", 0xf}, {&(0x7f0000000200)="88eaae0bb71657e108fc0ab938b32e0ad52b403b2ca8d85723891f24d9c3cfdbeaccc98b755261b7afcf17f7c8f022dd578912e8049c3965e2691219b4053941677eb8bfed5f0aad075ea199787f2c45f42b3524627f0b140211ee8eb0aba66b374d6c81461b737c26dbeaef5d74baee5ac847e4af4dd6639bb236263412ff5ef1ca54137aa1eb9a97161565f982121c6d9b20b8392cec0f409169f5dc95ad4ecc4e119da10718234aa6ab535daa87a1fee052a3cea85e8eb060ff", 0xbb}], 0x4, 0x5)
syz_kvm_setup_syzos_vm$x86(r7, &(0x7f0000bfe000/0x400000)=nil)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x84)
splice(r6, 0x0, r8, 0x0, 0x1, 0xb)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r9, 0xc0045009, 0x0)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x48})
syz_usb_connect$hid(0x2, 0x36, 0x0, 0x0)

2.555541429s ago: executing program 3 (id=3694):
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@newlink={0x20, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2009a, 0x1}}, 0x20}, 0x1, 0x0, 0x0, 0x4004804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = dup3(r1, r2, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r5=>0x0})
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001a80)={0x3, 0x4, 0x4, 0xa, 0x0, r3, 0x3, '\x00', 0x0, r3, 0x5, 0x2, 0x1}, 0x50)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002cbd7000fedbdf253100000008005200", @ANYRES32=r0, @ANYBLOB="08000300", @ANYRES32=r5], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4000004)
sched_rr_get_interval(r0, &(0x7f0000000000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000100), 0x7, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102392, 0xe2394f4d09c83bce)
r7 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000300), 0xa0280, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r7, 0x80045518, &(0x7f0000000340)=0x3)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="02000000040000000800000001"], 0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000001b00)={0x15, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe00000000a4080000000000007b8af0ff00000000bda100000000000007000000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b704000008000000850000001a00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x463c3f5ca51b0b3f, &(0x7f0000000040)=0xfffffdfc, 0x0, 0x4)
ptrace$ARCH_MAP_VDSO_X32(0x1e, r0, 0x483, 0x2001)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r9, 0x10e, 0x5, &(0x7f00000001c0)=0x9, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x801, 0x0)
r10 = syz_open_dev$usbfs(&(0x7f0000000500), 0xb, 0x8041)
ioctl$USBDEVFS_CLEAR_HALT(r10, 0x80045515, &(0x7f00000000c0)={0x1, 0x1})

2.420808595s ago: executing program 3 (id=3695):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000001500)='cpu.max.burst\x00', 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x7, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0xffffffffffffffff})
r3 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="5500000020007fafb700fe7f0000000081000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f1c46b7b31afdc1338d5e801e0b009000000000100005ae583de0dd7d8319f98af84fda542e718f9", 0x55}], 0x1}, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
socket$inet_udp(0x2, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x1b)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080))
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)=0xdfe5)
ptrace$ARCH_SHSTK_LOCK(0x1e, r1, 0x3, 0x5003)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36)

2.0853168s ago: executing program 5 (id=3696):
r0 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000000)={{0x3, @default}, [@remote, @remote, @null, @netrom, @null, @rose, @null]}, &(0x7f0000000080)=0x48, 0x80000) (async)
times(0xfffffffffffffffe)
r1 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) (async)
sendmmsg(r1, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f00000005c0)=[{0x10, 0x29, 0x36}], 0x10}}], 0x1, 0x4000000)
close_range(r0, r1, 0x2) (async)
syz_usb_connect(0x5, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="12015002a39ee2087c2c9602589e0102030109021200010607a007090404460008cae205"], &(0x7f0000001540)={0x0, 0x0, 0x0, 0x0}) (async)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010100}]}, &(0x7f0000000180)=0x10) (async)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r4=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f0000000480)={r4}, &(0x7f0000000000)=0x8) (async)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000100)={r4, 0x3}, 0x8)

1.77941175s ago: executing program 5 (id=3697):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000140)={0x80, 0x6, 0x303, 0xfff, 0xe0, 0x0, 0x0})
r1 = io_uring_setup(0x664c, &(0x7f0000000500))
syz_open_dev$video4linux(&(0x7f0000000c80), 0x7, 0xc82)
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0xa, 0x922000000003, 0x11)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r3, 0xc0045540, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3}, 0x94)
r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000340)={&(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4, 0x3, 0x5, 0xa})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='qdisc_enqueue\x00', r4}, 0x18)
r6 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000380)={0x1d, r7, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmmsg$sock(r6, &(0x7f0000001c80)=[{{0x0, 0x0, &(0x7f00000019c0)}}], 0x1, 0x10)
setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000003c0), 0x4)
r8 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0)
sendfile(r8, r9, 0x0, 0x106f)
mount$9p_tcp(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080), 0x800000, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=tcp,port=0x0000020000004e23,'])
sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4, 0xffffffff}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000470000000000000000fdffffff180100002020691300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7e0000008000000b70300000000000085000000ca000000950000000000000021cbec8a419f0cf508f28355fa6aa23e653e6b1631df8f5c2cdeabb93e0a96d9399087d64f3f8624b8070b6b4382ef94801514ad3757d93d1535f06d83ad95df6d678d8f22bfa90f406859cb3fc4d3ff857ed72084a6f3ee54cb176dbf8c96d64131a8fb4087cf365c3300000000000000000009a3a45b294bd81cdb25291041e5256337012a9b9e27960ffd28e0d8945bc4954552b6bb3b721f239244e9e6365c642bdc3158190382e765c9c9043663a626aa977fb6135470f9748a26c325dd31f12210c0f1a90b41201d5bb41cc6e6e51c1e23bf7cde4bcc9468c07d6817904c3232cfb2d2d1c06f95409c0f23cecf5f3a7c"], &(0x7f0000000000)='GPL\x00', 0xd, 0xfe7, &(0x7f0000002e00)=""/4071, 0x0, 0x54}, 0x94)

1.378273971s ago: executing program 3 (id=3698):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x80010, r0, 0x58e5b000)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
ioctl$HIDIOCGFLAG(0xffffffffffffffff, 0x8004480e, &(0x7f0000000500))
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
r2 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r2, 0xffffffff80000901, 0xee00, 0x0)
ioctl$SNDCTL_DSP_GETCAPS(r1, 0x8004500f, &(0x7f0000000540))
r3 = socket$phonet(0x23, 0x2, 0x1)
open_by_handle_at(r3, &(0x7f0000000380)=ANY=[@ANYBLOB="140000000500000001000080ff070000070000004a0f0000060000006b00007414ae8a162938c058b7b7e4fc06ca98"], 0x0)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000600)='/proc/sys/net/ipv4/tcp_recovery\x00', 0x1, 0x0)
write$sysctl(r4, &(0x7f0000000580)='1\x00', 0x2)
r5 = shmget$private(0x0, 0x3000, 0x200, &(0x7f00002f3000/0x3000)=nil)
shmat(r5, &(0x7f0000ffb000/0x4000)=nil, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYRES32=r0, @ANYRESOCT=r1], 0x0)
rmdir(&(0x7f00000001c0)='./file0\x00')
write$sysctl(r4, &(0x7f00000000c0)='2\x00', 0x2)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='net/ip_tables_matches\x00')
pread64(r1, &(0x7f000004b680)=""/102363, 0x18fdb, 0x2)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r8, 0x8208ae63, &(0x7f0000000100)={0x2, 0x0, @pic={0x0, 0x5, 0x5, 0x93, 0x0, 0x0, 0x4, 0xbb, 0x2, 0x81, 0x6d, 0x26, 0xfa, 0x7, 0x95, 0xd}})
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r6, 0xc0506617, &(0x7f00000003c0)={@desc={0x1, 0x0, @auto="a559f656749ddc37"}, 0x40, 0x0, '\x00', @a})
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET_DEF(r9, 0x4b72, &(0x7f0000000480)={0x2, 0x0, 0x10, 0xd, 0x18a, 0x0})

1.377001323s ago: executing program 5 (id=3699):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x24, 0x6, @broadcast}, 0x14)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
openat$mice(0xffffffffffffff9c, &(0x7f00000005c0), 0x80)

533.277131ms ago: executing program 5 (id=3700):
openat$tun(0xffffffffffffff9c, 0x0, 0x22000, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010d0000000708b5192100c7000000000109021b00022071ac00090400000107000009090585cf"], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r5, 0x0, 0x0)

26.105552ms ago: executing program 1 (id=3701):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x2}], 0x18}], 0x1, 0x40800)

0s ago: executing program 1 (id=3702):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
r0 = syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0)
ioctl$EVIOCGLED(r0, 0x80284504, &(0x7f0000000000)=""/56)
syz_usb_connect(0x2, 0x73, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0xc6, 0x8b, 0x0, 0x8, 0xbfd, 0x114, 0xeb57, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x61, 0x1, 0x6, 0x0, 0x0, 0xc3, [{{0x9, 0x4, 0xdf, 0x6, 0x1, 0x50, 0xd4, 0x4c, 0x9, [@cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0xc617}, {0xd, 0x24, 0xf, 0x1, 0xd303, 0x9, 0x5, 0x5}}], [{{0x9, 0x5, 0x1, 0x0, 0x200, 0xfb, 0x10, 0x8, [@generic={0x2f, 0x4, "ffb1eb0d1d14b8b5e1006b0c848a47894264e44abe6e6df5c1cd3164348b8f0dc45358117af5744281c09d6314"}]}}]}}]}}]}}, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f0000000240)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/221, 0xdd}], 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x300000d, 0x13, r1, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r5, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000f40), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r6, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010027bd7000fcdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0)
syz_usb_connect$printer(0x5, 0x2d, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 0000200000000100 RSI: 0000200000000180 RDI: 0000200000000140
[ 1203.831988][T16545] RBP: 00007f03c6356090 R08: fffffffffffffffe R09: 0000000000000000
[ 1203.832002][T16545] R10: 00000000000000ca R11: 0000000000000246 R12: 0000000000000001
[ 1203.832014][T16545] R13: 00007f03c8346038 R14: 00007f03c8345fa0 R15: 00007ffd037c3408
[ 1203.832048][T16545]  </TASK>
[ 1204.047957][T16542] genirq: Flags mismatch irq 7. 00202080 (ttyS3) vs. 00202000 (at-a2150c)
[ 1204.632646][T16551] FAULT_INJECTION: forcing a failure.
[ 1204.632646][T16551] name failslab, interval 1, probability 0, space 0, times 0
[ 1204.632681][T16551] CPU: 0 UID: 0 PID: 16551 Comm: syz.0.3376 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1204.632704][T16551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1204.632716][T16551] Call Trace:
[ 1204.632725][T16551]  <TASK>
[ 1204.632735][T16551]  dump_stack_lvl+0x189/0x250
[ 1204.632767][T16551]  ? __pfx____ratelimit+0x10/0x10
[ 1204.632793][T16551]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1204.632820][T16551]  ? __pfx__printk+0x10/0x10
[ 1204.632850][T16551]  ? __pfx___might_resched+0x10/0x10
[ 1204.632873][T16551]  ? fs_reclaim_acquire+0x7d/0x100
[ 1204.632904][T16551]  should_fail_ex+0x46c/0x600
[ 1204.632936][T16551]  should_failslab+0xa8/0x100
[ 1204.632964][T16551]  __kmalloc_cache_noprof+0x6f/0x6c0
[ 1204.632990][T16551]  ? snd_mixer_oss_put_volume1_vol+0xbb/0x510
[ 1204.633026][T16551]  snd_mixer_oss_put_volume1_vol+0xbb/0x510
[ 1204.633060][T16551]  snd_mixer_oss_put_volume1+0x1c6/0x8b0
[ 1204.633085][T16551]  ? snd_mixer_oss_ioctl1+0x60b/0x19f0
[ 1204.633114][T16551]  snd_mixer_oss_ioctl1+0x6ae/0x19f0
[ 1204.633146][T16551]  ? __pfx_snd_mixer_oss_ioctl1+0x10/0x10
[ 1204.633169][T16551]  ? smk_tskacc+0x2fc/0x370
[ 1204.633200][T16551]  ? smack_file_ioctl+0x2ac/0x340
[ 1204.633229][T16551]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1204.633267][T16551]  ? __fget_files+0x3a6/0x420
[ 1204.633292][T16551]  ? __fget_files+0x2a/0x420
[ 1204.633319][T16551]  ? __pfx_snd_mixer_oss_ioctl+0x10/0x10
[ 1204.633344][T16551]  snd_mixer_oss_ioctl+0x48/0x60
[ 1204.633370][T16551]  __se_sys_ioctl+0xff/0x170
[ 1204.633395][T16551]  do_syscall_64+0xfa/0xfa0
[ 1204.633419][T16551]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1204.633443][T16551]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1204.633462][T16551]  ? clear_bhb_loop+0x60/0xb0
[ 1204.633486][T16551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1204.633505][T16551] RIP: 0033:0x7f291431f6c9
[ 1204.633523][T16551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1204.633540][T16551] RSP: 002b:00007f291257e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1204.633562][T16551] RAX: ffffffffffffffda RBX: 00007f2914575fa0 RCX: 00007f291431f6c9
[ 1204.633577][T16551] RDX: 0000200000000300 RSI: 00000000c010f508 RDI: 0000000000000003
[ 1204.633596][T16551] RBP: 00007f291257e090 R08: 0000000000000000 R09: 0000000000000000
[ 1204.633609][T16551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1204.633621][T16551] R13: 00007f2914576038 R14: 00007f2914575fa0 R15: 00007fffcbf665b8
[ 1204.633657][T16551]  </TASK>
[ 1205.065602][T16559] netlink: 'syz.2.3379': attribute type 4 has an invalid length.
[ 1205.065623][T16559] netlink: 17 bytes leftover after parsing attributes in process `syz.2.3379'.
[ 1205.684657][T16563] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3381'.
[ 1205.684687][T16563] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3381'.
[ 1205.684706][T16563] netlink: 81 bytes leftover after parsing attributes in process `syz.5.3381'.
[ 1205.792764][T16568] fuse: Bad value for 'fd'
[ 1205.806789][   T37] kauditd_printk_skb: 29 callbacks suppressed
[ 1205.806806][   T37] audit: type=1326 audit(1762747189.220:4920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16567 comm="syz.3.3380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1205.808148][   T37] audit: type=1326 audit(1762747189.220:4921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16567 comm="syz.3.3380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1205.813902][   T37] audit: type=1326 audit(1762747189.220:4922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16567 comm="syz.3.3380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1205.834524][   T37] audit: type=1326 audit(1762747189.250:4923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16567 comm="syz.3.3380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1205.834802][   T37] audit: type=1326 audit(1762747189.250:4924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16567 comm="syz.3.3380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1205.843321][   T37] audit: type=1326 audit(1762747189.260:4925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16567 comm="syz.3.3380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1205.844891][   T37] audit: type=1326 audit(1762747189.260:4926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16567 comm="syz.3.3380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1205.844940][   T37] audit: type=1326 audit(1762747189.260:4927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16567 comm="syz.3.3380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1205.846894][   T37] audit: type=1326 audit(1762747189.260:4928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16567 comm="syz.3.3380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1205.847944][   T37] audit: type=1326 audit(1762747189.260:4929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16567 comm="syz.3.3380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1205.850222][T16568] netlink: 'syz.3.3380': attribute type 9 has an invalid length.
[ 1205.850241][T16568] netlink: 'syz.3.3380': attribute type 7 has an invalid length.
[ 1205.850255][T16568] netlink: 'syz.3.3380': attribute type 8 has an invalid length.
[ 1205.969529][  T993] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 1206.565279][  T993] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1206.565311][  T993] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1206.565341][  T993] usb 6-1: Product: syz
[ 1206.565356][  T993] usb 6-1: Manufacturer: syz
[ 1206.565372][  T993] usb 6-1: SerialNumber: syz
[ 1207.759512][ T5983] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[ 1207.843853][T16583] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3387'.
[ 1207.909428][ T5983] usb 2-1: Using ep0 maxpacket: 16
[ 1207.911896][ T5983] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1207.911930][ T5983] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1207.920571][ T5789] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[ 1207.921195][ T5983] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1207.921278][ T5983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1207.921289][ T5983] usb 2-1: Product: syz
[ 1207.921297][ T5983] usb 2-1: Manufacturer: syz
[ 1207.921308][ T5983] usb 2-1: SerialNumber: syz
[ 1208.012691][ T5983] usb 2-1: config 0 descriptor??
[ 1208.025904][ T5983] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1208.025935][ T5983] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[ 1208.085594][  T993] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[ 1208.085659][  T993] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO
[ 1208.088617][  T993] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[ 1208.088675][  T993] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1208.089658][  T993] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1208.121063][ T5890] usb 3-1: new full-speed USB device number 100 using dummy_hcd
[ 1208.176453][ T5789] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1208.176749][ T5789] usb 4-1: New USB device found, idVendor=05ac, idProduct=021e, bcdDevice= 0.00
[ 1208.176851][ T5789] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1208.363528][ T5890] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1208.363558][ T5890] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1208.424706][ T5789] usb 4-1: config 0 descriptor??
[ 1208.450845][ T5890] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[ 1208.451017][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1208.451201][ T5890] usb 3-1: SerialNumber: syz
[ 1209.003173][ T5890] usb 3-1: 0:2 : does not exist
[ 1209.003234][ T5890] usb 3-1: unit 53 not found!
[ 1209.010187][ T5789] usbhid 4-1:0.0: can't add hid device: -71
[ 1209.010265][ T5789] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1209.013854][ T5983] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[ 1209.015042][ T5983] em28xx 2-1:0.0: Config register raw data: 0x41
[ 1209.021173][ T5789] usb 4-1: USB disconnect, device number 98
[ 1209.091699][  T993] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71
[ 1209.111275][ T5890] usb 3-1: USB disconnect, device number 100
[ 1209.133208][  T993] usb 6-1: USB disconnect, device number 35
[ 1209.239068][T16588] tty tty2: ldisc open failed (-12), clearing slot 1
[ 1209.272218][ T5868] usb 2-1: USB disconnect, device number 114
[ 1209.274474][ T5868] em28xx 2-1:0.0: Disconnecting em28xx
[ 1209.301250][ T5868] em28xx 2-1:0.0: Freeing device
[ 1209.371900][T16594] genirq: Flags mismatch irq 7. 00202080 (ttyS3) vs. 00202000 (at-a2150c)
[ 1210.618224][T16606] netlink: 'syz.3.3394': attribute type 4 has an invalid length.
[ 1210.618246][T16606] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3394'.
[ 1211.806667][T16618] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[ 1211.807103][T16618] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[ 1211.807125][T16618] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[ 1211.807140][T16618] UDF-fs: Scanning with blocksize 512 failed
[ 1212.204235][T16621] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3399'.
[ 1212.298795][T16618] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[ 1212.309517][T16618] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[ 1212.309547][T16618] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[ 1212.309559][T16618] UDF-fs: Scanning with blocksize 1024 failed
[ 1212.408356][T16618] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[ 1212.430828][T16618] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[ 1212.430887][T16618] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[ 1212.430929][T16618] UDF-fs: Scanning with blocksize 2048 failed
[ 1212.599867][T16618] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[ 1212.599981][T16618] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[ 1212.599992][T16618] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[ 1212.600000][T16618] UDF-fs: Scanning with blocksize 4096 failed
[ 1212.600006][T16618] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1)
[ 1212.782705][T16630] overlayfs: missing 'lowerdir'
[ 1213.403192][ T5890] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[ 1213.429936][T16639] genirq: Flags mismatch irq 7. 00202080 (ttyS3) vs. 00202000 (at-a2150c)
[ 1213.673970][ T5890] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1213.674019][ T5890] usb 3-1: New USB device found, idVendor=05ac, idProduct=021e, bcdDevice= 0.00
[ 1213.674045][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1213.713671][ T5890] usb 3-1: config 0 descriptor??
[ 1214.874873][ T5890] usbhid 3-1:0.0: can't add hid device: -71
[ 1214.886057][ T5890] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1214.900785][ T5890] usb 3-1: USB disconnect, device number 101
[ 1215.025595][T16653] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1215.045664][T16653] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1215.050502][T16653] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1215.061353][T16653] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1215.062100][T16653] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1215.121101][T16655] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3410'.
[ 1215.121546][ T5868] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[ 1215.309564][ T5868] usb 2-1: Using ep0 maxpacket: 32
[ 1215.698777][ T5868] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[ 1215.698811][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64
[ 1215.721285][ T5868] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[ 1215.721317][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1215.721337][ T5868] usb 2-1: Product: syz
[ 1215.721351][ T5868] usb 2-1: Manufacturer: syz
[ 1215.721366][ T5868] usb 2-1: SerialNumber: syz
[ 1215.726601][ T5868] usb 2-1: config 0 descriptor??
[ 1215.780691][ T5868] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1215.829482][  T993] usb 4-1: new full-speed USB device number 99 using dummy_hcd
[ 1215.956541][ T7361] usb 2-1: Failed to submit usb control message: -71
[ 1215.956577][ T7361] usb 2-1: unable to send the bmi data to the device: -71
[ 1215.956595][ T7361] usb 2-1: unable to get target info from device
[ 1215.956609][ T7361] usb 2-1: could not get target info (-71)
[ 1215.956920][ T7361] usb 2-1: could not probe fw (-71)
[ 1215.964191][ T5868] usb 2-1: USB disconnect, device number 115
[ 1216.023102][  T993] usb 4-1: config 0 has an invalid interface number: 151 but max is 1
[ 1216.023132][  T993] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1216.023151][  T993] usb 4-1: config 0 has no interface number 1
[ 1216.023195][  T993] usb 4-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1216.023208][  T993] usb 4-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 1216.023222][  T993] usb 4-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 64
[ 1216.023237][  T993] usb 4-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1216.025605][  T993] usb 4-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7
[ 1216.025633][  T993] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1216.025643][  T993] usb 4-1: Product: syz
[ 1216.025651][  T993] usb 4-1: Manufacturer: syz
[ 1216.025659][  T993] usb 4-1: SerialNumber: syz
[ 1216.069696][  T993] usb 4-1: config 0 descriptor??
[ 1216.109912][T16657] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1216.119548][ T5882] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1216.209592][  T993] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 1216.214403][  T993] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 1216.248511][  T993] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2
[ 1216.322700][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 198, changing to 11
[ 1216.322750][ T5882] usb 3-1: New USB device found, idVendor=093a, idProduct=8002, bcdDevice= 0.00
[ 1216.322772][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1216.328276][ T5882] usb 3-1: config 0 descriptor??
[ 1216.369638][ T5890] usb 4-1: USB disconnect, device number 99
[ 1217.073725][ T7367] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1217.124490][T16666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1217.138731][T16666] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1217.171548][ T5882] usbhid 3-1:0.0: can't add hid device: -71
[ 1217.171689][ T5882] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1217.180228][ T5882] usb 3-1: USB disconnect, device number 102
[ 1217.205825][T16653] Bluetooth: hci2: command tx timeout
[ 1218.324603][T16694] fuse: Bad value for 'fd'
[ 1218.327587][   T37] kauditd_printk_skb: 44 callbacks suppressed
[ 1218.327602][   T37] audit: type=1326 audit(1762747201.740:4974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16693 comm="syz.5.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1218.328197][   T37] audit: type=1326 audit(1762747201.740:4975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16693 comm="syz.5.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1218.328560][   T37] audit: type=1326 audit(1762747201.740:4976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16693 comm="syz.5.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1218.329477][   T37] audit: type=1326 audit(1762747201.740:4977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16693 comm="syz.5.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1218.329521][   T37] audit: type=1326 audit(1762747201.740:4978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16693 comm="syz.5.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1218.329664][   T37] audit: type=1326 audit(1762747201.740:4979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16693 comm="syz.5.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1218.330156][   T37] audit: type=1326 audit(1762747201.750:4980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16693 comm="syz.5.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1218.330398][   T37] audit: type=1326 audit(1762747201.750:4981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16693 comm="syz.5.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1218.330849][   T37] audit: type=1326 audit(1762747201.750:4982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16693 comm="syz.5.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1218.331274][   T37] audit: type=1326 audit(1762747201.750:4983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16693 comm="syz.5.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1218.331747][T16694] netlink: 'syz.5.3422': attribute type 9 has an invalid length.
[ 1218.331764][T16694] netlink: 'syz.5.3422': attribute type 7 has an invalid length.
[ 1218.331774][T16694] netlink: 'syz.5.3422': attribute type 8 has an invalid length.
[ 1218.358762][T16697] ref_tracker: memory allocation failure, unreliable refcount tracker.
[ 1218.489433][ T5890] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[ 1218.639452][ T5890] usb 2-1: Using ep0 maxpacket: 32
[ 1218.641730][ T5890] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1218.641750][ T5890] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[ 1218.641769][ T5890] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1218.643866][ T5890] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[ 1218.643883][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[ 1218.643894][ T5890] usb 2-1: Product: syz
[ 1218.643902][ T5890] usb 2-1: Manufacturer: syz
[ 1218.643910][ T5890] usb 2-1: SerialNumber: syz
[ 1218.648242][T16691] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1218.662295][ T5890] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input68
[ 1218.671243][ T5789] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[ 1218.752436][    C1] appletouch 2-1:1.0: atp_complete: usb_submit_urb failed with result -1
[ 1218.798647][ T7367] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1218.820391][ T5789] usb 3-1: Using ep0 maxpacket: 32
[ 1218.822785][ T5789] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[ 1218.822811][ T5789] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64
[ 1218.826168][ T5789] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[ 1218.826197][ T5789] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1218.826218][ T5789] usb 3-1: Product: syz
[ 1218.826309][ T5789] usb 3-1: Manufacturer: syz
[ 1218.826318][ T5789] usb 3-1: SerialNumber: syz
[ 1218.842099][ T5789] usb 3-1: config 0 descriptor??
[ 1218.883153][ T5890] usb 2-1: USB disconnect, device number 116
[ 1218.883234][    C1] appletouch 2-1:1.0: atp_complete: usb_submit_urb failed with result -19
[ 1218.926895][ T5789] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1218.997292][ T5890] appletouch 2-1:1.0: input: appletouch disconnected
[ 1219.108510][ T7378] usb 3-1: Failed to submit usb control message: -71
[ 1219.108548][ T7378] usb 3-1: unable to send the bmi data to the device: -71
[ 1219.108565][ T7378] usb 3-1: unable to get target info from device
[ 1219.108580][ T7378] usb 3-1: could not get target info (-71)
[ 1219.108889][ T7378] usb 3-1: could not probe fw (-71)
[ 1219.108956][ T5789] usb 3-1: USB disconnect, device number 103
[ 1219.277222][T16653] Bluetooth: hci2: command tx timeout
[ 1219.301607][ T7367] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1219.622038][ T5882] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[ 1219.714306][ T7367] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1219.811809][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 198, changing to 11
[ 1219.811862][ T5882] usb 4-1: New USB device found, idVendor=093a, idProduct=8002, bcdDevice= 0.00
[ 1219.811888][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1219.817271][ T5882] usb 4-1: config 0 descriptor??
[ 1221.498401][T16653] Bluetooth: hci2: command tx timeout
[ 1221.518319][T16711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1221.518654][T16711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1221.523019][ T5882] usbhid 4-1:0.0: can't add hid device: -71
[ 1221.523097][ T5882] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1221.525621][ T5882] usb 4-1: USB disconnect, device number 100
[ 1221.991664][ T5882] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 1222.589893][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 198, changing to 11
[ 1222.682118][ T5882] usb 3-1: New USB device found, idVendor=093a, idProduct=8002, bcdDevice= 0.00
[ 1222.682149][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1222.756974][ T5882] usb 3-1: config 0 descriptor??
[ 1222.819169][T16738] FAULT_INJECTION: forcing a failure.
[ 1222.819169][T16738] name failslab, interval 1, probability 0, space 0, times 0
[ 1222.819199][T16738] CPU: 1 UID: 0 PID: 16738 Comm: syz.3.3435 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1222.819217][T16738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1222.819226][T16738] Call Trace:
[ 1222.819233][T16738]  <TASK>
[ 1222.819240][T16738]  dump_stack_lvl+0x189/0x250
[ 1222.819272][T16738]  ? __pfx____ratelimit+0x10/0x10
[ 1222.819292][T16738]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1222.819314][T16738]  ? __pfx__printk+0x10/0x10
[ 1222.819339][T16738]  ? __pfx___might_resched+0x10/0x10
[ 1222.819366][T16738]  ? fs_reclaim_acquire+0x7d/0x100
[ 1222.819393][T16738]  should_fail_ex+0x46c/0x600
[ 1222.819418][T16738]  should_failslab+0xa8/0x100
[ 1222.819440][T16738]  __kmalloc_noprof+0xcc/0x7d0
[ 1222.819458][T16738]  ? tomoyo_encode+0x28b/0x550
[ 1222.819478][T16738]  tomoyo_encode+0x28b/0x550
[ 1222.819515][T16738]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1222.819540][T16738]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1222.819562][T16738]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1222.819585][T16738]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1222.819611][T16738]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1222.819634][T16738]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1222.819680][T16738]  ? __fget_files+0x2a/0x420
[ 1222.819704][T16738]  ? __fget_files+0x3a6/0x420
[ 1222.819722][T16738]  ? __fget_files+0x2a/0x420
[ 1222.819745][T16738]  security_file_ioctl+0xcb/0x2d0
[ 1222.819763][T16738]  __se_sys_ioctl+0x47/0x170
[ 1222.819783][T16738]  do_syscall_64+0xfa/0xfa0
[ 1222.819802][T16738]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1222.819821][T16738]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1222.819837][T16738]  ? clear_bhb_loop+0x60/0xb0
[ 1222.819857][T16738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1222.819872][T16738] RIP: 0033:0x7f03c80ef6c9
[ 1222.819887][T16738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1222.819900][T16738] RSP: 002b:00007f03c6356038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1222.819917][T16738] RAX: ffffffffffffffda RBX: 00007f03c8345fa0 RCX: 00007f03c80ef6c9
[ 1222.819928][T16738] RDX: 0000200000000000 RSI: 000000008028640c RDI: 0000000000000003
[ 1222.819938][T16738] RBP: 00007f03c6356090 R08: 0000000000000000 R09: 0000000000000000
[ 1222.819947][T16738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1222.819956][T16738] R13: 00007f03c8346038 R14: 00007f03c8345fa0 R15: 00007ffd037c3408
[ 1222.819984][T16738]  </TASK>
[ 1222.820685][T16738] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1223.098742][T16649] chnl_net:caif_netlink_parms(): no params data found
[ 1223.117754][T16740] FAULT_INJECTION: forcing a failure.
[ 1223.117754][T16740] name failslab, interval 1, probability 0, space 0, times 0
[ 1223.118739][T16740] CPU: 0 UID: 0 PID: 16740 Comm: syz.3.3436 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1223.118765][T16740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1223.118777][T16740] Call Trace:
[ 1223.118786][T16740]  <TASK>
[ 1223.118796][T16740]  dump_stack_lvl+0x189/0x250
[ 1223.118826][T16740]  ? __pfx____ratelimit+0x10/0x10
[ 1223.118854][T16740]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1223.118880][T16740]  ? __pfx__printk+0x10/0x10
[ 1223.118909][T16740]  ? __pfx___might_resched+0x10/0x10
[ 1223.118928][T16740]  ? fs_reclaim_acquire+0x7d/0x100
[ 1223.118958][T16740]  should_fail_ex+0x46c/0x600
[ 1223.118988][T16740]  ? __alloc_skb+0x112/0x2d0
[ 1223.119007][T16740]  should_failslab+0xa8/0x100
[ 1223.119033][T16740]  ? __alloc_skb+0x112/0x2d0
[ 1223.119050][T16740]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[ 1223.119098][T16740]  __alloc_skb+0x112/0x2d0
[ 1223.119122][T16740]  netlink_ack+0x146/0xa50
[ 1223.119145][T16740]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1223.119162][T16740]  ? ref_tracker_free+0x61e/0x7c0
[ 1223.119188][T16740]  ? __asan_memcpy+0x40/0x70
[ 1223.119208][T16740]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1223.119243][T16740]  netlink_rcv_skb+0x28c/0x470
[ 1223.119263][T16740]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1223.119280][T16740]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1223.119309][T16740]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1223.119337][T16740]  netlink_unicast+0x846/0xa10
[ 1223.119373][T16740]  ? __pfx_netlink_unicast+0x10/0x10
[ 1223.119401][T16740]  ? netlink_sendmsg+0x642/0xb30
[ 1223.119419][T16740]  ? skb_put+0x11b/0x210
[ 1223.119443][T16740]  netlink_sendmsg+0x805/0xb30
[ 1223.119462][T16740]  ? is_bpf_text_address+0x26/0x2b0
[ 1223.119498][T16740]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1223.119527][T16740]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1223.119551][T16740]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1223.119572][T16740]  __sock_sendmsg+0x21c/0x270
[ 1223.119601][T16740]  ____sys_sendmsg+0x508/0x820
[ 1223.119627][T16740]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1223.119657][T16740]  ? import_iovec+0x74/0xa0
[ 1223.119681][T16740]  ___sys_sendmsg+0x21f/0x2a0
[ 1223.119704][T16740]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1223.119764][T16740]  ? __fget_files+0x2a/0x420
[ 1223.119787][T16740]  ? __fget_files+0x3a6/0x420
[ 1223.119822][T16740]  __x64_sys_sendmsg+0x1a1/0x260
[ 1223.119848][T16740]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1223.119880][T16740]  ? __pfx_ksys_write+0x10/0x10
[ 1223.119907][T16740]  ? do_syscall_64+0xbe/0xfa0
[ 1223.119935][T16740]  do_syscall_64+0xfa/0xfa0
[ 1223.119958][T16740]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1223.119981][T16740]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1223.120001][T16740]  ? clear_bhb_loop+0x60/0xb0
[ 1223.120023][T16740]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1223.120042][T16740] RIP: 0033:0x7f03c80ef6c9
[ 1223.120060][T16740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1223.120077][T16740] RSP: 002b:00007f03c6356038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1223.120099][T16740] RAX: ffffffffffffffda RBX: 00007f03c8345fa0 RCX: 00007f03c80ef6c9
[ 1223.120114][T16740] RDX: 0000000000000802 RSI: 00002000000003c0 RDI: 0000000000000006
[ 1223.120127][T16740] RBP: 00007f03c6356090 R08: 0000000000000000 R09: 0000000000000000
[ 1223.120148][T16740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1223.120160][T16740] R13: 00007f03c8346038 R14: 00007f03c8345fa0 R15: 00007ffd037c3408
[ 1223.120193][T16740]  </TASK>
[ 1223.579488][T16653] Bluetooth: hci2: command tx timeout
[ 1223.657308][ T7367] bridge_slave_1: left allmulticast mode
[ 1223.657338][ T7367] bridge_slave_1: left promiscuous mode
[ 1223.657613][ T7367] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1224.115286][T16726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1224.115633][T16726] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1224.135480][ T5882] usbhid 3-1:0.0: can't add hid device: -71
[ 1224.135573][ T5882] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1224.138230][ T5882] usb 3-1: USB disconnect, device number 104
[ 1224.139248][ T7367] bridge_slave_0: left allmulticast mode
[ 1224.139403][ T7367] bridge_slave_0: left promiscuous mode
[ 1224.139672][ T7367] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1224.494583][T16748] netlink: 'syz.3.3438': attribute type 6 has an invalid length.
[ 1224.511892][T16747] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1226.222042][T16766] FAULT_INJECTION: forcing a failure.
[ 1226.222042][T16766] name failslab, interval 1, probability 0, space 0, times 0
[ 1226.222076][T16766] CPU: 0 UID: 0 PID: 16766 Comm: syz.1.3444 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1226.222100][T16766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1226.222111][T16766] Call Trace:
[ 1226.222119][T16766]  <TASK>
[ 1226.222127][T16766]  dump_stack_lvl+0x189/0x250
[ 1226.222159][T16766]  ? __pfx____ratelimit+0x10/0x10
[ 1226.222184][T16766]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1226.222210][T16766]  ? __pfx__printk+0x10/0x10
[ 1226.222238][T16766]  ? __pfx___might_resched+0x10/0x10
[ 1226.222260][T16766]  ? fs_reclaim_acquire+0x7d/0x100
[ 1226.222289][T16766]  should_fail_ex+0x46c/0x600
[ 1226.222322][T16766]  ? __alloc_skb+0x112/0x2d0
[ 1226.222340][T16766]  should_failslab+0xa8/0x100
[ 1226.222364][T16766]  ? __alloc_skb+0x112/0x2d0
[ 1226.222381][T16766]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[ 1226.222407][T16766]  ? netlink_autobind+0xdb/0x300
[ 1226.222433][T16766]  __alloc_skb+0x112/0x2d0
[ 1226.222457][T16766]  netlink_sendmsg+0x5c6/0xb30
[ 1226.222476][T16766]  ? is_bpf_text_address+0x26/0x2b0
[ 1226.222512][T16766]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1226.222540][T16766]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1226.222565][T16766]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1226.222586][T16766]  __sock_sendmsg+0x21c/0x270
[ 1226.222616][T16766]  ____sys_sendmsg+0x508/0x820
[ 1226.222644][T16766]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1226.222676][T16766]  ? import_iovec+0x74/0xa0
[ 1226.222701][T16766]  ___sys_sendmsg+0x21f/0x2a0
[ 1226.222725][T16766]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1226.222784][T16766]  ? __fget_files+0x2a/0x420
[ 1226.222808][T16766]  ? __fget_files+0x3a6/0x420
[ 1226.222842][T16766]  __x64_sys_sendmsg+0x1a1/0x260
[ 1226.222867][T16766]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1226.222906][T16766]  ? __pfx_ksys_write+0x10/0x10
[ 1226.222933][T16766]  ? do_syscall_64+0xbe/0xfa0
[ 1226.222961][T16766]  do_syscall_64+0xfa/0xfa0
[ 1226.222983][T16766]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1226.223007][T16766]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1226.223027][T16766]  ? clear_bhb_loop+0x60/0xb0
[ 1226.223050][T16766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1226.223068][T16766] RIP: 0033:0x7f0cd0f1f6c9
[ 1226.223086][T16766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1226.223102][T16766] RSP: 002b:00007f0ccf186038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1226.223123][T16766] RAX: ffffffffffffffda RBX: 00007f0cd1175fa0 RCX: 00007f0cd0f1f6c9
[ 1226.223138][T16766] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000007
[ 1226.223150][T16766] RBP: 00007f0ccf186090 R08: 0000000000000000 R09: 0000000000000000
[ 1226.223162][T16766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1226.223174][T16766] R13: 00007f0cd1176038 R14: 00007f0cd1175fa0 R15: 00007fff72faac38
[ 1226.223208][T16766]  </TASK>
[ 1227.049482][ T5789] usb 2-1: new full-speed USB device number 117 using dummy_hcd
[ 1227.201806][ T5789] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1227.201825][ T5789] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1227.203779][ T5789] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1227.203796][ T5789] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1227.203807][ T5789] usb 2-1: Product: syz
[ 1227.203816][ T5789] usb 2-1: Manufacturer: syz
[ 1227.203823][ T5789] usb 2-1: SerialNumber: syz
[ 1227.206942][ T5789] usb 2-1: config 0 descriptor??
[ 1227.214423][ T5789] usb 2-1: selecting invalid altsetting 0
[ 1230.569425][  T993] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[ 1230.706454][ T5882] usb 2-1: USB disconnect, device number 117
[ 1230.722917][ T7367] bond9 (unregistering): (slave bond0): Releasing backup interface
[ 1230.791580][  T993] usb 4-1: Using ep0 maxpacket: 8
[ 1230.805248][  T993] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1230.805276][  T993] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1231.020722][ T7367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1231.840323][ T7367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1231.936489][ T7367] bond0 (unregistering): Released all slaves
[ 1232.549582][ T5983] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[ 1232.790818][ T5983] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1232.790848][ T5983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1232.790867][ T5983] usb 2-1: Product: syz
[ 1232.790881][ T5983] usb 2-1: Manufacturer: syz
[ 1232.790895][ T5983] usb 2-1: SerialNumber: syz
[ 1232.842145][ T7367] bond1 (unregistering): Released all slaves
[ 1233.549209][  T993] usb 4-1: string descriptor 0 read error: -71
[ 1233.549524][  T993] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1233.549552][  T993] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1233.555240][  T993] usb 4-1: can't set config #1, error -71
[ 1233.559065][  T993] usb 4-1: USB disconnect, device number 101
[ 1233.893068][ T7367] bond2 (unregistering): Released all slaves
[ 1234.099444][T13488] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[ 1234.293686][T13488] usb 4-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1234.293717][T13488] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1234.293739][T13488] usb 4-1: config 0 has no interfaces?
[ 1234.293823][T13488] usb 4-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1234.293849][T13488] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1234.347037][T13488] usb 4-1: config 0 descriptor??
[ 1234.740686][T16802] 9pnet_fd: Insufficient options for proto=fd
[ 1234.932529][ T7367] bond3 (unregistering): Released all slaves
[ 1235.952028][ T7367] bond4 (unregistering): Released all slaves
[ 1236.864111][  T993] usb 4-1: USB disconnect, device number 102
[ 1236.952845][ T7367] bond5 (unregistering): Released all slaves
[ 1238.152912][ T5983] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -ETIMEDOUT
[ 1238.152980][ T5983] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -ETIMEDOUT
[ 1238.153482][ T5983] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1238.153530][ T5983] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1238.154331][ T5983] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1238.271372][ T7367] bond6 (unregistering): Released all slaves
[ 1238.321642][ T5983] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -32
[ 1239.184205][ T7367] bond7 (unregistering): Released all slaves
[ 1240.134241][ T7367] bond8 (unregistering): Released all slaves
[ 1240.238089][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1240.299294][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1240.358685][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1240.420370][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1240.473536][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1240.527251][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1240.683454][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1240.735943][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1240.804934][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1240.864226][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1241.020266][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1241.255017][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1241.260038][   T61] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1241.267561][   T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1241.269152][   T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1241.285644][   T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1241.299688][   T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1241.348956][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1241.431986][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1241.497131][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1241.521481][ T7367] bond9 (unregistering): Released all slaves
[ 1241.671109][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1241.929626][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1241.989840][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1242.046412][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1242.162342][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1242.389554][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1242.429660][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1242.446146][T16794] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3453'.
[ 1242.446164][T16794] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3453'.
[ 1242.446175][T16794] netlink: 81 bytes leftover after parsing attributes in process `syz.1.3453'.
[ 1242.503318][ T7367] tipc: Disabling bearer <udp:syz2>
[ 1242.503909][ T7367] tipc: Left network mode
[ 1242.559101][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1242.659204][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1242.696197][ T5890] usb 2-1: USB disconnect, device number 118
[ 1242.754274][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1242.882755][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1242.944977][ T7367] IPVS: stopping backup sync thread 10697 ...
[ 1243.058756][T16649] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1243.058909][T16649] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1243.059136][T16649] bridge_slave_0: entered allmulticast mode
[ 1243.061922][T16649] bridge_slave_0: entered promiscuous mode
[ 1243.245170][T16649] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1243.245306][T16649] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1243.245542][T16649] bridge_slave_1: entered allmulticast mode
[ 1243.366013][T16649] bridge_slave_1: entered promiscuous mode
[ 1243.411381][   T61] Bluetooth: hci4: command tx timeout
[ 1243.493525][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1243.606114][  T993] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[ 1243.982288][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1244.018624][  T993] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1244.018657][  T993] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1244.018678][  T993] usb 4-1: Product: syz
[ 1244.018692][  T993] usb 4-1: Manufacturer: syz
[ 1244.018707][  T993] usb 4-1: SerialNumber: syz
[ 1244.047691][T16840] FAULT_INJECTION: forcing a failure.
[ 1244.047691][T16840] name failslab, interval 1, probability 0, space 0, times 0
[ 1244.047725][T16840] CPU: 1 UID: 0 PID: 16840 Comm: syz.5.3467 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1244.047885][T16840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1244.047907][T16840] Call Trace:
[ 1244.047919][T16840]  <TASK>
[ 1244.047930][T16840]  dump_stack_lvl+0x189/0x250
[ 1244.047964][T16840]  ? __pfx____ratelimit+0x10/0x10
[ 1244.047988][T16840]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1244.048015][T16840]  ? __pfx__printk+0x10/0x10
[ 1244.048044][T16840]  ? __pfx___might_resched+0x10/0x10
[ 1244.048070][T16840]  should_fail_ex+0x46c/0x600
[ 1244.048100][T16840]  should_failslab+0xa8/0x100
[ 1244.048128][T16840]  __kmalloc_noprof+0xcc/0x7d0
[ 1244.048151][T16840]  ? kfree+0x51/0x950
[ 1244.048169][T16840]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1244.048198][T16840]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1244.048221][T16840]  ? tomoyo_domain+0xda/0x130
[ 1244.048250][T16840]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1244.048278][T16840]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1244.048307][T16840]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1244.048339][T16840]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1244.048365][T16840]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1244.048421][T16840]  ? __fget_files+0x2a/0x420
[ 1244.048450][T16840]  ? __fget_files+0x3a6/0x420
[ 1244.048473][T16840]  ? __fget_files+0x2a/0x420
[ 1244.048501][T16840]  security_file_ioctl+0xcb/0x2d0
[ 1244.048523][T16840]  __se_sys_ioctl+0x47/0x170
[ 1244.048547][T16840]  do_syscall_64+0xfa/0xfa0
[ 1244.048570][T16840]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1244.048594][T16840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1244.048612][T16840]  ? clear_bhb_loop+0x60/0xb0
[ 1244.048635][T16840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1244.048653][T16840] RIP: 0033:0x7f9e6a0bf6c9
[ 1244.048670][T16840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1244.048685][T16840] RSP: 002b:00007f9e6831e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1244.048706][T16840] RAX: ffffffffffffffda RBX: 00007f9e6a315fa0 RCX: 00007f9e6a0bf6c9
[ 1244.048721][T16840] RDX: 0000200000000000 RSI: 00000000c100565c RDI: 0000000000000003
[ 1244.048733][T16840] RBP: 00007f9e6831e090 R08: 0000000000000000 R09: 0000000000000000
[ 1244.048745][T16840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1244.048758][T16840] R13: 00007f9e6a316038 R14: 00007f9e6a315fa0 R15: 00007ffc5ef4c788
[ 1244.048792][T16840]  </TASK>
[ 1244.048803][T16840] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1245.321396][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1245.529466][   T61] Bluetooth: hci4: command tx timeout
[ 1246.244268][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1247.421594][T16835] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3464'.
[ 1247.424010][T16835] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3464'.
[ 1247.424033][T16835] netlink: 81 bytes leftover after parsing attributes in process `syz.3.3464'.
[ 1247.569560][   T61] Bluetooth: hci4: command tx timeout
[ 1247.586139][  T993] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[ 1247.586766][  T993] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO
[ 1247.587135][  T993] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[ 1247.587165][  T993] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1247.587606][  T993] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1247.619416][ T5983] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1247.637831][  T993] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[ 1247.671447][  T993] usb 4-1: USB disconnect, device number 103
[ 1247.929414][ T5983] usb 6-1: Using ep0 maxpacket: 16
[ 1247.931912][ T5983] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1247.931945][ T5983] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1247.931984][ T5983] usb 6-1: New USB device found, idVendor=056a, idProduct=00ec, bcdDevice= 0.00
[ 1247.932008][ T5983] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1247.989157][ T5983] usb 6-1: config 0 descriptor??
[ 1248.490450][ T5983] hid_parser_main: 512 callbacks suppressed
[ 1248.490468][ T5983] wacom 0003:056A:00EC.000F: unknown main item tag 0x0
[ 1248.507384][T16649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1248.755467][T16649] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1248.779575][T13571] IPVS: starting estimator thread 0...
[ 1248.897399][T16871] IPVS: using max 8 ests per chain, 19200 per kthread
[ 1249.518759][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 1249.518834][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1249.649417][   T61] Bluetooth: hci4: command tx timeout
[ 1249.953123][ T7367] hsr_slave_0: left promiscuous mode
[ 1249.991390][ T7367] hsr_slave_1: left promiscuous mode
[ 1249.992392][ T7367] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1249.992416][ T7367] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1250.053960][ T7367] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1250.053988][ T7367] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1250.228248][ T7367] veth1_macvtap: left promiscuous mode
[ 1250.228365][ T7367] veth0_macvtap: left promiscuous mode
[ 1250.228650][ T7367] veth1_vlan: left promiscuous mode
[ 1250.228836][ T7367] veth0_vlan: left promiscuous mode
[ 1251.072768][ T5983] usb 6-1: USB disconnect, device number 36
[ 1251.395958][T16884] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1253.482522][T16895] netlink: 'syz.5.3481': attribute type 4 has an invalid length.
[ 1253.482537][T16895] netlink: 17 bytes leftover after parsing attributes in process `syz.5.3481'.
[ 1254.659205][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1254.742248][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1254.844291][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1255.154762][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1255.686832][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1255.922498][ T7367] team0 (unregistering): Port device team_slave_1 removed
[ 1256.159521][ T5983] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[ 1256.181482][ T7367] team0 (unregistering): Port device team_slave_0 removed
[ 1256.309413][ T5983] usb 2-1: Using ep0 maxpacket: 32
[ 1256.314644][ T5983] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1256.314678][ T5983] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[ 1256.314706][ T5983] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1256.372510][ T5983] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[ 1256.372542][ T5983] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[ 1256.372564][ T5983] usb 2-1: Product: syz
[ 1256.372580][ T5983] usb 2-1: Manufacturer: syz
[ 1256.372595][ T5983] usb 2-1: SerialNumber: syz
[ 1256.413426][T16906] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1256.451637][ T5983] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input69
[ 1256.514896][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1256.575422][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1256.641597][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1256.664345][ T5983] usb 2-1: USB disconnect, device number 119
[ 1256.664540][    C0] appletouch 2-1:1.0: atp_complete: usb_submit_urb failed with result -19
[ 1256.727514][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1256.798228][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1256.806129][ T5983] appletouch 2-1:1.0: input: appletouch disconnected
[ 1256.874553][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1256.929244][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1256.988886][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.035792][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.092660][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.143902][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.211575][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.269478][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.347454][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.673296][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.747761][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.803253][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.857272][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.928435][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1257.988903][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.063917][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.118045][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.189392][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.243998][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.294909][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.353691][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.423913][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.497658][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.582649][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.653399][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.703196][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.749474][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.805310][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.853038][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.904560][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1258.953442][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1259.008173][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1259.052652][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1259.117384][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1259.264088][T16649] team0: Port device team_slave_0 added
[ 1259.267578][T16649] team0: Port device team_slave_1 added
[ 1259.655144][T16915] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1260.482749][T16649] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1260.482770][T16649] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1260.482798][T16649] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1260.494997][T16649] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1260.495008][T16649] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1260.495023][T16649] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1263.094266][T16649] hsr_slave_0: entered promiscuous mode
[ 1263.098947][T16649] hsr_slave_1: entered promiscuous mode
[ 1263.112281][T16649] debugfs: 'hsr0' already exists in 'hsr'
[ 1263.112309][T16649] Cannot create hsr debugfs directory
[ 1263.120648][ T5882] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[ 1263.313466][ T5882] usb 4-1: Using ep0 maxpacket: 32
[ 1263.320615][ T5882] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[ 1263.320649][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64
[ 1263.340725][ T5882] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[ 1263.340757][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1263.340778][ T5882] usb 4-1: Product: syz
[ 1263.340792][ T5882] usb 4-1: Manufacturer: syz
[ 1263.340807][ T5882] usb 4-1: SerialNumber: syz
[ 1263.360427][ T5882] usb 4-1: config 0 descriptor??
[ 1263.486197][ T5882] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1263.532477][T16816] chnl_net:caif_netlink_parms(): no params data found
[ 1263.620908][T16944] geneve2: entered promiscuous mode
[ 1263.620938][T16944] geneve2: entered allmulticast mode
[ 1263.628655][ T5882] usb 4-1: USB disconnect, device number 104
[ 1263.648856][ T7380] usb 4-1: Failed to submit usb control message: -71
[ 1263.648892][ T7380] usb 4-1: unable to send the bmi data to the device: -71
[ 1263.648908][ T7380] usb 4-1: unable to get target info from device
[ 1263.648922][ T7380] usb 4-1: could not get target info (-71)
[ 1263.649226][ T7380] usb 4-1: could not probe fw (-71)
[ 1264.074011][T16951] netlink: 'syz.5.3496': attribute type 10 has an invalid length.
[ 1264.109170][T16951] team0: Device ipvlan1 failed to register rx_handler
[ 1264.522113][ T5890] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[ 1264.750217][ T5890] usb 6-1: Using ep0 maxpacket: 32
[ 1264.917634][ T5890] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[ 1264.917792][ T5890] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64
[ 1264.994091][ T5890] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[ 1264.994122][ T5890] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1264.994140][ T5890] usb 6-1: Product: syz
[ 1264.994149][ T5890] usb 6-1: Manufacturer: syz
[ 1264.994157][ T5890] usb 6-1: SerialNumber: syz
[ 1265.038875][ T5890] usb 6-1: config 0 descriptor??
[ 1265.078946][ T5890] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1265.250607][ T7371] usb 6-1: Failed to submit usb control message: -71
[ 1265.250645][ T7371] usb 6-1: unable to send the bmi data to the device: -71
[ 1265.250664][ T7371] usb 6-1: unable to get target info from device
[ 1265.250678][ T7371] usb 6-1: could not get target info (-71)
[ 1265.250957][ T7371] usb 6-1: could not probe fw (-71)
[ 1265.258969][  T993] usb 6-1: USB disconnect, device number 37
[ 1265.315589][T16816] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1265.325245][T16816] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1265.325516][T16816] bridge_slave_0: entered allmulticast mode
[ 1265.328243][T16816] bridge_slave_0: entered promiscuous mode
[ 1265.352071][T16816] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1265.352180][T16816] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1265.352308][T16816] bridge_slave_1: entered allmulticast mode
[ 1265.353901][T16816] bridge_slave_1: entered promiscuous mode
[ 1265.589110][T16974] FAULT_INJECTION: forcing a failure.
[ 1265.589110][T16974] name failslab, interval 1, probability 0, space 0, times 0
[ 1265.589144][T16974] CPU: 1 UID: 0 PID: 16974 Comm: syz.1.3503 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1265.589167][T16974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1265.589178][T16974] Call Trace:
[ 1265.589187][T16974]  <TASK>
[ 1265.589196][T16974]  dump_stack_lvl+0x189/0x250
[ 1265.589227][T16974]  ? __pfx____ratelimit+0x10/0x10
[ 1265.589251][T16974]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1265.589287][T16974]  ? __pfx__printk+0x10/0x10
[ 1265.589313][T16974]  ? __pfx___might_resched+0x10/0x10
[ 1265.589336][T16974]  should_fail_ex+0x46c/0x600
[ 1265.589363][T16974]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1265.589391][T16974]  should_failslab+0xa8/0x100
[ 1265.589416][T16974]  __kmalloc_cache_noprof+0x6f/0x6c0
[ 1265.589438][T16974]  ? vhost_task_create+0xf8/0x340
[ 1265.589458][T16974]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1265.589485][T16974]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1265.589511][T16974]  vhost_task_create+0xf8/0x340
[ 1265.589535][T16974]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1265.589560][T16974]  ? __pfx_vhost_task_create+0x10/0x10
[ 1265.589593][T16974]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1265.589621][T16974]  ? rtlock_slowlock_locked+0xd8/0x4010
[ 1265.589648][T16974]  ? mutex_lock_nested+0x154/0x1d0
[ 1265.589667][T16974]  ? kvm_mmu_post_init_vm+0x91/0x300
[ 1265.589690][T16974]  kvm_mmu_post_init_vm+0x14c/0x300
[ 1265.589712][T16974]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[ 1265.589732][T16974]  ? do_raw_spin_lock+0x121/0x290
[ 1265.589746][T16974]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1265.589761][T16974]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1265.589775][T16974]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1265.589791][T16974]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1265.589805][T16974]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1265.589826][T16974]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 1265.589839][T16974]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1265.589854][T16974]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1265.589869][T16974]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1265.589882][T16974]  ? rt_write_unlock+0x73/0x230
[ 1265.589896][T16974]  ? rt_write_unlock+0x191/0x230
[ 1265.589910][T16974]  kvm_vcpu_ioctl+0x95f/0xe90
[ 1265.589925][T16974]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1265.589939][T16974]  ? __asan_memset+0x22/0x50
[ 1265.589950][T16974]  ? smack_file_ioctl+0x305/0x340
[ 1265.589968][T16974]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1265.589989][T16974]  ? __fget_files+0x3a6/0x420
[ 1265.590004][T16974]  ? __fget_files+0x2a/0x420
[ 1265.590020][T16974]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1265.590031][T16974]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1265.590041][T16974]  __se_sys_ioctl+0xff/0x170
[ 1265.590055][T16974]  do_syscall_64+0xfa/0xfa0
[ 1265.590069][T16974]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1265.590083][T16974]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1265.590094][T16974]  ? clear_bhb_loop+0x60/0xb0
[ 1265.590107][T16974]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1265.590117][T16974] RIP: 0033:0x7f0cd0f1f6c9
[ 1265.590128][T16974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1265.590137][T16974] RSP: 002b:00007f0ccf186038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1265.590150][T16974] RAX: ffffffffffffffda RBX: 00007f0cd1175fa0 RCX: 00007f0cd0f1f6c9
[ 1265.590159][T16974] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1265.590165][T16974] RBP: 00007f0ccf186090 R08: 0000000000000000 R09: 0000000000000000
[ 1265.590173][T16974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1265.590179][T16974] R13: 00007f0cd1176038 R14: 00007f0cd1175fa0 R15: 00007fff72faac38
[ 1265.590197][T16974]  </TASK>
[ 1265.840464][T16816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1266.173767][T16816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1266.679904][ T5890] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 1266.809475][ T5890] usb 6-1: device descriptor read/64, error -71
[ 1267.089541][ T5890] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[ 1267.219422][ T5890] usb 6-1: device descriptor read/64, error -71
[ 1267.304512][T16816] team0: Port device team_slave_0 added
[ 1267.309836][T16816] team0: Port device team_slave_1 added
[ 1267.329839][ T5890] usb usb6-port1: attempt power cycle
[ 1267.648673][T16994] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1268.409441][ T5890] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[ 1268.440072][ T5890] usb 6-1: device descriptor read/8, error -71
[ 1268.621532][T16816] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1268.621544][T16816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1268.621560][T16816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1268.636348][T16816] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1268.636364][T16816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1268.636390][T16816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1268.759534][ T5890] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[ 1268.790164][ T5890] usb 6-1: device descriptor read/8, error -71
[ 1268.913088][ T5890] usb usb6-port1: unable to enumerate USB device
[ 1272.019344][T17011] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1273.162763][T16816] hsr_slave_0: entered promiscuous mode
[ 1273.164160][T16816] hsr_slave_1: entered promiscuous mode
[ 1273.165106][T16816] debugfs: 'hsr0' already exists in 'hsr'
[ 1273.165130][T16816] Cannot create hsr debugfs directory
[ 1274.936825][ T7367] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1276.321175][T16653] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1276.378583][T16653] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1276.389925][T16653] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1276.423172][ T5882] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[ 1276.460608][T16653] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1276.466234][T16653] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1276.629823][ T5882] usb 6-1: Using ep0 maxpacket: 32
[ 1276.673322][ T5882] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1276.716776][ T5882] usb 6-1: config 7 has an invalid interface number: 201 but max is 0
[ 1276.716806][ T5882] usb 6-1: config 7 has no interface number 0
[ 1276.716858][ T5882] usb 6-1: config 7 interface 201 altsetting 8 endpoint 0xF has invalid maxpacket 1023, setting to 64
[ 1276.716887][ T5882] usb 6-1: config 7 interface 201 has no altsetting 0
[ 1276.773197][ T5882] usb 6-1: New USB device found, idVendor=07fa, idProduct=0846, bcdDevice= 8.c8
[ 1276.773230][ T5882] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1276.773250][ T5882] usb 6-1: Product: syz
[ 1276.773266][ T5882] usb 6-1: Manufacturer: syz
[ 1276.773282][ T5882] usb 6-1: SerialNumber: syz
[ 1277.736529][ T7367] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1277.771990][ T5882] HFC-S_USB 6-1:7.201: probe with driver HFC-S_USB failed with error -5
[ 1277.813971][ T5882] usb 6-1: USB disconnect, device number 42
[ 1278.293695][T17052] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1278.612782][T16653] Bluetooth: hci1: command tx timeout
[ 1279.179533][T13571] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[ 1279.200943][T17056] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1279.491030][T17061] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1279.555547][T17062] vivid-003: disconnect
[ 1280.029516][T17057] vivid-003: reconnect
[ 1280.690933][T16653] Bluetooth: hci1: command tx timeout
[ 1280.759323][T13571] usb 4-1: Using ep0 maxpacket: 32
[ 1280.769588][T13571] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1280.769622][T13571] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1280.769664][T13571] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1280.769689][T13571] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1280.774812][T13571] usb 4-1: config 0 descriptor??
[ 1280.783943][T13571] hub 4-1:0.0: USB hub found
[ 1280.842632][ T7367] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1281.045586][T13571] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1281.060834][T13571] usbhid 4-1:0.0: can't add hid device: -71
[ 1281.060917][T13571] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1281.123204][T13571] usb 4-1: USB disconnect, device number 105
[ 1281.398513][T17075] netlink: 'syz.5.3533': attribute type 1 has an invalid length.
[ 1281.398529][T17075] netlink: 212 bytes leftover after parsing attributes in process `syz.5.3533'.
[ 1283.209169][T16653] Bluetooth: hci1: command tx timeout
[ 1283.274226][ T7367] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1283.469459][T13488] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[ 1283.659450][T13488] usb 4-1: Using ep0 maxpacket: 8
[ 1283.661862][T13488] usb 4-1: config 32 has 1 interface, different from the descriptor's value: 2
[ 1283.661927][T13488] usb 4-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1283.661956][T13488] usb 4-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1283.661996][T13488] usb 4-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice= 0.c7
[ 1283.662020][T13488] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1283.957367][T17093] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1284.989669][T17097] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1285.249742][T16653] Bluetooth: hci1: command tx timeout
[ 1286.343669][T13488] usb 4-1: string descriptor 0 read error: -71
[ 1286.717254][T17104] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1286.768464][T17106] vivid-001: disconnect
[ 1286.871630][T17100] vivid-001: reconnect
[ 1287.314068][T13488] usb 4-1: USB disconnect, device number 106
[ 1287.601738][ T7367] bridge_slave_1: left allmulticast mode
[ 1287.601764][ T7367] bridge_slave_1: left promiscuous mode
[ 1287.601974][ T7367] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1287.673073][T17117] fuse: Bad value for 'fd'
[ 1287.675190][   T37] kauditd_printk_skb: 22 callbacks suppressed
[ 1287.675208][   T37] audit: type=1326 audit(1762747271.090:5006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17116 comm="syz.3.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1287.675338][   T37] audit: type=1326 audit(1762747271.090:5007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17116 comm="syz.3.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1287.675648][   T37] audit: type=1326 audit(1762747271.090:5008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17116 comm="syz.3.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1287.675873][   T37] audit: type=1326 audit(1762747271.090:5009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17116 comm="syz.3.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1287.676023][   T37] audit: type=1326 audit(1762747271.090:5010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17116 comm="syz.3.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1287.676288][   T37] audit: type=1326 audit(1762747271.090:5011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17116 comm="syz.3.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1287.676471][   T37] audit: type=1326 audit(1762747271.090:5012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17116 comm="syz.3.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1287.676611][   T37] audit: type=1326 audit(1762747271.090:5013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17116 comm="syz.3.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1287.676761][   T37] audit: type=1326 audit(1762747271.090:5014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17116 comm="syz.3.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1287.677029][   T37] audit: type=1326 audit(1762747271.090:5015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17116 comm="syz.3.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1287.677463][T17117] netlink: 'syz.3.3544': attribute type 9 has an invalid length.
[ 1287.677474][T17117] netlink: 'syz.3.3544': attribute type 7 has an invalid length.
[ 1287.677482][T17117] netlink: 'syz.3.3544': attribute type 8 has an invalid length.
[ 1287.864673][ T7367] bridge_slave_0: left allmulticast mode
[ 1287.864698][ T7367] bridge_slave_0: left promiscuous mode
[ 1287.864998][ T7367] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1288.005616][ T7367] tipc: Resetting bearer <eth:xfrm0>
[ 1288.119098][T17121] genirq: Flags mismatch irq 7. 00202080 (ttyS3) vs. 00202000 (at-a2150c)
[ 1288.517994][T17127] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1289.843950][T17133] FAULT_INJECTION: forcing a failure.
[ 1289.843950][T17133] name failslab, interval 1, probability 0, space 0, times 0
[ 1289.843989][T17133] CPU: 0 UID: 0 PID: 17133 Comm: syz.5.3548 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1289.844041][T17133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1289.844068][T17133] Call Trace:
[ 1289.844087][T17133]  <TASK>
[ 1289.844105][T17133]  dump_stack_lvl+0x189/0x250
[ 1289.844147][T17133]  ? __pfx____ratelimit+0x10/0x10
[ 1289.844173][T17133]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1289.844200][T17133]  ? __pfx__printk+0x10/0x10
[ 1289.844231][T17133]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 1289.844252][T17133]  ? rt_spin_lock+0x1c1/0x3e0
[ 1289.844277][T17133]  should_fail_ex+0x46c/0x600
[ 1289.844306][T17133]  ? __alloc_skb+0x112/0x2d0
[ 1289.844326][T17133]  should_failslab+0xa8/0x100
[ 1289.844352][T17133]  ? __alloc_skb+0x112/0x2d0
[ 1289.844368][T17133]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[ 1289.844402][T17133]  __alloc_skb+0x112/0x2d0
[ 1289.844425][T17133]  create_monitor_ctrl_open+0x156/0x880
[ 1289.844454][T17133]  ? rcu_is_watching+0x15/0xb0
[ 1289.844473][T17133]  ? cap_capable+0x11f/0x460
[ 1289.844493][T17133]  ? __pfx_create_monitor_ctrl_open+0x10/0x10
[ 1289.844521][T17133]  ? bpf_lsm_capable+0x9/0x20
[ 1289.844552][T17133]  hci_sock_ioctl+0x2f2/0x910
[ 1289.844582][T17133]  sock_do_ioctl+0xdc/0x300
[ 1289.844611][T17133]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1289.844637][T17133]  ? smk_tskacc+0x2fc/0x370
[ 1289.844667][T17133]  ? smack_file_ioctl+0x24d/0x340
[ 1289.844696][T17133]  sock_ioctl+0x579/0x790
[ 1289.844723][T17133]  ? __pfx_sock_ioctl+0x10/0x10
[ 1289.844752][T17133]  ? __fget_files+0x3a6/0x420
[ 1289.844776][T17133]  ? __fget_files+0x2a/0x420
[ 1289.844805][T17133]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1289.844824][T17133]  ? __pfx_sock_ioctl+0x10/0x10
[ 1289.844853][T17133]  __se_sys_ioctl+0xff/0x170
[ 1289.844877][T17133]  do_syscall_64+0xfa/0xfa0
[ 1289.844901][T17133]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1289.844926][T17133]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1289.844945][T17133]  ? clear_bhb_loop+0x60/0xb0
[ 1289.844968][T17133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1289.844987][T17133] RIP: 0033:0x7f9e6a0bf6c9
[ 1289.845004][T17133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1289.845021][T17133] RSP: 002b:00007f9e6831e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1289.845043][T17133] RAX: ffffffffffffffda RBX: 00007f9e6a315fa0 RCX: 00007f9e6a0bf6c9
[ 1289.845058][T17133] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000004
[ 1289.845071][T17133] RBP: 00007f9e6831e090 R08: 0000000000000000 R09: 0000000000000000
[ 1289.845083][T17133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1289.845096][T17133] R13: 00007f9e6a316038 R14: 00007f9e6a315fa0 R15: 00007ffc5ef4c788
[ 1289.845130][T17133]  </TASK>
[ 1290.129440][  T993] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[ 1290.379029][  T993] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1290.379062][  T993] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1290.391481][  T993] usb 6-1: config 0 descriptor??
[ 1290.412786][  T993] cp210x 6-1:0.0: cp210x converter detected
[ 1290.832329][  T993] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1290.837853][  T993] usb 6-1: cp210x converter now attached to ttyUSB0
[ 1290.871900][ T7367] tipc: Disabling bearer <eth:xfrm0>
[ 1290.969651][T13488] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[ 1291.035825][ T5983] usb 6-1: USB disconnect, device number 43
[ 1291.047519][ T5983] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1291.139495][T13488] usb 2-1: Using ep0 maxpacket: 32
[ 1291.141803][T13488] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1291.141833][T13488] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1291.141857][T13488] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1291.141870][T13488] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1291.144855][T13488] usb 2-1: config 0 descriptor??
[ 1291.147173][T13488] hub 2-1:0.0: USB hub found
[ 1291.303118][ T5983] cp210x 6-1:0.0: device disconnected
[ 1291.353550][T13488] hub 2-1:0.0: 1 port detected
[ 1291.968165][T13488] hub 2-1:0.0: activate --> -90
[ 1292.004108][  T993] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[ 1292.179395][  T993] usb 6-1: Using ep0 maxpacket: 32
[ 1292.182052][  T993] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[ 1292.182085][  T993] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64
[ 1292.185243][  T993] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[ 1292.185273][  T993] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1292.185293][  T993] usb 6-1: Product: syz
[ 1292.185309][  T993] usb 6-1: Manufacturer: syz
[ 1292.185324][  T993] usb 6-1: SerialNumber: syz
[ 1292.251254][  T993] usb 6-1: config 0 descriptor??
[ 1292.292846][  T993] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1292.371992][  T993] usb 2-1: USB disconnect, device number 120
[ 1292.459216][ T7371] usb 6-1: Failed to submit usb control message: -71
[ 1292.459240][ T7371] usb 6-1: unable to send the bmi data to the device: -71
[ 1292.459250][ T7371] usb 6-1: unable to get target info from device
[ 1292.463212][ T7371] usb 6-1: could not get target info (-71)
[ 1292.463541][ T7371] usb 6-1: could not probe fw (-71)
[ 1292.528585][T13571] usb 6-1: USB disconnect, device number 44
[ 1292.632146][T13488] usb 2-1-port1: config error
[ 1293.179129][T17151] fuse: Bad value for 'fd'
[ 1293.183703][   T37] kauditd_printk_skb: 20 callbacks suppressed
[ 1293.183720][   T37] audit: type=1326 audit(1762747276.600:5036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17150 comm="syz.5.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1293.184159][   T37] audit: type=1326 audit(1762747276.600:5037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17150 comm="syz.5.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1293.184568][   T37] audit: type=1326 audit(1762747276.600:5038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17150 comm="syz.5.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1293.184925][   T37] audit: type=1326 audit(1762747276.600:5039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17150 comm="syz.5.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1293.185220][   T37] audit: type=1326 audit(1762747276.600:5040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17150 comm="syz.5.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1293.185560][   T37] audit: type=1326 audit(1762747276.600:5041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17150 comm="syz.5.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1293.186032][   T37] audit: type=1326 audit(1762747276.600:5042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17150 comm="syz.5.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1293.186363][   T37] audit: type=1326 audit(1762747276.600:5043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17150 comm="syz.5.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1293.186602][T17151] netlink: 'syz.5.3555': attribute type 9 has an invalid length.
[ 1293.186619][T17151] netlink: 'syz.5.3555': attribute type 7 has an invalid length.
[ 1293.186632][T17151] netlink: 'syz.5.3555': attribute type 8 has an invalid length.
[ 1293.186984][   T37] audit: type=1326 audit(1762747276.600:5044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17150 comm="syz.5.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1293.187527][   T37] audit: type=1326 audit(1762747276.600:5045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17150 comm="syz.5.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9e6a0be17f code=0x7ffc0000
[ 1293.482296][ T7367] bond4 (unregistering): (slave bond0): Releasing backup interface
[ 1293.571515][ T7367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1293.661117][ T7367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1293.693219][ T7367] bond0 (unregistering): Released all slaves
[ 1293.973780][T17167] xt_l2tp: wrong L2TP version: 1
[ 1294.814439][ T7367] bond1 (unregistering): Released all slaves
[ 1295.862981][ T7367] bond2 (unregistering): Released all slaves
[ 1296.804524][ T7367] bond3 (unregistering): Released all slaves
[ 1297.762379][ T7367] bond4 (unregistering): Released all slaves
[ 1297.886838][T16816] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1298.052347][T16816] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1298.183325][ T7367] tipc: Left network mode
[ 1298.226434][T16816] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1298.236139][T17184] fuse: Bad value for 'fd'
[ 1298.240042][   T37] kauditd_printk_skb: 38 callbacks suppressed
[ 1298.240059][   T37] audit: type=1326 audit(1762747281.650:5084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17183 comm="syz.1.3565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cd0f1f6c9 code=0x7ffc0000
[ 1298.242257][   T37] audit: type=1326 audit(1762747281.660:5085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17183 comm="syz.1.3565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cd0f1f6c9 code=0x7ffc0000
[ 1298.242871][   T37] audit: type=1326 audit(1762747281.660:5086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17183 comm="syz.1.3565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f0cd0f1f6c9 code=0x7ffc0000
[ 1298.243657][   T37] audit: type=1326 audit(1762747281.660:5087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17183 comm="syz.1.3565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cd0f1f6c9 code=0x7ffc0000
[ 1298.245235][   T37] audit: type=1326 audit(1762747281.660:5088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17183 comm="syz.1.3565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f0cd0f1f6c9 code=0x7ffc0000
[ 1298.245279][   T37] audit: type=1326 audit(1762747281.660:5089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17183 comm="syz.1.3565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cd0f1f6c9 code=0x7ffc0000
[ 1298.246536][   T37] audit: type=1326 audit(1762747281.660:5090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17183 comm="syz.1.3565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0cd0f1f6c9 code=0x7ffc0000
[ 1298.246581][   T37] audit: type=1326 audit(1762747281.660:5091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17183 comm="syz.1.3565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cd0f1f6c9 code=0x7ffc0000
[ 1298.247276][T17184] netlink: 'syz.1.3565': attribute type 9 has an invalid length.
[ 1298.247294][T17184] netlink: 'syz.1.3565': attribute type 7 has an invalid length.
[ 1298.247307][T17184] netlink: 'syz.1.3565': attribute type 8 has an invalid length.
[ 1298.247730][   T37] audit: type=1326 audit(1762747281.660:5092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17183 comm="syz.1.3565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f0cd0f1f6c9 code=0x7ffc0000
[ 1298.247774][   T37] audit: type=1326 audit(1762747281.660:5093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17183 comm="syz.1.3565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cd0f1f6c9 code=0x7ffc0000
[ 1298.544264][T16816] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1298.657623][T17039] chnl_net:caif_netlink_parms(): no params data found
[ 1299.119449][  T993] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[ 1299.284855][  T993] usb 2-1: New USB device found, idVendor=13d3, idProduct=3211, bcdDevice=7a.67
[ 1299.284886][  T993] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1299.284907][  T993] usb 2-1: Product: syz
[ 1299.284921][  T993] usb 2-1: Manufacturer: syz
[ 1299.284936][  T993] usb 2-1: SerialNumber: syz
[ 1299.529495][  T993] dvb-usb: found a 'Pinnacle PCTV 310e' in cold state, will try to load a firmware
[ 1299.529515][  T993] dvb-usb: did not find the firmware file '(null)' (status -22). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 1299.531862][  T993] usb 2-1: USB disconnect, device number 121
[ 1299.864903][T17039] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1299.865722][T17039] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1299.865943][T17039] bridge_slave_0: entered allmulticast mode
[ 1299.868734][T17039] bridge_slave_0: entered promiscuous mode
[ 1301.309379][ T7367] hsr_slave_0: left promiscuous mode
[ 1301.375506][ T7367] hsr_slave_1: left promiscuous mode
[ 1301.388436][ T7367] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1301.388466][ T7367] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1301.420847][ T7367] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1301.420876][ T7367] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1301.560051][ T7367] veth1_macvtap: left promiscuous mode
[ 1301.560162][ T7367] veth0_macvtap: left promiscuous mode
[ 1301.560428][ T7367] veth1_vlan: left promiscuous mode
[ 1301.560613][ T7367] veth0_vlan: left promiscuous mode
[ 1301.618052][   T61] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1301.646445][   T61] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1301.651021][   T61] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1301.652115][   T61] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1301.652856][   T61] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1301.717949][T17235] fuse: Bad value for 'fd'
[ 1301.722631][T17235] netlink: 'syz.1.3578': attribute type 9 has an invalid length.
[ 1301.722653][T17235] netlink: 'syz.1.3578': attribute type 7 has an invalid length.
[ 1301.722666][T17235] netlink: 'syz.1.3578': attribute type 8 has an invalid length.
[ 1301.865589][T17239] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3577'.
[ 1302.509171][T17246] input: syz1 as /devices/virtual/input/input71
[ 1303.733189][   T61] Bluetooth: hci2: command tx timeout
[ 1304.540520][ T7367] team0 (unregistering): Port device team_slave_1 removed
[ 1304.831361][ T7367] team0 (unregistering): Port device team_slave_0 removed
[ 1305.809976][   T61] Bluetooth: hci2: command tx timeout
[ 1307.801414][T17039] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1307.801559][T17039] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1307.801800][T17039] bridge_slave_1: entered allmulticast mode
[ 1307.804680][T17039] bridge_slave_1: entered promiscuous mode
[ 1307.895190][   T61] Bluetooth: hci2: command tx timeout
[ 1309.404713][T17039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1309.415544][T17039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1310.032433][   T61] Bluetooth: hci2: command tx timeout
[ 1310.240463][T17271] fuse: Bad value for 'fd'
[ 1310.243088][   T37] kauditd_printk_skb: 76 callbacks suppressed
[ 1310.243105][   T37] audit: type=1326 audit(1762747293.660:5170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17270 comm="syz.3.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1310.245419][T17271] netlink: 'syz.3.3587': attribute type 9 has an invalid length.
[ 1310.245439][T17271] netlink: 'syz.3.3587': attribute type 7 has an invalid length.
[ 1310.245454][T17271] netlink: 'syz.3.3587': attribute type 8 has an invalid length.
[ 1310.249744][   T37] audit: type=1326 audit(1762747293.660:5171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17270 comm="syz.3.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1310.249794][   T37] audit: type=1326 audit(1762747293.660:5172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17270 comm="syz.3.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1310.249835][   T37] audit: type=1326 audit(1762747293.660:5173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17270 comm="syz.3.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1310.249875][   T37] audit: type=1326 audit(1762747293.660:5174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17270 comm="syz.3.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1310.249916][   T37] audit: type=1326 audit(1762747293.660:5175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17270 comm="syz.3.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1310.249956][   T37] audit: type=1326 audit(1762747293.660:5176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17270 comm="syz.3.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1310.249995][   T37] audit: type=1326 audit(1762747293.660:5177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17270 comm="syz.3.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1310.250035][   T37] audit: type=1326 audit(1762747293.660:5178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17270 comm="syz.3.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1310.250075][   T37] audit: type=1326 audit(1762747293.660:5179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17270 comm="syz.3.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c80ef6c9 code=0x7ffc0000
[ 1310.870301][T17039] team0: Port device team_slave_0 added
[ 1310.936843][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 1310.936920][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1311.080995][T17039] team0: Port device team_slave_1 added
[ 1311.108871][T17284] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1311.154521][T17286] netlink: 'syz.5.3593': attribute type 4 has an invalid length.
[ 1311.154543][T17286] netlink: 17 bytes leftover after parsing attributes in process `syz.5.3593'.
[ 1311.199530][T14197] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[ 1311.404877][T14197] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 198, changing to 11
[ 1311.404930][T14197] usb 2-1: New USB device found, idVendor=093a, idProduct=8002, bcdDevice= 0.00
[ 1311.404954][T14197] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1311.412989][T14197] usb 2-1: config 0 descriptor??
[ 1311.835190][T17039] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1311.835207][T17039] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1311.835235][T17039] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1311.838318][T17039] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1311.838334][T17039] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1311.838359][T17039] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1312.335660][T17283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1312.336334][T17283] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1312.342569][T14197] usbhid 2-1:0.0: can't add hid device: -71
[ 1312.342699][T14197] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1312.355059][T14197] usb 2-1: USB disconnect, device number 122
[ 1313.223293][T17293] macsec1: entered allmulticast mode
[ 1313.223315][T17293] macvlan1: entered allmulticast mode
[ 1313.223329][T17293] veth1_vlan: entered allmulticast mode
[ 1313.248995][T17299] loop0: detected capacity change from 0 to 524288000
[ 1313.310399][T17293] macvlan1: left allmulticast mode
[ 1313.310422][T17293] veth1_vlan: left allmulticast mode
[ 1313.383406][T17302] fuse: Bad value for 'fd'
[ 1313.401711][T17302] netlink: 'syz.3.3598': attribute type 9 has an invalid length.
[ 1313.401734][T17302] netlink: 'syz.3.3598': attribute type 7 has an invalid length.
[ 1313.401748][T17302] netlink: 'syz.3.3598': attribute type 8 has an invalid length.
[ 1313.909753][T17039] hsr_slave_0: entered promiscuous mode
[ 1313.915525][T17039] hsr_slave_1: entered promiscuous mode
[ 1314.088936][T17299] loop0: detected capacity change from 524288000 to 524287951
[ 1314.715900][T17315] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1316.804001][T17338] FAULT_INJECTION: forcing a failure.
[ 1316.804001][T17338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1316.804041][T17338] CPU: 0 UID: 0 PID: 17338 Comm: syz.5.3609 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1316.804065][T17338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1316.804077][T17338] Call Trace:
[ 1316.804086][T17338]  <TASK>
[ 1316.804095][T17338]  dump_stack_lvl+0x189/0x250
[ 1316.804125][T17338]  ? __pfx____ratelimit+0x10/0x10
[ 1316.804148][T17338]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1316.804172][T17338]  ? __pfx__printk+0x10/0x10
[ 1316.804207][T17338]  should_fail_ex+0x46c/0x600
[ 1316.804236][T17338]  _copy_from_user+0x2d/0xb0
[ 1316.804257][T17338]  __copy_msghdr+0x3c5/0x5b0
[ 1316.804284][T17338]  ___sys_sendmsg+0x1a5/0x2a0
[ 1316.804310][T17338]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1316.804369][T17338]  ? __fget_files+0x2a/0x420
[ 1316.804394][T17338]  ? __fget_files+0x3a6/0x420
[ 1316.804428][T17338]  __x64_sys_sendmsg+0x1a1/0x260
[ 1316.804453][T17338]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1316.804485][T17338]  ? __pfx_ksys_write+0x10/0x10
[ 1316.804531][T17338]  ? do_syscall_64+0xbe/0xfa0
[ 1316.804558][T17338]  do_syscall_64+0xfa/0xfa0
[ 1316.804582][T17338]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1316.804607][T17338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1316.804626][T17338]  ? clear_bhb_loop+0x60/0xb0
[ 1316.804648][T17338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1316.804666][T17338] RIP: 0033:0x7f9e6a0bf6c9
[ 1316.804683][T17338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1316.804700][T17338] RSP: 002b:00007f9e6831e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1316.804719][T17338] RAX: ffffffffffffffda RBX: 00007f9e6a315fa0 RCX: 00007f9e6a0bf6c9
[ 1316.804734][T17338] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004
[ 1316.804746][T17338] RBP: 00007f9e6831e090 R08: 0000000000000000 R09: 0000000000000000
[ 1316.804757][T17338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1316.804769][T17338] R13: 00007f9e6a316038 R14: 00007f9e6a315fa0 R15: 00007ffc5ef4c788
[ 1316.804801][T17338]  </TASK>
[ 1317.324235][T17232] chnl_net:caif_netlink_parms(): no params data found
[ 1317.476722][T17348] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3611'.
[ 1318.020961][T17356] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3615'.
[ 1318.042489][T17357] netlink: 220 bytes leftover after parsing attributes in process `syz.1.3614'.
[ 1318.123714][T17359] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3614'.
[ 1318.424675][T17359] vlan2: entered allmulticast mode
[ 1319.169599][T14197] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[ 1319.281077][T17232] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1319.281212][T17232] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1319.281458][T17232] bridge_slave_0: entered allmulticast mode
[ 1319.286293][T17232] bridge_slave_0: entered promiscuous mode
[ 1319.324761][T14197] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1319.324792][T14197] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1319.324813][T14197] usb 6-1: Product: syz
[ 1319.324828][T14197] usb 6-1: Manufacturer: syz
[ 1319.324841][T14197] usb 6-1: SerialNumber: syz
[ 1319.395731][T14197] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1319.428960][ T5983] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1319.535553][T17232] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1319.535765][T17232] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1319.536022][T17232] bridge_slave_1: entered allmulticast mode
[ 1319.552453][T17232] bridge_slave_1: entered promiscuous mode
[ 1320.098059][T17232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1320.098772][T17039] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1320.212244][   T37] kauditd_printk_skb: 43 callbacks suppressed
[ 1320.212261][   T37] audit: type=1326 audit(1762747303.630:5223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17365 comm="syz.5.3617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1320.213196][   T37] audit: type=1326 audit(1762747303.630:5224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17365 comm="syz.5.3617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1320.213708][   T37] audit: type=1326 audit(1762747303.630:5225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17365 comm="syz.5.3617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1320.214934][   T37] audit: type=1326 audit(1762747303.630:5226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17365 comm="syz.5.3617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1320.215655][   T37] audit: type=1326 audit(1762747303.630:5227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17365 comm="syz.5.3617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1320.216558][   T37] audit: type=1326 audit(1762747303.630:5228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17365 comm="syz.5.3617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1320.217338][   T37] audit: type=1326 audit(1762747303.630:5229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17365 comm="syz.5.3617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1320.217846][   T37] audit: type=1326 audit(1762747303.630:5230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17365 comm="syz.5.3617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1320.219170][   T37] audit: type=1326 audit(1762747303.630:5231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17365 comm="syz.5.3617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1320.242682][   T37] audit: type=1326 audit(1762747303.660:5232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17365 comm="syz.5.3617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a0bf6c9 code=0x7ffc0000
[ 1320.272130][T17367] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3617'.
[ 1320.323715][T17369] binder: 17365:17369 ioctl c0306201 200000000040 returned -14
[ 1320.507482][T17232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1320.517712][T17039] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1320.994614][T17388] FAULT_INJECTION: forcing a failure.
[ 1320.994614][T17388] name failslab, interval 1, probability 0, space 0, times 0
[ 1320.994650][T17388] CPU: 0 UID: 0 PID: 17388 Comm: syz.1.3624 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1320.994673][T17388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1320.994685][T17388] Call Trace:
[ 1320.994693][T17388]  <TASK>
[ 1320.994702][T17388]  dump_stack_lvl+0x189/0x250
[ 1320.994734][T17388]  ? __pfx____ratelimit+0x10/0x10
[ 1320.994759][T17388]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1320.994794][T17388]  ? __pfx__printk+0x10/0x10
[ 1320.994823][T17388]  ? __pfx___might_resched+0x10/0x10
[ 1320.994849][T17388]  should_fail_ex+0x46c/0x600
[ 1320.994880][T17388]  ? __d_alloc+0x36/0x7b0
[ 1320.994897][T17388]  should_failslab+0xa8/0x100
[ 1320.994924][T17388]  ? __d_alloc+0x36/0x7b0
[ 1320.994939][T17388]  kmem_cache_alloc_lru_noprof+0x74/0x6b0
[ 1320.994973][T17388]  __d_alloc+0x36/0x7b0
[ 1320.994997][T17388]  d_alloc_parallel+0xe1/0x1610
[ 1320.995034][T17388]  ? __d_lookup+0x66/0x780
[ 1320.995059][T17388]  ? __pfx_d_alloc_parallel+0x10/0x10
[ 1320.995099][T17388]  ? __rt_spin_lock_init+0x3e/0x50
[ 1320.995130][T17388]  path_openat+0xa47/0x3840
[ 1320.995190][T17388]  ? __pfx_path_openat+0x10/0x10
[ 1320.995227][T17388]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1320.995252][T17388]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1320.995277][T17388]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1320.995310][T17388]  do_filp_open+0x1fa/0x410
[ 1320.995334][T17388]  ? __pfx_do_filp_open+0x10/0x10
[ 1320.995352][T17388]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 1320.995401][T17388]  ? alloc_fd+0x64f/0x6c0
[ 1320.995438][T17388]  do_sys_openat2+0x121/0x1c0
[ 1320.995461][T17388]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1320.995485][T17388]  ? ksys_write+0x230/0x260
[ 1320.995510][T17388]  ? __pfx_ksys_write+0x10/0x10
[ 1320.995535][T17388]  __x64_sys_openat+0x138/0x170
[ 1320.995561][T17388]  do_syscall_64+0xfa/0xfa0
[ 1320.995584][T17388]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1320.995611][T17388]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1320.995631][T17388]  ? clear_bhb_loop+0x60/0xb0
[ 1320.995654][T17388]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1320.995673][T17388] RIP: 0033:0x7f0cd0f1f6c9
[ 1320.995691][T17388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1320.995707][T17388] RSP: 002b:00007f0ccf186038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1320.995727][T17388] RAX: ffffffffffffffda RBX: 00007f0cd1175fa0 RCX: 00007f0cd0f1f6c9
[ 1320.995741][T17388] RDX: 000000000000275a RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 1320.995755][T17388] RBP: 00007f0ccf186090 R08: 0000000000000000 R09: 0000000000000000
[ 1320.995773][T17388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1320.995784][T17388] R13: 00007f0cd1176038 R14: 00007f0cd1175fa0 R15: 00007fff72faac38
[ 1320.995819][T17388]  </TASK>
[ 1321.411164][ T5983] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[ 1321.411294][ T5983] ath9k_htc: Failed to initialize the device
[ 1321.423046][T14197] usb 6-1: USB disconnect, device number 45
[ 1321.447180][T14197] usb 6-1: ath9k_htc: USB layer deinitialized
[ 1321.457413][    C1] dummy_hcd dummy_hcd.5: timer fired with no URBs pending?
[ 1321.695496][T17039] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1322.594642][T17039] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1322.820302][T17232] team0: Port device team_slave_0 added
[ 1322.821459][ T7367] bridge_slave_1: left allmulticast mode
[ 1322.821484][ T7367] bridge_slave_1: left promiscuous mode
[ 1322.821729][ T7367] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1324.731215][ T7367] bridge_slave_0: left allmulticast mode
[ 1324.731247][ T7367] bridge_slave_0: left promiscuous mode
[ 1324.731530][ T7367] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1325.662609][ T7367] bridge_slave_1: left allmulticast mode
[ 1325.662639][ T7367] bridge_slave_1: left promiscuous mode
[ 1325.669032][ T7367] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1325.901042][ T7367] bridge_slave_0: left allmulticast mode
[ 1325.901072][ T7367] bridge_slave_0: left promiscuous mode
[ 1325.901347][ T7367] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1326.022444][T17418] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1326.086604][T17419] vivid-002: disconnect
[ 1326.528044][T17414] vivid-002: reconnect
[ 1328.021690][ T7367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1328.087940][T17435] binder: 17434:17435 ioctl c0306201 200000000040 returned -14
[ 1328.132029][ T7367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1328.156151][T17438] netlink: 'syz.3.3639': attribute type 4 has an invalid length.
[ 1328.156175][T17438] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3639'.
[ 1328.194610][ T7367] bond0 (unregistering): Released all slaves
[ 1328.511004][ T7367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1328.631229][ T7367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1328.691745][ T7367] bond0 (unregistering): Released all slaves
[ 1328.743565][T17232] team0: Port device team_slave_1 added
[ 1329.012903][T17450] netlink: 'syz.5.3642': attribute type 4 has an invalid length.
[ 1329.012928][T17450] netlink: 17 bytes leftover after parsing attributes in process `syz.5.3642'.
[ 1330.045417][T17465] netlink: 'syz.5.3646': attribute type 4 has an invalid length.
[ 1330.045441][T17465] netlink: 17 bytes leftover after parsing attributes in process `syz.5.3646'.
[ 1330.086651][T17232] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1330.086668][T17232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1330.086695][T17232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1330.116142][T17232] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1330.116159][T17232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1330.117092][T17232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1330.744667][ T7367] hsr_slave_0: left promiscuous mode
[ 1330.785968][ T7367] hsr_slave_1: left promiscuous mode
[ 1330.793705][ T7367] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1330.826079][ T7367] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1331.078696][T17478] netlink: 'syz.5.3650': attribute type 4 has an invalid length.
[ 1331.078710][T17478] netlink: 17 bytes leftover after parsing attributes in process `syz.5.3650'.
[ 1331.532381][ T7367] hsr_slave_0: left promiscuous mode
[ 1331.812932][ T7367] hsr_slave_1: left promiscuous mode
[ 1331.814220][ T7367] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1331.846732][ T7367] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1332.979515][T14197] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[ 1333.149126][T17491] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1333.157558][T17491] 9pnet_fd: Insufficient options for proto=fd
[ 1333.160092][T17491] vivid-002: disconnect
[ 1333.681205][T17488] vivid-002: reconnect
[ 1333.779470][T14197] usb 2-1: Using ep0 maxpacket: 8
[ 1333.782208][T14197] usb 2-1: config 32 has 1 interface, different from the descriptor's value: 2
[ 1333.782273][T14197] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1333.782301][T14197] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1333.782342][T14197] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice= 0.c7
[ 1333.782368][T14197] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1333.921063][ T7367] team0 (unregistering): Port device team_slave_1 removed
[ 1334.084260][ T7367] team0 (unregistering): Port device team_slave_0 removed
[ 1335.970237][ T7367] team0 (unregistering): Port device team_slave_1 removed
[ 1336.105871][T16653] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1336.112309][T16653] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1336.115116][T16653] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1336.116596][T16653] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1336.118519][T16653] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1336.270152][ T7367] team0 (unregistering): Port device team_slave_0 removed
[ 1336.694209][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1336.798628][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1336.980499][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1337.104549][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1337.408760][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1337.545105][T17232] hsr_slave_0: entered promiscuous mode
[ 1337.546559][T17232] hsr_slave_1: entered promiscuous mode
[ 1337.547513][T17232] debugfs: 'hsr0' already exists in 'hsr'
[ 1337.547538][T17232] Cannot create hsr debugfs directory
[ 1337.849384][T14197] usb 2-1: string descriptor 0 read error: -71
[ 1337.902484][T17518] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3661'.
[ 1337.925249][T14197] usb 2-1: USB disconnect, device number 123
[ 1337.937689][T17518] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3661'.
[ 1337.937721][T17518] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3661'.
[ 1338.000988][T17518] netlink: 830 bytes leftover after parsing attributes in process `syz.3.3661'.
[ 1338.265420][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1338.363752][   T61] Bluetooth: hci4: command tx timeout
[ 1338.557322][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1338.616575][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1338.691519][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1338.777790][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1339.138258][T17525] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1339.146784][T17525] 9pnet_fd: Insufficient options for proto=fd
[ 1339.149353][T17525] vivid-003: disconnect
[ 1339.260675][T17521] vivid-003: reconnect
[ 1339.564456][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1339.864102][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1339.937646][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1340.039542][T17533] netlink: 220 bytes leftover after parsing attributes in process `syz.1.3665'.
[ 1340.065125][T17533] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3665'.
[ 1340.074036][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1340.450583][   T61] Bluetooth: hci4: command tx timeout
[ 1340.529701][ T5789] usb 6-1: new full-speed USB device number 46 using dummy_hcd
[ 1340.676192][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1340.730880][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1340.749541][ T5789] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1340.749575][ T5789] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1340.773921][ T5789] usb 6-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[ 1340.773953][ T5789] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 1340.773975][ T5789] usb 6-1: Manufacturer: syz
[ 1340.803133][ T5789] usb 6-1: config 0 descriptor??
[ 1340.926723][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1341.094985][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1341.339558][T14197] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[ 1341.470808][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1341.542941][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1341.544829][T14197] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1341.544907][T14197] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1341.544928][T14197] usb 2-1: Product: syz
[ 1341.544944][T14197] usb 2-1: Manufacturer: syz
[ 1341.544959][T14197] usb 2-1: SerialNumber: syz
[ 1342.022564][T17549] netlink: 'syz.3.3669': attribute type 4 has an invalid length.
[ 1342.022584][T17549] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3669'.
[ 1342.188575][T17506] chnl_net:caif_netlink_parms(): no params data found
[ 1342.206229][T14197] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[ 1342.206291][T14197] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO
[ 1342.235754][T14197] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[ 1342.240113][T14197] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1342.246830][T14197] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1342.354911][T14197] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71
[ 1342.407997][T14197] usb 2-1: USB disconnect, device number 124
[ 1342.562082][   T61] Bluetooth: hci4: command tx timeout
[ 1342.664448][T17553] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3670'.
[ 1342.826407][ T5789] usbhid 6-1:0.0: can't add hid device: -71
[ 1342.826527][ T5789] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1342.854294][ T5789] usb 6-1: USB disconnect, device number 46
[ 1343.169494][T14197] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[ 1343.182024][T17506] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1343.182203][T17506] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1343.182419][T17506] bridge_slave_0: entered allmulticast mode
[ 1343.185260][T17506] bridge_slave_0: entered promiscuous mode
[ 1343.189067][T17506] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1343.189207][T17506] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1343.189689][T17506] bridge_slave_1: entered allmulticast mode
[ 1343.192520][T17506] bridge_slave_1: entered promiscuous mode
[ 1343.269508][ T5983] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[ 1343.332156][T14197] usb 4-1: Using ep0 maxpacket: 8
[ 1343.334548][T14197] usb 4-1: config 32 has 1 interface, different from the descriptor's value: 2
[ 1343.334603][T14197] usb 4-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1343.334629][T14197] usb 4-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1343.334666][T14197] usb 4-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice= 0.c7
[ 1343.334688][T14197] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1343.471385][ T5983] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1343.471417][ T5983] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1343.471477][ T5983] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[ 1343.471491][ T5983] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1343.475480][ T5983] usb 2-1: config 0 descriptor??
[ 1343.496469][T17506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1343.563112][T17506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1343.890391][T17506] team0: Port device team_slave_0 added
[ 1343.971167][T17506] team0: Port device team_slave_1 added
[ 1344.340331][ T5983] hid-led 0003:27B8:01ED.0010: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.1-1/input0
[ 1344.466558][T17232] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1344.491977][ T5983] hid-led 0003:27B8:01ED.0010: ThingM blink(1) initialized
[ 1344.523032][T17506] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1344.523136][T17506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1344.523194][T17506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1344.609566][   T61] Bluetooth: hci4: command tx timeout
[ 1344.930608][T17232] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1345.089230][T17506] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1345.089248][T17506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1345.089502][T17506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1345.139509][T17232] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1345.407119][T17576] netlink: 'syz.5.3676': attribute type 12 has an invalid length.
[ 1345.457817][T13571] usb 2-1: USB disconnect, device number 125
[ 1346.432011][T17232] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1346.434882][T14197] usb 4-1: string descriptor 0 read error: -71
[ 1346.493088][T14197] usb 4-1: USB disconnect, device number 107
[ 1346.555345][T17587] netlink: 'syz.5.3678': attribute type 4 has an invalid length.
[ 1346.555365][T17587] netlink: 17 bytes leftover after parsing attributes in process `syz.5.3678'.
[ 1346.999467][T14197] usb 4-1: new low-speed USB device number 108 using dummy_hcd
[ 1347.007901][T17605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3681'.
[ 1347.158025][T17506] hsr_slave_0: entered promiscuous mode
[ 1347.158958][T17506] hsr_slave_1: entered promiscuous mode
[ 1347.161495][T17506] debugfs: 'hsr0' already exists in 'hsr'
[ 1347.161521][T17506] Cannot create hsr debugfs directory
[ 1347.183405][T14197] usb 4-1: device descriptor read/64, error -71
[ 1347.429395][T14197] usb 4-1: new low-speed USB device number 109 using dummy_hcd
[ 1347.559562][T14197] usb 4-1: device descriptor read/64, error -71
[ 1347.669735][T14197] usb usb4-port1: attempt power cycle
[ 1348.011021][T14197] usb 4-1: new low-speed USB device number 110 using dummy_hcd
[ 1348.013267][ T7367] bridge_slave_1: left allmulticast mode
[ 1348.013294][ T7367] bridge_slave_1: left promiscuous mode
[ 1348.013548][ T7367] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1348.023082][T17619] 9pnet_fd: Insufficient options for proto=fd
[ 1348.059092][T14197] usb 4-1: device descriptor read/8, error -71
[ 1348.110374][ T7367] bridge_slave_0: left allmulticast mode
[ 1348.110394][ T7367] bridge_slave_0: left promiscuous mode
[ 1348.110586][ T7367] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1348.339504][T14197] usb 4-1: new low-speed USB device number 111 using dummy_hcd
[ 1348.360153][T14197] usb 4-1: device descriptor read/8, error -71
[ 1348.469876][T14197] usb usb4-port1: unable to enumerate USB device
[ 1348.500022][ T7367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1348.580069][ T7367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1348.654677][ T7367] bond0 (unregistering): Released all slaves
[ 1348.895074][T17232] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1348.948830][T17232] 8021q: adding VLAN 0 to HW filter on device team0
[ 1349.029541][T14197] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[ 1349.052059][ T7357] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1349.052219][ T7357] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1349.179408][T14197] usb 6-1: Using ep0 maxpacket: 8
[ 1349.182615][T14197] usb 6-1: config 32 has 1 interface, different from the descriptor's value: 2
[ 1349.182653][T14197] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1349.182668][T14197] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1349.182691][T14197] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice= 0.c7
[ 1349.182703][T14197] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1349.224711][ T7367] hsr_slave_0: left promiscuous mode
[ 1349.243090][ T7367] hsr_slave_1: left promiscuous mode
[ 1349.244029][ T7367] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1349.280355][ T7367] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1349.409474][ T5789] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[ 1349.571551][ T5789] usb 2-1: Using ep0 maxpacket: 16
[ 1349.585123][ T5789] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1349.585555][ T5789] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1349.585590][ T5789] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1349.605377][ T5789] usb 2-1: config 0 descriptor??
[ 1350.027178][T17628] netlink: 428 bytes leftover after parsing attributes in process `syz.3.3689'.
[ 1350.224785][ T5789] mcp2221 0003:04D8:00DD.0011: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[ 1350.449801][ T7367] team0 (unregistering): Port device team_slave_1 removed
[ 1350.829381][ T5789] usb 2-1: USB disconnect, device number 126
[ 1350.920870][ T7367] team0 (unregistering): Port device team_slave_0 removed
[ 1351.594715][T17636] Option 'wf™§¡\Ú}é|¨' to dns_resolver key: bad/missing value
[ 1351.604327][T17636] 9pnet_fd: Insufficient options for proto=fd
[ 1351.607905][T17636] vivid-003: disconnect
[ 1352.059557][T17633] vivid-003: reconnect
[ 1352.511012][T14197] usb 6-1: string descriptor 0 read error: -71
[ 1352.615560][T14197] usb 6-1: USB disconnect, device number 47
[ 1352.801174][ T5882] usb 2-1: new full-speed USB device number 127 using dummy_hcd
[ 1352.929507][ T5882] usb 2-1: device descriptor read/64, error -71
[ 1353.051466][T15063] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1353.051550][T15063] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1353.055624][T17628] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3689'.
[ 1353.179475][ T5882] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[ 1353.298075][T17653] netlink: 'syz.3.3695': attribute type 4 has an invalid length.
[ 1353.298096][T17653] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3695'.
[ 1353.319434][ T5882] usb 2-1: device descriptor read/64, error -71
[ 1353.431306][ T5882] usb usb2-port1: attempt power cycle
[ 1353.820636][ T5882] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[ 1353.845860][ T5882] usb 2-1: device descriptor read/8, error -71
[ 1354.147985][ T5882] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[ 1354.174335][ T5882] usb 2-1: device descriptor read/8, error -71
[ 1354.279796][ T5882] usb usb2-port1: unable to enumerate USB device
[ 1354.313744][T17506] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1354.559226][T17506] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1354.623387][ T5882] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[ 1354.708311][T17506] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1354.771902][ T5882] usb 4-1: device descriptor read/64, error -71
[ 1354.776326][T17506] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1354.807648][T17232] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1355.009456][ T5882] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[ 1355.062922][T17506] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1355.105141][T17506] 8021q: adding VLAN 0 to HW filter on device team0
[ 1355.139791][ T5882] usb 4-1: device descriptor read/64, error -71
[ 1355.141523][ T7371] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1355.141846][ T7371] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1355.162807][ T7371] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1355.162943][ T7371] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1355.256129][ T5882] usb usb4-port1: attempt power cycle
[ 1355.290410][T17232] veth0_vlan: entered promiscuous mode
[ 1355.308441][T17232] veth1_vlan: entered promiscuous mode
[ 1355.371864][T17232] veth0_macvtap: entered promiscuous mode
[ 1355.377277][T17232] veth1_macvtap: entered promiscuous mode
[ 1355.407984][T17232] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1355.429194][T17232] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1355.449643][ T5983] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1355.472900][ T7357] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1355.474689][ T7357] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1355.476185][ T7357] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1355.484053][ T7357] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1355.599451][ T5983] usb 6-1: Using ep0 maxpacket: 8
[ 1355.601987][ T5983] usb 6-1: config 32 has 1 interface, different from the descriptor's value: 2
[ 1355.602047][ T5983] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1355.602077][ T5983] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1355.602116][ T5983] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice= 0.c7
[ 1355.602141][ T5983] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1355.620051][ T5882] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[ 1355.650604][ T5882] usb 4-1: device descriptor read/8, error -71
[ 1355.900118][T13488] ------------[ cut here ]------------
[ 1355.900131][T13488] kernel BUG at net/ipv6/route.c:1473!
[ 1355.901758][T13488] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 1355.901786][T13488] CPU: 1 UID: 0 PID: 13488 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1355.901812][T13488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1355.901825][T13488] Workqueue: wg-crypt-wg1 wg_packet_tx_worker
[ 1355.901852][T13488] RIP: 0010:ip6_pol_route+0x117d/0x1180
[ 1355.901880][T13488] Code: ab f8 e9 f4 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fb ff ff 48 89 df e8 de 15 ab f8 e9 f6 fa ff ff e8 c4 5c 49 f8 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e
[ 1355.901894][T13488] RSP: 0018:ffffc900059173c0 EFLAGS: 00010293
[ 1355.901908][T13488] RAX: ffffffff8975609c RBX: ffff888126ef7000 RCX: ffff88802f053c00
[ 1355.901923][T13488] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1355.901934][T13488] RBP: ffffc900059174d0 R08: ffffe8ffffd3d67f R09: 1ffffd1ffffa7acf
[ 1355.901947][T13488] R10: dffffc0000000000 R11: fffff91ffffa7ad0 R12: ffff888030b0a780
[ 1355.901962][T13488] R13: ffffffff89755082 R14: dffffc0000000000 R15: 0000607ed8e46678
[ 1355.901977][T13488] FS:  0000000000000000(0000) GS:ffff888126ef7000(0000) knlGS:0000000000000000
[ 1355.901993][T13488] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1355.902006][T13488] CR2: 000000110c25563c CR3: 000000005bab6000 CR4: 00000000003526f0
[ 1355.902023][T13488] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1355.902034][T13488] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1355.902047][T13488] Call Trace:
[ 1355.902055][T13488]  <TASK>
[ 1355.902062][T13488]  ? rcu_is_watching+0x15/0xb0
[ 1355.902079][T13488]  ? ip6_pol_route+0x162/0x1180
[ 1355.902103][T13488]  ? __pfx_ip6_pol_route+0x10/0x10
[ 1355.902132][T13488]  fib6_rule_lookup+0x1fc/0x6f0
[ 1355.902150][T13488]  ? __pfx_ip6_pol_route_output+0x10/0x10
[ 1355.902173][T13488]  ? __pfx_fib6_rule_lookup+0x10/0x10
[ 1355.902190][T13488]  ? ip6_route_output_flags+0x2e/0x5d0
[ 1355.902210][T13488]  ip6_route_output_flags+0x364/0x5d0
[ 1355.902225][T13488]  ? ip6_route_output_flags+0x2e/0x5d0
[ 1355.902243][T13488]  ip6_dst_lookup_tail+0x299/0x1510
[ 1355.902266][T13488]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[ 1355.902285][T13488]  ? __ipv6_chk_addr_and_flags+0x187/0x7f0
[ 1355.902309][T13488]  ? __ipv6_chk_addr_and_flags+0x68f/0x7f0
[ 1355.902328][T13488]  ? __ipv6_chk_addr_and_flags+0x187/0x7f0
[ 1355.902352][T13488]  ip6_dst_lookup_flow+0x47/0xe0
[ 1355.902370][T13488]  ? __pfx_ip6_dst_lookup_flow+0x10/0x10
[ 1355.902388][T13488]  send6+0x4ce/0x8d0
[ 1355.902405][T13488]  ? rt_read_lock+0x203/0x490
[ 1355.902423][T13488]  ? send6+0x220/0x8d0
[ 1355.902442][T13488]  ? __pfx_send6+0x10/0x10
[ 1355.902459][T13488]  ? rcu_is_watching+0x15/0xb0
[ 1355.902480][T13488]  ? wg_socket_send_skb_to_peer+0x59/0x200
[ 1355.902498][T13488]  wg_socket_send_skb_to_peer+0x128/0x200
[ 1355.902519][T13488]  wg_packet_tx_worker+0x1c8/0x7c0
[ 1355.902538][T13488]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1355.902560][T13488]  ? process_scheduled_works+0x9ef/0x17b0
[ 1355.902581][T13488]  process_scheduled_works+0xae1/0x17b0
[ 1355.902609][T13488]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1355.902635][T13488]  worker_thread+0x8a0/0xda0
[ 1355.902655][T13488]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1355.902680][T13488]  ? __kthread_parkme+0x7b/0x200
[ 1355.902704][T13488]  kthread+0x711/0x8a0
[ 1355.902728][T13488]  ? __pfx_worker_thread+0x10/0x10
[ 1355.902745][T13488]  ? __pfx_kthread+0x10/0x10
[ 1355.902766][T13488]  ? rt_spin_unlock+0x150/0x200
[ 1355.902785][T13488]  ? rt_spin_unlock+0x161/0x200
[ 1355.902802][T13488]  ? __pfx_kthread+0x10/0x10
[ 1355.902826][T13488]  ret_from_fork+0x4bc/0x870
[ 1355.902846][T13488]  ? __pfx_ret_from_fork+0x10/0x10
[ 1355.902869][T13488]  ? __switch_to_asm+0x39/0x70
[ 1355.902887][T13488]  ? __switch_to_asm+0x33/0x70
[ 1355.902905][T13488]  ? __pfx_kthread+0x10/0x10
[ 1355.902928][T13488]  ret_from_fork_asm+0x1a/0x30
[ 1355.902953][T13488]  </TASK>
[ 1355.902965][T13488] Modules linked in:
[ 1355.902997][T13488] ---[ end trace 0000000000000000 ]---
[ 1355.904996][T13488] RIP: 0010:ip6_pol_route+0x117d/0x1180
[ 1355.905035][T13488] Code: ab f8 e9 f4 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fb ff ff 48 89 df e8 de 15 ab f8 e9 f6 fa ff ff e8 c4 5c 49 f8 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e
[ 1355.905052][T13488] RSP: 0018:ffffc900059173c0 EFLAGS: 00010293
[ 1355.905070][T13488] RAX: ffffffff8975609c RBX: ffff888126ef7000 RCX: ffff88802f053c00
[ 1355.905086][T13488] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1355.905099][T13488] RBP: ffffc900059174d0 R08: ffffe8ffffd3d67f R09: 1ffffd1ffffa7acf
[ 1355.905445][T13488] R10: dffffc0000000000 R11: fffff91ffffa7ad0 R12: ffff888030b0a780
[ 1355.905462][T13488] R13: ffffffff89755082 R14: dffffc0000000000 R15: 0000607ed8e46678
[ 1355.905478][T13488] FS:  0000000000000000(0000) GS:ffff888126ef7000(0000) knlGS:0000000000000000
[ 1355.905494][T13488] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1355.905508][T13488] CR2: 000000110c25563c CR3: 00000000279d4000 CR4: 00000000003526f0
[ 1355.905527][T13488] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1355.905539][T13488] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1355.905738][T13488] Kernel panic - not syncing: Fatal exception in interrupt
[ 1355.906016][T13488] Kernel Offset: disabled