last executing test programs:

10.627503846s ago: executing program 0 (id=2513):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x68}, 0x8080)
madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x19)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x8943, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$usbfs(0x0, 0x6, 0x142)
ioctl$USBDEVFS_CLAIM_PORT(r3, 0x80045518, &(0x7f0000000240)=0x8)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r2, 0x80489439, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffff7fffffffe, 0x0, 0x2}, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \'CD Capture\' 8'], 0x86)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r5, r4, 0x80000)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_int(r6, 0x29, 0x46, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f00000000c0), 0x12)
r9 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r9, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0022240000002b1bde2188166048b361c310773b71be180567070004008300000000926bd1274cdc9522"], 0x0}, 0x0)

9.08070238s ago: executing program 4 (id=2514):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x300000a, 0x12, r1, 0x0)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
r4 = epoll_create1(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r4, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000200)=[{r7, 0x1}], 0x1, 0x0, 0x0, 0x3)
close_range(r3, r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x17)

8.870533788s ago: executing program 3 (id=2515):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x80)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000100))
r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r3, 0x80045017, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r4, 0x400c4150, &(0x7f00000004c0)={0x0, 0x0}) (fail_nth: 1)

8.416514283s ago: executing program 3 (id=2516):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x15c}}, 0x0)
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = userfaultfd(0x80001)
set_mempolicy(0x4005, 0x0, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
quotactl$Q_GETFMT(0xffffffff80000401, 0x0, 0x0, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0xc], 0x8000000, 0x2010d3})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000200)="440f20c0350b000000440f22c0360f09c4217d700c9d0000000028b8010000000f01c166b82e000f00d80f20d835080000000f22d82e0f019885000000b9b1060000b86f8d0000ba0000000066b8b5008ec036363ef3420f51a600000000b9e30b0000b8f233278fba000000000f30", 0x6f}], 0x1, 0x13, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth1_to_team\x00'})

8.276587607s ago: executing program 2 (id=2517):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0xfffffffe, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080), 0x1)
sendto$inet6(r0, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000007c0)="87", 0x1, 0x4000, 0x0, 0xfffffffffffffe00)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe)
shutdown(0xffffffffffffffff, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
fstat(r2, 0x0)
setreuid(0x0, 0x0)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x400}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2000ffe8000a030000000000600000000700fffc0900010073797a30000000004c020000050a01010000000000000000050000090b00070066696c74657200002a000c00cc797053278d91f71612e103f4871653df8b4e1cb4454d9d40e9308ed49159274082b22db7a40000e9000c00694ae78011c1b38fe887ca20e4ee802d15d71fa5dc682ced539c3671379992502212333f7b3f5f0c0066daaf7221012a5bf448fde71124d1402e4e1d559664527982bf2380e1ce038a0383f8579c055b0c19994b9f1f57ea1cbbf328af557187c9076446bf0b34fea2034b7b0b3c98082b9be3f6b0b8790832169c469ac5fc1583eaf3a8d551df504cb7d531e89315daf46e41246b315aa719b9c52ff5d4565573765510790734550e420825bff9788c8fe243d6074454524e58e00bc87c98382c7e1c8eb0a66a8b683aff3e85b58e0e060635a13e767b7ef8cc0fe7ab33551881a1d5f5b4640f5f479a0000000900010073797a3100000000da000c005eb32748706b1734dfa0132d455f68d1087d007d5cd2d535d1dcaf652bbd51d2eeb1ea74a269aacab3861932157a807d9059042e1677f9b6a5aa601afaa7a91d3ad91e7821559d47556a53531c56699a998b20d2dbcd52a4ecb250d7d7a06701c0cdbe8170e3d119c55c245122b59d5ec340557a9a613d6d1ffcacc1dd5b898f73449b241d6f51a37b4366073cd330ee61a99f6ee9eac9f23eb26c42b11db99015b8804ab55badc98f72d20cf99abb7210275132442746b6b6da7ca73de37af2c7fe91ec6da6b98e8518d91f36f73e898007d87b05e6000008000a400000000108000b4000000004100008800c00014000000000000000040a000700726f757465000000140000001000010000000000000000000084000a48ad6048d0ca50b2d0aacc107325a5bdf9873ab78b6522"], 0x294}}, 0x20050800)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x109301)
ioctl$USBDEVFS_BULK(r5, 0xc0185502, &(0x7f0000000180)={{{0x1, 0x1}}, 0x1f, 0x6, 0x0})
quotactl_fd$Q_GETINFO(r5, 0xffffffff80000501, 0x0, &(0x7f0000000240))
sendto$inet6(r0, &(0x7f0000000140)="87", 0x1, 0x0, 0x0, 0x0)

8.214600106s ago: executing program 4 (id=2518):
r0 = syz_open_dev$video4linux(&(0x7f0000000140), 0x7, 0x40800)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x2b00, 0xfffc, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
ioctl$VIDIOC_QUERY_DV_TIMINGS(r0, 0x80845663, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0x9)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="580000000206010300000000000000000000000005000400000000000900020073797a31000000000500010007000000050005000a00000014000780080011400000000005001500020000000c000300686173683a697000a5f3d146db8ea74ca18253fac877d341b7dd3d3af70a007e"], 0x58}}, 0x0)
sendto$inet(r3, &(0x7f0000000440)="39be349b5f6e33a81929df222b5f7795df4a88cd4a520395283f53e1a8a0a57533f02e7b292c16877085659643e843088acd331f02784ec065433d6bbfa57cd6376a103bf6f91ea33de48b9ec0f28b5e688ac59249840cd055870741b2105cd02933efb990e23d8acd75dcdc0d816eadda08a22b5051bce1dcbbeaf69e1eb27a7bf381ed4fe23c91b7fe21218c2337c1e955b135eb8aea25051d31552f1f1cb3cc3ec34264296d7a4a69f67a6a1e40cfefcad226737744", 0xb7, 0x0, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
set_thread_area(&(0x7f00000001c0)={0x3, 0x0, 0x400, 0x0, 0x1})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x6c, 0x2c, 0xd27, 0x30bd29, 0x25dddc00, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}, {0x0, 0x17}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x38, 0x2, [@TCA_MATCHALL_ACT={0x34, 0x2, [@m_gact={0x30, 0x4, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x20046040)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
madvise(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x65)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00', @ANYRES16=r7, @ANYBLOB="01000300000000000000330000000e0001006e657464655673696d0000000f0002006e65746d657673696d30000008008e0000000000"], 0x3c}}, 0x20000040)

7.244383916s ago: executing program 0 (id=2520):
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r0 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x200}, 0x0)
prlimit64(0xffffffffffffffff, 0x8, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x18557f, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f0000000300)={{@host, 0xd}, 0x1})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
fsopen(&(0x7f0000000300)='binfmt_misc\x00', 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_int(r4, 0x6, 0x19, &(0x7f0000002300)=0xa, 0x4)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000022c0)={'#! ', './file0'}, 0xb)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_disconnect(0xffffffffffffffff)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0xffef}, [@NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x34, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd4}}, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x93a, 0x8002, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x80, 0x4, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x2, 0x9, {0x9, 0x21, 0x8, 0x5, 0x1, {0x22, 0x967}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x3, 0x9, 0x1}}}}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000500)={0xa, 0x6, 0x200, 0xf, 0x34, 0xa, 0x10, 0x6}, 0x19, &(0x7f00000000c0)={0x5, 0xf, 0x19, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xb, 0x8, 0x2, 0xbfd0}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x7, 0x2, 0x62a7}]}, 0x6, [{0x0, 0x0}, {0x2, 0x0}, {0x3e, &(0x7f0000000340)=@string={0x3e, 0x3, "baf570e187e9fa4c8f9632df9ae2276ac6b20e9dde6c6353adae892f2e8f48543b0b8288d6bccef028d9c45e0d0dbd4789b1665b3fcbc0b35f3ded92"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x441}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x41d}}, {0x44, &(0x7f0000000400)=@string={0x44, 0x3, "eb2b468f93d8201851aa4cc5b7925501962fb28a3eeea424c69316a40664151d3672f93c72fd04806ec6c4f16cdb7635d2288bc4d1893d50769bc50e99f1c1282703"}}]})
socket$netlink(0x10, 0x3, 0x0)
pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))

7.070369533s ago: executing program 2 (id=2521):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xf803, 0x10100}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x0)
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x800)
r5 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(r5, 0x0, 0x0)
write$FUSE_INIT(r5, 0x0, 0x0)
syz_fuse_handle_req(r5, 0x0, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, 0x0, 0x109081, 0x64)
syz_fuse_handle_req(r5, 0x0, 0x0, 0x0)
fcntl$lock(r6, 0x5, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
socketpair$unix(0x1, 0x5, 0x0, 0x0)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x12)
poll(0x0, 0x0, 0xffffffffffbffff8)
prctl$PR_SET_FPEXC(0xc, 0x1)
socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x14, 0x2, 0x6, 0x801}, 0x14}}, 0xd4)
socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000e40), 0x40080, 0x0)
r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r7, 0x402, 0x8)
mknod(&(0x7f0000000040)='./file0\x00', 0x1, 0x0)

6.991929824s ago: executing program 4 (id=2522):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f00000000c0)=0x81)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000540)={0x0, 0xfffffffd, 0x10100}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x10, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9, 0x1, "000000fd80"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xd0}}, 0x0)
syz_open_dev$rtc(&(0x7f00000004c0), 0x0, 0x0)
r6 = syz_io_uring_setup(0x1e1e, &(0x7f0000000600)={0x0, 0x86f7, 0x10100, 0x10000, 0x3a9}, &(0x7f0000002000)=<r7=>0x0, &(0x7f0000000000)=<r8=>0x0)
syz_io_uring_submit(r7, r8, 0x0)
io_uring_enter(r6, 0x48e9, 0x0, 0x2, 0x0, 0x0)
r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r9, 0x0, 0x3, &(0x7f0000000080), 0x2)
r10 = accept4$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14, 0x80000)
setsockopt$packet_rx_ring(r10, 0x107, 0x5, &(0x7f00000005c0)=@req={0x7, 0x896, 0x6, 0x7}, 0x10)
io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, &(0x7f00000002c0)={0x9b0000, 0x0, 0xff, 0xffffffffffffffff, 0x0, &(0x7f0000000240)={0xa20933, 0xba3b, '\x00', @value=0x3}})
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000340)={{0xffffffff, 0x5, 0x0, 0xfffffffc, 'syz0\x00'}, 0x2, 0x2, 0x5, 0x0, 0x0, 0xff, 'syz0\x00', 0x0})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
r11 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x80800)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000300)={0xc4, 0x4f, 0x8d, 0x9, 0xfc, 0xfe, 0x7, 0xb, 0x8, 0x7, 0x4, 0x75, 0x4, 0x3}, 0xe)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r11, 0xc1205531, &(0x7f0000000340)={0x700, 0x7, 0x0, 0x8002, '\x00', '\x00', '\x00', 0x4, 0xfffffffe, 0x100, 0x0, "abd206a1ebd7cedfd17ebd65400ed41b"})
r12 = socket$netlink(0x10, 0x3, 0x8000000004)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000))
writev(r12, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff000000000000000458000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)
socket$isdn(0x22, 0x3, 0x24)

6.036495776s ago: executing program 1 (id=2523):
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0x1d00d000)
r0 = userfaultfd(0x80801)
r1 = socket(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000086255608c6051292834701020301090224000300000000090b1e0000fc05410009040000004624d0000904ea0000ff"], 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
cachestat(r2, &(0x7f0000000040)={0x19}, 0x0, 0x20)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x700})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
r3 = userfaultfd(0x80801)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc2c45512, &(0x7f0000000640)={{0xb, 0x2, 0x81, 0x5, 'syz1\x00', 0xb}, 0x0, [0x2, 0x10e8af, 0x1, 0xcc0, 0xe, 0x101, 0x80, 0xa6da, 0x2, 0x1, 0x10000009, 0x8, 0x8, 0xfffefff7, 0x8, 0x10, 0x10000005, 0x4, 0x40f, 0x1080, 0x962, 0x2, 0x1, 0x400, 0x7fffffff, 0xc360, 0x80000001, 0x6, 0x60e3, 0x8a81, 0x10000008, 0x10000, 0x7, 0x9, 0x107430, 0x2, 0x2, 0x60a, 0x1, 0x3, 0x8, 0x5, 0x8001, 0x8, 0x9, 0x1, 0x2, 0x0, 0xffff1688, 0x2, 0x0, 0x4, 0x9000, 0xe93, 0x4, 0x7ff, 0x7, 0x81, 0x50a, 0x0, 0x6, 0x7ff, 0x1000, 0xffffffff, 0xfffffffc, 0x5, 0x7a, 0x2, 0x9, 0x2, 0x3, 0x7, 0x1000ac, 0x7, 0x7, 0x4, 0x8000, 0x9, 0x4, 0x7, 0x10, 0x7, 0x5, 0x0, 0x0, 0x40, 0x2, 0x8000, 0xfff, 0x3, 0x3b9, 0x6, 0x100004, 0x4660917f, 0x487d, 0x8000, 0x1, 0x5, 0x3, 0x0, 0x5, 0x4, 0xe, 0x1, 0x2cd, 0x9, 0xc, 0x4, 0x1, 0x2, 0x3ce, 0xa, 0x8, 0x9, 0x0, 0x106, 0xfffffff7, 0xffffbf90, 0x0, 0x7, 0x2, 0x0, 0x7, 0xa, 0x809, 0xffffffff, 0x73938332, 0x7763]})
syz_usb_connect(0x5, 0x2d, &(0x7f0000000100)={{0x12, 0x1, 0x220, 0xad, 0x7a, 0xed, 0x8, 0x1901, 0x193, 0xc816, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x7, 0x55, 0xe0, 0x5, [{{0x9, 0x4, 0xe6, 0xfe, 0x1, 0xd0, 0x92, 0xf7, 0x5a, [], [{{0x9, 0x5, 0xf, 0x2, 0x0, 0x2, 0x9, 0x5}}]}}]}}]}}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0})
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})

5.983459889s ago: executing program 2 (id=2524):
socket$kcm(0x10, 0x0, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x14, 0x0, 0x1, 0x0, 0x0, {0x3}}, 0x14}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x1c1900, 0x0)
r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x3, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000200)="0fa20367553f46836b4876477500c71a66ba4100edb9800000c00f320f4285a15a00000f30420f017805450f0866b8af008ed86446d8e4b8010000000f01d9", 0x3f}], 0x1, 0x20, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000000)=ANY=[])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x18, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, @mcast2, {[@routing={0x84, 0x2, 0x1, 0x5, 0x0, [@mcast2]}]}}}}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
dup(r3)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x20b, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x9}]}], {0x14}}, 0x64}}, 0x0)
ioctl$EXT4_IOC_GETSTATE(r3, 0x40046629, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r6 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000380)={0x300a, r5}, 0x0)
landlock_restrict_self(r6, 0x0)
symlinkat(&(0x7f0000000000)='./file1/file4/file7/file6\x00', r5, &(0x7f0000000200)='./file0\x00')
link(&(0x7f0000000440)='./file0\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r7 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="8500000005000000350000000000000085000000050000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0xa0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x27}, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r7, 0x0, 0xe, 0x0, &(0x7f0000000380)="07b0f148ff6b6017620000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f00000001c0))

5.94675801s ago: executing program 3 (id=2525):
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='environ\x00')
close(0x3)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)="290000001e00190f00003fffffffda060200000000e80001dd0008040d000800250000000005000000", 0x29}], 0x1)
readv(r0, &(0x7f0000001440)=[{&(0x7f0000000040)=""/20, 0x5}, {0x0, 0x2}], 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000140)=[{0x6, 0x7, 0x0, 0x7fff0000}]})
r4 = fanotify_init(0x200, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x8800, 0x0, 0x40)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="180000001114200027bd700003000020aff6246c1197c2c3b70c7253e84cfdc61c4175577a529bc595d8a8d1725731198d02640f7184866824aac10c8ec2e8097695dc0edcb84c6f23fbb2be8d84b43a2e93270e511e53a4a935b60c43968eabccf5e116b25b796d8b24b606c35eb7b7dd681f6e20b9b039dcd5f5476528f601ed58d82993969d3e4525225bec"], 0x18}, 0x1, 0x0, 0x0, 0x48000}, 0x20040040)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0}}, 0x0)
fanotify_mark(r4, 0x1, 0x48000018, r3, 0x0)
syz_usb_connect(0x5, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="120110031fcd1b08cf100355af750102030109022d0002080910030904180202b41d3f0109050e0300000207010905850320"], &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0})
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000000c0)=0x1)
r6 = memfd_secret(0x80000)
getsockname$l2tp6(r6, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100))
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="316737b68a51703e01678e8afca026026249e5e2dc6ca12ccb88b04bab579f95b709075e51fe825baa75207c6c7d3d47babd3933813f1e4b4eaf81aa", @ANYRES16=r7, @ANYBLOB="0300"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x20000000)

5.920454159s ago: executing program 4 (id=2526):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x15c}}, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x80000, 0x0)
userfaultfd(0x80001)
set_mempolicy(0x4005, 0x0, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0)
prlimit64(0x0, 0x2, &(0x7f0000000100)={0x3, 0x3}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f00000001c0)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x21, 0x0)
syz_usbip_server_init(0x1)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x0, 0x1ce)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r5 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
socket$inet6_mptcp(0xa, 0x1, 0x106)

5.108427281s ago: executing program 2 (id=2527):
syz_usb_connect(0x3, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB], 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$inet6(0xa, 0x400000000001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6d3a3068091d62b58999e0a046f9509cb8ddc2a9ad4e0f1f85e5f076218b4b931acdff0c34fc5bdbad17ec481f1c9b17727c14e053e315d0d8d03c24ddaba65c5ce5b1aa04d1f767e25662b155d49460ec720d54044ac2856c11407835f341e2614bcae270000000001000000df7f736aab5d713240b2f40ec7be8251eba969686b2670ddc1a84df6ab12ab3e0cf8747837062233935704ebbd943ef0c5fef29513c7c1d6d2611796dccb45bdfd9e6533ad3574be5b9ea70e0c3b41a32067c03f5f8ed147cd0655c90d656f66eaed18a3c284c4f19417b5d91431759356db5d45ea40c9866957105b6252b0c028c672049ce163126f143f5758faf2a43f4c4f45a69b4e9113f85ae531085c11c75edbdee5af454757cdaff396c15ab9b210c202ffaea96d1bac60c6d6c56a4babc659858789bd479334e13e1c7876f95429431e61400815788c1397b260600d78e7513c58d9ac9474d392cc06f789753e1e7ebf5f1b55e2a64b9150c6580bf48e7bff763034801cccf403108d127b959ffc425a563ea2b90fbe779fd7d2ebfe94"], &(0x7f0000000280)='GPL\x00'}, 0x48)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
socket$pptp(0x18, 0x1, 0x2)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

4.636739003s ago: executing program 1 (id=2528):
r0 = socket(0x1e, 0x4, 0x0)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=<r1=>0x0)
capget(&(0x7f0000000100)={0x19971634, r1}, &(0x7f0000000140)={0x7fff, 0x2, 0x7f, 0x9fa8, 0x400, 0x3})
r2 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_ringparam={0x9, 0x0, 0x200008a, 0x0, 0x0, 0x2000000}})
connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r0, &(0x7f0000004400), 0x400000000000203, 0x0)
connect$tipc(r0, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x2, {0x41, 0xfffffffe, 0x4}}, 0x10)

4.550383541s ago: executing program 1 (id=2529):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r3, &(0x7f0000000300)=ANY=[@ANYBLOB='decodes m'], 0xf)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$int_in(r4, 0x5452, &(0x7f0000000180)=0x401)
listen(r4, 0x0)
shutdown(r4, 0x0)
sendmsg$TCPDIAG_GETSOCK(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x4c, 0x12, 0x4, 0x70bd27, 0x4, {0x21, 0x5d, 0x8, 0x1, {0x4e20, 0x4e23, [0x0, 0x32, 0x400, 0x3ff], [0x5, 0xfffffffc, 0x6, 0x3ff], 0x0, [0x0, 0xfffffe3f]}, 0x80000000, 0xcf}}, 0x4c}, 0x1, 0x0, 0x0, 0x404c080}, 0x20041002)
io_setup(0x2007, &(0x7f0000000200)=<r5=>0x0)
r6 = eventfd2(0x0, 0x800)
r7 = openat$vicodec0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$BTRFS_IOC_SPACE_INFO(r7, 0xc0109414, &(0x7f0000001680)={0x3d5, 0x9, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
ioctl$VIDIOC_ENUMSTD(r7, 0xc0405619, &(0x7f0000001640)={0x5, 0xffffff, "008e06f5a58a381e6397687ee2fe24e41b647c05262643b7", {0xf, 0x8}, 0x9})
io_submit(r5, 0x1, &(0x7f0000000280)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0}])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
io_getevents(r5, 0x80004, 0x1, &(0x7f00000000c0)=[{}], 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x14, 0x2d, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x84)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
socket(0x11, 0x4, 0x6)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)={0x60, r9, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x60}}, 0x0)

4.260550952s ago: executing program 4 (id=2530):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x68}, 0x8080)
madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x19)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x8943, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$usbfs(0x0, 0x6, 0x142)
ioctl$USBDEVFS_CLAIM_PORT(r3, 0x80045518, &(0x7f0000000240)=0x8)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r2, 0x80489439, &(0x7f00000001c0))
sched_setattr(0x0, 0x0, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \'CD Capture\' 8'], 0x86)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r5, r4, 0x80000)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_int(r6, 0x29, 0x46, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f00000000c0), 0x12)
r9 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r9, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0022240000002b1bde2188166048b361c310773b71be180567070004008300000000926bd1274cdc9522"], 0x0}, 0x0)

4.160514763s ago: executing program 0 (id=2531):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0xfffffffe, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080), 0x1)
sendto$inet6(r0, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000007c0)="87", 0x1, 0x4000, 0x0, 0xfffffffffffffe00)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe)
shutdown(0xffffffffffffffff, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fstat(r2, 0x0)
setreuid(0x0, 0x0)
setsockopt$sock_linger(r1, 0x1, 0x3c, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x400}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2000ffe8000a030000000000600000000700fffc0900010073797a30000000004c020000050a01010000000000000000050000090b00070066696c74657200002a000c00cc797053278d91f71612e103f4871653df8b4e1cb4454d9d40e9308ed49159274082b22db7a40000e9000c00694ae78011c1b38fe887ca20e4ee802d15d71fa5dc682ced539c3671379992502212333f7b3f5f0c0066daaf7221012a5bf448fde71124d1402e4e1d559664527982bf2380e1ce038a0383f8579c055b0c19994b9f1f57ea1cbbf328af557187c9076446bf0b34fea2034b7b0b3c98082b9be3f6b0b8790832169c469ac5fc1583eaf3a8d551df504cb7d531e89315daf46e41246b315aa719b9c52ff5d4565573765510790734550e420825bff9788c8fe243d6074454524e58e00bc87c98382c7e1c8eb0a66a8b683aff3e85b58e0e060635a13e767b7ef8cc0fe7ab33551881a1d5f5b4640f5f479a0000000900010073797a3100000000da000c005eb32748706b1734dfa0132d455f68d1087d007d5cd2d535d1dcaf652bbd51d2eeb1ea74a269aacab3861932157a807d9059042e1677f9b6a5aa601afaa7a91d3ad91e7821559d47556a53531c56699a998b20d2dbcd52a4ecb250d7d7a06701c0cdbe8170e3d119c55c245122b59d5ec340557a9a613d6d1ffcacc1dd5b898f73449b241d6f51a37b4366073cd330ee61a99f6ee9eac9f23eb26c42b11db99015b8804ab55badc98f72d20cf99abb7210275132442746b6b6da7ca73de37af2c7fe91ec6da6b98e8518d91f36f73e898007d87b05e6000008000a400000000108000b4000000004100008800c00014000000000000000040a000700726f757465000000140000001000010000000000000000000084000a48ad6048d0ca50b2d0aacc107325a5bdf9873ab78b6522"], 0x294}}, 0x20050800)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x109301)
ioctl$USBDEVFS_BULK(r5, 0xc0185502, &(0x7f0000000180)={{{0x1, 0x1}}, 0x1f, 0x6, 0x0})
quotactl_fd$Q_GETINFO(r5, 0xffffffff80000501, 0x0, &(0x7f0000000240))
sendto$inet6(r0, &(0x7f0000000140)="87", 0x1, 0x0, 0x0, 0x0)

3.616814434s ago: executing program 1 (id=2532):
socket$inet(0x2, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r0, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@RTM_DELMDB={0x18, 0x55, 0x63837ba875575fe9, 0x70bda5, 0x25dfdbfe}, 0x18}, 0x1, 0x0, 0x0, 0x840}, 0x0) (fail_nth: 4)

3.136039629s ago: executing program 1 (id=2533):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f5, &(0x7f00000001c0)={'gretap0\x00', 0x0})
sched_setattr(0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x800000, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = syz_open_dev$vim2m(0x0, 0x1000, 0x2)
syz_open_dev$ptys(0xc, 0x3, 0x1)
setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, &(0x7f0000000000)={{0xfffffffe, 0x9}, 0x1}, 0x10)
times(&(0x7f0000000200))
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_DEL(r5, 0x0, 0x4000000)
write$tun(0xffffffffffffffff, &(0x7f0000001800)=ANY=[@ANYBLOB="00009200aaaaaaaaaaaaaaaaaaaaaa0c88a81000810023000004807e00db5f285798175a9fc9d18e94b9f3a5dbda4361203fb66713dd762e7429d40f274610d359b2c6d452a4c718b4f8a211d7c6240f7dfabad976a9aaaa0b0210851608bd98805f09e5d2545e2891e5c216e1cad40efbe4d6839527131ff1cd670e986069fd0cfcc7f69d9895112ac7c4d78ea63a5249f6a747f8ef80900cd096bd85af8f3f5c0e7c66bf05f5f92ed8305d17eed19f8a55439a395a555f39481c5da4a3344c51df2bfb95181801ddd335d9d4502568df000ba623bf05aeb1baa1c44580951ecd8cc16b9b2deadde0cf562381b0a3eb28c578591271b5dcc02d7c0bc6057f0303296b8c9bee8daea3f2e93fdfef7006179eff502ecdb41688ce38e30b895bfa77eec5a608599b34325d873173bbe7cf49a2287386a2009d4becbec17fcbf7cb992c38f85351daa5aee7ac35051fb425ad0ce460542e6f9a4112ada901ca069461c3f276beac870edee7c4746f32b889fd1ef4d206aa7e47bc92fd14bcde33fb5caaee3b61dd0e8a3eaab251a4a2c2f3d0143df93881a8a01b5c167254b44d0e0b3c913d3dce3a374e1a724301f1fd466ad8d3867b0eccb3cd9c6dc9086e220e6ca41e7c5b873540261616df445bc5ea633d5afb77c4be2ad705718b28c7434c92e6a6dcbecf80dd31daad105c1ca61912f524da3d978f8e4035910344331741f83f98debde2187aaaefa1cc181bfcf9f63cf8304189e11fb6b5c97b9bce445651ddd531f6f44d360cc9fd556c29303c6e466d490ec7de1d7566846497b09144fa9e5b1d1d346b77e41660d6b50fd93ce82932311b8ee8a706989f2af02f9d98a23fbfe877bf2b9dc4920cf4bb8ad7896bd4c0d0d1fdde25939c88ee11ce5b10211478949bd7391201b037d9eeff40543a13120219d80c82b312b9d997b4751ca697e98f9dff9a5c99be6dee3879c3cb09c61508e6e77946395f9f884bbf8a7ea673bda6dbda365d9890b24e94dd7d1df34328b3a46ea7260e8d25af40ae58d2e72b33f8940cd6e8f19cdcff31631a8c423a2e9ecb3f5f8dadc89732bfeb5b03278e5be3df3291bd677092a9f215d2a1973bdad237124251c3c64c46704c674dd822388e48598abef3eb8e9dccc03623575c84f8f1fca3fff1ad8e43d50247fec92fb20976f8a5bfedcc8a05143a9cba0a73f76e8fd3102ba5612127dc3513dd6653b5ce20a83c8b99efd87f1a6035b437a18feeb62bd6b36cfc76177e16854f77317ac9296c3211821bcefbaaf89ea5b34a87fe379b7585ffc071b7a4e6cbd980730b6553f37eba6a5f47bff94cd923288af73dbe0c99db6e46676fb83e0e248ffb3cd4b46ef5572dfed30fbb0448879c9a45c4505921f3ef95a56e2dc7d9d9c8e17f8a91b2f9e5d1c0dfc95103a128e724246b793cadf145080e31b37f7125c9d4776b6d0677aea71f0b9824bd32c6dcfb15d7f2ace55f59d43a9b1814243f46b5b835596d536867d9a691a13637cb8b331eaf52078462c36577b7650f0cc90afd3843c772d9d4d99ebeea5f7c1b59f4ed09efa10687e5f47ecfce382c7c95faa250b451a74eba1b472e3a42d82e0a195e84f65701c8f341626a734d5eb786920cd385e30462e27d6a52e340af53f496e57b8890088aa778068065ac3b3d99430f68a532a213599b609727c77d23b303b3a427f33b9a84530a8938ee96e57c62e8736ffde9aa5d6d7b3b23fa90c87af84fcb0ed2939389f4b6ece5de16156a9c152fe09c896b23a3276e936e6d1c13eddae398639d35acf88b99767ec61f48c0d0b4c26b139946b0b3f647ab774b7aecdfdc5d52e64db10d47a85658ae3bd8399aa2f0b129097df00c23ce79953217826e695ca4009461f68c89e63ff9091ef6bf2bb2bc28ef76fea064a81a7f9c4f04399c048327ff879d71d07dd6bb8043e850d1e92232c3ee568728c2e40bce13d0d47488c793f81181678d9e87a926072c52edcd50e2bfbcdfd000363484820ee21705c482860453900bad28e587ae1d2448eef28036c77774020b94a049f6470c3b7ef77843ceb8babd87735cda5a8a07b881c4cf30c734732b89a398234b1c1df1d62a9ad39d1759e493ba397fdf3fac7219f57b04a415a5c2b297de7cbbc8b52414667c110e6be315de137a39479d87f840378ce158a00c3f4a93c358ea48d2b70e72cf04ef088d1822af86b99bda7628b390cb483d7bafe156645ba036d8737e5ef249d31cf913957b5096526ffaf801f9fa0f9de66621d556daeae122f0431b2ba5ef691a347e0dd118288ca566237ba4090bfad6a6a7a80af43a08815c3ffd27c49507921dc2902240d6084a14c88809cdf61bfb60eb27f82ed5bf74b23a4b0140d4d444832156876646404e8d0c1b5acd365b5bdef24ef50da401e1a20a2d3790f8071bbcf643d144c11cdef0ea5defcf9fc6fee900e8f8ca4b8be574e98cafd9c698230897de9fd7024faadd29f077b92efdb61a82acc7d4698d74752427faaafe05ac1d1c25285fd31b15ffd81dc947098f6aaacb7a3ca5909eed4a502b1f34732765abaa9578382aa8d44c3046260c5c7a625d83c93b1c3f4e34942a423785245fd232319cc6357b700bd2eda25ffa7cb5f6bf218229eabeb2665cd5dc995c98454adef1bb4bd5a10a29e2c1f7de96b888b0cbe874547d8f73079145ffd9f6ef59ace3ee50ff62a376e1bbf6e1edd8ed9f85822ae65f9bd5091fcc8331e5aece8a7cf2ed740e3828dedd6b7165febe69c44b432386ffa1e6e39053c6a820def536e2f84fc3cbcbc92445c9f2dc175ac3bcf671431e05b64f8f2faec45ee5b76298d87f508d878074729212c6d659ffbb855502d89814d35c855e8cf42fb5f940335147262fd4ac5c17aa98be13197be0c67c201f27bac8a8c963213a5615428ad748246753ed9980eb28f402d2f0ef643b5bd8d73439105c75c5f13e0770c1e0f991bb411783759c1f8de0064337b28ac87477f4e433a4b13739c1f70109db0b8a20dad50095a3230550ed551614263df0e5561e3c4f0f2d8b53fc99d069ad9ba8903de40a23da372a4d7dbaf890a53f2dd45bc545b45a03da4e553955d437ab0a999817a636f6ee450418ce7c2cf54bb4f19ec7434ef8194ace20879d0aed2784f9c950f59e272e8c49b4ce6ab22cd8cbdd89a059b706d44a8184c61aa1ad6155dab802665fdcbf9aa4f837cd2cdcd25ef8c3a749bc5c3fe924cc5dc8162ed4000877585fff5b14ab126aa84ffcec549b1143951b3c78ae3db9b5c5f6a41183fb827264f16c7be486b94d7e2a25b50989c0480d601d3924655f1180b2acb6888843f3b6760b3c600653efe2b5c19fbe9614136708ebec021095b20701ed36b736e6919c1d4306c0c73611dec148126b7635ec5411a52641114fa019754a884da29c90ec967579b701d88342c0dcc527fd051406202763286bbf77c0f17eb404116006f78c7a2fcb0eac3cf8995051eca2caba1a4190f4a954a1daf568d9c53a9593e25a1318f003422c8f186533c376d84fe13ea4722d9b351d8eb4a861a28584afcbda9fbb5b7cb6067866b4f28e4de6d7049f610135e5df67282a1d7cfb664f50e537b582e53b1d5496325b867ff21f432bfd5801e63ea4fed913c82df1223793610661e7069df3068c92dd5067ce796cc6916aa7bb0b14357eac64e1884de10811d694e091acb77725e7dab1673cde8b1c8ccb4a67c1be93471e98ae01d20fdd3a433cb54704ada853c6217dcdfc345706b956e5ebd023e87168f403d3e9b39b9c3f42ab2611690652730964afc3a97b74c425a7d1ef7df3168bb382bcbfb9b9462c8995c382b64cc5bbf8a3097d798854ea2b302c6604cfa43e01755cdb0d7c9fbaafe4b4faf942f6f0098e16b620ecb11fa922457c563ec65f8213cf6c071534eb627fa958e9b2d887444da0cf5ae074108efabe35cb0b40cd3beb9e98e67eefaad658f07ae9f735a55712c7b057ed182986ae9b2f093edc333d49ae03ece993219c7f2f728759cc44c6f506bdffc133babe68bc501f77cdc6338ab2bca8326f2cf0466755b00d6d4cd840b4e746a5af5b93f11f7ad184d5eefe0886684455e47c8b265e12d4293b971b84039ce453735680b46385be626e4a6a3301c97ea6bbf725d2c9728970679b8eaa0d5ca9fba8fc5c7cd08c707a87041fc0ed38069d31ebd06207d8426cd6cc4c534053d4cd214f177698d3186854c7a82e5b40630a25712d31f1f39d16ae658613e0d211f9d1b160d526c5499a5b6b3b91dcb952b1d8489422da4754da81873c473bcc711b1c5413c5a715176172c905f952b22f61d8008bbec5cde20703d91e8cd84062a199303acb01441bc4ed9d7e1c4d5d433a472b4177b1de5c9956426701bf8653cd273893c91b6490160d75a5687a8b6cca9bd37619e4725797de81b9c1d89893acd1d02e252c46bdd8378ac8d4a703382cdd65dd782c3ccf68b731747dfba5ab70523c7e71650311ae3d04c40ca73b2f4559d53e8652568c6af44b9ad1017a354537259fe0dddea8081ccb7d16f7ef65bbd23dddee298804966261b687fccbc32329fd353824c66b8a8a6e7a4e2550300e115d055f7a457c6b2f7545752a8f9769c37c57190214dc0e7fa3685afc936ead39135c87e690cb9c0e65d0eb558534c775feef6611573b6b653409f807f586b848a6ead6485e61dd1c6b6d0e76cb3b844b0331b724ca9d8645044e7a68e5bd015c4915eec5fb8611b4f62b95d26d49f55af04d87f3081c23f9d856376dc69c87b989b73d220417689d52c24638d56be1db29cd354faf7d97651a6d585abf178357a7291e9f163df27e8f9d8f84fff05055631378a7367bac9bf47a2381e88f3f91eebcade4ed5cddf203f9cbcaa6fc6300173dfad772ce593128d64c8ea9ada571286c06368deb1554f50c31fe3e941516652ffd68fa0cd984606a3cf04121a79fb423934bf8efa621a5f37eea0aa3a465921268e538a8eab59aa8463ea9355361e84e208b8c8544a90d4d76b7a68f16aa95902d13570b52a02e25be235b2366b24660f63e54c31237b2874a4bdbc3a708601c82aa60c7b6a5c499c84edad660f6793522abc1e14cebcc172e4d79df8eb3bd1f3cb40f95e27df088084e251e223def1327cf47e29eaa35209103dfe2b8dccc4f5f523a658a32a34b14f9683643e166e7930332b7807083a64598bd60b0b492732a63bada2b8ffcabeaedc73a387b97dac55704d0d1ee03f639a9d5b5b67725b8d71274036952976c7356367197377631226c2e09addbebe9aee522567f75a04d984cf36623a01cc9b334366a717af3dd5b3a3762c30af9de66e29bb273e41d2688975ca62caae6b29ab91a4ffd79a31865bf71a39d36506baac174ee6d7901c92cff3494a110272445651c6161548883b9b517ed6eb456b62289e67f4c63e77e85bcaade4e80b200ad9b7cead4040dbf97c826cbf62bea3ac358e64499dc4d92373787d060f0542614c2bb2718a1104405cc7faba3474edbdd8e83ec94202c55257e0bb348d2b42e278789972a5ec6a397bdb41881f5a0b1c2e034ec8147131e0c5ea0b8fc85bffe0e2b55bfbdfac9803825e9cc8f21bb927e5837bd9429c91fcecd7427caaa453b64ff455d6f402e62dbdb2adda0bb15dea448c2174dc105ab80d1e9c56fc74943446dfca5ad279fbeedaf8ae6e4b23eac4eb22587bfd58e6c8592b5e4feb8841c604e71da4462a0cb0a75f33a9930a4b27c40b67d4f15b79ef0d78ecbd5c50c9cfa536e196096e50700baea4ae8971c582284fa3277c78385ecb3c2f172ce1e93a663aa8e1e01867bca7dac50"], 0x101e)
ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, &(0x7f00000001c0)=@mmap={0x0, 0x2, 0x4, 0x20, 0x0, {0x77359400}, {0x4, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x291d})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000100)=0x1)
r6 = syz_io_uring_setup(0x422, &(0x7f00000000c0)={0x0, 0x20079af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r7=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
socket$kcm(0x2, 0x3, 0x2)
syz_io_uring_submit(r7, 0x0, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0xc, 0x0, r5, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0, 0x801})
io_uring_enter(r6, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
ioctl$KVM_GET_SREGS(0xffffffffffffffff, 0x8138ae83, &(0x7f0000000440))

2.605613081s ago: executing program 3 (id=2534):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xf803, 0x10100}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x0)
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x800)
r5 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(r5, 0x0, 0x0)
write$FUSE_INIT(r5, 0x0, 0x0)
syz_fuse_handle_req(r5, 0x0, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, 0x0, 0x109081, 0x64)
syz_fuse_handle_req(r5, 0x0, 0x0, 0x0)
fcntl$lock(r6, 0x5, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
socketpair$unix(0x1, 0x5, 0x0, 0x0)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x12)
poll(0x0, 0x0, 0xffffffffffbffff8)
prctl$PR_SET_FPEXC(0xc, 0x1)
socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x14, 0x2, 0x6, 0x801}, 0x14}}, 0xd4)
socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000e40), 0x40080, 0x0)
r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r7, 0x402, 0x8)
mknod(&(0x7f0000000040)='./file0\x00', 0x1, 0x0)

2.453871587s ago: executing program 0 (id=2535):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10190}}, 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

2.048294423s ago: executing program 2 (id=2536):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f00000000c0)=0x81)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000540)={0x0, 0xfffffffd, 0x10100}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x10, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9, 0x1, "000000fd80"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xd0}}, 0x0)
syz_open_dev$rtc(&(0x7f00000004c0), 0x0, 0x0)
r6 = syz_io_uring_setup(0x1e1e, &(0x7f0000000600)={0x0, 0x86f7, 0x10100, 0x10000, 0x3a9}, &(0x7f0000002000)=<r7=>0x0, &(0x7f0000000000)=<r8=>0x0)
syz_io_uring_submit(r7, r8, 0x0)
io_uring_enter(r6, 0x48e9, 0x0, 0x2, 0x0, 0x0)
r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r9, 0x0, 0x3, &(0x7f0000000080), 0x2)
r10 = accept4$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0x14, 0x80000)
setsockopt$packet_rx_ring(r10, 0x107, 0x5, &(0x7f00000005c0)=@req={0x7, 0x896, 0x6, 0x7}, 0x10)
io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, &(0x7f00000002c0)={0x9b0000, 0x0, 0xff, 0xffffffffffffffff, 0x0, &(0x7f0000000240)={0xa20933, 0xba3b, '\x00', @value=0x3}})
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000340)={{0xffffffff, 0x5, 0x0, 0xfffffffc, 'syz0\x00'}, 0x2, 0x2, 0x5, 0x0, 0x0, 0xff, 'syz0\x00', 0x0})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
r11 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x80800)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000300)={0xc4, 0x4f, 0x8d, 0x9, 0xfc, 0xfe, 0x7, 0xb, 0x8, 0x7, 0x4, 0x75, 0x4, 0x3}, 0xe)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r11, 0xc1205531, &(0x7f0000000340)={0x700, 0x7, 0x0, 0x8002, '\x00', '\x00', '\x00', 0x4, 0xfffffffe, 0x100, 0x0, "abd206a1ebd7cedfd17ebd65400ed41b"})
r12 = socket$netlink(0x10, 0x3, 0x8000000004)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000))
writev(r12, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff000000000000000458000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)
socket$isdn(0x22, 0x3, 0x24)

1.965986112s ago: executing program 0 (id=2537):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
socket(0x10, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a1485997a45579c9626ef532d000000000a05000000000000000000010000002c000000030af2020000000000000000010000000900010073797a30000000000900030073797a30000000001c000000060a010400000000000000000100000008000b4000000000140000001100010000000000000000000000000a673597461fd22b99e941c2c0c0bd06b0417e1e9e75007e1fd64e4c2b8bb8bc99dcd2e60b394b21a7efa3ae5a59a58da04a075f19110ecec10f5ea5a50d8eaa"], 0x84}}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$alg(r6, 0x0, 0x40008d0)
sendmsg$nl_route_sched_retired(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000001080)=@newchain={0x12a4, 0x64, 0x2, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x9, 0xc}, {0x6, 0x2}, {0xfff1, 0xd}}, [@f_rsvp6={{0xa}, {0x224, 0x2, [@TCA_RSVP_ACT={0x220, 0x6, [@m_ct={0x124, 0x12, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e23}]}, {0xf1, 0x6, "c653b7c4dce43a7664adc605271875a329aa4e6221bda702afb5678a2eb9b9c738b571214123557b568f11ee57d1b80efd9b8055f026705c6dc108b1a75d70d0fd0108b829687bc56cee17efae87e1a2481e50e76b33d41cd40f5950b4cd0a55dbf94c02c44cead5601ebe1d0100af3c7b07c5f567c3fe921fdfd2361d94f295377391f399b0777ec9268183c8ac1ff0105f8ee876bab651d809cba93a329695bfafb10336ac236dd3f29b782c411b0d670c9acd41a43fd08ef44bf6320a6a635af3a2aa1ebf8a171c233b8913c89cb8db4c7c31ec2b817091fee60c6985080a48c8e242a79fbe0b411e0d7ee8"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_mpls={0x74, 0x10, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x2, 0x6, 0x7, 0x4, 0x1000}, 0x7}}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x401, 0xcff, 0x7, 0x2, 0x4800000}, 0x4}}]}, {0xd, 0x6, "4e6874dedc6e251856"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ctinfo={0x84, 0xb, 0x0, 0x0, {{0xb}, {0x4}, {0x57, 0x6, "5fda818c2aa7134864694c4b711eb3d580d6577121adc3db16b2b71ab35104c3e5d48773d054a5a9a7a04805000000d939db9f94a0465dca721b434879270570ee5cf858032d7ce5e6d30b0b785ab872726ef3"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}]}]}}, @f_tcindex={{0xc}, {0x1044, 0x2, [@TCA_TCINDEX_POLICE={0x1038, 0x6, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x2}, @TCA_POLICE_RATE={0x404, 0x2, [0x5, 0x4, 0x4, 0x0, 0x3, 0x7ff, 0x100, 0xff, 0xc, 0x80000000, 0x9, 0xc282, 0x2, 0x93f, 0x67e6, 0x8, 0x8, 0x465, 0x8, 0x3, 0x80000001, 0x80, 0x7, 0x0, 0x0, 0x91fd, 0x8000, 0xfffffff8, 0xc011, 0xe7e, 0x0, 0x9c, 0xfffffffa, 0x1, 0x6, 0x4, 0x2, 0x3, 0x9, 0x80000000, 0xfffeffff, 0x7, 0x1, 0x7, 0x9, 0x1, 0x5, 0x9, 0xe9, 0x8, 0x5, 0x1, 0x3ff, 0xc, 0x3, 0xdaf2, 0x9, 0x0, 0x4e84, 0x8, 0x0, 0xb32d, 0x2, 0x6, 0xb, 0x1ff, 0x9c18, 0x8e7, 0x8, 0x4, 0x81, 0x5, 0xfffffffb, 0x9, 0x9, 0x1, 0x1, 0x80, 0x3, 0x9, 0x6, 0x2, 0x3, 0x2c, 0x8, 0x1c19, 0xa0c2, 0x7, 0xb, 0x401, 0xbb, 0x80000001, 0xfffffffd, 0x8, 0x786, 0x9, 0x4, 0x1, 0x10000, 0x7fff, 0xc0c, 0x1, 0xfff, 0x225087de, 0x100, 0x7f, 0x3, 0x9000000, 0x8, 0x0, 0x8, 0x6, 0x3ff, 0x6, 0x8664, 0x6, 0x756, 0xff, 0x5, 0xfc, 0x9, 0x226a, 0x8, 0x35, 0x645, 0xfffff361, 0x2, 0x2, 0x3, 0x6, 0x8a, 0x5, 0x9, 0x5, 0x1, 0x5077, 0xff, 0x8, 0x7, 0x100, 0x7f, 0x5, 0x8, 0x4, 0x7df, 0x1, 0xffffffff, 0x3c52, 0x4, 0x0, 0x3, 0x401, 0x200, 0x6, 0x7, 0x2, 0x0, 0xd, 0x4, 0x8000, 0xffffff01, 0x2f9f, 0xf48, 0x9, 0x40000, 0xd5, 0x3, 0x4, 0x0, 0xffffa1ba, 0x8, 0x7, 0xa, 0x1, 0x80000000, 0x6, 0x1ff, 0x9, 0x3, 0xc66, 0x4, 0x6, 0x6, 0xe86, 0x200, 0x2, 0x8, 0x2, 0x8, 0x5, 0x1974, 0x4, 0x200, 0x1000, 0x41cf, 0x3, 0x5, 0x3, 0x0, 0x8, 0x8, 0x9f9f, 0x6, 0x3, 0x4, 0x2, 0xeb5a, 0xfffffff7, 0x5, 0xfe000000, 0x2, 0xd, 0xb2, 0x9, 0x0, 0x9, 0xc707, 0x7, 0x9, 0xa1, 0x2, 0x25954f29, 0xffffffff, 0x50000, 0x80000000, 0x7b8b, 0xa74, 0x6, 0x112, 0xfffffffc, 0x86c, 0x3, 0x2, 0x3, 0x5, 0x9, 0x6, 0x9, 0x8, 0x3dbd, 0x6, 0x4, 0x5, 0x6c, 0x52ea, 0x0, 0x94, 0x9, 0x8000, 0x2, 0xffff, 0x2, 0x1000, 0xa80, 0x1, 0x6]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x8}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x10001, 0x31c, 0x0, 0x8, 0xe, 0x1400, 0xfff, 0x8001, 0xffffffff, 0x18, 0x517b, 0x0, 0xfffffff9, 0xfffffffc, 0x9, 0x1b44ba05, 0x2, 0x1, 0x7, 0x3, 0x2, 0x9886, 0x6d8, 0x1, 0x6, 0x1, 0x7, 0x3, 0xa815, 0x1, 0x227e, 0x4, 0x0, 0x74172993, 0x0, 0x5, 0x1887d1ce, 0x9, 0x9, 0x4, 0x6, 0x65cf, 0x2, 0x200, 0x5, 0x5, 0x800, 0x7, 0x8, 0xfffffffd, 0x7ff, 0x6, 0x8, 0x9, 0xffffffff, 0x6, 0x4, 0xa, 0xfda4, 0x4, 0x1, 0x8a, 0x4ee7, 0xb, 0x7fff, 0xfffffffa, 0x7, 0x6, 0x0, 0x8, 0x0, 0x41, 0xfffffff8, 0x5, 0x1, 0x9, 0x6, 0xfffffffd, 0x9115, 0xc95f, 0xfffffff2, 0x7, 0xfffffff3, 0x9, 0x3, 0x2, 0x5, 0x9, 0x7, 0xe03b, 0x3, 0xe5, 0x390, 0x9, 0x2, 0x3, 0x9, 0x5, 0xf1b9, 0x9, 0x9, 0x100, 0x0, 0x5, 0x7, 0xb2, 0x5, 0x80000001, 0x677be825, 0x28000000, 0xb7, 0x4, 0x3, 0x4, 0xa75, 0xff, 0xfffffffc, 0x4, 0x0, 0x3, 0x7, 0x8, 0x8, 0x699, 0x9, 0x6, 0xc5, 0x7, 0x6, 0xa, 0xa12, 0x1ff, 0x4, 0x4, 0x5, 0x3, 0xe, 0x1, 0x2, 0x3, 0x4, 0x61, 0x2bf6, 0xdb, 0x9, 0x8, 0x4a0, 0x8, 0x5, 0xfffffffd, 0xffff0001, 0x1a, 0x4787, 0x9, 0xa3d, 0x9, 0x8, 0x8001, 0x1, 0x0, 0x3, 0x3, 0x910a, 0x0, 0xd, 0x8, 0xe, 0x57, 0x3, 0x4, 0x0, 0x200, 0x7fff, 0x10000, 0xcff, 0x6, 0x53, 0x5, 0x9, 0x6, 0x9, 0x2, 0x3ff, 0x2, 0xfa5, 0x4d, 0x200, 0x1, 0x7, 0x5, 0x6, 0x1, 0x4, 0x1, 0x9, 0x6, 0xea3, 0x8, 0xfffffff4, 0x9, 0xcf66, 0x374, 0x101, 0x207, 0x2, 0x47, 0x9, 0xb, 0x9, 0xa, 0x0, 0x100, 0x9, 0x6, 0x3, 0x5, 0x8, 0x6591, 0x40, 0x82a, 0x1ff, 0x2, 0x9, 0x400, 0x0, 0x8001, 0x7, 0xa9e7, 0x1, 0x9, 0x7, 0x3d7f, 0x1b98, 0x0, 0x525e, 0x6, 0x8001, 0x9, 0x3, 0x2, 0xfffffff8, 0x9, 0xf, 0xa, 0x2, 0xf, 0x0, 0xf, 0x4, 0x7, 0x4, 0xfffffbe9, 0x9, 0x1, 0x10, 0xe]}, @TCA_POLICE_RATE={0x404, 0x2, [0x6, 0x80, 0xfff, 0x6, 0x2c8, 0x800, 0xfffffffc, 0x1, 0x1ff, 0x9, 0x9, 0xffffffff, 0xfffffffe, 0x0, 0x0, 0x7, 0x6, 0x80000001, 0x3, 0xffffff80, 0x100, 0x2, 0x3ff, 0x4, 0x8, 0x3ff, 0xe, 0x40, 0xc6d3, 0x7fffffff, 0x7d, 0xb, 0x9, 0x5, 0x2, 0x2, 0x3, 0xa269, 0x7fff, 0x7, 0x4, 0x4, 0x5, 0x7, 0x80, 0x9, 0x3, 0x10001, 0xfffffffd, 0x7, 0x9, 0x1, 0x5, 0x7fff, 0xfffffffa, 0x1dff746f, 0xac46, 0x1, 0x380, 0x4, 0x81, 0x5, 0x5, 0x8, 0x1ff, 0xa, 0x41d, 0x4, 0x9, 0x6, 0x6, 0x2, 0x3, 0x81, 0x100, 0xfffff001, 0x7ff, 0x7, 0x0, 0xffff, 0x7, 0x400, 0x3, 0x6, 0x80, 0xe, 0x705a, 0x401, 0x1, 0x0, 0x7ff, 0xfffffffa, 0x9, 0xfffffffc, 0x8, 0x9, 0x8, 0xfff, 0x49a7, 0x9, 0xffffffff, 0x1ff, 0xafda, 0x8, 0x1, 0x7, 0x0, 0x1, 0x9, 0x8bd, 0xb03, 0x81, 0xffffbffc, 0x7, 0x172, 0x2000, 0x5df, 0x4, 0xa, 0x80000001, 0x0, 0x7, 0x8, 0x91, 0xb8, 0x1, 0x8, 0x4, 0x7, 0x8221, 0x8, 0xc58, 0x0, 0x932c, 0x5, 0x2, 0x2, 0xe6, 0xffff, 0x7, 0x6, 0x1, 0x2, 0x8, 0x2, 0x90e, 0x6, 0x2, 0x80000001, 0x7, 0x8, 0x7fff, 0x5, 0xffffffff, 0x1, 0xfffffff5, 0x2, 0x3, 0x8d, 0x0, 0xabb, 0xe, 0x8, 0x9, 0x9f62, 0x8, 0xc7bf, 0x3, 0x9, 0x10000, 0xfffff999, 0x1, 0x9, 0x9, 0x8, 0x3ff, 0xf60d, 0x8, 0x3, 0x6, 0xfffffffa, 0x80000000, 0xe5df, 0x4, 0x7, 0x5, 0x6, 0x10, 0x6, 0x8001, 0xfff, 0x16e5963b, 0x4, 0x3, 0x0, 0x504, 0x7fff, 0x6, 0x6, 0x659, 0x8, 0x7, 0x0, 0xfff, 0x1, 0xf4, 0x5, 0x1, 0xdd61, 0xd958, 0x6, 0x9, 0x2, 0xff, 0x8001, 0x9, 0x6, 0x5, 0x34d3, 0x5eea2977, 0x0, 0x8001, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x9, 0x1, 0x6, 0x8, 0xb, 0xffff0001, 0x35afd91, 0x7, 0x400, 0xb, 0x0, 0x9, 0x6, 0x5ca, 0xd, 0xff, 0x4, 0x81, 0x1, 0x2, 0x2, 0x8, 0x251, 0xb32, 0xfffffffd, 0x0, 0x9, 0x9]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x2, 0x6, 0x9, 0xd9b, 0x8099, 0xa, 0xfffffffc, 0x6, 0x200, 0xca000000, 0x80000001, 0x0, 0x6, 0x9, 0x24d5, 0x7f, 0x7, 0x4, 0x1000, 0x4576, 0x74, 0x7, 0x3, 0x5, 0xe, 0xfffffffa, 0x1, 0x5, 0x2, 0x8, 0x7, 0x7, 0x100, 0x7, 0x9, 0x6, 0x1, 0x8, 0x39, 0x4, 0xf70, 0x3, 0x6868, 0x3, 0x404, 0x54, 0x4, 0x9, 0x2, 0x0, 0xb87, 0x4, 0x4, 0x1, 0x7, 0x880, 0x7fffffff, 0xe3400000, 0xffff, 0x9, 0x73ae, 0x8, 0x4, 0x81, 0xffffff5b, 0x5, 0xdb, 0x8, 0x1, 0x315d6d59, 0xad1, 0x3, 0x8, 0x8, 0x5, 0x4, 0x5, 0x9, 0x8, 0x9, 0x400, 0x6, 0x7f, 0x7, 0x8, 0x3, 0x8, 0xd, 0x2, 0x9, 0x2, 0x9, 0x6, 0xc, 0xfffffffd, 0x101, 0x3ff, 0x80000000, 0x6, 0x9, 0x4, 0x4, 0x335, 0x2, 0x1, 0x200, 0x101, 0x9, 0x5, 0x0, 0x2000000, 0x0, 0x2, 0x2, 0x80000000, 0x6, 0x8, 0x5, 0x4, 0x7, 0xffffffff, 0x2, 0x1, 0xfa2, 0x0, 0x3, 0x6, 0x4, 0xa, 0x2, 0x80000001, 0x101, 0x1, 0x8, 0x4, 0x4, 0x1, 0x1, 0x4340, 0xffffffff, 0x100, 0x8, 0x5, 0x2, 0x8, 0x188, 0x7, 0x2c2d, 0x3, 0x6, 0x0, 0x19, 0x4, 0xe50, 0x101, 0x8, 0xd, 0x7ff, 0x5, 0x6, 0x1, 0x0, 0x1000, 0x7, 0x1, 0x9, 0x2, 0x3, 0x29113f9d, 0x20, 0xff, 0x1, 0x5, 0x5, 0x2, 0x9, 0x1, 0x8, 0xe79, 0x1c, 0x4, 0x2, 0x8, 0x7, 0x8, 0x9, 0x8, 0xfffffeff, 0xff000000, 0x8, 0x5, 0x7fff, 0x8000, 0x8, 0x4, 0x4, 0x200, 0xc, 0x9, 0x34b, 0x9, 0xffffffff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x80000000, 0x2, 0xe, 0x9, 0x200, 0x0, 0x7, 0x3, 0xfc, 0x6, 0x5, 0x10, 0x0, 0x7, 0x2, 0x81, 0x3, 0x6, 0x7, 0xbe58, 0x38, 0x4, 0x5, 0x1, 0x7f, 0x3aad, 0x7, 0x2, 0x8, 0x6, 0xc9, 0x6, 0x5f, 0x9, 0x10001, 0x6, 0x0, 0x7, 0x101, 0x5, 0x8, 0x7, 0xffff, 0x9, 0x2, 0x1]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x5}, @TCA_POLICE_RESULT={0x8}]}, @TCA_TCINDEX_MASK={0x6, 0x2, 0x5}]}}]}, 0x12a4}}, 0x0)
recvmmsg(r6, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000840)=""/127, 0x7f}, {&(0x7f0000000340)=""/110, 0x6e}], 0x3}}], 0x1, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140f0000000000007000fddbdf25010000000000"], 0x14}}, 0x0)
r7 = syz_io_uring_setup(0x2232, &(0x7f0000000280)={0x0, 0x2, 0x10b20, 0x0, 0x293}, 0x0, 0x0)
pwritev(r7, &(0x7f0000000000)=[{&(0x7f00000001c0)="263fb1aabb6a7bfbd98c9ad3abfd6990cf48725b5b1d645242d862919c301a68c6bef46ac14e759c7e46ee1671b27ef8c9505f1561b4ec94670ae7f7f633d68a005caaa556b9a0507b223a2343f700a7eb26444c91654059342f130a1f2b619638794509c393630f64b54222477ce67181ad03564a212505c627894d", 0x7c}], 0x1, 0x7, 0x4)
socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000fffeffff0000000009000000950000eb8597ec399668feaaa4d8e15ada614a000000000060496802eff62d0923567c69a8935c2c803018bb66043d69cb3368149dee9a31cb1083e15512597ce04c9d92dfcc74c28736f9486aa42b555cf2f8d6efd3636b3afecde018231921ffb067bc85db93978ad4565a646db06d4495c9c7"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x11}, 0x94)
socket(0x1, 0x803, 0x0)

1.209691108s ago: executing program 3 (id=2538):
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x10fb40, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=@newsa={0xec, 0x10, 0x1, 0x8000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, {@in=@broadcast, 0x0, 0x33}, @in=@local, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000}, {0x10, 0x9}, 0x0, 0x0, 0x2, 0x1}}, 0xec}}, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000005c0)='./file5\x00', 0xc000, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2)

1.111644062s ago: executing program 2 (id=2539):
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0x1d00d000)
r0 = userfaultfd(0x80801)
r1 = socket(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000086255608c6051292834701020301090224000300000000090b1e0000fc05410009040000004624d0000904ea0000ff"], 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_getaddr={0x18, 0x16, 0x3c2be10bca706f15}, 0x18}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
cachestat(r2, &(0x7f0000000040)={0x19}, 0x0, 0x20)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x700})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
r3 = userfaultfd(0x80801)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc2c45512, &(0x7f0000000640)={{0xb, 0x2, 0x81, 0x5, 'syz1\x00', 0xb}, 0x0, [0x2, 0x10e8af, 0x1, 0xcc0, 0xe, 0x101, 0x80, 0xa6da, 0x2, 0x1, 0x10000009, 0x8, 0x8, 0xfffefff7, 0x8, 0x10, 0x10000005, 0x4, 0x40f, 0x1080, 0x962, 0x2, 0x1, 0x400, 0x7fffffff, 0xc360, 0x80000001, 0x6, 0x60e3, 0x8a81, 0x10000008, 0x10000, 0x7, 0x9, 0x107430, 0x2, 0x2, 0x60a, 0x1, 0x3, 0x8, 0x5, 0x8001, 0x8, 0x9, 0x1, 0x2, 0x0, 0xffff1688, 0x2, 0x0, 0x4, 0x9000, 0xe93, 0x4, 0x7ff, 0x7, 0x81, 0x50a, 0x0, 0x6, 0x7ff, 0x1000, 0xffffffff, 0xfffffffc, 0x5, 0x7a, 0x2, 0x9, 0x2, 0x3, 0x7, 0x1000ac, 0x7, 0x7, 0x4, 0x8000, 0x9, 0x4, 0x7, 0x10, 0x7, 0x5, 0x0, 0x0, 0x40, 0x2, 0x8000, 0xfff, 0x3, 0x3b9, 0x6, 0x100004, 0x4660917f, 0x487d, 0x8000, 0x1, 0x5, 0x3, 0x0, 0x5, 0x4, 0xe, 0x1, 0x2cd, 0x9, 0xc, 0x4, 0x1, 0x2, 0x3ce, 0xa, 0x8, 0x9, 0x0, 0x106, 0xfffffff7, 0xffffbf90, 0x0, 0x7, 0x2, 0x0, 0x7, 0xa, 0x809, 0xffffffff, 0x73938332, 0x7763]})
syz_usb_connect(0x5, 0x2d, &(0x7f0000000100)={{0x12, 0x1, 0x220, 0xad, 0x7a, 0xed, 0x8, 0x1901, 0x193, 0xc816, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x7, 0x55, 0xe0, 0x5, [{{0x9, 0x4, 0xe6, 0xfe, 0x1, 0xd0, 0x92, 0xf7, 0x5a, [], [{{0x9, 0x5, 0xf, 0x2, 0x0, 0x2, 0x9, 0x5}}]}}]}}]}}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0})
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})

1.097220668s ago: executing program 3 (id=2540):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x38}, 0x9}]}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x7, 0xfa11, 0x5}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x807c2, 0x41414770, 0x33565348, 0x425, 0x10004, 0x3, 0x2, 0xfeedcafe, 0x3, 0x2, 0x1}})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x7, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r6 = open(&(0x7f0000000040)='./bus\x00', 0x44842, 0x0)
pwritev2(r6, &(0x7f0000000240)=[{&(0x7f0000000000)='$', 0x3fec00}], 0x2, 0x1400, 0x0, 0x3)
ioctl$VIDIOC_SUBDEV_S_CROP(r6, 0xc038563c, &(0x7f0000000140)={0x0, 0x0, {0xe, 0x1, 0x4, 0x1}})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000040), 0x0)
getsockopt$inet_sctp_SCTP_STATUS(r9, 0x84, 0xe, &(0x7f0000000080)={0x0, 0x2, 0xfffffffd, 0x2, 0x3f, 0xcbce, 0x6, 0x6, {0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x401, 0xb3, 0x4, 0x6, 0xa01f}}, &(0x7f0000000140)=0xb0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x18932, r8, 0xc1f29000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000280)={{0x0, 0x4, 0x0, 0x9}, 'syz1\x00', 0x3f})

116.183593ms ago: executing program 1 (id=2541):
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r0 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x200}, 0x0)
prlimit64(0xffffffffffffffff, 0x8, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x18557f, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f0000000300)={{@host, 0xd}, 0x1})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
fsopen(&(0x7f0000000300)='binfmt_misc\x00', 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_int(r4, 0x6, 0x19, &(0x7f0000002300)=0xa, 0x4)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000022c0)={'#! ', './file0'}, 0xb)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_disconnect(0xffffffffffffffff)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0xffef}, [@NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x34, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd4}}, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x93a, 0x8002, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x80, 0x4, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x2, 0x9, {0x9, 0x21, 0x8, 0x5, 0x1, {0x22, 0x967}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x3, 0x9, 0x1}}}}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000500)={0xa, 0x6, 0x200, 0xf, 0x34, 0xa, 0x10, 0x6}, 0x19, &(0x7f00000000c0)={0x5, 0xf, 0x19, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xb, 0x8, 0x2, 0xbfd0}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x7, 0x2, 0x62a7}]}, 0x6, [{0x0, 0x0}, {0x2, 0x0}, {0x3e, &(0x7f0000000340)=@string={0x3e, 0x3, "baf570e187e9fa4c8f9632df9ae2276ac6b20e9dde6c6353adae892f2e8f48543b0b8288d6bccef028d9c45e0d0dbd4789b1665b3fcbc0b35f3ded92"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x441}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x41d}}, {0x44, &(0x7f0000000400)=@string={0x44, 0x3, "eb2b468f93d8201851aa4cc5b7925501962fb28a3eeea424c69316a40664151d3672f93c72fd04806ec6c4f16cdb7635d2288bc4d1893d50769bc50e99f1c1282703"}}]})
socket$netlink(0x10, 0x3, 0x0)
pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))

48.980538ms ago: executing program 4 (id=2542):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
socket(0x10, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a1485997a45579c9626ef532d000000000a05000000000000000000010000002c000000030af2020000000000000000010000000900010073797a30000000000900030073797a30000000001c000000060a010400000000000000000100000008000b4000000000140000001100010000000000000000000000000a673597461fd22b99e941c2c0c0bd06b0417e1e9e75007e1fd64e4c2b8bb8bc99dcd2e60b394b21a7efa3ae5a59a58da04a075f19110ecec10f5ea5a50d8eaa"], 0x84}}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$alg(r6, 0x0, 0x40008d0)
sendmsg$nl_route_sched_retired(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000001080)=@newchain={0x12a4, 0x64, 0x2, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x9, 0xc}, {0x6, 0x2}, {0xfff1, 0xd}}, [@f_rsvp6={{0xa}, {0x224, 0x2, [@TCA_RSVP_ACT={0x220, 0x6, [@m_ct={0x124, 0x12, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e23}]}, {0xf1, 0x6, "c653b7c4dce43a7664adc605271875a329aa4e6221bda702afb5678a2eb9b9c738b571214123557b568f11ee57d1b80efd9b8055f026705c6dc108b1a75d70d0fd0108b829687bc56cee17efae87e1a2481e50e76b33d41cd40f5950b4cd0a55dbf94c02c44cead5601ebe1d0100af3c7b07c5f567c3fe921fdfd2361d94f295377391f399b0777ec9268183c8ac1ff0105f8ee876bab651d809cba93a329695bfafb10336ac236dd3f29b782c411b0d670c9acd41a43fd08ef44bf6320a6a635af3a2aa1ebf8a171c233b8913c89cb8db4c7c31ec2b817091fee60c6985080a48c8e242a79fbe0b411e0d7ee8"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_mpls={0x74, 0x10, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x2, 0x6, 0x7, 0x4, 0x1000}, 0x7}}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x401, 0xcff, 0x7, 0x2, 0x4800000}, 0x4}}]}, {0xd, 0x6, "4e6874dedc6e251856"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ctinfo={0x84, 0xb, 0x0, 0x0, {{0xb}, {0x4}, {0x57, 0x6, "5fda818c2aa7134864694c4b711eb3d580d6577121adc3db16b2b71ab35104c3e5d48773d054a5a9a7a04805000000d939db9f94a0465dca721b434879270570ee5cf858032d7ce5e6d30b0b785ab872726ef3"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}]}]}}, @f_tcindex={{0xc}, {0x1044, 0x2, [@TCA_TCINDEX_POLICE={0x1038, 0x6, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x2}, @TCA_POLICE_RATE={0x404, 0x2, [0x5, 0x4, 0x4, 0x0, 0x3, 0x7ff, 0x100, 0xff, 0xc, 0x80000000, 0x9, 0xc282, 0x2, 0x93f, 0x67e6, 0x8, 0x8, 0x465, 0x8, 0x3, 0x80000001, 0x80, 0x7, 0x0, 0x0, 0x91fd, 0x8000, 0xfffffff8, 0xc011, 0xe7e, 0x0, 0x9c, 0xfffffffa, 0x1, 0x6, 0x4, 0x2, 0x3, 0x9, 0x80000000, 0xfffeffff, 0x7, 0x1, 0x7, 0x9, 0x1, 0x5, 0x9, 0xe9, 0x8, 0x5, 0x1, 0x3ff, 0xc, 0x3, 0xdaf2, 0x9, 0x0, 0x4e84, 0x8, 0x0, 0xb32d, 0x2, 0x6, 0xb, 0x1ff, 0x9c18, 0x8e7, 0x8, 0x4, 0x81, 0x5, 0xfffffffb, 0x9, 0x9, 0x1, 0x1, 0x80, 0x3, 0x9, 0x6, 0x2, 0x3, 0x2c, 0x8, 0x1c19, 0xa0c2, 0x7, 0xb, 0x401, 0xbb, 0x80000001, 0xfffffffd, 0x8, 0x786, 0x9, 0x4, 0x1, 0x10000, 0x7fff, 0xc0c, 0x1, 0xfff, 0x225087de, 0x100, 0x7f, 0x3, 0x9000000, 0x8, 0x0, 0x8, 0x6, 0x3ff, 0x6, 0x8664, 0x6, 0x756, 0xff, 0x5, 0xfc, 0x9, 0x226a, 0x8, 0x35, 0x645, 0xfffff361, 0x2, 0x2, 0x3, 0x6, 0x8a, 0x5, 0x9, 0x5, 0x1, 0x5077, 0xff, 0x8, 0x7, 0x100, 0x7f, 0x5, 0x8, 0x4, 0x7df, 0x1, 0xffffffff, 0x3c52, 0x4, 0x0, 0x3, 0x401, 0x200, 0x6, 0x7, 0x2, 0x0, 0xd, 0x4, 0x8000, 0xffffff01, 0x2f9f, 0xf48, 0x9, 0x40000, 0xd5, 0x3, 0x4, 0x0, 0xffffa1ba, 0x8, 0x7, 0xa, 0x1, 0x80000000, 0x6, 0x1ff, 0x9, 0x3, 0xc66, 0x4, 0x6, 0x6, 0xe86, 0x200, 0x2, 0x8, 0x2, 0x8, 0x5, 0x1974, 0x4, 0x200, 0x1000, 0x41cf, 0x3, 0x5, 0x3, 0x0, 0x8, 0x8, 0x9f9f, 0x6, 0x3, 0x4, 0x2, 0xeb5a, 0xfffffff7, 0x5, 0xfe000000, 0x2, 0xd, 0xb2, 0x9, 0x0, 0x9, 0xc707, 0x7, 0x9, 0xa1, 0x2, 0x25954f29, 0xffffffff, 0x50000, 0x80000000, 0x7b8b, 0xa74, 0x6, 0x112, 0xfffffffc, 0x86c, 0x3, 0x2, 0x3, 0x5, 0x9, 0x6, 0x9, 0x8, 0x3dbd, 0x6, 0x4, 0x5, 0x6c, 0x52ea, 0x0, 0x94, 0x9, 0x8000, 0x2, 0xffff, 0x2, 0x1000, 0xa80, 0x1, 0x6]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x8}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x10001, 0x31c, 0x0, 0x8, 0xe, 0x1400, 0xfff, 0x8001, 0xffffffff, 0x18, 0x517b, 0x0, 0xfffffff9, 0xfffffffc, 0x9, 0x1b44ba05, 0x2, 0x1, 0x7, 0x3, 0x2, 0x9886, 0x6d8, 0x1, 0x6, 0x1, 0x7, 0x3, 0xa815, 0x1, 0x227e, 0x4, 0x0, 0x74172993, 0x0, 0x5, 0x1887d1ce, 0x9, 0x9, 0x4, 0x6, 0x65cf, 0x2, 0x200, 0x5, 0x5, 0x800, 0x7, 0x8, 0xfffffffd, 0x7ff, 0x6, 0x8, 0x9, 0xffffffff, 0x6, 0x4, 0xa, 0xfda4, 0x4, 0x1, 0x8a, 0x4ee7, 0xb, 0x7fff, 0xfffffffa, 0x7, 0x6, 0x0, 0x8, 0x0, 0x41, 0xfffffff8, 0x5, 0x1, 0x9, 0x6, 0xfffffffd, 0x9115, 0xc95f, 0xfffffff2, 0x7, 0xfffffff3, 0x9, 0x3, 0x2, 0x5, 0x9, 0x7, 0xe03b, 0x3, 0xe5, 0x390, 0x9, 0x2, 0x3, 0x9, 0x5, 0xf1b9, 0x9, 0x9, 0x100, 0x0, 0x5, 0x7, 0xb2, 0x5, 0x80000001, 0x677be825, 0x28000000, 0xb7, 0x4, 0x3, 0x4, 0xa75, 0xff, 0xfffffffc, 0x4, 0x0, 0x3, 0x7, 0x8, 0x8, 0x699, 0x9, 0x6, 0xc5, 0x7, 0x6, 0xa, 0xa12, 0x1ff, 0x4, 0x4, 0x5, 0x3, 0xe, 0x1, 0x2, 0x3, 0x4, 0x61, 0x2bf6, 0xdb, 0x9, 0x8, 0x4a0, 0x8, 0x5, 0xfffffffd, 0xffff0001, 0x1a, 0x4787, 0x9, 0xa3d, 0x9, 0x8, 0x8001, 0x1, 0x0, 0x3, 0x3, 0x910a, 0x0, 0xd, 0x8, 0xe, 0x57, 0x3, 0x4, 0x0, 0x200, 0x7fff, 0x10000, 0xcff, 0x6, 0x53, 0x5, 0x9, 0x6, 0x9, 0x2, 0x3ff, 0x2, 0xfa5, 0x4d, 0x200, 0x1, 0x7, 0x5, 0x6, 0x1, 0x4, 0x1, 0x9, 0x6, 0xea3, 0x8, 0xfffffff4, 0x9, 0xcf66, 0x374, 0x101, 0x207, 0x2, 0x47, 0x9, 0xb, 0x9, 0xa, 0x0, 0x100, 0x9, 0x6, 0x3, 0x5, 0x8, 0x6591, 0x40, 0x82a, 0x1ff, 0x2, 0x9, 0x400, 0x0, 0x8001, 0x7, 0xa9e7, 0x1, 0x9, 0x7, 0x3d7f, 0x1b98, 0x0, 0x525e, 0x6, 0x8001, 0x9, 0x3, 0x2, 0xfffffff8, 0x9, 0xf, 0xa, 0x2, 0xf, 0x0, 0xf, 0x4, 0x7, 0x4, 0xfffffbe9, 0x9, 0x1, 0x10, 0xe]}, @TCA_POLICE_RATE={0x404, 0x2, [0x6, 0x80, 0xfff, 0x6, 0x2c8, 0x800, 0xfffffffc, 0x1, 0x1ff, 0x9, 0x9, 0xffffffff, 0xfffffffe, 0x0, 0x0, 0x7, 0x6, 0x80000001, 0x3, 0xffffff80, 0x100, 0x2, 0x3ff, 0x4, 0x8, 0x3ff, 0xe, 0x40, 0xc6d3, 0x7fffffff, 0x7d, 0xb, 0x9, 0x5, 0x2, 0x2, 0x3, 0xa269, 0x7fff, 0x7, 0x4, 0x4, 0x5, 0x7, 0x80, 0x9, 0x3, 0x10001, 0xfffffffd, 0x7, 0x9, 0x1, 0x5, 0x7fff, 0xfffffffa, 0x1dff746f, 0xac46, 0x1, 0x380, 0x4, 0x81, 0x5, 0x5, 0x8, 0x1ff, 0xa, 0x41d, 0x4, 0x9, 0x6, 0x6, 0x2, 0x3, 0x81, 0x100, 0xfffff001, 0x7ff, 0x7, 0x0, 0xffff, 0x7, 0x400, 0x3, 0x6, 0x80, 0xe, 0x705a, 0x401, 0x1, 0x0, 0x7ff, 0xfffffffa, 0x9, 0xfffffffc, 0x8, 0x9, 0x8, 0xfff, 0x49a7, 0x9, 0xffffffff, 0x1ff, 0xafda, 0x8, 0x1, 0x7, 0x0, 0x1, 0x9, 0x8bd, 0xb03, 0x81, 0xffffbffc, 0x7, 0x172, 0x2000, 0x5df, 0x4, 0xa, 0x80000001, 0x0, 0x7, 0x8, 0x91, 0xb8, 0x1, 0x8, 0x4, 0x7, 0x8221, 0x8, 0xc58, 0x0, 0x932c, 0x5, 0x2, 0x2, 0xe6, 0xffff, 0x7, 0x6, 0x1, 0x2, 0x8, 0x2, 0x90e, 0x6, 0x2, 0x80000001, 0x7, 0x8, 0x7fff, 0x5, 0xffffffff, 0x1, 0xfffffff5, 0x2, 0x3, 0x8d, 0x0, 0xabb, 0xe, 0x8, 0x9, 0x9f62, 0x8, 0xc7bf, 0x3, 0x9, 0x10000, 0xfffff999, 0x1, 0x9, 0x9, 0x8, 0x3ff, 0xf60d, 0x8, 0x3, 0x6, 0xfffffffa, 0x80000000, 0xe5df, 0x4, 0x7, 0x5, 0x6, 0x10, 0x6, 0x8001, 0xfff, 0x16e5963b, 0x4, 0x3, 0x0, 0x504, 0x7fff, 0x6, 0x6, 0x659, 0x8, 0x7, 0x0, 0xfff, 0x1, 0xf4, 0x5, 0x1, 0xdd61, 0xd958, 0x6, 0x9, 0x2, 0xff, 0x8001, 0x9, 0x6, 0x5, 0x34d3, 0x5eea2977, 0x0, 0x8001, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x9, 0x1, 0x6, 0x8, 0xb, 0xffff0001, 0x35afd91, 0x7, 0x400, 0xb, 0x0, 0x9, 0x6, 0x5ca, 0xd, 0xff, 0x4, 0x81, 0x1, 0x2, 0x2, 0x8, 0x251, 0xb32, 0xfffffffd, 0x0, 0x9, 0x9]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x2, 0x6, 0x9, 0xd9b, 0x8099, 0xa, 0xfffffffc, 0x6, 0x200, 0xca000000, 0x80000001, 0x0, 0x6, 0x9, 0x24d5, 0x7f, 0x7, 0x4, 0x1000, 0x4576, 0x74, 0x7, 0x3, 0x5, 0xe, 0xfffffffa, 0x1, 0x5, 0x2, 0x8, 0x7, 0x7, 0x100, 0x7, 0x9, 0x6, 0x1, 0x8, 0x39, 0x4, 0xf70, 0x3, 0x6868, 0x3, 0x404, 0x54, 0x4, 0x9, 0x2, 0x0, 0xb87, 0x4, 0x4, 0x1, 0x7, 0x880, 0x7fffffff, 0xe3400000, 0xffff, 0x9, 0x73ae, 0x8, 0x4, 0x81, 0xffffff5b, 0x5, 0xdb, 0x8, 0x1, 0x315d6d59, 0xad1, 0x3, 0x8, 0x8, 0x5, 0x4, 0x5, 0x9, 0x8, 0x9, 0x400, 0x6, 0x7f, 0x7, 0x8, 0x3, 0x8, 0xd, 0x2, 0x9, 0x2, 0x9, 0x6, 0xc, 0xfffffffd, 0x101, 0x3ff, 0x80000000, 0x6, 0x9, 0x4, 0x4, 0x335, 0x2, 0x1, 0x200, 0x101, 0x9, 0x5, 0x0, 0x2000000, 0x0, 0x2, 0x2, 0x80000000, 0x6, 0x8, 0x5, 0x4, 0x7, 0xffffffff, 0x2, 0x1, 0xfa2, 0x0, 0x3, 0x6, 0x4, 0xa, 0x2, 0x80000001, 0x101, 0x1, 0x8, 0x4, 0x4, 0x1, 0x1, 0x4340, 0xffffffff, 0x100, 0x8, 0x5, 0x2, 0x8, 0x188, 0x7, 0x2c2d, 0x3, 0x6, 0x0, 0x19, 0x4, 0xe50, 0x101, 0x8, 0xd, 0x7ff, 0x5, 0x6, 0x1, 0x0, 0x1000, 0x7, 0x1, 0x9, 0x2, 0x3, 0x29113f9d, 0x20, 0xff, 0x1, 0x5, 0x5, 0x2, 0x9, 0x1, 0x8, 0xe79, 0x1c, 0x4, 0x2, 0x8, 0x7, 0x8, 0x9, 0x8, 0xfffffeff, 0xff000000, 0x8, 0x5, 0x7fff, 0x8000, 0x8, 0x4, 0x4, 0x200, 0xc, 0x9, 0x34b, 0x9, 0xffffffff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x80000000, 0x2, 0xe, 0x9, 0x200, 0x0, 0x7, 0x3, 0xfc, 0x6, 0x5, 0x10, 0x0, 0x7, 0x2, 0x81, 0x3, 0x6, 0x7, 0xbe58, 0x38, 0x4, 0x5, 0x1, 0x7f, 0x3aad, 0x7, 0x2, 0x8, 0x6, 0xc9, 0x6, 0x5f, 0x9, 0x10001, 0x6, 0x0, 0x7, 0x101, 0x5, 0x8, 0x7, 0xffff, 0x9, 0x2, 0x1]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x5}, @TCA_POLICE_RESULT={0x8}]}, @TCA_TCINDEX_MASK={0x6, 0x2, 0x5}]}}]}, 0x12a4}}, 0x0)
recvmmsg(r6, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000840)=""/127, 0x7f}, {&(0x7f0000000340)=""/110, 0x6e}], 0x3}}], 0x1, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140f0000000000007000fddbdf25010000000000"], 0x14}}, 0x0)
r7 = syz_io_uring_setup(0x2232, &(0x7f0000000280)={0x0, 0x2, 0x10b20, 0x0, 0x293}, 0x0, 0x0)
pwritev(r7, &(0x7f0000000000)=[{&(0x7f00000001c0)="263fb1aabb6a7bfbd98c9ad3abfd6990cf48725b5b1d645242d862919c301a68c6bef46ac14e759c7e46ee1671b27ef8c9505f1561b4ec94670ae7f7f633d68a005caaa556b9a0507b223a2343f700a7eb26444c91654059342f130a1f2b619638794509c393630f64b54222477ce67181ad03564a212505c627894d", 0x7c}], 0x1, 0x7, 0x4)
socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000fffeffff0000000009000000950000eb8597ec399668feaaa4d8e15ada614a000000000060496802eff62d0923567c69a8935c2c803018bb66043d69cb3368149dee9a31cb1083e15512597ce04c9d92dfcc74c28736f9486aa42b555cf2f8d6efd3636b3afecde018231921ffb067bc85db93978ad4565a646db06d4495c9c7"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x11}, 0x94)
socket(0x1, 0x803, 0x0)

0s ago: executing program 0 (id=2543):
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="cb050000f1000000cf4ebfa646353e6f06000000000000009500000000000000f85a5ae149bd185bbd9f1b4fcac22abad755ea65ddaaaec4c72e40d8b18c853db39a60fef5407e1c6d4db1093c60353b688e92112e06b20f72915246820609c898503112777e5d1b095781599f1b6dc3aac370f0497be950c826463826abebd2"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
set_mempolicy(0x1, 0x0, 0x7582)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000300)=@urb_type_iso={0x0, {0x1, 0x1}, 0x10000, 0x0, 0x0, 0x0, 0x2, 0x1c0, 0x0, 0x10000, 0x1ff, 0x0})

kernel console output (not intermixed with test programs):

0x2b0
[  874.581994][T14573]  ? lockdep_hardirqs_on+0x9c/0x150
[  874.582012][T14573]  do_fast_syscall_32+0x34/0x80
[  874.582029][T14573]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  874.582048][T14573] RIP: 0023:0xf70ce539
[  874.582061][T14573] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  874.582074][T14573] RSP: 002b:00000000f54be590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  874.582090][T14573] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54be620
[  874.582101][T14573] RDX: 000000000000000f RSI: 00000000f7454ff4 RDI: 0000000000000000
[  874.582110][T14573] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  874.582119][T14573] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  874.582128][T14573] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  874.582149][T14573]  </TASK>
[  874.815425][    C1] vkms_vblank_simulate: vblank timer overrun
[  874.900242][ T5938] usb 5-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  874.909441][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  874.917792][ T5938] usb 5-1: Product: syz
[  874.922010][ T5938] usb 5-1: Manufacturer: syz
[  874.926764][ T5938] usb 5-1: SerialNumber: syz
[  874.935090][ T5938] usb 5-1: config 0 descriptor??
[  874.940944][T14566] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  874.977152][T14566] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  875.008278][T11185] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  875.054866][T11185] usb 2-1: device descriptor read/8, error -71
[  875.104077][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  875.104098][   T30] audit: type=1326 audit(1758362271.339:8664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14574 comm="syz.2.2259" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f78539 code=0x0
[  875.165147][T11185] usb usb2-port1: unable to enumerate USB device
[  875.434994][ T5938] ir_usb 5-1:0.126: IR Dongle converter detected
[  875.637637][T14566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  875.648342][T14566] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  875.662230][ T5938] usb 5-1: IR Dongle converter now attached to ttyUSB0
[  875.697622][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  875.706364][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  876.286886][T14587] netlink: 'syz.1.2263': attribute type 8 has an invalid length.
[  876.410834][T11185] usb 5-1: USB disconnect, device number 12
[  876.480971][T11185] ir-usb ttyUSB0: IR Dongle converter now disconnected from ttyUSB0
[  876.494927][T14590] input: syz1 as /devices/virtual/input/input72
[  876.517035][T11185] ir_usb 5-1:0.126: device disconnected
[  876.664625][ T5938] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  876.844779][ T5938] usb 2-1: Using ep0 maxpacket: 8
[  876.853810][ T5938] usb 2-1: unable to get BOS descriptor or descriptor too short
[  876.876540][ T5938] usb 2-1: config 8 has an invalid interface number: 24 but max is 1
[  876.889921][ T5938] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  876.904063][ T5938] usb 2-1: config 8 has 1 interface, different from the descriptor's value: 2
[  876.917775][ T5938] usb 2-1: config 8 has no interface number 0
[  876.925120][ T5938] usb 2-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid wMaxPacketSize 0
[  876.940882][ T5938] usb 2-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  876.959590][ T5938] usb 2-1: config 8 interface 24 has no altsetting 0
[  876.986108][ T5938] usb 2-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[  877.009229][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  877.041515][ T5938] usb 2-1: Product: syz
[  877.051260][ T5938] usb 2-1: Manufacturer: syz
[  877.077112][ T5938] usb 2-1: SerialNumber: syz
[  877.330971][ T5938] vmk80xx 2-1:8.24: driver 'vmk80xx' failed to auto-configure device.
[  877.346025][ T5938] vmk80xx 2-1:8.24: probe with driver vmk80xx failed with error -22
[  877.375229][ T5938] usb 2-1: USB disconnect, device number 20
[  877.715522][T11188] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  877.904910][T11188] usb 5-1: Using ep0 maxpacket: 8
[  877.925456][T11188] usb 5-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  878.001903][T11188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  878.033297][T11188] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  878.070543][T11188] usb 5-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  878.081540][T11188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  878.102305][T11188] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  878.206592][T11188] usb 5-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  878.220234][T11188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  878.276156][T11188] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  878.450757][T11188] usb 5-1: string descriptor 0 read error: -22
[  878.457382][T11188] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  878.475978][T11188] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  878.521428][T11188] adutux 5-1:168.0: interrupt endpoints not found
[  878.727969][T11188] usb 5-1: USB disconnect, device number 13
[  878.754563][ T5938] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  878.894854][ T5938] usb 3-1: device descriptor read/64, error -71
[  879.154586][ T5938] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  879.294699][ T5938] usb 3-1: device descriptor read/64, error -71
[  879.406120][ T5938] usb usb3-port1: attempt power cycle
[  879.554517][T11188] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  879.694521][T11188] usb 2-1: device descriptor read/64, error -71
[  879.744886][ T5938] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  879.785447][ T5938] usb 3-1: device descriptor read/8, error -71
[  879.984806][T11188] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  880.044963][ T5938] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  880.111105][T14626] usb usb8: usbfs: process 14626 (syz.4.2274) did not claim interface 0 before use
[  880.122316][ T5938] usb 3-1: device descriptor read/8, error -71
[  880.184637][T11188] usb 2-1: device descriptor read/64, error -71
[  880.245054][ T5938] usb usb3-port1: unable to enumerate USB device
[  880.302554][T11188] usb usb2-port1: attempt power cycle
[  880.764724][T11188] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  880.803704][T11188] usb 2-1: device descriptor read/8, error -71
[  881.117076][T11188] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  881.147756][T14643] netlink: 'syz.4.2279': attribute type 8 has an invalid length.
[  881.170681][T11188] usb 2-1: device descriptor read/8, error -71
[  881.285468][T11188] usb usb2-port1: unable to enumerate USB device
[  881.467001][ T5938] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  881.644525][ T5938] usb 5-1: Using ep0 maxpacket: 8
[  881.653248][ T5938] usb 5-1: unable to get BOS descriptor or descriptor too short
[  881.680662][ T5938] usb 5-1: config 8 has an invalid interface number: 24 but max is 1
[  881.690228][ T5938] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  881.711218][ T5938] usb 5-1: config 8 has 1 interface, different from the descriptor's value: 2
[  881.721426][ T5938] usb 5-1: config 8 has no interface number 0
[  881.753364][ T5938] usb 5-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid wMaxPacketSize 0
[  881.808137][ T5938] usb 5-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  881.824706][ T5938] usb 5-1: config 8 interface 24 has no altsetting 0
[  881.842182][ T5938] usb 5-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[  881.864740][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  881.873559][ T5938] usb 5-1: Product: syz
[  881.882801][ T5938] usb 5-1: Manufacturer: syz
[  881.888200][ T5938] usb 5-1: SerialNumber: syz
[  881.972361][T14651] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2282'.
[  881.996995][T11188] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  882.170311][ T5938] vmk80xx 5-1:8.24: driver 'vmk80xx' failed to auto-configure device.
[  882.175249][T11188] usb 3-1: Using ep0 maxpacket: 32
[  882.227584][T11188] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  882.227623][T11188] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  882.323148][ T5938] vmk80xx 5-1:8.24: probe with driver vmk80xx failed with error -22
[  882.324161][T11188] usb 3-1: config 0 descriptor??
[  882.379977][ T5938] usb 5-1: USB disconnect, device number 14
[  882.572467][T11188] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  882.576364][T11188] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  882.577562][T11188] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  882.577660][T11188] usb 3-1: media controller created
[  882.614332][T11188] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  882.949578][T14660] netlink: 'syz.1.2283': attribute type 10 has an invalid length.
[  883.065858][ T5938] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  883.215017][ T5938] usb 5-1: Using ep0 maxpacket: 8
[  883.218090][ T5938] usb 5-1: config 0 has an invalid interface number: 234 but max is 2
[  883.218122][ T5938] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[  883.218146][ T5938] usb 5-1: config 0 has no interface number 1
[  883.220995][ T5938] usb 5-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=47.83
[  883.405377][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.405408][ T5938] usb 5-1: Product: syz
[  883.405425][ T5938] usb 5-1: Manufacturer: syz
[  883.405442][ T5938] usb 5-1: SerialNumber: syz
[  883.409263][ T5938] usb 5-1: config 0 descriptor??
[  883.604751][T11188] stb0899_attach: Driver disabled by Kconfig
[  883.611178][T11188] az6027: no front-end attached
[  883.611178][T11188] 
[  883.628134][T11188] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  883.659044][T11188] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input73
[  883.692422][T14662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  883.701382][T14662] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  883.739027][T11188] dvb-usb: schedule remote query interval to 400 msecs.
[  883.767047][T11188] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  884.232450][ T5938] usb 5-1: USB disconnect, device number 15
[  884.244755][T11188] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  884.404741][T11188] usb 2-1: Using ep0 maxpacket: 8
[  884.421611][T11188] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  884.479007][T11188] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  884.502660][T11188] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  884.519476][T11188] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  884.530257][T11188] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  884.562212][T14672] vim2m vim2m.0: vidioc_s_fmt queue busy
[  884.617705][T11188] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  884.634251][T11188] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  884.894199][T11188] usb 2-1: usb_control_msg returned -71
[  884.902045][T11188] usbtmc 2-1:16.0: can't read capabilities
[  884.937724][T11188] usb 2-1: USB disconnect, device number 25
[  885.116103][T14674] veth0: entered promiscuous mode
[  885.258180][   T30] audit: type=1326 audit(1758362281.489:8665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14673 comm="syz.0.2288" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x0
[  885.356264][T14675] veth0: left promiscuous mode
[  885.372539][T11188] usb 3-1: USB disconnect, device number 31
[  885.433986][T11188] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  886.119599][T14691] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2293'.
[  886.253499][T14695] netlink: 'syz.3.2295': attribute type 8 has an invalid length.
[  887.019495][T14703] netlink: 'syz.4.2297': attribute type 10 has an invalid length.
[  887.190942][T14706] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2298'.
[  888.015556][ T5938] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  888.174612][ T5938] usb 5-1: Using ep0 maxpacket: 16
[  888.182170][ T5938] usb 5-1: config 254 has an invalid interface number: 235 but max is 0
[  888.192399][ T5938] usb 5-1: config 254 has no interface number 0
[  888.200328][ T5938] usb 5-1: config 254 interface 235 altsetting 2 endpoint 0x6 has an invalid bInterval 237, changing to 7
[  888.212106][ T5938] usb 5-1: config 254 interface 235 altsetting 2 endpoint 0x6 has invalid maxpacket 42803, setting to 1024
[  888.223818][ T5938] usb 5-1: config 254 interface 235 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  888.234080][ T5938] usb 5-1: config 254 interface 235 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  888.244720][ T5938] usb 5-1: config 254 interface 235 has no altsetting 0
[  888.253927][ T5938] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1
[  888.263934][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  888.272595][ T5938] usb 5-1: Product: syz
[  888.277053][ T5938] usb 5-1: Manufacturer: syz
[  888.281719][ T5938] usb 5-1: SerialNumber: syz
[  888.503685][ T5938] usbtest 5-1:254.235: Linux gadget zero
[  888.509814][ T5938] usbtest 5-1:254.235: high-speed {control in/out bulk-in iso-out} tests (+alt)
[  888.730251][T11188] usb 5-1: USB disconnect, device number 16
[  890.397371][   T30] audit: type=1326 audit(1758362286.619:8666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14728 comm="syz.3.2304" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70ee539 code=0x0
[  890.626813][   T30] audit: type=1326 audit(1758362286.849:8667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14731 comm="syz.1.2305" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa2539 code=0x0
[  890.746916][T14740] FAULT_INJECTION: forcing a failure.
[  890.746916][T14740] name failslab, interval 1, probability 0, space 0, times 0
[  890.797511][T14740] CPU: 1 UID: 0 PID: 14740 Comm: syz.4.2306 Not tainted syzkaller #0 PREEMPT(full) 
[  890.797542][T14740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  890.797556][T14740] Call Trace:
[  890.797565][T14740]  <TASK>
[  890.797574][T14740]  dump_stack_lvl+0x189/0x250
[  890.797607][T14740]  ? __pfx____ratelimit+0x10/0x10
[  890.797629][T14740]  ? __pfx_dump_stack_lvl+0x10/0x10
[  890.797655][T14740]  ? __pfx__printk+0x10/0x10
[  890.797687][T14740]  ? __pfx___might_resched+0x10/0x10
[  890.797707][T14740]  ? fs_reclaim_acquire+0x7d/0x100
[  890.797732][T14740]  should_fail_ex+0x414/0x560
[  890.797769][T14740]  should_failslab+0xa8/0x100
[  890.797801][T14740]  __kmalloc_cache_noprof+0x70/0x3d0
[  890.797829][T14740]  ? hash_ipportip_create+0x2fe/0xfe0
[  890.797860][T14740]  hash_ipportip_create+0x2fe/0xfe0
[  890.797894][T14740]  ? __nla_parse+0x40/0x60
[  890.797917][T14740]  ? __pfx_hash_ipportip_create+0x10/0x10
[  890.797945][T14740]  ip_set_create+0xa94/0x1940
[  890.797977][T14740]  ? ip_set_create+0x4a2/0x1940
[  890.798019][T14740]  ? __pfx_ip_set_create+0x10/0x10
[  890.798088][T14740]  nfnetlink_rcv_msg+0xb4d/0x1130
[  890.798121][T14740]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  890.798173][T14740]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  890.798203][T14740]  ? kasan_save_free_info+0x46/0x50
[  890.798277][T14740]  netlink_rcv_skb+0x208/0x470
[  890.798303][T14740]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  890.798347][T14740]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  890.798382][T14740]  ? bpf_lsm_capable+0x9/0x20
[  890.798410][T14740]  ? security_capable+0x7e/0x2e0
[  890.798451][T14740]  nfnetlink_rcv+0x26a/0x2520
[  890.798486][T14740]  ? __dev_queue_xmit+0x1d79/0x3b50
[  890.798527][T14740]  ? __dev_queue_xmit+0x27b/0x3b50
[  890.798569][T14740]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  890.798601][T14740]  ? __pfx___dev_queue_xmit+0x10/0x10
[  890.798646][T14740]  ? ref_tracker_free+0x63a/0x7d0
[  890.798666][T14740]  ? __asan_memcpy+0x40/0x70
[  890.798690][T14740]  ? __pfx_ref_tracker_free+0x10/0x10
[  890.798708][T14740]  ? __skb_clone+0x63/0x7a0
[  890.798739][T14740]  ? __skb_clone+0x483/0x7a0
[  890.798774][T14740]  ? skb_clone+0x246/0x3a0
[  890.798804][T14740]  ? __netlink_deliver_tap+0x807/0x850
[  890.798827][T14740]  ? netlink_deliver_tap+0x2e/0x1b0
[  890.798856][T14740]  ? netlink_deliver_tap+0x2e/0x1b0
[  890.798888][T14740]  netlink_unicast+0x82c/0x9e0
[  890.798931][T14740]  ? __pfx_netlink_unicast+0x10/0x10
[  890.798964][T14740]  ? netlink_sendmsg+0x642/0xb30
[  890.798983][T14740]  ? skb_put+0x11b/0x210
[  890.799009][T14740]  netlink_sendmsg+0x805/0xb30
[  890.799032][T14740]  ? __pfx_netlink_sendmsg+0x10/0x10
[  890.799051][T14740]  ? __import_iovec+0x5d4/0x7f0
[  890.799071][T14740]  ? aa_sock_msg_perm+0xf1/0x1d0
[  890.799088][T14740]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  890.799105][T14740]  ? __pfx_netlink_sendmsg+0x10/0x10
[  890.799122][T14740]  __sock_sendmsg+0x21c/0x270
[  890.799148][T14740]  ____sys_sendmsg+0x505/0x830
[  890.799171][T14740]  ? __pfx_____sys_sendmsg+0x10/0x10
[  890.799203][T14740]  ___sys_sendmsg+0x21f/0x2a0
[  890.799226][T14740]  ? __pfx____sys_sendmsg+0x10/0x10
[  890.799287][T14740]  ? __fget_files+0x2a/0x420
[  890.799313][T14740]  ? __fget_files+0x3a0/0x420
[  890.799346][T14740]  __sys_sendmsg+0x164/0x220
[  890.799375][T14740]  ? __pfx___sys_sendmsg+0x10/0x10
[  890.799423][T14740]  ? lockdep_hardirqs_on+0x9c/0x150
[  890.799447][T14740]  __do_fast_syscall_32+0xb6/0x2b0
[  890.799466][T14740]  ? lockdep_hardirqs_on+0x9c/0x150
[  890.799485][T14740]  do_fast_syscall_32+0x34/0x80
[  890.799502][T14740]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  890.799520][T14740] RIP: 0023:0xf709e539
[  890.799534][T14740] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  890.799548][T14740] RSP: 002b:00000000f548e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  890.799565][T14740] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  890.799575][T14740] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  890.799584][T14740] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  890.799593][T14740] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  890.799602][T14740] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  890.799624][T14740]  </TASK>
[  891.854835][T14750] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  891.870432][T14751] program syz.4.2310 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  891.891670][T14750] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  891.914839][T14751] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2310'.
[  891.955059][T14751] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2310'.
[  891.984502][T11185] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  892.004665][T14751] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2310'.
[  892.164535][T11185] usb 2-1: Using ep0 maxpacket: 8
[  892.176626][T11185] usb 2-1: config 0 has an invalid interface number: 234 but max is 2
[  892.187891][T11185] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[  892.205506][T14756] netlink: 'syz.4.2312': attribute type 8 has an invalid length.
[  892.207958][T11185] usb 2-1: config 0 has no interface number 1
[  892.258022][T11185] usb 2-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=47.83
[  892.274569][T11185] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  892.293095][T11185] usb 2-1: Product: syz
[  892.297535][T11185] usb 2-1: Manufacturer: syz
[  892.302266][T11185] usb 2-1: SerialNumber: syz
[  892.335841][T11185] usb 2-1: config 0 descriptor??
[  892.494532][ T5965] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  892.563063][T14744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  892.605735][T14744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  892.664745][ T5965] usb 5-1: Using ep0 maxpacket: 8
[  892.679656][ T5965] usb 5-1: unable to get BOS descriptor or descriptor too short
[  892.699888][ T5965] usb 5-1: config 8 has an invalid interface number: 24 but max is 1
[  892.711082][ T5965] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  892.723929][ T5965] usb 5-1: config 8 has 1 interface, different from the descriptor's value: 2
[  892.743477][ T5965] usb 5-1: config 8 has no interface number 0
[  892.758975][ T5965] usb 5-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid wMaxPacketSize 0
[  892.796741][ T5965] usb 5-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  892.818903][ T5965] usb 5-1: config 8 interface 24 has no altsetting 0
[  892.838023][ T5965] usb 5-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[  892.854629][ T5965] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  892.873232][ T5965] usb 5-1: Product: syz
[  892.877917][ T5965] usb 5-1: Manufacturer: syz
[  892.882670][ T5965] usb 5-1: SerialNumber: syz
[  893.129040][ T5965] vmk80xx 5-1:8.24: driver 'vmk80xx' failed to auto-configure device.
[  893.170081][ T5965] vmk80xx 5-1:8.24: probe with driver vmk80xx failed with error -22
[  893.177048][T11188] usb 2-1: USB disconnect, device number 26
[  893.298308][ T5965] usb 5-1: USB disconnect, device number 17
[  893.714613][ T5938] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  893.885141][ T5938] usb 3-1: Using ep0 maxpacket: 16
[  893.895410][ T5938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  893.918241][ T5938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  893.965831][ T5938] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  894.094873][ T5938] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  894.127573][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.206097][ T5938] usb 3-1: config 0 descriptor??
[  894.354112][T14787] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2320'.
[  894.412326][T14788] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2320'.
[  894.452520][T14788] vim2m vim2m.0: Fourcc format (0x47524247) invalid.
[  894.798107][ T5938] microsoft 0003:045E:07DA.0041: ignoring exceeding usage max
[  894.850373][ T5938] microsoft 0003:045E:07DA.0041: item 0 4 0 11 parsing failed
[  894.889733][T14790] syz.2.2316 (14790): drop_caches: 2
[  894.924558][ T5938] microsoft 0003:045E:07DA.0041: parse failed
[  894.930862][ T5938] microsoft 0003:045E:07DA.0041: probe with driver microsoft failed with error -22
[  894.999529][T14798] netlink: 'syz.4.2321': attribute type 2 has an invalid length.
[  895.234549][T11188] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  895.414593][T11188] usb 2-1: Using ep0 maxpacket: 8
[  895.422761][T11188] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  895.434555][T11188] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  895.446335][T11188] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  895.464290][T11188] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  895.477063][T11188] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  895.489192][T11188] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  895.505455][T11188] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  895.517247][T11188] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  895.529379][T11188] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  895.551821][T11188] usb 2-1: string descriptor 0 read error: -22
[  895.559321][T11188] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  895.574043][T11188] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  895.679638][T11188] adutux 2-1:168.0: interrupt endpoints not found
[  895.702295][   T30] audit: type=1326 audit(1758362291.939:8668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14803 comm="syz.4.2325" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x0
[  895.751525][T14806] usb usb8: usbfs: process 14806 (syz.0.2322) did not claim interface 0 before use
[  895.966981][T11188] usb 2-1: USB disconnect, device number 27
[  896.336097][ T5938] usb 3-1: USB disconnect, device number 32
[  896.511746][T14814] pim6reg: entered allmulticast mode
[  896.821707][T14818] netlink: 'syz.1.2329': attribute type 8 has an invalid length.
[  896.914797][T11188] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  896.924774][T14821] input: syz1 as /devices/virtual/input/input74
[  897.099529][T11188] usb 3-1: Using ep0 maxpacket: 8
[  897.114852][T11183] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  897.130192][T11188] usb 3-1: config 0 has an invalid interface number: 234 but max is 2
[  897.148421][T11188] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[  897.158188][T11188] usb 3-1: config 0 has no interface number 1
[  897.209879][T11188] usb 3-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=47.83
[  897.236484][T11188] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  897.284976][T11183] usb 2-1: Using ep0 maxpacket: 8
[  897.294228][T11188] usb 3-1: Product: syz
[  897.316064][T11183] usb 2-1: unable to get BOS descriptor or descriptor too short
[  897.336349][T11188] usb 3-1: Manufacturer: syz
[  897.365087][T11183] usb 2-1: config 8 has an invalid interface number: 24 but max is 1
[  897.382859][T11188] usb 3-1: SerialNumber: syz
[  897.399856][T11183] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  897.413086][T11188] usb 3-1: config 0 descriptor??
[  897.443749][T11183] usb 2-1: config 8 has 1 interface, different from the descriptor's value: 2
[  897.474111][T11183] usb 2-1: config 8 has no interface number 0
[  897.493375][T11183] usb 2-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid wMaxPacketSize 0
[  897.539772][T11183] usb 2-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  897.567971][T11183] usb 2-1: config 8 interface 24 has no altsetting 0
[  897.587798][T11183] usb 2-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[  897.611174][T11183] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  897.631600][T11183] usb 2-1: Product: syz
[  897.641096][T11183] usb 2-1: Manufacturer: syz
[  897.646146][T11183] usb 2-1: SerialNumber: syz
[  897.648492][T14816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  897.682392][T14816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  897.726783][T14824] FAULT_INJECTION: forcing a failure.
[  897.726783][T14824] name failslab, interval 1, probability 0, space 0, times 0
[  897.746489][T14824] CPU: 1 UID: 0 PID: 14824 Comm: syz.0.2330 Not tainted syzkaller #0 PREEMPT(full) 
[  897.746520][T14824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  897.746534][T14824] Call Trace:
[  897.746544][T14824]  <TASK>
[  897.746554][T14824]  dump_stack_lvl+0x189/0x250
[  897.746585][T14824]  ? __pfx____ratelimit+0x10/0x10
[  897.746608][T14824]  ? __pfx_dump_stack_lvl+0x10/0x10
[  897.746634][T14824]  ? __pfx__printk+0x10/0x10
[  897.746665][T14824]  ? __lock_acquire+0xab9/0xd20
[  897.746706][T14824]  should_fail_ex+0x414/0x560
[  897.746744][T14824]  should_failslab+0xa8/0x100
[  897.746778][T14824]  kmem_cache_alloc_noprof+0x73/0x3c0
[  897.746806][T14824]  ? skb_clone+0x212/0x3a0
[  897.746838][T14824]  skb_clone+0x212/0x3a0
[  897.746869][T14824]  __netlink_deliver_tap+0x404/0x850
[  897.746907][T14824]  ? netlink_deliver_tap+0x2e/0x1b0
[  897.746931][T14824]  netlink_deliver_tap+0x19c/0x1b0
[  897.746954][T14824]  netlink_unicast+0x7fa/0x9e0
[  897.746994][T14824]  ? __pfx_netlink_unicast+0x10/0x10
[  897.747029][T14824]  ? netlink_sendmsg+0x642/0xb30
[  897.747050][T14824]  ? skb_put+0x11b/0x210
[  897.747078][T14824]  netlink_sendmsg+0x805/0xb30
[  897.747110][T14824]  ? __pfx_netlink_sendmsg+0x10/0x10
[  897.747132][T14824]  ? __import_iovec+0x5d4/0x7f0
[  897.747151][T14824]  ? aa_sock_msg_perm+0xf1/0x1d0
[  897.747168][T14824]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  897.747188][T14824]  ? __pfx_netlink_sendmsg+0x10/0x10
[  897.747212][T14824]  __sock_sendmsg+0x21c/0x270
[  897.747247][T14824]  ____sys_sendmsg+0x505/0x830
[  897.747279][T14824]  ? __pfx_____sys_sendmsg+0x10/0x10
[  897.747312][T14824]  ___sys_sendmsg+0x21f/0x2a0
[  897.747333][T14824]  ? __pfx____sys_sendmsg+0x10/0x10
[  897.747397][T14824]  ? __fget_files+0x2a/0x420
[  897.747415][T14824]  ? __fget_files+0x3a0/0x420
[  897.747448][T14824]  __sys_sendmsg+0x164/0x220
[  897.747469][T14824]  ? __pfx___sys_sendmsg+0x10/0x10
[  897.747506][T14824]  ? lockdep_hardirqs_on+0x9c/0x150
[  897.747533][T14824]  __do_fast_syscall_32+0xb6/0x2b0
[  897.747558][T14824]  ? lockdep_hardirqs_on+0x9c/0x150
[  897.747582][T14824]  do_fast_syscall_32+0x34/0x80
[  897.747600][T14824]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  897.747619][T14824] RIP: 0023:0xf70ce539
[  897.747633][T14824] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  897.747649][T14824] RSP: 002b:00000000f54be55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  897.747671][T14824] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  897.747686][T14824] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  897.747698][T14824] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  897.747710][T14824] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  897.747722][T14824] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  897.747746][T14824]  </TASK>
[  898.081217][T11183] vmk80xx 2-1:8.24: driver 'vmk80xx' failed to auto-configure device.
[  898.118483][T11183] vmk80xx 2-1:8.24: probe with driver vmk80xx failed with error -22
[  898.161434][T11183] usb 2-1: USB disconnect, device number 28
[  898.462196][ T5938] usb 3-1: USB disconnect, device number 33
[  898.994680][T11183] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  899.204911][T11183] usb 3-1: Using ep0 maxpacket: 16
[  899.214221][T11183] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  899.230340][T11183] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  899.242508][T11183] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  899.258058][T11183] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  899.270482][T11183] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  899.390565][T11183] usb 3-1: config 0 descriptor??
[  899.732636][T14857] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2339'.
[  899.745127][T14855] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2340'.
[  899.754127][T14855] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2340'.
[  899.768291][T14855] netlink: 'syz.4.2340': attribute type 7 has an invalid length.
[  899.928499][T14863] syz.2.2337 (14863): drop_caches: 2
[  899.933046][T11183] microsoft 0003:045E:07DA.0042: ignoring exceeding usage max
[  899.934908][T11183] microsoft 0003:045E:07DA.0042: item 0 4 0 11 parsing failed
[  899.935496][T11183] microsoft 0003:045E:07DA.0042: parse failed
[  899.935573][T11183] microsoft 0003:045E:07DA.0042: probe with driver microsoft failed with error -22
[  901.152176][   T30] audit: type=1326 audit(1758362297.379:8669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14871 comm="syz.4.2342" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  901.152225][   T30] audit: type=1326 audit(1758362297.379:8670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14871 comm="syz.4.2342" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf709e539 code=0x7ffc0000
[  901.152258][   T30] audit: type=1326 audit(1758362297.379:8671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14871 comm="syz.4.2342" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  901.152291][   T30] audit: type=1326 audit(1758362297.379:8672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14871 comm="syz.4.2342" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf709e539 code=0x7ffc0000
[  901.152322][   T30] audit: type=1326 audit(1758362297.379:8673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14871 comm="syz.4.2342" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  901.152353][   T30] audit: type=1326 audit(1758362297.379:8674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14871 comm="syz.4.2342" exe="/root/syz-executor" sig=0 arch=40000003 syscall=226 compat=1 ip=0xf709e539 code=0x7ffc0000
[  901.152392][   T30] audit: type=1326 audit(1758362297.379:8675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14871 comm="syz.4.2342" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  901.152435][   T30] audit: type=1326 audit(1758362297.379:8676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14871 comm="syz.4.2342" exe="/root/syz-executor" sig=0 arch=40000003 syscall=227 compat=1 ip=0xf709e539 code=0x7ffc0000
[  901.152466][   T30] audit: type=1326 audit(1758362297.389:8677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14871 comm="syz.4.2342" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  901.152501][   T30] audit: type=1326 audit(1758362297.389:8678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14871 comm="syz.4.2342" exe="/root/syz-executor" sig=0 arch=40000003 syscall=230 compat=1 ip=0xf709e539 code=0x7ffc0000
[  901.695459][ T5965] usb 3-1: USB disconnect, device number 34
[  901.928493][T14881] program syz.1.2344 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  901.936751][T14881] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2344'.
[  901.976948][    C1] vkms_vblank_simulate: vblank timer overrun
[  902.030480][T14881] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2344'.
[  902.030517][T14881] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2344'.
[  902.072948][T14885] input: syz1 as /devices/virtual/input/input75
[  902.192743][    C1] vkms_vblank_simulate: vblank timer overrun
[  902.579190][T14892] netlink: 'syz.4.2348': attribute type 8 has an invalid length.
[  902.835662][T11183] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  902.994765][T11183] usb 5-1: Using ep0 maxpacket: 8
[  903.002308][T11183] usb 5-1: unable to get BOS descriptor or descriptor too short
[  903.011829][T11183] usb 5-1: config 8 has an invalid interface number: 24 but max is 1
[  903.020192][T11183] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  903.031556][T11183] usb 5-1: config 8 has 1 interface, different from the descriptor's value: 2
[  903.041531][T11183] usb 5-1: config 8 has no interface number 0
[  903.047929][T11183] usb 5-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid wMaxPacketSize 0
[  903.058016][T11183] usb 5-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  903.069483][T11183] usb 5-1: config 8 interface 24 has no altsetting 0
[  903.079896][T11183] usb 5-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[  903.089233][T11183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  903.097606][T11183] usb 5-1: Product: syz
[  903.101888][T11183] usb 5-1: Manufacturer: syz
[  903.106574][T11183] usb 5-1: SerialNumber: syz
[  903.349426][T11183] vmk80xx 5-1:8.24: driver 'vmk80xx' failed to auto-configure device.
[  903.361651][T11183] vmk80xx 5-1:8.24: probe with driver vmk80xx failed with error -22
[  903.374492][T11183] usb 5-1: USB disconnect, device number 18
[  904.256629][T14906] input: syz1 as /devices/virtual/input/input76
[  904.812878][T14909] tun0: tun_chr_ioctl cmd 1074025675
[  904.820003][T14909] tun0: persist enabled
[  904.826524][T14909] tun0: tun_chr_ioctl cmd 1074025675
[  904.831882][T14909] tun0: persist disabled
[  905.165669][ T5965] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  905.335281][ T5965] usb 5-1: Using ep0 maxpacket: 16
[  905.349563][T14920] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2357'.
[  905.366198][ T5965] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  905.370336][T14922] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2358'.
[  905.393746][ T5965] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  905.544637][ T5965] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  905.565772][ T5965] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  905.565808][ T5965] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  905.569750][ T5965] usb 5-1: config 0 descriptor??
[  906.129886][ T5965] microsoft 0003:045E:07DA.0043: ignoring exceeding usage max
[  906.131879][ T5965] microsoft 0003:045E:07DA.0043: item 0 4 0 11 parsing failed
[  906.164286][ T5965] microsoft 0003:045E:07DA.0043: parse failed
[  906.215110][ T5965] microsoft 0003:045E:07DA.0043: probe with driver microsoft failed with error -22
[  906.235728][T14929] syz.4.2355 (14929): drop_caches: 2
[  906.534759][ T5965] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  906.664902][ T5965] usb 3-1: device descriptor read/64, error -71
[  906.904555][ T5965] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  907.035100][ T5965] usb 3-1: device descriptor read/64, error -71
[  907.146154][ T5965] usb usb3-port1: attempt power cycle
[  907.485796][ T5965] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  907.515397][ T5965] usb 3-1: device descriptor read/8, error -71
[  907.764644][ T5965] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  907.785353][ T5965] usb 3-1: device descriptor read/8, error -71
[  907.897247][ T5965] usb usb3-port1: unable to enumerate USB device
[  907.952098][T11183] usb 5-1: USB disconnect, device number 19
[  909.376566][T14949] futex_wake_op: syz.2.2366 tries to shift op by 32; fix this program
[  909.538847][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  909.538868][   T30] audit: type=1326 audit(1758362305.779:8697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14952 comm="syz.1.2368" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa2539 code=0x0
[  909.752754][   T30] audit: type=1326 audit(1758362305.819:8698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14950 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  909.843602][   T30] audit: type=1326 audit(1758362305.819:8699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14950 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  909.875240][T11188] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  909.901370][   T30] audit: type=1326 audit(1758362305.819:8700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14950 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  909.932254][   T30] audit: type=1326 audit(1758362305.819:8701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14950 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  909.957696][   T30] audit: type=1326 audit(1758362305.819:8702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14950 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  909.982206][   T30] audit: type=1326 audit(1758362305.819:8703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14950 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  910.046981][T11188] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  910.057088][T11188] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  910.074819][   T30] audit: type=1326 audit(1758362305.819:8704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14950 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  910.105125][   T30] audit: type=1326 audit(1758362305.819:8705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14950 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  910.117765][T11188] usb 3-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  910.145005][   T30] audit: type=1326 audit(1758362305.819:8706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14950 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=40000003 syscall=226 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  910.194535][T11188] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.202640][T11188] usb 3-1: Product: syz
[  910.212666][T11188] usb 3-1: Manufacturer: syz
[  910.229447][T11188] usb 3-1: SerialNumber: syz
[  910.261855][T11188] usb 3-1: config 0 descriptor??
[  910.273161][T11188] iguanair 3-1:0.0: probe with driver iguanair failed with error -12
[  910.474698][ T5965] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  910.539534][T14955] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2369'.
[  910.624670][ T5965] usb 5-1: Using ep0 maxpacket: 32
[  910.633434][ T5965] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  910.646928][ T5965] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  910.658888][ T5965] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  910.672771][ T5938] usb 3-1: USB disconnect, device number 39
[  910.681809][ T5965] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  910.692292][ T5965] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  910.705647][ T5965] usb 5-1: config 0 descriptor??
[  910.711790][T14966] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  910.722039][ T5965] hub 5-1:0.0: USB hub found
[  910.928010][ T5965] hub 5-1:0.0: 2 ports detected
[  911.338016][ T5965] hub 5-1:0.0: set hub depth failed
[  911.349175][ T5965] usb 5-1: USB disconnect, device number 20
[  911.514655][ T5938] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  911.664713][ T5938] usb 3-1: Using ep0 maxpacket: 32
[  911.671652][ T5938] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  911.680138][ T5938] usb 3-1: config 0 has no interface number 0
[  911.688590][ T5938] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  911.697794][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  911.705876][ T5938] usb 3-1: Product: syz
[  911.710043][ T5938] usb 3-1: Manufacturer: syz
[  911.714934][ T5938] usb 3-1: SerialNumber: syz
[  911.721909][ T5938] usb 3-1: config 0 descriptor??
[  911.729968][ T5938] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  911.892881][T14973] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2375'.
[  911.936857][ T5938] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  911.943539][ T5938] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  912.348504][T14971] bridge0: entered promiscuous mode
[  912.348687][T14971] macvlan2: entered promiscuous mode
[  912.349435][T14971] bridge0: port 1(macvlan2) entered blocking state
[  912.349683][T14971] bridge0: port 1(macvlan2) entered disabled state
[  912.349854][T14971] macvlan2: entered allmulticast mode
[  912.349873][T14971] bridge0: entered allmulticast mode
[  912.353077][T14971] macvlan2: left allmulticast mode
[  912.353105][T14971] bridge0: left allmulticast mode
[  912.361716][T14971] bridge0: left promiscuous mode
[  912.484409][    C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  912.485254][T11188] usb 3-1: USB disconnect, device number 40
[  912.507648][T11188] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  912.537325][T11188] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  912.552367][T11188] quatech2 3-1:0.51: device disconnected
[  912.834875][T11183] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  912.974799][T11183] usb 2-1: device descriptor read/64, error -71
[  913.026669][T14982] input: syz1 as /devices/virtual/input/input78
[  913.234521][T11183] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  913.374731][T11183] usb 2-1: device descriptor read/64, error -71
[  913.487260][T11183] usb usb2-port1: attempt power cycle
[  913.834646][T11183] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  913.865158][T11183] usb 2-1: device descriptor read/8, error -71
[  913.999864][T14994] netlink: 'syz.3.2380': attribute type 8 has an invalid length.
[  914.125430][T11183] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  914.150218][T11183] usb 2-1: device descriptor read/8, error -71
[  914.274922][T11183] usb usb2-port1: unable to enumerate USB device
[  915.574656][ T5938] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  915.632727][T15008] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2385'.
[  915.693870][T15012] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2386'.
[  915.724747][ T5938] usb 5-1: Using ep0 maxpacket: 8
[  915.734784][ T5938] usb 5-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  915.749138][ T5938] usb 5-1: config 1 interface 0 has no altsetting 0
[  915.759808][ T5938] usb 5-1: string descriptor 0 read error: -22
[  915.767328][ T5938] usb 5-1: New USB device found, idVendor=093a, idProduct=8002, bcdDevice= 0.40
[  915.776917][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  915.944547][ T5965] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  916.099212][ T5965] usb 2-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  916.113573][ T5965] usb 2-1: config 1 interface 0 has no altsetting 0
[  916.127136][ T5965] usb 2-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.40
[  916.136573][ T5965] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  916.145022][ T5965] usb 2-1: Product: syz
[  916.149846][ T5965] usb 2-1: Manufacturer: syz
[  916.154661][ T5965] usb 2-1: SerialNumber: syz
[  916.164623][T11185] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  916.319934][T11185] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  916.329924][T11185] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  916.343655][T11185] usb 3-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  916.358359][T11185] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  916.367040][T11185] usb 3-1: Product: syz
[  916.371295][T11185] usb 3-1: Manufacturer: syz
[  916.376124][T11185] usb 3-1: SerialNumber: syz
[  916.382028][T15012] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2386'.
[  916.385614][T11185] usb 3-1: config 0 descriptor??
[  916.405806][T11185] iguanair 3-1:0.0: probe with driver iguanair failed with error -12
[  916.439921][ T5965] usbhid 2-1:1.0: can't add hid device: -71
[  916.446267][ T5965] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  916.461485][ T5965] usb 2-1: USB disconnect, device number 33
[  916.808701][T15016] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2387'.
[  916.916971][    C0] blk_print_req_error: 8 callbacks suppressed
[  916.916996][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  916.976478][T11183] usb 3-1: USB disconnect, device number 41
[  917.006308][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  917.015617][    C1] buffer_io_error: 8 callbacks suppressed
[  917.015634][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  917.031976][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  917.041974][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  917.054597][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  917.064016][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  917.086969][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  917.096369][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  917.107146][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  917.116443][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  917.203985][T15023] FAULT_INJECTION: forcing a failure.
[  917.203985][T15023] name failslab, interval 1, probability 0, space 0, times 0
[  917.217587][T15023] CPU: 1 UID: 0 PID: 15023 Comm: syz.0.2390 Not tainted syzkaller #0 PREEMPT(full) 
[  917.217616][T15023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  917.217630][T15023] Call Trace:
[  917.217639][T15023]  <TASK>
[  917.217648][T15023]  dump_stack_lvl+0x189/0x250
[  917.217683][T15023]  ? __pfx____ratelimit+0x10/0x10
[  917.217706][T15023]  ? __pfx_dump_stack_lvl+0x10/0x10
[  917.217731][T15023]  ? __pfx__printk+0x10/0x10
[  917.217765][T15023]  ? __pfx___might_resched+0x10/0x10
[  917.217785][T15023]  ? fs_reclaim_acquire+0x7d/0x100
[  917.217810][T15023]  should_fail_ex+0x414/0x560
[  917.217847][T15023]  should_failslab+0xa8/0x100
[  917.217919][T15023]  __kmalloc_cache_noprof+0x70/0x3d0
[  917.217947][T15023]  ? ip_set_create+0x348/0x1940
[  917.217982][T15023]  ip_set_create+0x348/0x1940
[  917.218022][T15023]  ? __mutex_lock+0x335/0x1350
[  917.218049][T15023]  ? __pfx_ip_set_create+0x10/0x10
[  917.218115][T15023]  nfnetlink_rcv_msg+0xb4d/0x1130
[  917.218148][T15023]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  917.218198][T15023]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  917.218281][T15023]  netlink_rcv_skb+0x208/0x470
[  917.218305][T15023]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  917.218337][T15023]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  917.218371][T15023]  ? bpf_lsm_capable+0x9/0x20
[  917.218399][T15023]  ? security_capable+0x7e/0x2e0
[  917.218438][T15023]  nfnetlink_rcv+0x26a/0x2520
[  917.218472][T15023]  ? __dev_queue_xmit+0x1d79/0x3b50
[  917.218516][T15023]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  917.218547][T15023]  ? lockdep_hardirqs_on+0x9c/0x150
[  917.218570][T15023]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  917.218602][T15023]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  917.218634][T15023]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  917.218673][T15023]  ? rcu_preempt_deferred_qs_irqrestore+0x89c/0xce0
[  917.218720][T15023]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  917.218759][T15023]  ? rcu_is_watching+0x15/0xb0
[  917.218782][T15023]  ? rcu_read_unlock_special+0x3a2/0x4b0
[  917.218813][T15023]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  917.218841][T15023]  ? netlink_deliver_tap+0x2e/0x1b0
[  917.218877][T15023]  ? netlink_deliver_tap+0x2e/0x1b0
[  917.218907][T15023]  netlink_unicast+0x82c/0x9e0
[  917.218946][T15023]  ? __pfx_netlink_unicast+0x10/0x10
[  917.218980][T15023]  ? netlink_sendmsg+0x642/0xb30
[  917.219000][T15023]  ? skb_put+0x11b/0x210
[  917.219028][T15023]  netlink_sendmsg+0x805/0xb30
[  917.219061][T15023]  ? __pfx_netlink_sendmsg+0x10/0x10
[  917.219086][T15023]  ? __import_iovec+0x5d4/0x7f0
[  917.219110][T15023]  ? aa_sock_msg_perm+0xf1/0x1d0
[  917.219133][T15023]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  917.219156][T15023]  ? __pfx_netlink_sendmsg+0x10/0x10
[  917.219180][T15023]  __sock_sendmsg+0x21c/0x270
[  917.219215][T15023]  ____sys_sendmsg+0x505/0x830
[  917.219247][T15023]  ? __pfx_____sys_sendmsg+0x10/0x10
[  917.219290][T15023]  ___sys_sendmsg+0x21f/0x2a0
[  917.219318][T15023]  ? __pfx____sys_sendmsg+0x10/0x10
[  917.219383][T15023]  ? __fget_files+0x2a/0x420
[  917.219402][T15023]  ? __fget_files+0x3a0/0x420
[  917.219432][T15023]  __sys_sendmsg+0x164/0x220
[  917.219460][T15023]  ? __pfx___sys_sendmsg+0x10/0x10
[  917.219503][T15023]  ? lockdep_hardirqs_on+0x9c/0x150
[  917.219528][T15023]  __do_fast_syscall_32+0xb6/0x2b0
[  917.219553][T15023]  ? lockdep_hardirqs_on+0x9c/0x150
[  917.219578][T15023]  do_fast_syscall_32+0x34/0x80
[  917.219601][T15023]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  917.219626][T15023] RIP: 0023:0xf70ce539
[  917.219644][T15023] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  917.219662][T15023] RSP: 002b:00000000f54be55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  917.219683][T15023] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  917.219697][T15023] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  917.219710][T15023] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  917.219722][T15023] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  917.219734][T15023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  917.219763][T15023]  </TASK>
[  917.684509][T11188] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  917.784057][T15025] input: syz1 as /devices/virtual/input/input80
[  917.907828][T15028] input: syz1 as /devices/virtual/input/input81
[  917.934808][T11188] usb 2-1: Using ep0 maxpacket: 16
[  917.962558][T11188] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  918.042473][T11188] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  918.067138][T11188] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  918.125080][ T5938] usbhid 5-1:1.0: can't add hid device: -71
[  918.131368][ T5938] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  918.174949][T11188] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  918.184088][T11188] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  918.212659][T11188] usb 2-1: config 0 descriptor??
[  918.235506][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  918.244892][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  918.248938][ T5938] usb 5-1: USB disconnect, device number 21
[  918.259412][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  918.268665][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  918.281453][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  918.290759][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  918.300565][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  918.309865][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  918.321823][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  918.329962][ T5235] ldm_validate_partition_table(): Disk read failed.
[  918.426584][ T5235] Dev loop7: unable to read RDB block 0
[  918.487054][ T5235]  loop7: unable to read partition table
[  918.497215][ T5235] loop7: partition table beyond EOD, truncated
[  918.725490][T15036] syz.1.2389 (15036): drop_caches: 2
[  918.741136][T11188] microsoft 0003:045E:07DA.0044: ignoring exceeding usage max
[  918.783390][T11188] microsoft 0003:045E:07DA.0044: item 0 4 0 11 parsing failed
[  918.792655][T11188] microsoft 0003:045E:07DA.0044: parse failed
[  918.799764][T11188] microsoft 0003:045E:07DA.0044: probe with driver microsoft failed with error -22
[  919.742978][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  919.742998][   T30] audit: type=1326 audit(1758362315.979:8741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15044 comm="syz.4.2398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000
[  919.774771][   T30] audit: type=1326 audit(1758362315.979:8742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15044 comm="syz.4.2398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  919.799372][   T30] audit: type=1326 audit(1758362315.979:8743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15044 comm="syz.4.2398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000
[  919.835564][   T30] audit: type=1326 audit(1758362315.989:8744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15044 comm="syz.4.2398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000
[  919.864708][   T30] audit: type=1326 audit(1758362315.989:8745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15044 comm="syz.4.2398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000
[  919.892598][   T30] audit: type=1326 audit(1758362315.989:8746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15044 comm="syz.4.2398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000
[  919.922429][   T30] audit: type=1326 audit(1758362315.989:8747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15044 comm="syz.4.2398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000
[  919.955405][   T30] audit: type=1326 audit(1758362315.989:8748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15044 comm="syz.4.2398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000
[  919.981888][   T30] audit: type=1326 audit(1758362315.989:8749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15044 comm="syz.4.2398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000
[  920.007889][   T30] audit: type=1326 audit(1758362315.989:8750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15044 comm="syz.4.2398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709e558 code=0x7ffc0000
[  920.082517][T11188] usb 2-1: USB disconnect, device number 34
[  920.344244][T15056] netlink: 'syz.3.2401': attribute type 8 has an invalid length.
[  920.488973][T15045] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2398'.
[  921.048760][T15062] FAULT_INJECTION: forcing a failure.
[  921.048760][T15062] name failslab, interval 1, probability 0, space 0, times 0
[  921.084063][T15062] CPU: 0 UID: 0 PID: 15062 Comm: syz.1.2403 Not tainted syzkaller #0 PREEMPT(full) 
[  921.084092][T15062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  921.084107][T15062] Call Trace:
[  921.084114][T15062]  <TASK>
[  921.084121][T15062]  dump_stack_lvl+0x189/0x250
[  921.084144][T15062]  ? __pfx____ratelimit+0x10/0x10
[  921.084161][T15062]  ? __pfx_dump_stack_lvl+0x10/0x10
[  921.084180][T15062]  ? __pfx__printk+0x10/0x10
[  921.084202][T15062]  ? __lock_acquire+0xab9/0xd20
[  921.084232][T15062]  should_fail_ex+0x414/0x560
[  921.084258][T15062]  should_failslab+0xa8/0x100
[  921.084290][T15062]  kmem_cache_alloc_noprof+0x73/0x3c0
[  921.084311][T15062]  ? skb_clone+0x212/0x3a0
[  921.084334][T15062]  skb_clone+0x212/0x3a0
[  921.084356][T15062]  __netlink_deliver_tap+0x404/0x850
[  921.084394][T15062]  ? netlink_deliver_tap+0x2e/0x1b0
[  921.084416][T15062]  netlink_deliver_tap+0x19c/0x1b0
[  921.084438][T15062]  netlink_unicast+0x7fa/0x9e0
[  921.084477][T15062]  ? __pfx_netlink_unicast+0x10/0x10
[  921.084510][T15062]  ? netlink_sendmsg+0x642/0xb30
[  921.084531][T15062]  ? skb_put+0x11b/0x210
[  921.084551][T15062]  netlink_sendmsg+0x805/0xb30
[  921.084575][T15062]  ? __pfx_netlink_sendmsg+0x10/0x10
[  921.084593][T15062]  ? __import_iovec+0x5d4/0x7f0
[  921.084612][T15062]  ? aa_sock_msg_perm+0xf1/0x1d0
[  921.084629][T15062]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  921.084647][T15062]  ? __pfx_netlink_sendmsg+0x10/0x10
[  921.084664][T15062]  __sock_sendmsg+0x21c/0x270
[  921.084690][T15062]  ____sys_sendmsg+0x505/0x830
[  921.084717][T15062]  ? __pfx_____sys_sendmsg+0x10/0x10
[  921.084765][T15062]  ___sys_sendmsg+0x21f/0x2a0
[  921.084794][T15062]  ? __pfx____sys_sendmsg+0x10/0x10
[  921.084862][T15062]  ? __fget_files+0x2a/0x420
[  921.084882][T15062]  ? __fget_files+0x3a0/0x420
[  921.084914][T15062]  __sys_sendmsg+0x164/0x220
[  921.084945][T15062]  ? __pfx___sys_sendmsg+0x10/0x10
[  921.084990][T15062]  ? lockdep_hardirqs_on+0x9c/0x150
[  921.085019][T15062]  __do_fast_syscall_32+0xb6/0x2b0
[  921.085045][T15062]  ? lockdep_hardirqs_on+0x9c/0x150
[  921.085073][T15062]  do_fast_syscall_32+0x34/0x80
[  921.085098][T15062]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  921.085125][T15062] RIP: 0023:0xf7fa2539
[  921.085144][T15062] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  921.085164][T15062] RSP: 002b:00000000f54a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  921.085186][T15062] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  921.085202][T15062] RDX: 00000000000000c4 RSI: 0000000000000000 RDI: 0000000000000000
[  921.085215][T15062] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  921.085228][T15062] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  921.085247][T15062] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  921.085287][T15062]  </TASK>
[  921.370391][    C0] vkms_vblank_simulate: vblank timer overrun
[  922.064676][ T5938] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  922.225174][ T5938] usb 2-1: Using ep0 maxpacket: 8
[  922.239737][ T5938] usb 2-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  922.260437][ T5938] usb 2-1: config 1 interface 0 has no altsetting 0
[  922.272677][ T5938] usb 2-1: string descriptor 0 read error: -22
[  922.281972][ T5938] usb 2-1: New USB device found, idVendor=093a, idProduct=8002, bcdDevice= 0.40
[  922.294362][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  922.723153][T15075] input: syz1 as /devices/virtual/input/input82
[  924.324504][T11188] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  924.535250][T11188] usb 5-1: Using ep0 maxpacket: 16
[  924.563998][T11188] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  924.611365][T11188] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  924.627052][ T5938] usbhid 2-1:1.0: can't add hid device: -71
[  924.634131][ T5938] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  924.643700][T11188] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  924.683447][T11188] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  924.713168][T11188] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  924.740233][T11188] usb 5-1: config 0 descriptor??
[  924.763906][ T5938] usb 2-1: USB disconnect, device number 35
[  924.878132][    C1] blk_print_req_error: 14 callbacks suppressed
[  924.878154][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  924.893726][    C1] buffer_io_error: 13 callbacks suppressed
[  924.893748][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  924.919166][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  924.928713][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  924.949101][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  924.958622][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  924.977324][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  924.986699][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  925.004626][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  925.013897][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  925.022136][ T5235] ldm_validate_partition_table(): Disk read failed.
[  925.038167][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  925.047553][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  925.073095][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  925.082448][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  925.090576][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  925.100310][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  925.109012][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  925.118287][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  925.126665][ T5235] Dev loop7: unable to read RDB block 0
[  925.132661][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  925.141992][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  925.174102][ T5235]  loop7: unable to read partition table
[  925.183249][ T5235] loop7: partition table beyond EOD, truncated
[  925.591199][T15099] syz.4.2409 (15099): drop_caches: 2
[  925.657190][T15100] usb usb8: usbfs: process 15100 (syz.2.2410) did not claim interface 0 before use
[  925.710485][T11188] microsoft 0003:045E:07DA.0045: ignoring exceeding usage max
[  925.741544][T11188] microsoft 0003:045E:07DA.0045: item 0 4 0 11 parsing failed
[  925.751155][T11188] microsoft 0003:045E:07DA.0045: parse failed
[  925.759661][T11188] microsoft 0003:045E:07DA.0045: probe with driver microsoft failed with error -22
[  927.130651][T15121] netlink: 'syz.3.2418': attribute type 8 has an invalid length.
[  927.978649][ T5938] usb 5-1: USB disconnect, device number 22
[  928.554686][T11188] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  928.574601][T11182] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  928.685959][T11188] usb 3-1: device descriptor read/64, error -71
[  928.738343][T11182] usb 5-1: Using ep0 maxpacket: 8
[  928.752444][T11182] usb 5-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  928.766385][T11182] usb 5-1: config 1 interface 0 has no altsetting 0
[  928.778795][T11182] usb 5-1: string descriptor 0 read error: -22
[  928.785885][T11182] usb 5-1: New USB device found, idVendor=093a, idProduct=8002, bcdDevice= 0.40
[  928.788686][T15143] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2426'.
[  928.801383][T11182] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  928.934926][T11188] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  929.094811][T11188] usb 3-1: device descriptor read/64, error -71
[  929.218874][T11188] usb usb3-port1: attempt power cycle
[  929.584663][T11188] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  929.615678][T11188] usb 3-1: device descriptor read/8, error -71
[  929.864640][T11188] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  929.885665][T11188] usb 3-1: device descriptor read/8, error -71
[  929.996943][T11188] usb usb3-port1: unable to enumerate USB device
[  930.294634][ T5938] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  930.444601][ T5938] usb 2-1: Using ep0 maxpacket: 16
[  930.459584][ T5938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  930.482695][T15162] usb usb8: usbfs: process 15162 (syz.3.2431) did not claim interface 0 before use
[  930.491737][ T5938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  930.502377][ T5938] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  930.516526][ T5938] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  930.527148][ T5938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.540918][ T5938] usb 2-1: config 0 descriptor??
[  931.134346][T15164] syz.1.2432 (15164): drop_caches: 2
[  931.174975][ T5938] microsoft 0003:045E:07DA.0046: ignoring exceeding usage max
[  931.203688][ T5938] microsoft 0003:045E:07DA.0046: item 0 4 0 11 parsing failed
[  931.219718][T11182] usbhid 5-1:1.0: can't add hid device: -71
[  931.242785][T11182] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  931.255470][ T5938] microsoft 0003:045E:07DA.0046: parse failed
[  931.272810][    C0] blk_print_req_error: 8 callbacks suppressed
[  931.272826][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  931.288609][    C0] buffer_io_error: 8 callbacks suppressed
[  931.288625][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  931.306955][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  931.316297][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  931.324628][T11182] usb 5-1: USB disconnect, device number 23
[  931.343882][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  931.353770][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  931.403479][ T5938] microsoft 0003:045E:07DA.0046: probe with driver microsoft failed with error -22
[  931.404445][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  931.422718][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  931.431060][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  931.440258][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  931.449299][ T5235] ldm_validate_partition_table(): Disk read failed.
[  931.464453][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  931.473807][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  931.491276][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  931.500611][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  931.514413][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  931.523613][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  931.532447][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  931.541717][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  931.554151][ T5235] Dev loop7: unable to read RDB block 0
[  931.570329][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  931.579610][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  931.610094][ T5235]  loop7: unable to read partition table
[  931.629486][ T5235] loop7: partition table beyond EOD, truncated
[  933.210785][T15182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2438'.
[  933.532321][T15194] netlink: 'syz.2.2441': attribute type 8 has an invalid length.
[  933.776085][T11185] usb 2-1: USB disconnect, device number 36
[  933.854865][ T5938] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  933.889062][T15202] netlink: 'syz.3.2443': attribute type 10 has an invalid length.
[  934.094623][ T5938] usb 3-1: Using ep0 maxpacket: 8
[  934.123310][ T5938] usb 3-1: unable to get BOS descriptor or descriptor too short
[  934.136998][ T5938] usb 3-1: config 8 has an invalid interface number: 24 but max is 1
[  934.150853][ T5938] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  934.163408][ T5938] usb 3-1: config 8 has 1 interface, different from the descriptor's value: 2
[  934.173982][ T5938] usb 3-1: config 8 has no interface number 0
[  934.180593][ T5938] usb 3-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid wMaxPacketSize 0
[  934.190773][ T5938] usb 3-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  934.230988][ T5938] usb 3-1: config 8 interface 24 has no altsetting 0
[  934.248649][ T5938] usb 3-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[  934.260312][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  934.273801][ T5938] usb 3-1: Product: syz
[  934.278808][ T5938] usb 3-1: Manufacturer: syz
[  934.283908][ T5938] usb 3-1: SerialNumber: syz
[  934.505687][T11185] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  934.518749][ T5938] vmk80xx 3-1:8.24: driver 'vmk80xx' failed to auto-configure device.
[  934.608509][ T5938] vmk80xx 3-1:8.24: probe with driver vmk80xx failed with error -22
[  934.645731][ T5938] usb 3-1: USB disconnect, device number 46
[  934.864510][T11185] usb 2-1: Using ep0 maxpacket: 8
[  934.958086][T11185] usb 2-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  934.971309][T11185] usb 2-1: config 1 interface 0 has no altsetting 0
[  935.001172][T11185] usb 2-1: string descriptor 0 read error: -22
[  935.007939][T11185] usb 2-1: New USB device found, idVendor=093a, idProduct=8002, bcdDevice= 0.40
[  935.019336][T11185] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  935.033545][T15213] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.2447'.
[  935.579494][T15218] usb usb8: usbfs: process 15218 (syz.4.2446) did not claim interface 0 before use
[  936.082170][T15222] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2450'.
[  936.234489][T11182] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  936.392427][T11182] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  936.392464][T11182] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  936.392488][T11182] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  936.392534][T11182] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  936.392559][T11182] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.395797][T11182] usb 5-1: config 0 descriptor??
[  936.732244][T15227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  936.743065][T15227] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  937.183796][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  937.194042][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  937.382996][T11185] usbhid 2-1:1.0: can't add hid device: -71
[  937.400363][T11185] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  937.506817][T11185] usb 2-1: USB disconnect, device number 37
[  937.526781][    C0] blk_print_req_error: 8 callbacks suppressed
[  937.526805][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  937.542458][    C0] buffer_io_error: 8 callbacks suppressed
[  937.542478][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  937.560033][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  937.569320][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  937.578055][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  937.587320][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  937.595894][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  937.605311][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  937.614937][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  937.624188][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  937.633383][ T5235] ldm_validate_partition_table(): Disk read failed.
[  937.650754][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  937.660044][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  937.672368][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  937.681614][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  937.690639][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  937.699893][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  937.728392][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  937.737759][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  937.751104][ T5235] Dev loop7: unable to read RDB block 0
[  937.768981][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  937.778289][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  937.799160][ T5235]  loop7: unable to read partition table
[  937.809056][ T5235] loop7: partition table beyond EOD, truncated
[  937.917436][T15239] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2452'.
[  938.639778][   T30] kauditd_printk_skb: 1687 callbacks suppressed
[  938.639798][   T30] audit: type=1326 audit(1758362334.879:10438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15242 comm="syz.2.2453" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f78539 code=0x0
[  939.738594][T15258] netlink: 'syz.1.2458': attribute type 8 has an invalid length.
[  939.994562][T11185] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  940.016303][T11182] usbhid 5-1:0.0: can't add hid device: -71
[  940.027164][T11182] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  940.047808][T11182] usb 5-1: USB disconnect, device number 24
[  940.144157][   T30] audit: type=1326 audit(1758362336.379:10439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15259 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  940.167748][   T30] audit: type=1326 audit(1758362336.409:10440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15259 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf709e539 code=0x7ffc0000
[  940.197228][   T30] audit: type=1326 audit(1758362336.409:10441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15259 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  940.239709][T11185] usb 2-1: Using ep0 maxpacket: 8
[  940.245640][   T30] audit: type=1326 audit(1758362336.419:10442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15259 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  940.270093][   T30] audit: type=1326 audit(1758362336.419:10443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15259 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=55 compat=1 ip=0xf709e539 code=0x7ffc0000
[  940.293318][T11185] usb 2-1: unable to get BOS descriptor or descriptor too short
[  940.306083][T11185] usb 2-1: config 8 has an invalid interface number: 24 but max is 1
[  940.327252][T11185] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  940.338233][T11185] usb 2-1: config 8 has 1 interface, different from the descriptor's value: 2
[  940.347510][   T30] audit: type=1326 audit(1758362336.419:10444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15259 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  940.370391][T11185] usb 2-1: config 8 has no interface number 0
[  940.377138][T11185] usb 2-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid wMaxPacketSize 0
[  940.387576][   T30] audit: type=1326 audit(1758362336.419:10445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15259 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf709e539 code=0x7ffc0000
[  940.410528][T11185] usb 2-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  940.422033][   T30] audit: type=1326 audit(1758362336.419:10446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15259 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf709e539 code=0x7ffc0000
[  940.422094][   T30] audit: type=1326 audit(1758362336.429:10447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15259 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf709e539 code=0x7ffc0000
[  940.806989][T11185] usb 2-1: config 8 interface 24 has no altsetting 0
[  940.826712][T11185] usb 2-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[  940.836377][T11185] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  940.844774][T11185] usb 2-1: Product: syz
[  940.848982][T11185] usb 2-1: Manufacturer: syz
[  940.854610][T11185] usb 2-1: SerialNumber: syz
[  941.082455][T11185] vmk80xx 2-1:8.24: driver 'vmk80xx' failed to auto-configure device.
[  941.092906][T11185] vmk80xx 2-1:8.24: probe with driver vmk80xx failed with error -22
[  941.115217][T11185] usb 2-1: USB disconnect, device number 38
[  941.487776][T15270] usb usb8: usbfs: process 15270 (syz.4.2460) did not claim interface 0 before use
[  941.605145][T11185] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  941.784790][T11185] usb 3-1: device descriptor read/64, error -71
[  941.963771][T15281] FAULT_INJECTION: forcing a failure.
[  941.963771][T15281] name failslab, interval 1, probability 0, space 0, times 0
[  942.018402][T15281] CPU: 0 UID: 0 PID: 15281 Comm: syz.0.2464 Not tainted syzkaller #0 PREEMPT(full) 
[  942.018433][T15281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  942.018447][T15281] Call Trace:
[  942.018456][T15281]  <TASK>
[  942.018466][T15281]  dump_stack_lvl+0x189/0x250
[  942.018496][T15281]  ? __pfx____ratelimit+0x10/0x10
[  942.018519][T15281]  ? __pfx_dump_stack_lvl+0x10/0x10
[  942.018545][T15281]  ? __pfx__printk+0x10/0x10
[  942.018591][T15281]  should_fail_ex+0x414/0x560
[  942.018630][T15281]  should_failslab+0xa8/0x100
[  942.018661][T15281]  __kmalloc_cache_noprof+0x70/0x3d0
[  942.018690][T15281]  ? sctp_add_bind_addr+0x8c/0x370
[  942.018717][T15281]  sctp_add_bind_addr+0x8c/0x370
[  942.018743][T15281]  sctp_copy_local_addr_list+0x30b/0x4e0
[  942.018782][T15281]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  942.018816][T15281]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  942.018852][T15281]  ? sctp_v6_is_any+0x64/0x80
[  942.018877][T15281]  ? sctp_copy_one_addr+0x93/0x360
[  942.018901][T15281]  sctp_bind_addr_copy+0xb3/0x3c0
[  942.018924][T15281]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  942.018958][T15281]  sctp_connect_new_asoc+0x2e0/0x690
[  942.018989][T15281]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  942.019014][T15281]  ? __local_bh_enable_ip+0x12d/0x1c0
[  942.019044][T15281]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  942.019070][T15281]  ? security_sctp_bind_connect+0x7e/0x2e0
[  942.019103][T15281]  sctp_sendmsg+0x155c/0x2810
[  942.019142][T15281]  ? __pfx_sctp_sendmsg+0x10/0x10
[  942.019171][T15281]  ? aa_sk_perm+0x81e/0x950
[  942.019209][T15281]  ? __pfx_aa_sk_perm+0x10/0x10
[  942.019245][T15281]  ? sock_rps_record_flow+0x19/0x410
[  942.019281][T15281]  ? inet_sendmsg+0x2f4/0x370
[  942.019316][T15281]  __sock_sendmsg+0x19c/0x270
[  942.019353][T15281]  ____sys_sendmsg+0x52d/0x830
[  942.019386][T15281]  ? __pfx_____sys_sendmsg+0x10/0x10
[  942.019440][T15281]  ___sys_sendmsg+0x21f/0x2a0
[  942.019470][T15281]  ? __pfx____sys_sendmsg+0x10/0x10
[  942.019539][T15281]  ? __fget_files+0x2a/0x420
[  942.019557][T15281]  ? __fget_files+0x3a0/0x420
[  942.019588][T15281]  __sys_sendmmsg+0x28e/0x430
[  942.019622][T15281]  ? __pfx___sys_sendmmsg+0x10/0x10
[  942.019660][T15281]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  942.019706][T15281]  ? ksys_write+0x22a/0x250
[  942.019747][T15281]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  942.019778][T15281]  __do_fast_syscall_32+0xb6/0x2b0
[  942.019803][T15281]  ? lockdep_hardirqs_on+0x9c/0x150
[  942.019830][T15281]  do_fast_syscall_32+0x34/0x80
[  942.019854][T15281]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  942.019881][T15281] RIP: 0023:0xf70ce539
[  942.019900][T15281] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  942.019917][T15281] RSP: 002b:00000000f549d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  942.019940][T15281] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000540
[  942.019954][T15281] RDX: 0000000000000001 RSI: 000000003404c8d4 RDI: 0000000000000000
[  942.019968][T15281] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  942.019980][T15281] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  942.019993][T15281] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  942.020024][T15281]  </TASK>
[  942.352015][T11185] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  942.484517][T11185] usb 3-1: device descriptor read/64, error -71
[  942.602638][T11185] usb usb3-port1: attempt power cycle
[  942.913263][T15287] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2467'.
[  942.964535][T11185] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  943.005418][T11185] usb 3-1: device descriptor read/8, error -71
[  943.254857][T11185] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  943.299537][T11185] usb 3-1: device descriptor read/8, error -71
[  943.344548][T11182] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  943.425086][T11185] usb usb3-port1: unable to enumerate USB device
[  943.529215][T11182] usb 2-1: Using ep0 maxpacket: 8
[  943.548382][T11182] usb 2-1: config 0 has an invalid interface number: 234 but max is 2
[  943.564441][T11182] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[  943.575702][T11182] usb 2-1: config 0 has no interface number 1
[  943.585559][T11182] usb 2-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=47.83
[  943.595990][T11182] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.604051][T11182] usb 2-1: Product: syz
[  943.609130][T11182] usb 2-1: Manufacturer: syz
[  943.613952][T11182] usb 2-1: SerialNumber: syz
[  943.626004][T11182] usb 2-1: config 0 descriptor??
[  943.639468][T11182] usb 2-1: unknown number of interfaces: 2
[  943.843535][T15289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  943.852807][T15289] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  943.910308][T15297] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  943.919180][T15297] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  944.018152][T15298] netlink: 'syz.0.2469': attribute type 10 has an invalid length.
[  944.492114][ T5938] usb 2-1: USB disconnect, device number 39
[  944.545970][T15300] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2471'.
[  944.749283][T15306] netlink: 'syz.3.2473': attribute type 8 has an invalid length.
[  945.004526][ T5938] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  945.154660][ T5938] usb 2-1: Using ep0 maxpacket: 16
[  945.163771][ T5938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  945.184542][ T5938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  945.184567][T11182] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  945.200458][ T5938] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  945.223025][ T5938] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  945.242401][ T5938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.254013][ T5938] usb 2-1: config 0 descriptor??
[  945.424494][T11182] usb 5-1: Using ep0 maxpacket: 32
[  945.445667][T11182] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  945.456986][T11182] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  945.467299][T11182] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  945.481352][T11182] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.497268][T11182] usb 5-1: config 0 descriptor??
[  945.631620][T15316] usb usb8: usbfs: process 15316 (syz.2.2475) did not claim interface 0 before use
[  945.858855][T15318] syz.1.2472 (15318): drop_caches: 2
[  945.933963][T11182] ft260 0003:0403:6030.0047: unknown main item tag 0x0
[  945.949204][ T5938] microsoft 0003:045E:07DA.0048: ignoring exceeding usage max
[  945.966337][ T5938] microsoft 0003:045E:07DA.0048: item 0 4 0 11 parsing failed
[  945.997795][ T5938] microsoft 0003:045E:07DA.0048: parse failed
[  946.004228][ T5938] microsoft 0003:045E:07DA.0048: probe with driver microsoft failed with error -22
[  946.011716][T11182] ft260 0003:0403:6030.0047: unknown main item tag 0x0
[  946.111800][T11182] ft260 0003:0403:6030.0047: chip code: 6424 8183
[  946.116550][T15321] FAULT_INJECTION: forcing a failure.
[  946.116550][T15321] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  946.131900][T15321] CPU: 1 UID: 0 PID: 15321 Comm: syz.0.2477 Not tainted syzkaller #0 PREEMPT(full) 
[  946.131936][T15321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  946.131951][T15321] Call Trace:
[  946.131960][T15321]  <TASK>
[  946.131969][T15321]  dump_stack_lvl+0x189/0x250
[  946.132000][T15321]  ? __pfx____ratelimit+0x10/0x10
[  946.132022][T15321]  ? __pfx_dump_stack_lvl+0x10/0x10
[  946.132046][T15321]  ? __pfx__printk+0x10/0x10
[  946.132072][T15321]  ? __might_fault+0xb0/0x130
[  946.132102][T15321]  should_fail_ex+0x414/0x560
[  946.132128][T15321]  _copy_from_iter+0x1de/0x1790
[  946.132158][T15321]  ? __pfx__copy_from_iter+0x10/0x10
[  946.132187][T15321]  tun_get_user+0x219/0x3e20
[  946.132219][T15321]  ? aa_file_perm+0x44d/0x1550
[  946.132236][T15321]  ? __pfx_tun_get_user+0x10/0x10
[  946.132253][T15321]  ? _parse_integer_limit+0x1ae/0x1f0
[  946.132282][T15321]  ? __lock_acquire+0xab9/0xd20
[  946.132308][T15321]  ? ref_tracker_alloc+0x318/0x460
[  946.132322][T15321]  ? __lock_acquire+0xab9/0xd20
[  946.132344][T15321]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  946.132363][T15321]  ? tun_get+0x1c/0x2f0
[  946.132384][T15321]  ? tun_get+0x1c/0x2f0
[  946.132400][T15321]  ? tun_get+0x1c/0x2f0
[  946.132420][T15321]  tun_chr_write_iter+0x113/0x200
[  946.132440][T15321]  vfs_write+0x5c9/0xb30
[  946.132464][T15321]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  946.132482][T15321]  ? __pfx_vfs_write+0x10/0x10
[  946.132512][T15321]  ? __fget_files+0x2a/0x420
[  946.132540][T15321]  ksys_write+0x145/0x250
[  946.132568][T15321]  ? __pfx_ksys_write+0x10/0x10
[  946.132596][T15321]  ? lockdep_hardirqs_on+0x9c/0x150
[  946.132614][T15321]  __do_fast_syscall_32+0xb6/0x2b0
[  946.132632][T15321]  ? lockdep_hardirqs_on+0x9c/0x150
[  946.132650][T15321]  do_fast_syscall_32+0x34/0x80
[  946.132667][T15321]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  946.132685][T15321] RIP: 0023:0xf70ce539
[  946.132699][T15321] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  946.132712][T15321] RSP: 002b:00000000f54be55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  946.132727][T15321] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000240
[  946.132738][T15321] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000
[  946.132747][T15321] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  946.132756][T15321] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  946.132764][T15321] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  946.132785][T15321]  </TASK>
[  946.667487][T11182] ft260 0003:0403:6030.0047: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.4-1/input0
[  946.710374][T11182] ft260 0003:0403:6030.0047: failed to retrieve status: -32, no wakeup
[  946.719783][T11182] ft260 0003:0403:6030.0047: failed to retrieve status: -32
[  946.937195][T11182] usb 5-1: USB disconnect, device number 25
[  947.745982][   T30] kauditd_printk_skb: 635 callbacks suppressed
[  947.746003][   T30] audit: type=1326 audit(1758362343.989:11083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  947.840219][   T30] audit: type=1326 audit(1758362344.029:11084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  947.914554][T11182] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  947.930364][   T30] audit: type=1326 audit(1758362344.029:11085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  947.952573][    C0] vkms_vblank_simulate: vblank timer overrun
[  947.969200][   T30] audit: type=1326 audit(1758362344.029:11086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  947.992850][   T30] audit: type=1326 audit(1758362344.029:11087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  948.016971][   T30] audit: type=1326 audit(1758362344.029:11088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=40000003 syscall=55 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  948.040414][   T30] audit: type=1326 audit(1758362344.029:11089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  948.063542][   T30] audit: type=1326 audit(1758362344.029:11090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  948.104466][T11182] usb 3-1: Using ep0 maxpacket: 16
[  948.108339][   T30] audit: type=1326 audit(1758362344.029:11091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  948.167696][   T30] audit: type=1326 audit(1758362344.029:11092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ce539 code=0x7ffc0000
[  948.190364][T11182] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  948.236723][T11182] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  948.365055][T11182] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  948.377038][T11182] usb 3-1: Product: syz
[  948.387229][T11182] usb 3-1: Manufacturer: syz
[  948.540060][T11182] usb 3-1: SerialNumber: syz
[  948.597850][T11182] usb 3-1: config 0 descriptor??
[  948.614003][T11182] hub 3-1:0.0: bad descriptor, ignoring hub
[  948.642427][T11182] hub 3-1:0.0: probe with driver hub failed with error -5
[  948.743664][T11182] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input83
[  948.843953][T11188] usb 2-1: USB disconnect, device number 40
[  949.016208][ T5938] usb 3-1: USB disconnect, device number 51
[  949.054178][T15346] input: syz1 as /devices/virtual/input/input84
[  949.184771][T11182] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  949.347013][T11182] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  949.357172][T11182] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  949.369734][T11182] usb 5-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  949.379105][T11182] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  949.387211][T11182] usb 5-1: Product: syz
[  949.391616][T11182] usb 5-1: Manufacturer: syz
[  949.396311][T11182] usb 5-1: SerialNumber: syz
[  949.403810][T11182] usb 5-1: config 0 descriptor??
[  949.412849][T11182] iguanair 5-1:0.0: probe with driver iguanair failed with error -12
[  949.640763][T15345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2483'.
[  949.702164][T15351] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  949.709882][T15351] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  949.710889][T11182] usb 5-1: USB disconnect, device number 26
[  950.760880][T15366] usb usb8: usbfs: process 15366 (syz.4.2488) did not claim interface 0 before use
[  951.053355][T15370] netlink: 'syz.3.2492': attribute type 8 has an invalid length.
[  951.064558][T11182] usb 2-1: new full-speed USB device number 41 using dummy_hcd
[  951.228160][T11182] usb 2-1: config 135 has an invalid interface number: 230 but max is 0
[  951.248429][T11182] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  951.271239][T11182] usb 2-1: config 135 has no interface number 0
[  951.287027][T11182] usb 2-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  951.313969][T11182] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  951.323635][T11182] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  951.333635][T11182] usb 2-1: Product: syz
[  951.338047][T11182] usb 2-1: Manufacturer: syz
[  951.343871][T11182] usb 2-1: SerialNumber: syz
[  951.370141][T11182] usb 2-1: Found UVC 0.00 device syz (18ec:3288)
[  951.378615][T11182] usb 2-1: No valid video chain found.
[  951.504502][T11188] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  951.822555][T11182] usb 2-1: USB disconnect, device number 41
[  951.944457][T11188] usb 3-1: device descriptor read/64, error -71
[  952.184497][T11188] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  952.394622][T11188] usb 3-1: device descriptor read/64, error -71
[  952.516458][T11188] usb usb3-port1: attempt power cycle
[  952.563234][T15384] FAULT_INJECTION: forcing a failure.
[  952.563234][T15384] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  952.581400][T15384] CPU: 0 UID: 0 PID: 15384 Comm: syz.1.2496 Not tainted syzkaller #0 PREEMPT(full) 
[  952.581428][T15384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  952.581441][T15384] Call Trace:
[  952.581450][T15384]  <TASK>
[  952.581461][T15384]  dump_stack_lvl+0x189/0x250
[  952.581492][T15384]  ? __pfx____ratelimit+0x10/0x10
[  952.581515][T15384]  ? __pfx_dump_stack_lvl+0x10/0x10
[  952.581540][T15384]  ? __pfx__printk+0x10/0x10
[  952.581582][T15384]  should_fail_ex+0x414/0x560
[  952.581620][T15384]  _copy_to_user+0x31/0xb0
[  952.581681][T15384]  simple_read_from_buffer+0xe1/0x170
[  952.581718][T15384]  proc_fail_nth_read+0x1b3/0x220
[  952.581746][T15384]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  952.581775][T15384]  ? rw_verify_area+0x2a6/0x4d0
[  952.581801][T15384]  ? __lock_acquire+0xab9/0xd20
[  952.581829][T15384]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  952.581855][T15384]  vfs_read+0x200/0xa30
[  952.581882][T15384]  ? fdget_pos+0x247/0x320
[  952.581906][T15384]  ? __pfx___mutex_lock+0x10/0x10
[  952.581931][T15384]  ? __pfx_vfs_read+0x10/0x10
[  952.581960][T15384]  ? __fget_files+0x2a/0x420
[  952.581984][T15384]  ? __fget_files+0x3a0/0x420
[  952.582001][T15384]  ? __fget_files+0x2a/0x420
[  952.582030][T15384]  ksys_read+0x145/0x250
[  952.582061][T15384]  ? __pfx_ksys_read+0x10/0x10
[  952.582115][T15384]  ? lockdep_hardirqs_on+0x9c/0x150
[  952.582141][T15384]  __do_fast_syscall_32+0xb6/0x2b0
[  952.582166][T15384]  ? lockdep_hardirqs_on+0x9c/0x150
[  952.582193][T15384]  do_fast_syscall_32+0x34/0x80
[  952.582218][T15384]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  952.582244][T15384] RIP: 0023:0xf7fa2539
[  952.582263][T15384] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  952.582282][T15384] RSP: 002b:00000000f54a6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  952.582304][T15384] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54a6620
[  952.582319][T15384] RDX: 000000000000000f RSI: 00000000f7434ff4 RDI: 0000000000000000
[  952.582332][T15384] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  952.582345][T15384] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  952.582357][T15384] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  952.582388][T15384]  </TASK>
[  952.813860][    C0] vkms_vblank_simulate: vblank timer overrun
[  953.104484][T11188] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  953.125175][T11188] usb 3-1: device descriptor read/8, error -71
[  953.474555][T11188] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  953.539612][T11188] usb 3-1: device descriptor read/8, error -71
[  953.746534][T11188] usb usb3-port1: unable to enumerate USB device
[  954.963018][T15416] FAULT_INJECTION: forcing a failure.
[  954.963018][T15416] name failslab, interval 1, probability 0, space 0, times 0
[  954.997846][T15416] CPU: 1 UID: 0 PID: 15416 Comm: syz.0.2503 Not tainted syzkaller #0 PREEMPT(full) 
[  954.997878][T15416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  954.997892][T15416] Call Trace:
[  954.997901][T15416]  <TASK>
[  954.997911][T15416]  dump_stack_lvl+0x189/0x250
[  954.997943][T15416]  ? __pfx____ratelimit+0x10/0x10
[  954.997965][T15416]  ? __pfx_dump_stack_lvl+0x10/0x10
[  954.997991][T15416]  ? __pfx__printk+0x10/0x10
[  954.998027][T15416]  ? __pfx___might_resched+0x10/0x10
[  954.998046][T15416]  ? fs_reclaim_acquire+0x7d/0x100
[  954.998071][T15416]  should_fail_ex+0x414/0x560
[  954.998108][T15416]  should_failslab+0xa8/0x100
[  954.998142][T15416]  __kmalloc_noprof+0xcb/0x4f0
[  954.998168][T15416]  ? tomoyo_domain_quota_is_ok+0x42b/0x570
[  954.998196][T15416]  ? tomoyo_supervisor+0xbd5/0x1480
[  954.998224][T15416]  tomoyo_supervisor+0xbd5/0x1480
[  954.998261][T15416]  ? __pfx_tomoyo_supervisor+0x10/0x10
[  954.998296][T15416]  ? snprintf+0xda/0x120
[  954.998331][T15416]  ? __pfx_snprintf+0x10/0x10
[  954.998366][T15416]  ? tomoyo_check_acl+0x386/0x400
[  954.998403][T15416]  tomoyo_check_inet_address+0x5ad/0x8c0
[  954.998430][T15416]  ? tomoyo_check_inet_address+0x275/0x8c0
[  954.998457][T15416]  ? __pfx_tomoyo_check_inet_address+0x10/0x10
[  954.998532][T15416]  tomoyo_socket_bind_permission+0x1e7/0x290
[  954.998569][T15416]  security_socket_bind+0xc8/0x2b0
[  954.998596][T15416]  __sys_bind+0x24a/0x3e0
[  954.998620][T15416]  ? __pfx___sys_bind+0x10/0x10
[  954.998665][T15416]  __ia32_sys_bind+0x7a/0x90
[  954.998688][T15416]  __do_fast_syscall_32+0xb6/0x2b0
[  954.998712][T15416]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.998737][T15416]  do_fast_syscall_32+0x34/0x80
[  954.998761][T15416]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  954.998786][T15416] RIP: 0023:0xf70ce539
[  954.998804][T15416] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  954.998822][T15416] RSP: 002b:00000000f54be55c EFLAGS: 00000206 ORIG_RAX: 0000000000000169
[  954.998843][T15416] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  954.998857][T15416] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  954.998869][T15416] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  954.998880][T15416] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  954.998893][T15416] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  954.998923][T15416]  </TASK>
[  955.055053][T11188] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  955.254606][ T5938] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  955.424515][ T5938] usb 3-1: Using ep0 maxpacket: 8
[  955.442285][ T5938] usb 3-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  955.464843][ T5938] usb 3-1: config 1 interface 0 has no altsetting 0
[  955.483244][ T5938] usb 3-1: string descriptor 0 read error: -22
[  955.489858][ T5938] usb 3-1: New USB device found, idVendor=093a, idProduct=8002, bcdDevice= 0.40
[  955.499600][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  955.524649][T11188] usb 2-1: device descriptor read/64, error -71
[  955.774744][T11188] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  955.836312][T15423] usb usb8: usbfs: process 15423 (syz.4.2504) did not claim interface 0 before use
[  955.945715][T11188] usb 2-1: device descriptor read/64, error -71
[  956.055693][T11188] usb usb2-port1: attempt power cycle
[  956.404560][T11188] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  956.425321][T11188] usb 2-1: device descriptor read/8, error -71
[  956.674506][T11188] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  956.705471][T11188] usb 2-1: device descriptor read/8, error -71
[  956.815241][T11188] usb usb2-port1: unable to enumerate USB device
[  957.156479][T15436] netlink: 'syz.3.2509': attribute type 8 has an invalid length.
[  957.164601][T11188] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  957.314557][T11188] usb 5-1: Using ep0 maxpacket: 8
[  957.323912][T11188] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  957.333390][T11188] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  957.343497][T11188] usb 5-1: Product: syz
[  957.348014][T11188] usb 5-1: Manufacturer: syz
[  957.352713][T11188] usb 5-1: SerialNumber: syz
[  957.360437][T11188] usb 5-1: config 0 descriptor??
[  957.572621][T11188] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  957.623061][ T5938] usbhid 3-1:1.0: can't add hid device: -71
[  957.638261][ T5938] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[  957.669644][ T5938] usb 3-1: USB disconnect, device number 56
[  957.690568][    C1] blk_print_req_error: 8 callbacks suppressed
[  957.690587][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  957.706053][    C1] buffer_io_error: 8 callbacks suppressed
[  957.706075][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  957.722508][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  957.731778][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  957.742341][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  957.751675][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  957.759957][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  957.769296][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  957.777429][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  957.786661][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  957.797951][T15434] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  957.803582][ T5235] ldm_validate_partition_table(): Disk read failed.
[  957.808069][T15434] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  957.825834][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  957.835103][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  957.844757][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  957.854155][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  957.864254][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  957.873740][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  957.882635][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  957.892060][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  957.901292][ T5235] Dev loop7: unable to read RDB block 0
[  957.918790][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  957.923394][T15442] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2511'.
[  957.928653][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  957.936941][ T5235]  loop7: unable to read partition table
[  957.953221][ T5235] loop7: partition table beyond EOD, truncated
[  958.045019][ T5938] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  958.174673][ T5938] usb 3-1: device descriptor read/64, error -71
[  958.414589][ T5938] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  958.544582][ T5938] usb 3-1: device descriptor read/64, error -71
[  958.655617][ T5938] usb usb3-port1: attempt power cycle
[  958.994626][ T5938] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  959.016878][ T5938] usb 3-1: device descriptor read/8, error -71
[  959.254595][ T5938] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  959.275759][ T5938] usb 3-1: device descriptor read/8, error -71
[  959.387639][ T5938] usb usb3-port1: unable to enumerate USB device
[  959.389464][T11188] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  959.409213][T11188] usb 5-1: USB disconnect, device number 27
[  961.313221][T15475] usb usb8: usbfs: process 15475 (syz.2.2517) did not claim interface 0 before use
[  962.256562][   T30] kauditd_printk_skb: 445 callbacks suppressed
[  962.256578][   T30] audit: type=1326 audit(1758362358.499:11538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15483 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78539 code=0x7ffc0000
[  962.285283][    C0] vkms_vblank_simulate: vblank timer overrun
[  962.331385][   T30] audit: type=1326 audit(1758362358.499:11539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15483 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78539 code=0x7ffc0000
[  962.353904][    C0] vkms_vblank_simulate: vblank timer overrun
[  962.370912][   T30] audit: type=1326 audit(1758362358.499:11540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15483 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7f78539 code=0x7ffc0000
[  962.441452][   T30] audit: type=1326 audit(1758362358.499:11541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15483 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78539 code=0x7ffc0000
[  962.742028][   T30] audit: type=1326 audit(1758362358.499:11542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15483 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78539 code=0x7ffc0000
[  962.765016][   T30] audit: type=1326 audit(1758362358.499:11543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15483 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=40000003 syscall=55 compat=1 ip=0xf7f78539 code=0x7ffc0000
[  962.787307][    C0] vkms_vblank_simulate: vblank timer overrun
[  962.794936][   T30] audit: type=1326 audit(1758362358.499:11544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15483 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78539 code=0x7ffc0000
[  962.817935][    C0] vkms_vblank_simulate: vblank timer overrun
[  962.840272][   T30] audit: type=1326 audit(1758362358.499:11545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15483 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78539 code=0x7ffc0000
[  962.914498][   T30] audit: type=1326 audit(1758362358.499:11546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15483 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf7f78539 code=0x7ffc0000
[  962.936808][    C0] vkms_vblank_simulate: vblank timer overrun
[  963.004506][   T30] audit: type=1326 audit(1758362358.529:11547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15483 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf7f78539 code=0x7ffc0000
[  963.173793][T15499] netlink: 'syz.3.2525': attribute type 8 has an invalid length.
[  963.244311][T15496] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2524'.
[  963.324842][ T5938] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  963.524695][ T5938] usb 2-1: Using ep0 maxpacket: 8
[  963.535948][ T5938] usb 2-1: config 0 has an invalid interface number: 234 but max is 2
[  963.544925][ T5938] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[  963.557787][ T5938] usb 2-1: config 0 has no interface number 1
[  963.577237][ T5938] usb 2-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=47.83
[  963.587054][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  963.596149][ T5938] usb 2-1: Product: syz
[  963.604704][ T5938] usb 2-1: Manufacturer: syz
[  963.610780][ T5938] usb 2-1: SerialNumber: syz
[  963.623295][ T5938] usb 2-1: config 0 descriptor??
[  963.635254][ T5938] usb 2-1: unknown number of interfaces: 2
[  963.780179][T15500] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  963.787124][T15500] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  963.799324][T15500] vhci_hcd vhci_hcd.0: Device attached
[  963.839470][T15494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  963.848946][T15494] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  964.008417][T15506] vhci_hcd: connection closed
[  964.011634][   T67] vhci_hcd: stop threads
[  964.022804][   T67] vhci_hcd: release socket
[  964.028898][   T67] vhci_hcd: disconnect device
[  964.036306][ T5938] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  964.044021][ T5938] usb 41-1: enqueue for inactive port 0
[  964.114581][ T5938] vhci_hcd: vhci_device speed not set
[  964.164542][T11185] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  964.294631][T11185] usb 3-1: device descriptor read/64, error -71
[  964.369365][ T5965] usb 2-1: USB disconnect, device number 46
[  964.545030][T11185] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  964.704588][T11185] usb 3-1: device descriptor read/64, error -71
[  964.815028][T11185] usb usb3-port1: attempt power cycle
[  964.925084][    C0] blk_print_req_error: 8 callbacks suppressed
[  964.925107][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  964.940598][    C0] buffer_io_error: 8 callbacks suppressed
[  964.940616][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  964.957868][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  964.967339][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  964.980118][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  964.989565][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  965.000643][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  965.009997][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  965.021854][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  965.031127][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  965.044074][T11182] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  965.156823][T11185] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  965.198511][T11185] usb 3-1: device descriptor read/8, error -71
[  965.214658][T11182] usb 5-1: Using ep0 maxpacket: 16
[  965.232080][T11182] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  965.274798][T11182] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  965.290782][T11182] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  965.310674][T11182] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  965.320704][T11182] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.332443][T11182] usb 5-1: config 0 descriptor??
[  965.444612][T11185] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  965.475220][T11185] usb 3-1: device descriptor read/8, error -71
[  965.476474][T15523] FAULT_INJECTION: forcing a failure.
[  965.476474][T15523] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  965.523176][T15523] CPU: 1 UID: 0 PID: 15523 Comm: syz.1.2532 Not tainted syzkaller #0 PREEMPT(full) 
[  965.523209][T15523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  965.523223][T15523] Call Trace:
[  965.523232][T15523]  <TASK>
[  965.523242][T15523]  dump_stack_lvl+0x189/0x250
[  965.523275][T15523]  ? __pfx____ratelimit+0x10/0x10
[  965.523298][T15523]  ? __pfx_dump_stack_lvl+0x10/0x10
[  965.523324][T15523]  ? __pfx__printk+0x10/0x10
[  965.523355][T15523]  ? __might_fault+0xb0/0x130
[  965.523397][T15523]  should_fail_ex+0x414/0x560
[  965.523450][T15523]  _copy_from_iter+0x1de/0x1790
[  965.523484][T15523]  ? rcu_is_watching+0x15/0xb0
[  965.523508][T15523]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  965.523540][T15523]  ? __pfx__copy_from_iter+0x10/0x10
[  965.523567][T15523]  ? __build_skb_around+0x257/0x3e0
[  965.523596][T15523]  ? netlink_sendmsg+0x642/0xb30
[  965.523619][T15523]  ? skb_put+0x11b/0x210
[  965.523647][T15523]  netlink_sendmsg+0x6b2/0xb30
[  965.523681][T15523]  ? __pfx_netlink_sendmsg+0x10/0x10
[  965.523709][T15523]  ? __import_iovec+0x5d4/0x7f0
[  965.523734][T15523]  ? aa_sock_msg_perm+0xf1/0x1d0
[  965.523758][T15523]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  965.523782][T15523]  ? __pfx_netlink_sendmsg+0x10/0x10
[  965.523807][T15523]  __sock_sendmsg+0x21c/0x270
[  965.523843][T15523]  ____sys_sendmsg+0x505/0x830
[  965.523877][T15523]  ? __pfx_____sys_sendmsg+0x10/0x10
[  965.523922][T15523]  ___sys_sendmsg+0x21f/0x2a0
[  965.523953][T15523]  ? __pfx____sys_sendmsg+0x10/0x10
[  965.524020][T15523]  ? __fget_files+0x2a/0x420
[  965.524038][T15523]  ? __fget_files+0x3a0/0x420
[  965.524103][T15523]  __sys_sendmsg+0x164/0x220
[  965.524134][T15523]  ? __pfx___sys_sendmsg+0x10/0x10
[  965.524179][T15523]  ? lockdep_hardirqs_on+0x9c/0x150
[  965.524205][T15523]  __do_fast_syscall_32+0xb6/0x2b0
[  965.524231][T15523]  ? lockdep_hardirqs_on+0x9c/0x150
[  965.524257][T15523]  do_fast_syscall_32+0x34/0x80
[  965.524281][T15523]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  965.524307][T15523] RIP: 0023:0xf7fa2539
[  965.524326][T15523] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  965.524345][T15523] RSP: 002b:00000000f54a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  965.524371][T15523] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000280
[  965.524385][T15523] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  965.524398][T15523] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  965.524409][T15523] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  965.524421][T15523] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  965.524459][T15523]  </TASK>
[  965.805809][T11185] usb usb3-port1: unable to enumerate USB device
[  965.830224][T15525] usb usb8: usbfs: process 15525 (syz.0.2531) did not claim interface 0 before use
[  966.362694][T15534] syz.4.2530 (15534): drop_caches: 2
[  966.386773][T11182] microsoft 0003:045E:07DA.0049: ignoring exceeding usage max
[  966.435653][T11182] microsoft 0003:045E:07DA.0049: item 0 4 0 11 parsing failed
[  966.463551][T11182] microsoft 0003:045E:07DA.0049: parse failed
[  966.485746][T11182] microsoft 0003:045E:07DA.0049: probe with driver microsoft failed with error -22
[  967.309914][   T30] kauditd_printk_skb: 249 callbacks suppressed
[  967.309932][   T30] audit: type=1326 audit(1758362363.489:11797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15536 comm="syz.3.2534" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  967.424096][   T30] audit: type=1326 audit(1758362363.539:11798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15536 comm="syz.3.2534" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  967.616234][   T30] audit: type=1326 audit(1758362363.539:11799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15536 comm="syz.3.2534" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  967.651498][   T30] audit: type=1326 audit(1758362363.549:11800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15536 comm="syz.3.2534" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  967.710915][   T30] audit: type=1326 audit(1758362363.579:11801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15536 comm="syz.3.2534" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  967.739476][   T30] audit: type=1326 audit(1758362363.589:11802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15536 comm="syz.3.2534" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  967.770596][   T30] audit: type=1326 audit(1758362363.599:11803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15536 comm="syz.3.2534" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  967.798261][   T30] audit: type=1326 audit(1758362363.599:11804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15536 comm="syz.3.2534" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  967.859651][   T30] audit: type=1326 audit(1758362363.599:11805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15536 comm="syz.3.2534" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  967.959391][   T30] audit: type=1326 audit(1758362363.599:11806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15536 comm="syz.3.2534" exe="/root/syz-executor" sig=0 arch=40000003 syscall=0 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  968.624530][T11185] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  968.904340][T11182] usb 5-1: USB disconnect, device number 28
[  969.113294][T11185] usb 3-1: Using ep0 maxpacket: 8
[  969.154213][   T31] INFO: task kworker/0:10:11189 blocked for more than 143 seconds.
[  969.164253][T11185] usb 3-1: config 0 has an invalid interface number: 234 but max is 2
[  969.181185][T11185] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[  969.191160][   T31]       Not tainted syzkaller #0
[  969.196279][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  969.205258][T11185] usb 3-1: config 0 has no interface number 1
[  969.212892][   T31] task:kworker/0:10    state:D stack:20360 pid:11189 tgid:11189 ppid:2      task_flags:0x4288060 flags:0x00004000
[  969.216163][T15569] usb usb1: usbfs: process 15569 (syz.0.2543) did not claim interface 0 before use
[  969.225947][   T31] Workqueue: usb_hub_wq hub_event
[  969.257514][   T31] Call Trace:
[  969.260467][T11185] usb 3-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=47.83
[  969.260839][   T31]  <TASK>
[  969.260859][   T31]  __schedule+0x1798/0x4cc0
[  969.275044][T11185] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  969.283425][   T31]  ? __lock_acquire+0xab9/0xd20
[  969.302300][   T31]  ? __pfx___schedule+0x10/0x10
[  969.307455][T11185] usb 3-1: Product: syz
[  969.307997][   T31]  ? schedule+0x91/0x360
[  969.319781][   T31]  schedule+0x165/0x360
[  969.324090][   T31]  schedule_timeout+0x9a/0x270
[  969.329901][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  969.339151][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  969.344925][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  969.350430][   T31]  ? wait_for_completion+0x267/0x5d0
[  969.360203][   T31]  wait_for_completion+0x2bf/0x5d0
[  969.365648][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  969.371540][   T31]  i2c_del_adapter+0x581/0x6e0
[  969.700642][T11185] usb 3-1: Manufacturer: syz
[  969.703269][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[  969.706160][T11185] usb 3-1: SerialNumber: syz
[  969.719250][   T31]  ? rcu_is_watching+0x15/0xb0
[  969.724225][   T31]  ? dvb_usb_adapter_exit+0xd7/0x240
[  969.731005][   T31]  dvb_usb_i2c_exit+0x64/0xb0
[  969.736855][T11185] usb 3-1: config 0 descriptor??
[  969.742748][   T31]  dvb_usb_device_exit+0x1be/0x350
[  969.746834][T11185] usb 3-1: unknown number of interfaces: 2
[  969.758340][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  969.766744][   T31]  ? __pfx_dvb_usb_device_exit+0x10/0x10
[  969.772712][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  969.781173][   T31]  ? usb_disable_interface+0x31d/0x350
[  969.787005][   T31]  usb_unbind_interface+0x26b/0x910
[  969.792285][   T31]  ? __pfx_usb_unbind_interface+0x10/0x10
[  969.833007][   T31]  device_release_driver_internal+0x4d6/0x800
[  969.839524][   T31]  bus_remove_device+0x34d/0x410
[  969.848337][   T31]  device_del+0x511/0x8e0
[  969.853143][   T31]  ? __pm_runtime_barrier+0x212/0x460
[  969.858942][   T31]  ? __pfx_device_del+0x10/0x10
[  969.864198][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  969.873515][   T31]  usb_disable_device+0x3e9/0x8a0
[  969.878819][   T31]  usb_disconnect+0x330/0x950
[  969.883798][   T31]  hub_event+0x1cf5/0x4a20
[  969.892733][   T31]  ? do_raw_spin_lock+0x121/0x290
[  969.898268][   T31]  ? register_lock_class+0x51/0x320
[  969.904249][   T31]  ? __pfx_hub_event+0x10/0x10
[  969.904508][T11182] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  969.922204][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  969.928510][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  969.934062][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  969.940742][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  969.958802][T15557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  969.967420][   T31]  process_scheduled_works+0xae1/0x17b0
[  969.975385][T15557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  970.134877][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  970.141166][   T31]  worker_thread+0x8a0/0xda0
[  970.146693][   T31]  kthread+0x70e/0x8a0
[  970.151316][   T31]  ? __pfx_worker_thread+0x10/0x10
[  970.157425][   T31]  ? __pfx_kthread+0x10/0x10
[  970.162251][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  970.170853][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  970.177644][   T31]  ? __pfx_kthread+0x10/0x10
[  970.187425][   T31]  ret_from_fork+0x439/0x7d0
[  970.192227][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  970.198321][   T31]  ? __switch_to_asm+0x39/0x70
[  970.204290][   T31]  ? __switch_to_asm+0x33/0x70
[  970.204713][T11182] usb 2-1: Using ep0 maxpacket: 8
[  970.213771][T11182] usb 2-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  970.217308][   T31]  ? __pfx_kthread+0x10/0x10
[  970.228897][T11182] usb 2-1: config 1 interface 0 has no altsetting 0
[  970.239457][   T31]  ret_from_fork_asm+0x1a/0x30
[  970.247828][   T31]  </TASK>
[  970.251140][   T31] 
[  970.251140][   T31] Showing all locks held in the system:
[  970.273254][   T31] 1 lock held by khungtaskd/31:
[  970.279213][   T31]  #0: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  970.281426][T11182] usb 2-1: string descriptor 0 read error: -22
[  970.290135][   T31] 2 locks held by getty/5624:
[  970.301650][   T31]  #0: ffff88802fe340a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  970.301803][T11182] usb 2-1: New USB device found, idVendor=093a, idProduct=8002, bcdDevice= 0.40
[  970.312404][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  970.334556][   T31] 4 locks held by udevd/6038:
[  970.340245][   T31]  #0: ffff88804c61c418 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10
[  970.351067][   T31]  #1: ffff88805a220888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420
[  970.364595][   T31]  #2: ffff888078fb1698 (kn->active#28){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x420
[  970.380221][T11182] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  970.380242][   T31]  #3: ffff88807e275198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[  970.420128][   T31] 3 locks held by kworker/0:5/11182:
[  970.431198][   T31]  #0: ffff88802128c148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  970.449501][   T31]  #1: ffffc90003ecfbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  970.467073][   T31]  #2: ffff888027cef198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  970.496917][   T31] 5 locks held by kworker/0:10/11189:
[  970.512831][   T31]  #0: ffff88802128c148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  970.533717][   T31]  #1: ffffc9000403fbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  970.559580][   T31]  #2: ffff888027e09198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  970.583114][   T31]  #3: ffff88807e275198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950
[  970.600946][   T31]  #4: ffff88807e274160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x800
[  970.619618][   T31] 1 lock held by syz.3.2540/15554:
[  970.626690][   T31]  #0: ffffffff8e13fa40 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  970.639050][   T31] 4 locks held by syz.1.2541/15562:
[  970.645147][   T31] 1 lock held by syz.4.2542/15570:
[  970.652529][T11185] usb 3-1: USB disconnect, device number 65
[  970.688867][   T31] 
[  970.718164][   T31] =============================================
[  970.718164][   T31] 
[  970.736321][   T31] NMI backtrace for cpu 1
[  970.736340][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  970.736371][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  970.736385][   T31] Call Trace:
[  970.736394][   T31]  <TASK>
[  970.736403][   T31]  dump_stack_lvl+0x189/0x250
[  970.736451][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  970.736477][   T31]  ? __pfx__printk+0x10/0x10
[  970.736526][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  970.736561][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  970.736594][   T31]  ? __pfx__printk+0x10/0x10
[  970.736628][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  970.736671][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  970.736705][   T31]  watchdog+0xf93/0xfe0
[  970.736739][   T31]  ? watchdog+0x1de/0xfe0
[  970.736773][   T31]  kthread+0x70e/0x8a0
[  970.736804][   T31]  ? __pfx_watchdog+0x10/0x10
[  970.736832][   T31]  ? __pfx_kthread+0x10/0x10
[  970.736860][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  970.736899][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  970.736918][   T31]  ? __pfx_kthread+0x10/0x10
[  970.736972][   T31]  ret_from_fork+0x439/0x7d0
[  970.737003][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  970.737031][   T31]  ? __switch_to_asm+0x39/0x70
[  970.737065][   T31]  ? __switch_to_asm+0x33/0x70
[  970.737091][   T31]  ? __pfx_kthread+0x10/0x10
[  970.737118][   T31]  ret_from_fork_asm+0x1a/0x30
[  970.737162][   T31]  </TASK>
[  970.737171][   T31] Sending NMI from CPU 1 to CPUs 0:
[  970.888552][    C0] NMI backtrace for cpu 0
[  970.888577][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  970.888598][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  970.888610][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  970.888634][    C0] Code: 53 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d b3 d9 0d 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  970.888651][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2
[  970.888667][    C0] RAX: c35a78b01c84ad00 RBX: ffffffff819683f8 RCX: c35a78b01c84ad00
[  970.888682][    C0] RDX: 0000000000000001 RSI: ffffffff8d9ba2fc RDI: ffffffff8be33f80
[  970.888695][    C0] RBP: ffffffff8de07eb8 R08: ffff8880b8632f9b R09: 1ffff110170c65f3
[  970.888710][    C0] R10: dffffc0000000000 R11: ffffed10170c65f4 R12: ffffffff8fa3a730
[  970.888723][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a20
[  970.888736][    C0] FS:  0000000000000000(0000) GS:ffff888125c13000(0000) knlGS:0000000000000000
[  970.888751][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  970.888763][    C0] CR2: 0000559fe8b11398 CR3: 000000007696e000 CR4: 00000000003526f0
[  970.888780][    C0] Call Trace:
[  970.888787][    C0]  <TASK>
[  970.888794][    C0]  default_idle+0x13/0x20
[  970.888815][    C0]  default_idle_call+0x74/0xb0
[  970.888837][    C0]  do_idle+0x1e8/0x510
[  970.888857][    C0]  ? __pfx_do_idle+0x10/0x10
[  970.888883][    C0]  cpu_startup_entry+0x44/0x60
[  970.888900][    C0]  rest_init+0x2de/0x300
[  970.888924][    C0]  start_kernel+0x3a9/0x410
[  970.888945][    C0]  x86_64_start_reservations+0x24/0x30
[  970.888980][    C0]  x86_64_start_kernel+0x143/0x1c0
[  970.889003][    C0]  common_startup_64+0x13e/0x147
[  970.889036][    C0]  </TASK>
[  971.158546][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  971.165477][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  971.174623][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  971.184733][   T31] Call Trace:
[  971.188035][   T31]  <TASK>
[  971.191051][   T31]  dump_stack_lvl+0x99/0x250
[  971.195718][   T31]  ? __asan_memcpy+0x40/0x70
[  971.200343][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  971.205679][   T31]  ? __pfx__printk+0x10/0x10
[  971.210317][   T31]  vpanic+0x281/0x750
[  971.214724][   T31]  ? __pfx_vpanic+0x10/0x10
[  971.219292][   T31]  ? preempt_schedule+0xae/0xc0
[  971.224174][   T31]  ? preempt_schedule_common+0x83/0xd0
[  971.229741][   T31]  panic+0xb9/0xc0
[  971.233492][   T31]  ? __pfx_panic+0x10/0x10
[  971.237951][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  971.243363][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  971.249650][   T31]  watchdog+0xfd2/0xfe0
[  971.253928][   T31]  ? watchdog+0x1de/0xfe0
[  971.258287][   T31]  kthread+0x70e/0x8a0
[  971.262394][   T31]  ? __pfx_watchdog+0x10/0x10
[  971.267113][   T31]  ? __pfx_kthread+0x10/0x10
[  971.271732][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  971.277053][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  971.282434][   T31]  ? __pfx_kthread+0x10/0x10
[  971.287218][   T31]  ret_from_fork+0x439/0x7d0
[  971.291837][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  971.297061][   T31]  ? __switch_to_asm+0x39/0x70
[  971.301852][   T31]  ? __switch_to_asm+0x33/0x70
[  971.306637][   T31]  ? __pfx_kthread+0x10/0x10
[  971.311389][   T31]  ret_from_fork_asm+0x1a/0x30
[  971.316315][   T31]  </TASK>
[  971.327216][   T31] Kernel Offset: disabled
[  971.331596][   T31] Rebooting in 86400 seconds..