last executing test programs:

7m35.663998199s ago: executing program 4 (id=63):
r0 = socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x5}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, 0x0, &(0x7f00000000c0)='#(,:', 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@assoc={0x18, 0x117, 0x4, 0x8}], 0x18}, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r3, 0xc008551c, &(0x7f0000000000)={0x1, 0x4, [0x10000]})
r5 = io_uring_setup(0x20, &(0x7f00000000c0)={0x0, 0x0, 0x3000, 0x80000000, 0xfefffffd})
io_uring_register$IORING_REGISTER_RESIZE_RINGS(r5, 0x21, &(0x7f0000000340)={0x0, 0xebb9, 0x8, 0x3, 0xd5}, 0x1)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000100)='wg0\x00', 0x4)
bind$xdp(r0, &(0x7f00000001c0)={0x2c, 0x4}, 0x10)

7m33.145420138s ago: executing program 4 (id=73):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7)
r3 = socket$inet6(0x2d, 0x2, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
unshare(0x28020480)
r5 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/time_for_children\x00')
ioctl$NS_GET_USERNS(r5, 0xb701, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r6, 0x4020aed2, &(0x7f0000000000)={0x8000000, 0x101000, 0x8})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r6, 0x4020aed2, &(0x7f0000000140)={0x0, 0x10000})
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000040)={'team0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4400000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="00f48500000000001c0012800b00010062726964676500000c00028008245ac0dd3c47f9ff4562dbd500000000000000000000000000000000cbd2a65d7e5c33009355328722f7dc72cd1ae776259cad18294a43b475b257597e1333408504f9dc345fdb1e33a3939655df36f3884107488caf9261c7402ee700a363089c71b14f9bbf4c4092a39d4a5f318161b7c02d457a64a5ac9253e9c3fd959625aae21f6610d0d7d3faf21f2c4e0ad689a2140c14b541dd7ba5f7f13c6601d3e984ef4af92d195f551d438bd76130bf3915f6df53d3c79369aa38c16e5d6f7001871891395d4bce5c3d5895be4bbb", @ANYRES32=r8, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x8044)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0xfd9, @local, 0xb4d0}, 0x1c)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
r10 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r11=>0x0}, &(0x7f0000000000)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r9, 0x84, 0xa, &(0x7f0000000100)={0x9, 0x9, 0x6, 0x7, 0x9, 0x0, 0x7, 0x8, r11}, &(0x7f0000000140)=0x20)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000480)={&(0x7f0000000240)={0x48, 0x1404, 0x800, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x810}, 0x4008004)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f00000003c0)={r11, @in6={{0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, '\x00', 0x28}, 0x9}}}, 0x84)
io_setup(0x4082, &(0x7f0000000380)=<r12=>0x0)
syz_io_uring_setup(0x1002945, &(0x7f0000001400)={0x0, 0x0, 0x10}, &(0x7f0000001480), &(0x7f00000014c0))
io_destroy(r12)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x7}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
r13 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r1)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f0000000700)=ANY=[@ANYBLOB="98000000", @ANYRES16=r13, @ANYBLOB="010026bd7000fedbdf250e00000004c2434eb7ea14ffd71244000980080002000500000008000100030000000800010009000000080001000500000008000200fbffffff08000100facc0000080002008a0f000020000100090000000c00098008000200470200000c00038008000100020000001c0005800800010075647000080001006574680008000100756470000c000380080002000800000071cb163cf2a0b6c386dd978c4fd684a166e7f9323a69daf4b49816f788648e593a492de0bf632da5bd015bae267d3dfb2e3f9995179f6f88ecc5a05f5cefb585a8"], 0x98}, 0x1, 0x0, 0x0, 0x4}, 0x4004c11)

7m32.223918933s ago: executing program 4 (id=78):
syz_usb_connect(0x3, 0x36, &(0x7f0000000880)=ANY=[@ANYBLOB="5727edef38e33db5ba11011dfa00000000000000000000000000006cec0000000000"], &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ftruncate(r0, 0xc17a)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b4ffffff900000006a1082000000000004000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="30000000111401000000000000000000080001000100000008004a000000000008004b0028"], 0x30}}, 0x0)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$SO_COOKIE(r3, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000100)=0x8)
getsockopt$SO_COOKIE(r3, 0x1, 0x39, &(0x7f0000000140), &(0x7f0000000180)=0x8)
r4 = socket$inet6(0xa, 0x3, 0x81)
getsockopt$inet6_int(r4, 0x29, 0x33, 0x0, &(0x7f00000001c0))
syz_usb_control_io$cdc_ecm(r2, 0x0, &(0x7f0000000340)={0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="40260100ccfadbf1375e616dd2104e1d0002"], 0x0, 0x0})
syz_usb_ep_read(r2, 0x1, 0x83, &(0x7f0000000000)=""/131)

7m29.094911811s ago: executing program 4 (id=87):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='vegas\x00', 0x6)
sendmmsg$inet(r0, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000ac0)="89e4", 0x2}], 0x1}}], 0x1, 0x40)
sendto$inet(r0, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x1200)

7m28.878987444s ago: executing program 4 (id=90):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c00078008000640000000000500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e"], 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x0)

7m28.71806211s ago: executing program 4 (id=94):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x402)
read$usbfs(r0, 0x0, 0x0)

7m13.658908486s ago: executing program 32 (id=94):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x402)
read$usbfs(r0, 0x0, 0x0)

13.450866865s ago: executing program 2 (id=1872):
socket(0xa, 0x3, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYRESOCT=0x0, @ANYRES32=r2], 0x18}}, 0x404c001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f00000002c0)={0x0, 0xffff}, 0x8)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0x2})
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r8=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r7, 0x84, 0x85, &(0x7f0000000540)={r8, 0x95, "0200000000000000703fcd09bdf0b493d4323725cdcff2eae49f89843a5318d5ba093aa761132b5e2e8c4eb4eb76aa3f3069d1d5a64a2c75a2d59986feff48dc51b23de50b4c052630642b3348c700b558041310b18d364b87808f6ec3b597fae6ac116b5b25b716a73e48c8c8f8ec21e15e7a5d6743243dfde88d2786c355a2c222145b4ddeb21303cf70419494f87797bd3b0ca1"}, &(0x7f0000000500)=0x9d)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r9=>0x0})
r10 = socket(0x10, 0x5, 0x0)
connect$inet6(r10, &(0x7f0000000240)={0xa, 0x4e23, 0xa0002002, @private1, 0x7fff}, 0x1c)
sendmsg$nl_route(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=r9, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xf}, {0xfff3}}}, 0x24}}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

12.191017282s ago: executing program 0 (id=1881):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r0, 0x8)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000b6596440a5043530df0d00000001090212000100000000090400000030d1d300e88e31fb33c28334caebc2a31e83d862306512cf02256c8bdbf55c4cb9bc1d4ca4a8df61779e7ab6b9bdb3da123fe21dbd518b530a28d6b56932ab5610714f84988c9adeb2763d392598638414cdd4bd7cc4c5796d4cbba71d0f186f42987aff2b82e5224e8af5450672cf0fca44ef5b21ded9ab702c7820d649b7f03b141abd9d0528e539e66abca5da8ba590fa34efbc753fdcdf75d828a557663a89d7d3f1bc1528f4ea2785f8872af77ada0e6562381190640b6aaf9ce10dd94bfa607daabd50b16aef14fbccfdb36d1a71c3a671246ac546e5d021d90cd448e8ec27fc5587a2bbbd7ef73ada215df3e4ba4973192f928131b843f8c06de880a41eb0a9f2"], 0x0)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x24}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_open_dev$vim2m(&(0x7f0000000640), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0cc5605, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000000a20000000000a0103"], 0xb8}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
r7 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
write$apparmor_exec(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="737461636b203aae86ad47aa0d9495e6d80f7bde2d18ffb36cf152aed2d408fb58e305fc8e2f2f7d91f81b621cc4214d4a27e1614fbee0beac8f4a045070b770212d46d4a2df096b791f2a4ba218e12cb76aa24945b70a7c9dd5edeac52b5a876f73cfbe66371a72f11f3d9544d6b59b4a5541dcef5cbf11ffff37dfd147cca3e5098a207be806ea7167101f8c1b5c8fe41e170fd0c775dbc5be0b6d3ab625ab702e5b1dc15f9c4b3d09be812f340e681e0694f5badf640da3fdfc2f929b4c2beb9a592c577287b6021bfeec24146c7f95608bb60a736207a09d9f47e89c4044eadde57cdefd15f25b822d2eaf2205df0d6b71b63ee0b63cb598f26509af36983578f6f4198a0843cc1b1bd780015007ab9709cc6211e3b5c685b972b5c5e95f054a7a9fe149282f679c8466b9734e3850ec98419dd0c887715902f9e7802842085bc606f30c2654869e9e3701fd0fc69137fe165592689465eebd5cafad7c29de2adadec42a818d8ee389ca1fe33a1ef23617c89116a3a458b56612e4c36c43a9150d5331adbb0beb01a062b1f1349fc2ecea76cb7c40cdfe378185f3099b1d71414d0fda5a47f8593260cc0bd723a4cca81435f041321635f91bcb15aac48883a9617fb4e58c19b18cf3a7e1299a07f45325fcd05a7c30f47e77073dcc584f7e0516cb74c55a0a2a30dc9f3163868f7c233ad1fff87a2c3ad0fb71cc6433e9bd7c3209de0cba9552f5c7c04f24eccf206bdb745564539dd62d655a33d40a507660668c30f7720280c86c104e58d30d6cb65814e00b55ff9a33f3ed375dfb4b47d89a599f31a0d612827a8f6e2a73eb"], 0x564)
ioctl$SNDRV_TIMER_IOCTL_TREAD64(0xffffffffffffffff, 0x400454a4, &(0x7f0000000280))
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='net/netlink\x00')
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040)=0x3)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r8, 0x54a3)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000004c0)=ANY=[@ANYBLOB="120100009f09a00871041103d5860e81010203010902120001001b00000904000000eaf5"], 0x0)

11.097055002s ago: executing program 1 (id=1884):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, 0x0, 0x0)
open(&(0x7f0000000000)='./file1\x00', 0x109042, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c0000000206010900000000006000000000000005000500000000000900020073797a3000000000100003006269746d61703a706f72740014000780060005404e230000060004400000000005"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="2c000000090605000000000000000000060000000900020073797a30000000000400078005000100070000003ab38a0f7b272a001b8b4c1a8374f8bc8abee2d9fc248f14ff9d67dd252e9acae3f0b96b1b13f811d018475771642aa10470d1e7e644e389a7c671217dfe54981e1a773db2ee9bbde05dee0995e2646fe0bfc0829cfb534a24eabaf7364512fe192453d4eb292e4d3e8083c93bca55fa95e6928d0206a82161c848a7cdb49b"], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x804)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = dup(0xffffffffffffffff)
r4 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, 0x0)
ioctl$VIDIOC_G_AUDOUT(r4, 0x80345631, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
utimensat(r5, 0x0, 0x0, 0x0)
ioctl$VIDIOC_S_OUTPUT(r4, 0xc004562f, 0x0)
r6 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$inet6_int(r6, 0x29, 0x1a, 0x0, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0xff, 0x192, 0x1, 0x2, 0xd59f88, 0x4, 0x5, 0x9, 0x8, 0x4, 0x71e, 0x13, 0x1be, 0x7f, 0x3f, 0x37, {0x0, 0x1}, 0x3, 0xed}})
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x23c, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x128, 0x0, r3}, &(0x7f0000000500)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r9 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r9, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
ioctl$USBDEVFS_FORBID_SUSPEND(r9, 0x5521)

10.682462215s ago: executing program 1 (id=1886):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r0, 0x8)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000b6596440a5043530df0d00000001090212000100000000090400000030d1d300e88e31fb33c28334caebc2a31e83d862306512cf02256c8bdbf55c4cb9bc1d4ca4a8df61779e7ab6b9bdb3da123fe21dbd518b530a28d6b56932ab5610714f84988c9adeb2763d392598638414cdd4bd7cc4c5796d4cbba71d0f186f42987aff2b82e5224e8af5450672cf0fca44ef5b21ded9ab702c7820d649b7f03b141abd9d0528e539e66abca5da8ba590fa34efbc753fdcdf75d828a557663a89d7d3f1bc1528f4ea2785f8872af77ada0e6562381190640b6aaf9ce10dd94bfa607daabd50b16aef14fbccfdb36d1a71c3a671246ac546e5d021d90cd448e8ec27fc5587a2bbbd7ef73ada215df3e4ba4973192f928131b843f8c06de880a41eb0a9f2"], 0x0)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x24}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_open_dev$vim2m(&(0x7f0000000640), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0cc5605, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000000a20000000000a0103"], 0xb8}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
r7 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
write$apparmor_exec(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="737461636b203aae86ad47aa0d9495e6d80f7bde2d18ffb36cf152aed2d408fb58e305fc8e2f2f7d91f81b621cc4214d4a27e1614fbee0beac8f4a045070b770212d46d4a2df096b791f2a4ba218e12cb76aa24945b70a7c9dd5edeac52b5a876f73cfbe66371a72f11f3d9544d6b59b4a5541dcef5cbf11ffff37dfd147cca3e5098a207be806ea7167101f8c1b5c8fe41e170fd0c775dbc5be0b6d3ab625ab702e5b1dc15f9c4b3d09be812f340e681e0694f5badf640da3fdfc2f929b4c2beb9a592c577287b6021bfeec24146c7f95608bb60a736207a09d9f47e89c4044eadde57cdefd15f25b822d2eaf2205df0d6b71b63ee0b63cb598f26509af36983578f6f4198a0843cc1b1bd780015007ab9709cc6211e3b5c685b972b5c5e95f054a7a9fe149282f679c8466b9734e3850ec98419dd0c887715902f9e7802842085bc606f30c2654869e9e3701fd0fc69137fe165592689465eebd5cafad7c29de2adadec42a818d8ee389ca1fe33a1ef23617c89116a3a458b56612e4c36c43a9150d5331adbb0beb01a062b1f1349fc2ecea76cb7c40cdfe378185f3099b1d71414d0fda5a47f8593260cc0bd723a4cca81435f041321635f91bcb15aac48883a9617fb4e58c19b18cf3a7e1299a07f45325fcd05a7c30f47e77073dcc584f7e0516cb74c55a0a2a30dc9f3163868f7c233ad1fff87a2c3ad0fb71cc6433e9bd7c3209de0cba9552f5c7c04f24eccf206bdb745564539dd62d655a33d40a507660668c30f7720280c86c104e58d30d6cb65814e00b55ff9a33f3ed375dfb4b47d89a599f31a0d612827a8f6e2a73eb"], 0x564)
ioctl$SNDRV_TIMER_IOCTL_TREAD64(0xffffffffffffffff, 0x400454a4, &(0x7f0000000280))
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='net/netlink\x00')
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040)=0x3)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r8, 0x54a3)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000004c0)=ANY=[@ANYBLOB="120100009f09a00871041103d5860e81010203010902120001001b00000904000000eaf5"], 0x0)

10.309901939s ago: executing program 2 (id=1887):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setlease(r2, 0x400, 0x1)
r3 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x80})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6)

8.919348637s ago: executing program 0 (id=1891):
openat$sequencer(0xffffff9c, &(0x7f0000000080), 0xa402, 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x60a44, 0x0)
r1 = add_key$user(&(0x7f0000001ec0), &(0x7f0000001f00)={'syz', 0x0}, &(0x7f0000001f40)="c6", 0x1, 0xfffffffffffffffb)
keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000002f40)={r1}, &(0x7f0000002f80)={'enc=', 'oaep', ' hash=', {'hmac(sha1-ce)\x00'}}, 0x0, 0x0)
read$sequencer(r0, &(0x7f0000000200)=""/117, 0x75)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x8010, r3, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS2(r3, 0xf, &(0x7f0000002bc0)={0x4, 0x1, 0x0, &(0x7f0000002b40)=[{&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000019c0)=""/4096, 0x1000}, {&(0x7f00000029c0)=""/139, 0x8b}, {&(0x7f0000002a80)=""/166, 0xa6}], &(0x7f0000002b80)=[0x2]}, 0x20)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2800491, &(0x7f0000000180)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x4, 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0xffffffffffffffff, 0x0, 0x80000004000000, 0xc], 0x80a0000, 0x2010d3})
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r4)
close(r4)
openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x86, &(0x7f0000000300)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x74, 0x2, 0x1, 0x4, 0x10, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x1, "9dc043"}, {0x5, 0x24, 0x0, 0xa12}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x6, 0xe, 0x8}, {0x6, 0x24, 0x1a, 0xff, 0x11}, [@mdlm={0x15, 0x24, 0x12, 0x7}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x18, 0xc0, 0x2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x6, 0x0, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xc, 0x7, 0xa}}}}}}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x310, 0x7, 0x0, 0x6, 0x8, 0x5}, 0x5b, &(0x7f00000003c0)=ANY=[@ANYBLOB="050f5b00040b10010e80000303c0070103100b3e1003cc7b2c2f1000d9ecc284841d15ec59701cb1a2f1004c91f5abf65464ac01e086a7ebcc2f51720c2730aebc4fac4fb386d1884ef8e11eb92628716c0a1003020800a001feff"]})
socket$kcm(0x10, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCDELDLCI(r7, 0x8981, &(0x7f0000000140)={'pim6reg0\x00', 0x5})
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r8, 0x10f, 0x80, &(0x7f00000000c0)=0x57fd, 0x4)

8.257019968s ago: executing program 2 (id=1895):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000380)={0x87}, 0x8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = socket(0x200000100000011, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
timer_create(0x0, 0x0, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, &(0x7f0000000080))
io_submit(0x0, 0x0, &(0x7f0000000040))
bind$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x7, 0x6, @local}, 0x14)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
fsopen(&(0x7f0000000100)='zonefs\x00', 0x1)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r7, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
connect$inet(r7, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
sendfile(r7, r6, 0x0, 0x20000023893)

7.117833s ago: executing program 1 (id=1897):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r1, 0x29, 0x50, 0x0, &(0x7f0000000200))
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
close(0x3)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={0x0, &(0x7f0000000680)=""/4096, 0x0, 0x0, 0x2}, 0x38)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0xffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/242, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/60, 0xeeee0000})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000080)=0x200000000)
write$cgroup_devices(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb61228876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd)

7.021530875s ago: executing program 2 (id=1898):
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000180)=0x1, 0x4)
socket$l2tp6(0xa, 0x2, 0x73)
fsopen(0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x10812, r1, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x3a)
getsockopt$MRT6(r2, 0x3a, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000080))
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000500)={0xae0, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36)
r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x33524742, 0x7, 0xa, [{}, {0x0, 0x8}, {}, {0x80}]}})
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58)
r8 = accept4(r7, 0x0, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
recvmmsg$unix(r8, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000380)=""/215, 0xd7}, {&(0x7f0000000040)=""/62, 0x3e}, {&(0x7f0000000200)=""/4, 0x4}, {&(0x7f0000002040)=""/4096, 0x1000}, {&(0x7f0000000480)=""/77, 0x4d}, {&(0x7f0000000540)=""/223, 0xdf}, {&(0x7f0000000240)=""/21, 0x15}], 0x7, &(0x7f0000000680)=[@cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa4}}, {{&(0x7f0000000740)=@abs, 0x6e, &(0x7f00000009c0)=[{&(0x7f0000003040)=""/4096, 0x1000}, {&(0x7f00000007c0)=""/13, 0xd}, {&(0x7f0000000800)=""/127, 0x7f}, {&(0x7f0000000880)=""/140, 0x8c}, {&(0x7f0000000940)=""/33, 0x21}, {&(0x7f0000000980)=""/20, 0x14}], 0x6, &(0x7f0000000a00)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x8c}}, {{&(0x7f0000000ac0)=@abs, 0x6e, &(0x7f0000000c80)=[{&(0x7f0000004040)=""/4096, 0x1000}, {&(0x7f0000000b40)=""/13, 0xd}, {&(0x7f0000000b80)=""/249, 0xf9}], 0x3, &(0x7f0000000cc0)=[@cred={{0x18}}, @cred={{0x18}}], 0x30}}, {{&(0x7f0000000d00)=@abs, 0x6e, &(0x7f0000000e80)=[{&(0x7f0000000d80)=""/196, 0x64}], 0x1, &(0x7f0000000ec0)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x34}}, {{&(0x7f0000000f00), 0x6e, &(0x7f0000000f80)=[{&(0x7f0000005040)=""/209, 0xd1}], 0x1, &(0x7f0000000fc0)=[@cred={{0x18}}, @cred={{0x18}}], 0x30}}], 0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r8, &(0x7f0000000280)={&(0x7f00000001c0), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40081}, 0x40010)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)

6.954796775s ago: executing program 5 (id=1899):
r0 = memfd_create(&(0x7f0000000380)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf9\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xccd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4hi\v\x00\x00\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xeb\x05\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x\x004]PZ\x9e\xd5Y\xf0L\xa4\xbc\x86\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x01\x04\x00\x00\x00\x00\x00\x00h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2\x05\x00\x00\x00\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\xbc\x8d\xed\xf3\x98\x96\x84\xd7\xc2\x88\b\xcc6\xa44\xd7\xed\xc1\x8f\xa7K\xc9KeEk\xd1\xb7\xfb\x88\x12\xd0i\xef(\xddUP\xee;Dk\x84\xfcD\xf0\xd6\xe9\x96B!\x8c\xb8\xc6\'~\x99\x1d2\xdb\xfd=\xa7\x86\x06\x03\xc6Y\xc6\x87\xd13\xd0Y\x90\xe9*~$jQ\xb9\x84\xec\xe9{\xa8%}/\xcaP\xb1a\xa6\xd9\xb2\xe9\xa7\x1b\x00\xb8\x9d\xb0\x01\x04Y6\xcb\xaa\xa9\vE\xd0Q\xcd/#%J\x0f\x97\x96\xa0\xeeb\xe2R\xf5\x16\x1f\xe554q\xbdp\x0f)\x99\xec\xe4\xf9~\x91\x00[B$p\x92\x03i\x7f\x1c\xaf\x06\t\xda\xff\xb8\xf1\xc9\xd7\xc3\xfaN\xeel 40XJ\xe1\xe4Hv=\x81\xdaZ\xd6\aT\x86\xf5\x13+\xa9\x14x\xe7\x19?\xa9#2\xba\x7f1\xf2\xb8$\xa2\xb5*\xef\xd3\x8d\xe4Q\xe6C\xb3AU\xcb\xae\xdcN\xb7Mp\xc8\x04]\x84\x7f\x19\xd3#\x8b@\x9d\x1a\xc5\xc8n^e\xeak\xea9\x15\x9b\x1d\xb7\xe8\xca\xac;\n\\\xa9{B&uO\xb6\xd8\xa6\xb8\xfaA\x1f\xfb\xdcm)}q\x17\x7f\x86b\x1bq\xcb\x81\r\xc2\bb\xd9\xc7t\x88Y\f/\x0f_\x0e\xae\x92\x91\xf8B{\x16\x8a\xa7\xed\x01\x8c\xe9%', 0x7)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00')
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8)
dup3(r1, r2, 0x0)
memfd_create(&(0x7f0000000380)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf9\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xccd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4hi\v\x00\x00\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xeb\x05\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x\x004]PZ\x9e\xd5Y\xf0L\xa4\xbc\x86\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x01\x04\x00\x00\x00\x00\x00\x00h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2\x05\x00\x00\x00\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\xbc\x8d\xed\xf3\x98\x96\x84\xd7\xc2\x88\b\xcc6\xa44\xd7\xed\xc1\x8f\xa7K\xc9KeEk\xd1\xb7\xfb\x88\x12\xd0i\xef(\xddUP\xee;Dk\x84\xfcD\xf0\xd6\xe9\x96B!\x8c\xb8\xc6\'~\x99\x1d2\xdb\xfd=\xa7\x86\x06\x03\xc6Y\xc6\x87\xd13\xd0Y\x90\xe9*~$jQ\xb9\x84\xec\xe9{\xa8%}/\xcaP\xb1a\xa6\xd9\xb2\xe9\xa7\x1b\x00\xb8\x9d\xb0\x01\x04Y6\xcb\xaa\xa9\vE\xd0Q\xcd/#%J\x0f\x97\x96\xa0\xeeb\xe2R\xf5\x16\x1f\xe554q\xbdp\x0f)\x99\xec\xe4\xf9~\x91\x00[B$p\x92\x03i\x7f\x1c\xaf\x06\t\xda\xff\xb8\xf1\xc9\xd7\xc3\xfaN\xeel 40XJ\xe1\xe4Hv=\x81\xdaZ\xd6\aT\x86\xf5\x13+\xa9\x14x\xe7\x19?\xa9#2\xba\x7f1\xf2\xb8$\xa2\xb5*\xef\xd3\x8d\xe4Q\xe6C\xb3AU\xcb\xae\xdcN\xb7Mp\xc8\x04]\x84\x7f\x19\xd3#\x8b@\x9d\x1a\xc5\xc8n^e\xeak\xea9\x15\x9b\x1d\xb7\xe8\xca\xac;\n\\\xa9{B&uO\xb6\xd8\xa6\xb8\xfaA\x1f\xfb\xdcm)}q\x17\x7f\x86b\x1bq\xcb\x81\r\xc2\bb\xd9\xc7t\x88Y\f/\x0f_\x0e\xae\x92\x91\xf8B{\x16\x8a\xa7\xed\x01\x8c\xe9%', 0x7) (async)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) (async)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00') (async)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) (async)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) (async)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8) (async)
dup3(r1, r2, 0x0) (async)

6.54697133s ago: executing program 5 (id=1900):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r0, 0x8)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000b6596440a5043530df0d00000001090212000100000000090400000030d1d300e88e31fb33c28334caebc2a31e83d862306512cf02256c8bdbf55c4cb9bc1d4ca4a8df61779e7ab6b9bdb3da123fe21dbd518b530a28d6b56932ab5610714f84988c9adeb2763d392598638414cdd4bd7cc4c5796d4cbba71d0f186f42987aff2b82e5224e8af5450672cf0fca44ef5b21ded9ab702c7820d649b7f03b141abd9d0528e539e66abca5da8ba590fa34efbc753fdcdf75d828a557663a89d7d3f1bc1528f4ea2785f8872af77ada0e6562381190640b6aaf9ce10dd94bfa607daabd50b16aef14fbccfdb36d1a71c3a671246ac546e5d021d90cd448e8ec27fc5587a2bbbd7ef73ada215df3e4ba4973192f928131b843f8c06de880a41eb0a9f2"], 0x0)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x24}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_open_dev$vim2m(&(0x7f0000000640), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0cc5605, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000000a20000000000a0103"], 0xb8}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r7 = openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0x80601)
ioctl$SNDRV_TIMER_IOCTL_TREAD64(r7, 0x400454a4, &(0x7f0000000280))
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='net/netlink\x00')
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040)=0x3)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r8, 0x54a3)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000004c0)=ANY=[@ANYBLOB="120100009f09a00871041103d5860e81010203010902120001001b00000904000000eaf5"], 0x0)

6.089646214s ago: executing program 2 (id=1902):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xdaca7de7ff4502d4, 0xa2071, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ffa000/0x1000)=nil)
r1 = socket(0x400000000010, 0x3, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b94f19107018010047940102030109021b00010000000009040000010a00000009058f", @ANYRES64], 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xfff2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x6, 0x2, {0x28, 0x7}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24044000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x44, 0x2c, 0xd3f, 0x70bd2b, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x1, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x800)

5.798893503s ago: executing program 0 (id=1903):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000000)=ANY=[], 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000002c0)={'wg1\x00', <r6=>0x0})
sendmsg$WG_CMD_GET_DEVICE(r4, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x24, r5, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x3}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004}, 0x20000000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2004}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x6c}, 0x1, 0x0, 0x0, 0x8000}, 0x20000854)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x4, &(0x7f0000000040)=ANY=[])
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000340)={0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="0000000000eeff00"], 0x0}, 0x0)
openat$dsp(0xffffff9c, &(0x7f00000001c0), 0x519f00, 0x0)
read$char_usb(r8, &(0x7f0000000580)=""/35, 0x23)
r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r9, 0x4030ae7b, &(0x7f0000000040)={0x5, 0x0, 0xd91, 0x100, 0xe10})
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_int(r10, 0x29, 0x3a, 0x0, &(0x7f0000000000))
sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040))
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000780)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x1c, 0x0}}], 0x1, 0x3404c8d4)
r11 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0)
preadv2(r11, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0)
r12 = accept4$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @empty}, &(0x7f0000000180)=0x10, 0x80800)
listen(r12, 0x8)
openat$ppp(0xffffff9c, &(0x7f0000000400), 0x80000, 0x0)

5.076135419s ago: executing program 3 (id=1904):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000380)={0x87}, 0x8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
timer_create(0x0, 0x0, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000080))
io_setup(0x23, &(0x7f0000000280))
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
sendfile(r5, r4, 0x0, 0x20000023893)

4.192691213s ago: executing program 3 (id=1905):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="2001d4"], 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
syz_usb_control_io(r0, &(0x7f0000000400)={0x18, &(0x7f0000000140)={0x0, 0x0, 0xb3, {0xb3, 0x31, "231d6f6080c2d7dfb5a5549060389058fb12e84e2438a2468e744d1765f5134e21a35dc81bad209c12d1a162bbeae95933f9bff44b6347ea7ce0880e08069f5bc9fabe9c480e185e768ab625cf9cee22fa6f0a730f589ae6ab3d645af05c8462f39c4f1aecfb83cd1130ed50ff0dc1dcc94c8d45154dc592fbc2eb0e51d52aad4801cd7bef8cf5e2acdcde1b9993ee8967247364cd4a1a18c07c04f4afbcf32e13a97f1e659681627df764156c1d6efea7"}}, &(0x7f0000000200)={0x0, 0x3, 0xce, @string={0xce, 0x3, "b441688ce0275e320f4620be5b14e5e5d53d0a3758071d59048c1f43c66b418d2a4256e6182e8dc3cd3f60225d6b49038d3602307463d50916c1963242fa178a301e78252d9bf07980369e21d107f81b9ca8014e45636290ba587f49cb8bda353c817f8d06c6076f5a06e6842f80ccb7c2c60226a58edeab985f01c2f760d1f5d72716fc6f2c4b6a481ac7aa0c3c143155b08846cd83dadc0f3c4d299ccabe17095f2e61badb9c622fd63ca82a82fbcee3a89660e0b1425b689fe98d4e69365d9b7a70797b90f6a98b306935"}}, &(0x7f0000000580)={0x0, 0xf, 0x1b3, {0x5, 0xf, 0x1b3, 0x5, [@generic={0x3, 0x10, 0xb}, @generic={0x103, 0x10, 0x2, "50f2c24c07bfdffcba13fc2a7d2185ab424dbbd4c59e677f4d9e55e60b3c85e3768f1c00f939dad55bc1f32f54e47090ed1752594ccabec5e2187c64e0e7b21f798e4e823700a49b8aeaa9755fdfe9beced75509eb629e13d8f3bb469d9c36e2b1244ce09f33815ae223c196f88e7bf8c85f15a08ca93f2e57e85228102891e987629ae23b5983eaa5325abc8a1c8d96f6bf0582f21b132dbb2be825f64fbb9d14711de47845a656a9894347556a1756f9ad4c12db377bdf03be2a2829cc56d21a15ca51a3c2cf1b4b572119079bfb94fd725c7197d8887e5be623bb3af3ae5af58804ae0d6d87af779911d322e02cfdf41b8b79085561447c31b641f1e3d598"}, @generic={0x8e, 0x10, 0x4, "708f4a6c9fc403cac0c9745a5bae6047d40471d30746f4878016665649d4032cb3f82fa125d156a33380abfdce0c02d7d778c5cc875d84c6a78a545aa828a92d6fe1a16d140025bd6d3779256b53391519b2e6a0c418b355c143743d981b785604900f19ab174185433b7c22c065f509243008432e9188b0df469eea3e42257c26486452c918754c0c49f9"}, @ssp_cap={0x10, 0x10, 0xa, 0x1, 0x1, 0x9, 0xff0f, 0x379, [0x0]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xf, 0x12, 0x7, 0x8}]}}, 0x0, &(0x7f0000000380)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x1, 0x10, 0x6, 0x0, 0x4, 0xfffd, 0x7}}}, &(0x7f0000000b00)={0x44, &(0x7f0000000440)={0x40, 0xd, 0x47, "31693c057e98dd62d2abddd49906beb388affa3bcabf37175507b21af4248b360ba4b8d272d61c7a20d0ce666a5114bc24d4aa91664daf61bcfa830b9ff8720aa81f205537ca16"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000780)={0x0, 0x8, 0x1, 0xd}, &(0x7f00000007c0)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000800)={0x20, 0x0, 0x8, {0x140, 0x2, [0xf000]}}, &(0x7f0000000840)={0x40, 0x7, 0x2, 0x1}, &(0x7f0000000880)={0x40, 0x9, 0x1, 0xfa}, &(0x7f00000008c0)={0x40, 0xb, 0x2, "44c9"}, &(0x7f0000000900)={0x40, 0xf, 0x2, 0x6}, &(0x7f0000000940)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, &(0x7f0000000980)={0x40, 0x17, 0x6, @broadcast}, &(0x7f00000009c0)={0x40, 0x19, 0x2, "850e"}, &(0x7f0000000a00)={0x40, 0x1a, 0x2, 0xb2}, &(0x7f0000000a40)={0x40, 0x1c, 0x1, 0xf}, &(0x7f0000000a80)={0x40, 0x1e, 0x1, 0x45}, &(0x7f0000000ac0)={0x40, 0x21, 0x1, 0xfb}})
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x0, 0x28, 0x1, 0x0})

2.762054408s ago: executing program 5 (id=1906):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000000)=0xa)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000002900)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x4c}}, 0x40000010)

2.615009593s ago: executing program 0 (id=1907):
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

2.614039595s ago: executing program 5 (id=1908):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x446982, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8010)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0xd, @val=@perf_event={0x9}}, 0x18)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/244, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000080)={0x1, 0x0, [{0x11000, 0x7a, &(0x7f00000002c0)=""/122}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000680)=0x41)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f00000006c0)="b9da06ce171c2e7cc2a25d589ccd75d0275367048f46e1d1833f0b225d71e6aeeafac6b1195e3a2a07b7e7608b3a26ecb6602c6c63440f57e99c4b044e5acf58334662a879c264e140e6b241cdf5dc25f7a72ac09c25acbab6f04013f5d93bfd9f14869f41acbb4f6254d3c06caff5fef46dae6c60b92a4dd55144aad51181e72274ec4f0c000af53cd16eea01b6c438414b4fa293dc9f8ad474bab443ff43f1468913cb7831434ec8c4b2c11fe1f347d53b9f47687adac3b16897e0037917b1173ad3176e7d8a87f9077212b181", 0xce)
r6 = accept4(r5, 0x0, 0x0, 0x80000)
sendmsg$alg(r6, 0x0, 0x0)
recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)=""/103, 0x67}], 0x1}, 0x40010022)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs$pagemap(0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)

1.715556396s ago: executing program 5 (id=1909):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000380)={0x87}, 0x8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = socket(0x200000100000011, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
timer_create(0x0, 0x0, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, &(0x7f0000000080))
io_submit(0x0, 0x0, &(0x7f0000000040))
bind$packet(r3, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
fsopen(&(0x7f0000000100)='zonefs\x00', 0x1)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r7, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
connect$inet(r7, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
sendfile(r7, r6, 0x0, 0x20000023893)

1.63532251s ago: executing program 0 (id=1910):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x33, 0x0, 0x0)
syz_open_dev$usbfs(0x0, 0x76, 0x101301)
r0 = syz_usb_connect$cdc_ecm(0x6, 0x5d, &(0x7f0000000180)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4b, 0x1, 0x1, 0xff, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x2, 0x6, 0x0, 0x81, {{0x7, 0x24, 0x6, 0x0, 0x0, "50a0"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x91, 0x5, 0x2, 0x4}, [@obex={0x5, 0x24, 0x15, 0x2}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0x5, 0x3}}], {{0x9, 0x5, 0x82, 0x2, 0x0, 0x5, 0x8, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x6, 0x5, 0xff}}}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0x8, 0xe, 0x1, 0x20, 0x2e}, 0x1a, &(0x7f0000000280)=ANY=[@ANYBLOB="050f1a0003420e00004406000b10010c1400020807000303100b"], 0x3, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x42a}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x422}}, {0xb8, &(0x7f0000000440)=@string={0xb8, 0x3, "102c1aac3a35184146a7b6cba331bf0d7bdb7e565ec9633bb970094cf2a9ec0b4d07bdfbe44a23ff9d434355541ce41410444792076d6a2c2c688cfe95d2f637a575e234c932286edc216faf21a32e4d69d4d1bf576bfa4bf5a68f35a970bff07781e3f0f5d7c82d345c71f66a02d1133165d1da3a7a78f398db98709e65953b6308fc187f92689200bf55e0b163adba0d5479929e518d5847af9c3a522b72aa6703a96495c65f33e3bfd82dea81236656f446a4c685"}}]})
syz_usb_control_io(r0, &(0x7f00000007c0)={0x18, &(0x7f0000000500)={0x20, 0xd, 0xda, {0xda, 0x2, "1ca34bfb3c0f999867c38fa86885b8a8fd27c1f7e3279224eb154b54b183edcad9c7fddc166ed6584bb93dbd8f609cd79722200b6a2eb82185f3241721a6d5bdf9c878e052720d6bd690d36994092827df3d41329c1d0ea4e7e0162e77a1a8a3da3eb30f41873e99da52ba0a38b581ce149096dc289f5f57e9d1e7d4e63a8df434ae3925f656ba6b45619931a42fcfb6617885fd01f544d58457916734fb34a2e98633f10982cb1de8009c535ec6856a84e922e79c6fd41a3107d6728f27fc02cfdf84e00a46b5368f503adabe1b8ecf99c49dfedf43f1b2"}}, &(0x7f0000000640)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44f}}, &(0x7f0000000680)={0x0, 0xf, 0x95, {0x5, 0xf, 0x95, 0x6, [@ssp_cap={0x20, 0x10, 0xa, 0x0, 0x5, 0xa, 0xf00, 0x1587, [0xfff0, 0xff3f00, 0x3fc0, 0x1e, 0xc0f0]}, @generic={0x3a, 0x10, 0x813c01393e857d68, "13f79cc2082b92fd9aa7608c3b9264b021fb99aac6e82e12f8492295ae46db221c10fa95b1458e9353d13df2ad5e3ed993f7bdbdf412b6"}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "0cc5b98547448b5b2048dfca97600ed3"}, @wireless={0xb, 0x10, 0x1, 0x0, 0x11, 0xc3, 0x8, 0x7fff, 0x34}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "296b5bdd1ab2017e5bab7285040ce789"}, @ptm_cap={0x3}]}}, &(0x7f0000000740)={0x20, 0x29, 0xf, {0xf, 0x29, 0x24, 0x8, 0x3, 0x2, "42c46f9d", "85746680"}}, &(0x7f0000000780)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4d, 0x0, 0x5, 0x4, 0x27, 0x4, 0x3d5c}}}, &(0x7f0000000c00)={0x44, &(0x7f0000000800)={0x20, 0x7, 0x2d, "af63d6fe7e31a00eeea1a035b3159c2ac66ced25f3d1c57061f7377347f8647489deab768d3aaa41f9f4fe220d"}, &(0x7f0000000840)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000880)={0x0, 0x8, 0x1, 0x6}, &(0x7f00000008c0)={0x20, 0x0, 0x4, {0x4, 0x2}}, &(0x7f0000000900)={0x20, 0x0, 0x8, {0x1c00, 0x4, [0xf00]}}, &(0x7f0000000940)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000000980)={0x40, 0x9, 0x1, 0x6}, &(0x7f00000009c0)={0x40, 0xb, 0x2, 'PT'}, &(0x7f0000000a00)={0x40, 0xf, 0x2, 0x3ff}, &(0x7f0000000a40)={0x40, 0x13, 0x6, @random="d83c112bc601"}, &(0x7f0000000a80)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000000ac0)={0x40, 0x19, 0x2, "b035"}, &(0x7f0000000b00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000000b40)={0x40, 0x1c, 0x1}, &(0x7f0000000b80)={0x40, 0x1e, 0x1, 0xd}, &(0x7f0000000bc0)={0x40, 0x21, 0x1, 0x40}})
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000240)={0x3, 0xa, 0x2})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$WG_CMD_GET_DEVICE(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="81000100390dbb284a55d9c4a6fee07e35032e26b7b9edcde385882b8f77d723c696c7142f475dcfd3fe5044043b0452363b68843db8cd7c5650d90b23df", @ANYRES16=r4, @ANYBLOB="01032cbd7000fedbdf25000000001400020077673100"/34], 0x28}, 0x1, 0x0, 0x0, 0xd0}, 0x20040000)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f00000000c0)={@host})
close_range(r1, 0xffffffffffffffff, 0x0)

1.357766734s ago: executing program 3 (id=1911):
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3b490100000000e7ffffff00", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback={0x700}, 0x67d}, 0x1c)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x400200) (async)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x400200)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000200)="d8000000180081054e81f782db0cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb5b277470703152b414f872766247a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x800)
ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000040))

1.071074773s ago: executing program 1 (id=1912):
openat$kvm(0xffffff9c, &(0x7f0000000000), 0x400200, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x9, 0x6, 0x401, 0x0, 0x0, {0x1, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20080800)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000200)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16, @ANYBLOB="010828bd7000000000000b00000008000300", @ANYRES32=r1, @ANYBLOB="2c005080080003000bac0f0011000100ea28e0749e26ee9b5e442b2c600000"], 0x48}}, 0x0)

1.070347654s ago: executing program 2 (id=1913):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885, 0x0, 0x0, 0x2bc}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd, 0x400, 0x0, 0xfffffffffffffd04, 0x22})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000009c0)=@updsa={0x184, 0x1a, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@dev, 0x0, 0x6c}, @in6=@private2, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_aead={0x4c, 0x12, {{'aegis256-generic\x00'}}}]}, 0x184}}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x800020, 0x0, 0xffffffffffffffc0, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$kcm(0x2d, 0x2, 0x0)
r6 = gettid()
ptrace$getregset(0x4204, r6, 0x201, &(0x7f00000002c0)={0x0})
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e99900000000000000007f000001000000000000000000000000ac1e000100000000000000000000000000000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002300)=@updpolicy={0xf58, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xc}}, [@algo_aead={0xd6f, 0x12, {{'morus640-sse2\x00'}, 0x6918, 0x200, "84a8fabd69893027d25eb45b3e48d61e7beb065b7c4ac18b2920db77ea281236933dc133c105a079db0bdd01a2c727d7200727ad24022caf631d22df59a211f0a3edcdb99c26e3b6871f622678f896692b0b063d4137b1fd168fc5c94f99ef7f5a10536cd70f5f05687d21895d00e7035b93636e2cb59333811746e9b1fcbcae18da9c41b10fc74373cd42a826ee045b501733fa8ee2c2b3f8a3cee81de6c844247659430cd7b9bce79743d173cd8aea2c7d4df7ca60f762555e4937faf444957f5a07936339bcd79ef2bb5ddb6e35b56a0a688c1084d55705793a3cf2e2b42fdae2f4a03369c14070b5569e4c9f82f1d29fd2ff15dfaeecb0be39692fc96ab3afbe33b1c0598b2e08ccbd940d8fbc525442c11ade835b54c961023bf6c6b289656939d0f43ab76a33dff5163e8ae957c6e0ea6ea74225fab9ef24790461e9c67eea180ed8a9c090985f3c964ea7f24004f0fe20dc4fb5c6b4934ff3b2bc814db16795ed50b786f9e575389ca5ca1da7a4fc4dbe6e798dfac146ce0ee064564e2557d49727d9b2c75c584619637ff817ab3f578d8d583aab80ad9447249fd7cecc3722314ad73776d87670b72e2802500bf969cb05f8de6a14ade933dd400bc8e66ea3ae215ffd87c77dba5dd28a1ebd1acb778765960c33d5e92146d23712303c202279a380c140bc13d848f20bdd9f3d6e4740dbd655d74b22454bdfc6baa1aa0b27cf6068f719c65b9b9b20320498c0ba79d5392ae627286a26a521b508c464b125be6e5122c7f81e874951636c72414c3fde0352f7c59eaf0dd08a91549733e23ef7e85ef9551482fa792edcfcf592a53a0e72d9f12c1523998ff0e8ba76e8ffad67aa0c76882468ee8e3b88dbfd38b8c312381242b019c0ec22c5b800b0e4652f0ec40ff369069f4871d5083c76554c04f99a548915e47f37a0bc75709b0478f8f3b3710ec2cbe3d40d3fbb0803dad3756368fbd44d059d3fc0511ea75c615e6541db64fd47e835374733c443675c4addd063b5927f9e0d676c598e393798b60c29962cda800117914735d7936347701ab15b6633bae38afbf62fbb4f011597b1541795923c6e8ef3b91969b0e71ff802f12f57ca4d781092968f65c783f3c84edd0ef602841ae3c80114576b72cfcc3d364244a82840325a792c0593465435ec7347c593687bf54e596f0d83263705e253d6974baa144eeb2943998fabb4c657fa67fe08f9f9d2b8a71fac3b0fb9aa198beb05613fe926a4e554ed1240677288b74cef7c768f0fd72aacae0fc791cfd4d751ea09ad582a194cd3becebb616d5bdda35ae4227521168547afb6748b0299d5426937c3551bd686c9c108b96a70c1c51beff5bac23e3ae58a6ec64c59ae1dd4ba685fbf8db64418ab8a1269be31e205aa167cefd8e527caeb52a5e576f0439a81d1d85b2e955eb5e60ca6609a69a1648893dc0c3154422a1f310b5afa7e62b64cf5ffa6ea58c2d1f924329756c2a623512dde91ca326d6521ad23e14f6a4fb3731b29d76e3b299a392788a893f246e1b60384653c197b4d8409a4d1b49c75c8499c9cde8ac1402d1f2aae2e315ed542bbceb11206afe90b5b473150662d9b91254d2630631f78da5c27719fc0de6888dd0ecc5a5e7070f649c15f538da6508c0a43b51b269cdf61bc004642aacfc7bc354b3f1e2f52a34728cfb361609c7bceb69487fa450eb0066e02259e74386a43e2b8f15b2c44a9110fa4be41712d82f9d75ea00f7aae60ff9e8b1fabb188bde1e3aed1655ed5281a20e70168b5c32a7c59332c616e0f85e4405beea95d6fe3f70b9093a33e02a29e71ee1080330fcd0a605de1e2aa71159349c68e6cb960bf3e1a4a3ce7dc219ff6963c8b8ee233920ad8e4ad7d9f329fc7f35be4bb985b93e6e04e9b2befff835f71cc8acf19ada3a247eabe68f03810ab08d40aba6866f08d5edbd80b6d7d7a5997d012ce263450059a861b29229946797023cb2418b40aa98727d140132b218d31c899406cfe14abcc85360d8db9ea9cfcdc07b3897a1997519dac301074f64f6e40277d488c229e5481f5536c1a7ce6e1b87b6727b796e2cdbf8d80cdfdb5cfb3a912de498ec4554943f8da82d02afeff21e525b4f9e5cfe953d52f1e51d90caead53b07b855f0ecbed5b2a907722fbd8efa362d511a0cdd73e55a1828495cd93f6d079acf74526604353e9be15896c5f79a77bf1f4d5e9fa5517a420e457a0020f13e71bd7347aa67a09ca9e21394b80a8a54abfc4393c2055d38662c7fd8a1a98405babdcf515b8b8a9c9c04db5696b172c2539bb122b3524f7efbd32632fdc142f0538cb1c3d825d82c2632f4f737ec9686990cd57a1327918e65c90fe672693051a8f67687ec4b1ff3f7c3dc65ab5b9712c32b2dfcbae51eb722708066fa6a1adbc4fff426234ee7c36f150a1167a1d6e59dc1dcfde6d0593fc035626d82e1208e295c348bb2ff3eff0a046d712f62449d3bdb216a164169d564bf3c773bf5e7472cc0586f0139e6efbccfdb3960df4f0fe7f424295590b0b8a7c34bf4bcb8c5003fe51e056625e389bb0338b03d0b89545b2173b27df519e7f2e682798111ebb18a974eeac489a64915281e4f52c21bbc570d8b9182878df679fc73b5a3381105b0dea4192704cb74295e8ab3de608429eca8fd301a54b5be7cc62ec26587c98603507c573881607a160d2c6acf66b80e866f80a3787bf455fe40326e5b00a574a9c23d73085e0f6b818fb58f1c20b4f9d75234e48cd60dcee3fff9c382740898adad55426b56dbadbab37b30f43b15b1622408ca13e0df9e9b46baa38e68ceb958d2c226964892eb59549cf96fbfa372096a06cd0e30133031cc1d309db9065b5d1d15de3279a242a0f3590c350c712fdede59dd88ebfce7f6fc24d21d63572388aa1e197164f5f78a5f91ba00346f478bb9533ad16efdf059966033eade297ded3776d846bd72c2150586626b9f64470128f43d7001dc983e32c8d92a280d1364bd0e7850584a270dfc2c2134ad6e4e66dadb719d1c6ee3ac72bb53e34b781ef950fb63344f9351afd55cf4ba0fff789550af1c0c99fba2786b773c8bc09529bc09a73b0b19089e4801e4ea78e5654170fd660f8865966597f1586728a0266fb796b380600762a9c3cf468084f5365c345ed018a4bac5c770e0e67902472b693e23f7d0efec1d05c1903de29024ff57b62e5cd55e37d6f8b4693b0f62a0114c688ff1f3181e241b041e21b89c24cbc9868b09d0c35130d4b3316a43664fd8361fd2f48d1c60af5c0d011d8c73e458e4e55597f4e9daa4b62cecbd149b30c288a3b045163a005e07f4c7178f962f6b65491ea19d19b082d771417cc26852e691075997f57766f18968196c39b87937e51788d664190110f1fa49f0d8ea09bdae3374d04197809619e6d522e86f7c9fd3406d1369584e378648224eee06a5b18a0fe44b7395a2e310da86aac9fea77cec37479b39c2891f829abbb7881299fb162015168d0443d9cfc422a536d7acda1318b4d6cde515c5ef6ff281ac085e8b49aca0b6189a1524ebd4ad4ba5dfca45b1c8cec7705cd4420b45f3fe88e335a99929e3a155335d93588869f8573017a9f8ae9d647ec915dd180afde1a42c94bd6976ebdd75379efeeb883e725e8e7c014a5a289d187debff4a92b7b4abf5429db1c7b77c3e4d7cc60e1ab9e62cd43ea2dbf2ba8d43465d409fc40207a548ac8ab8726eece416bbf333dada4db1ced972c56f613710e1745ee8858ceb79ad0f9cb08f259257c90ef89b418bf3f11d5951395786bfb1a09570ffa047090dc698fa8d0ac7355a26db004c9bde94aa7d7aecc2b2f421bb85624b1143a36fc4f1fbcad19935bfeb820ca01d8eb6ecfc2570d851f0fb96a3a9632776327f8698724fcbc36404180b0d787775b4cce74bac07c7209a5bccb2a295b7ad475bd9d77674f401bb7ff9d29965728a1d2aee676e48871a968fe329bad9c33b49e0c111075687519f522dc4863bbfa0e7417e76a962f0e1c846f472200d667fdc6ea78495b9e53f7e41f98cf48ae1c0dad09a44c0e4aa53d0149cda6614757a6755c948dcf58b0b5bf4ada5517a6844ade5ca93ca147601438c4fb0354790a675352db3f1a70f929863ee538190d05bf9a3196f6df5f48216272a8c227dc525880ea09f31dfe204f99cace9c20e9d65b6c7d6af3d21fe439bbc544f0ab9b2819e0890fcfd641bf42c5af9992276fba33abfdd283e39d0d26a7f99d8fc92fe9a677f9fc705e32f1bd6c14d3e243f7d1e5b6567e61512131c30877d7059450ebf97f3aafdf16d91d704d5cf525595a69233e225d88ee3612b5956a9bc5ba8e80d45c4b2f0f1596ea73fad1cf77d9499975dff2798cde1799006662002ea5c1b2fa368fd86c524ac9d927e5f9e8754e94b1d2814874eeb6bbe0e45b25661469637c4d9598d8a7a8dd4377179c038096cfdd45fbcf96076ee2998c07376bb3e9273428f99f728877deced1101774f343318e4e793bc3ff2f159bb257c6c3f70db7303ae4f1ea1fbb7cc39925567f8e87bdfdf7e2b74ddd4bbe4bf86eff347029e5177be6d1f4bb7da70b288906b0b0ded8d6bdbba5fc660298b55537bdb0d716f813016398a27daea6ff80cd762d7f53e40265b70ad20571c76a28672edc3a53f2d5554632e7f1f9f2dd365e1944b6981aa8e3cae2868de2054db269144c4a0a6fa4593b727d449c50a5109323bb90bc666b422c0e871d9bb5fa2d650c"}}, @user_kmaddress={0x2c, 0x13, {@in=@rand_addr=0x64010101, @in6=@empty, 0x0, 0x2}}, @offload={0xc, 0x1c, {0x0, 0x1}}, @migrate={0x9c, 0x11, [{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@multicast1, @in=@broadcast, @in6=@remote, 0x3c, 0x1, 0x0, 0x3507, 0xa}, {@in6=@mcast1, @in=@empty, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@empty, 0x0, 0x2, 0x0, 0x3505, 0x2, 0x2}]}, @lastused={0xc, 0xf, 0x4}, @etimer_thresh={0x8, 0xc, 0xffff}, @lastused={0xc, 0xf, 0x2}, @replay_esn_val={0x34, 0x17, {0x6, 0x70bd2b, 0x70bd26, 0x70bd2d, 0x70bd26, 0xa, [0x5, 0xae8, 0x3, 0x6, 0x5, 0x1000]}}, @offload={0xc, 0x1c, {0x0, 0x2}}]}, 0xf58}}, 0x40000)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000003f000000000000005504000001ed0a002500000017ffffffcc040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9e104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f1300010000949b3aab06b1e042ff2164d80c8ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1e0600bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee6330000000000000000000000000000000000004000000000000000038600008fb854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8265e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb66701f4578ba4cb9b706e605a88c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f6a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cf026657a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2cccb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400090300000021911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a8f01bc4b73cc31df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21c24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a3c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d68000000000099347593f67da85d1c962bfb320d1553a74ec3bf003ba62b1784dbf0168a7e85f28b77bdebce96bf386a6dd5df162a16f2b7e8a4de0ffc464a87f91f81866d2ef0af71ebb07a739c3cb1b7000000000000"], &(0x7f00000001c0)='GPL\x00'}, 0x48)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000800)=ANY=[], &(0x7f0000000340)='GPL\x00'}, 0x94)

1.021896428s ago: executing program 3 (id=1914):
set_mempolicy(0x2, &(0x7f0000000000)=0x7, 0x4)
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x43033, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x60, 0x10, 0xffffffffffffffff, 0x789d26, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x49f68, 0x3802}, [@IFLA_PROP_LIST={0x40, 0x34, 0x0, 0x1, [{0x14, 0x35, 'bond0\x00'}, {0x14, 0x35, 'veth0_macvtap\x00'}, {0x14, 0x35, 'sit0\x00'}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4008048}, 0x4040040)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x4, &(0x7f0000000080)=[{0xc, 0x8, 0x3, 0x8eb6}, {0x1, 0x6f, 0x1, 0x810}, {0x7, 0x6, 0x7, 0x7f0}, {0x2, 0x0, 0x7, 0xfffff913}]})
r2 = msgget$private(0x0, 0x42)
msgsnd(r2, &(0x7f0000000240)={0x0, "f4b95a95ae6e4c8078847b7e20465bf47a1642e8e0b323620fa88c14c02f36a903269d7f12a452b3c315bf2ea2312ff605b5f66f1bdbd11a92efbee5e013605a927172850fd233925266c6179eb912dd0b33b0f7f4f9cfc57e0704683170d055cc5faf103e2f34cb3724e74a1606b72e6c0d8068061c377a5ba40583ce04a0a398a2a70bc1dc28dbdbf252130f732cde5b29846fbc344317939dec71012d5236051412647c7067d2e7184656470676e76df94df59adca7cc83fbe291e256e6500d84d20779d6a4cd176209421fd64c4cd230493c60fe93ef315af9e3d33c"}, 0xe2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={<r3=>0x0})
r4 = openat$vimc0(0xffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r4, 0xc02c564a, &(0x7f0000000000)={0x0, 0x34424752, 0x3, @discrete={0x3, 0x9}})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f00000001c0)={r3, 0x2, 0x731a3967})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000380)={0x3, &(0x7f0000000340)=[{0x0, 0x4, 0x6, 0x7}, {0xbdc, 0x8, 0x36, 0x81}, {0x4, 0x9, 0xf7, 0x7}]}, 0x8)

903.33813ms ago: executing program 1 (id=1915):
socket$inet_tcp(0x2, 0x1, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$binder_debug(0xffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
sendmmsg$inet6(r0, 0x0, 0x0, 0x24000015)
unshare(0x22020600)
pselect6(0x40, &(0x7f0000000040)={0xa4, 0x4000000000000000, 0x1, 0x3fc, 0x1, 0xfffffffffffffffd, 0x0, 0x7ff}, &(0x7f0000000240)={0x18, 0x0, 0x0, 0xffffffffffffffff, 0x1000, 0x800000000, 0x8000000000000, 0x6}, 0x0, 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_TTSTAMP(r3, 0xc0844123, &(0x7f0000000280)=0x4)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = accept4$unix(r2, &(0x7f0000000380)=@abs, &(0x7f0000000200)=0x6e, 0x80000)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x0, 0x2000c091)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x783bfaae6b510310)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f0000000000)={0x80, 0x40000105, 0x0, 0x0})
ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
r7 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl(r7, 0x1ff, &(0x7f00000000c0)="1280bfc35e43465cfcac12229fa0dbac77a77196475c8bab315d1fd6941ee0a333f86268dfcc195e10a8155df3bad0e3232f141600f82602cda5b38a87b3f16c933b7294ccd3aced8cb09b1993a5fbb712a0442f8536290cd7bdc0849e18d408e1d170f8620e33ca3b7f35de93aa58ac754486b283180debb3b15059cb57cf399d3ef79d82c31b969bd0b774c6f6a07dc0eb909c7637e4b54d0b8cec5d262fa8c12df34bc2fb779623755d0bea9061ba6937ead215cf200c7fb5e0b8a9be1dcc3ad35e54e1cbdc07b2888e1b60f19f15abe922504941cc8dfe")
setsockopt$inet6_udp_int(r6, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)

854.873044ms ago: executing program 0 (id=1916):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x783bfaae6b510310)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000000)={0x80, 0x40000105, 0x0, 0x0})
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, 0x0)
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x1100, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

309.524585ms ago: executing program 3 (id=1917):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x6dccf5eb5fc6115})
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x44, 0x0, &(0x7f0000000280)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200)={@flat=@weak_binder={0x77622a85, 0x1000, 0x5}, @flat=@weak_handle={0x77682a85, 0x28887fb0eb674e88, 0x3}, @fd={0x66642a85, 0x0, r3}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

97.61367ms ago: executing program 3 (id=1918):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r1 = gettid()
r2 = getpid()
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x14, r4, 0x331, 0x70bd28, 0x0, {0x8}}, 0x14}}, 0x0)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000240), 0xa000, 0x0)
readv(r5, &(0x7f0000002540)=[{&(0x7f0000000280)=""/34, 0x22}, {0x0, 0x18}], 0x2)
mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000009, 0x11, r5, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0)
ioctl$EVIOCGLED(r6, 0x5452, &(0x7f0000000240)=""/77)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00'})
statx(0xffffffffffffffff, &(0x7f00000002c0)='./file2\x00', 0x7000, 0x200, 0x0)
r7 = syz_open_dev$video(&(0x7f0000000000), 0x3152, 0x200)
ioctl$VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000380)={0x9, 0x9, 0x3, 0x0, 0x5})
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}})
r8 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01)
write$char_usb(r8, &(0x7f0000000040)="e2", 0x1068)
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000000100)=0x5)
rt_tgsigqueueinfo(r2, r1, 0x1f, &(0x7f0000002240)={0x2b, 0x1, 0x2})
r9 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffe]}, 0x8)
read(r9, &(0x7f0000000740)=""/384, 0x180)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0xab, @loopback, 0x10001}, 0x1c)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @loopback, 0x23}, 0x1c)
ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r1, 0x3, 0x4002)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)=@ipmr_getroute={0x1c, 0x1a, 0x2, 0x70bd2d, 0x25dfdbff, {0x80, 0x14, 0x0, 0x3, 0xfd, 0x3, 0xfd, 0xe, 0x2300}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
r10 = dup(r0)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(r10, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x4080}, 0x8080)

66.924123ms ago: executing program 5 (id=1919):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup(r0)
r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0xfdef)

0s ago: executing program 1 (id=1920):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/sctp\x00')
r1 = open_tree(r0, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6}]}, 0x28}}, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r7)
close(r7)
syz_open_procfs(0x0, &(0x7f0000000040)='net/sctp\x00')

kernel console output (not intermixed with test programs):

t: fail, usb_gadget_register_driver returned -16
[  435.635519][   T30] audit: type=1400 audit(1758487632.374:557): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F04
[  436.303685][T11200] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  436.758781][T11210] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  437.202076][T11220] netlink: 'syz.5.1453': attribute type 2 has an invalid length.
[  437.486570][T10755] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  437.505312][T10757] usb 4-1: USB disconnect, device number 38
[  437.677359][T10755] usb 6-1: Using ep0 maxpacket: 32
[  437.688823][T10755] usb 6-1: config 64 contains an unexpected descriptor of type 0x2, skipping
[  437.703363][T10755] usb 6-1: config 64 has an invalid descriptor of length 0, skipping remainder of the config
[  437.770660][T10755] usb 6-1: config 64 has 0 interfaces, different from the descriptor's value: 1
[  437.801287][T10755] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  437.813046][T10755] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.822317][T10755] usb 6-1: Product: syz
[  437.951794][T11237] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1458'.
[  437.975388][T11237] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1458'.
[  438.049582][T10755] usb 6-1: Manufacturer: syz
[  438.054222][T10755] usb 6-1: SerialNumber: syz
[  438.684920][T11246] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  438.884541][T11254] vti0: entered promiscuous mode
[  438.890119][T11254] vti0: entered allmulticast mode
[  439.116622][T10747] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  439.186576][ T5948] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  439.276650][T10747] usb 3-1: Using ep0 maxpacket: 16
[  439.291154][T10747] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  439.493464][ T5948] usb 4-1: device descriptor read/64, error -71
[  439.506605][ T5981] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  439.586930][T10747] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  439.610651][T10747] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  439.619951][T10747] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.633602][T10747] usb 3-1: config 0 descriptor??
[  439.696276][T10747] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  439.804796][ T5981] usb 2-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df
[  439.814743][ T5981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.835237][ T5981] usb 2-1: config 0 descriptor??
[  439.846640][ T5948] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  439.879412][ T5981] gspca_main: benq-2.14.0 probing 04a5:3035
[  439.918610][T10747] usb 6-1: USB disconnect, device number 32
[  439.986684][ T5948] usb 4-1: device descriptor read/64, error -71
[  440.006426][T11253] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  440.073445][T11264] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  440.090690][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  440.105410][T11260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  440.117009][T11260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  440.132462][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  440.134731][   T30] audit: type=1400 audit(1758487636.904:558): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F04
[  440.146893][ T5948] usb usb4-port1: attempt power cycle
[  440.238026][    C1] vkms_vblank_simulate: vblank timer overrun
[  440.332798][T10757] usb 3-1: USB disconnect, device number 27
[  440.596597][ T5948] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  440.697431][ T5948] usb 4-1: device descriptor read/8, error -71
[  440.959192][ T5948] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  440.987471][ T5948] usb 4-1: device descriptor read/8, error -71
[  441.106867][ T5948] usb usb4-port1: unable to enumerate USB device
[  442.121446][ T5948] usb 2-1: USB disconnect, device number 35
[  442.371903][T10757] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  442.485973][T11298] binfmt_misc: register: failed to install interpreter file ./file0
[  442.642429][T10757] usb 4-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice= 3.90
[  442.697297][T10757] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  442.723828][T10757] usb 4-1: config 0 descriptor??
[  442.747135][ T5981] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  442.767563][T10757] bfusb 4-1:0.0: probe with driver bfusb failed with error -5
[  443.016738][ T5981] usb 6-1: device descriptor read/64, error -71
[  443.099414][T11286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  443.108142][T11286] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  443.118022][T10757] usb 4-1: USB disconnect, device number 43
[  443.296545][ T5981] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  443.406380][T11309] binder: 11306:11309 ioctl 4018620d 0 returned -22
[  443.416274][T11309] binder: 11306:11309 ioctl c0306201 80000080 returned -14
[  443.426153][T11309] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  443.456786][ T5981] usb 6-1: device descriptor read/64, error -71
[  443.837175][ T5981] usb usb6-port1: attempt power cycle
[  444.176610][T10757] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  444.186783][ T5981] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  444.207533][ T5981] usb 6-1: device descriptor read/8, error -71
[  444.326763][T10757] usb 2-1: Using ep0 maxpacket: 16
[  444.334569][T10757] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  444.345626][T10757] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  444.358530][T10757] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  444.368083][T10757] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.391755][T10757] usb 2-1: config 0 descriptor??
[  444.418617][T10757] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  444.447239][ T5981] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  444.509919][ T5981] usb 6-1: device descriptor read/8, error -71
[  444.652229][ T5981] usb usb6-port1: unable to enumerate USB device
[  444.699428][T11327] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1487'.
[  444.704157][T11317] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  444.711116][T11327] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1487'.
[  444.790789][ T5981] usb 2-1: USB disconnect, device number 36
[  445.337340][ T5948] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  445.519598][ T5948] usb 3-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df
[  445.537270][ T5948] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.558446][ T5948] usb 3-1: config 0 descriptor??
[  445.595531][ T5948] gspca_main: benq-2.14.0 probing 04a5:3035
[  445.779375][T11353] block nbd0: Attempted send on invalid socket
[  445.836770][T11333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  445.853089][T11353] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  445.875904][   T30] audit: type=1400 audit(1758487642.614:559): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F04
[  445.922105][T11352] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1491'.
[  446.013841][T11333] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  448.077733][T10757] usb 3-1: USB disconnect, device number 28
[  448.489527][T11399] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1501'.
[  448.612365][T11403] fuse: Bad value for 'user_id'
[  448.675317][T11403] fuse: Bad value for 'user_id'
[  448.743752][T11400] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1504'.
[  448.897701][T11413] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1506'.
[  449.531015][T11420] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  449.946309][T11425] program syz.2.1510 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  450.876619][ T5918] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  450.890161][T11452] pimreg: entered allmulticast mode
[  451.075907][ T5918] usb 6-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df
[  451.085199][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.109349][ T5918] usb 6-1: config 0 descriptor??
[  451.140874][ T5918] gspca_main: benq-2.14.0 probing 04a5:3035
[  451.423829][T11446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  451.432352][   T30] audit: type=1400 audit(1758487648.204:560): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F04
[  451.435803][T11446] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  451.995685][T10757] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  452.167390][T10757] usb 3-1: too many configurations: 208, using maximum allowed: 8
[  452.340083][T11468] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  452.495901][T10757] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  452.510254][T10757] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.554093][T10757] usb 3-1: Product: syz
[  452.563676][T10757] usb 3-1: Manufacturer: syz
[  452.568736][T10757] usb 3-1: SerialNumber: syz
[  452.673350][T10757] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  452.965467][T10755] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  453.256943][T10757] usb 2-1: new full-speed USB device number 37 using dummy_hcd
[  453.419784][ T5981] usb 3-1: USB disconnect, device number 30
[  453.435433][T10757] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  453.455299][T10757] usb 2-1: config 0 has no interfaces?
[  453.540146][T10757] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  453.542650][ T5918] usb 6-1: USB disconnect, device number 37
[  453.578019][T10757] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.623467][T10757] usb 2-1: config 0 descriptor??
[  453.716606][T11486] binder: 11481:11486 ioctl 4018620d 0 returned -22
[  453.724814][T11486] binder: 11481:11486 ioctl c0306201 80000080 returned -14
[  453.757449][T11486] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  454.513669][T10755] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  454.546916][T10755] ath9k_htc: Failed to initialize the device
[  454.567123][ T5981] usb 3-1: ath9k_htc: USB layer deinitialized
[  454.594206][T11488] binder: 11484:11488 ioctl 4018620d 0 returned -22
[  454.606396][T11488] binder: 11484:11488 ioctl c0306201 80000080 returned -14
[  454.614599][T11477] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1524'.
[  455.447552][T11477] hsr_slave_1 (unregistering): left promiscuous mode
[  455.488076][T11488] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  455.585983][T10747] usb 2-1: USB disconnect, device number 37
[  455.849772][T11499] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1530'.
[  456.226110][T11510] FAULT_INJECTION: forcing a failure.
[  456.226110][T11510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  456.246552][T11512] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  456.265387][T11510] CPU: 1 UID: 0 PID: 11510 Comm: syz.1.1534 Not tainted syzkaller #0 PREEMPT(full) 
[  456.265412][T11510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  456.265423][T11510] Call Trace:
[  456.265431][T11510]  <TASK>
[  456.265438][T11510]  dump_stack_lvl+0x189/0x250
[  456.265463][T11510]  ? __pfx____ratelimit+0x10/0x10
[  456.265482][T11510]  ? __pfx_dump_stack_lvl+0x10/0x10
[  456.265502][T11510]  ? __pfx__printk+0x10/0x10
[  456.265524][T11510]  ? __might_fault+0xb0/0x130
[  456.265556][T11510]  should_fail_ex+0x414/0x560
[  456.265583][T11510]  _copy_from_user+0x2d/0xb0
[  456.265605][T11510]  get_compat_msghdr+0xad/0x4a0
[  456.265623][T11510]  ? __lock_acquire+0xab9/0xd20
[  456.265650][T11510]  ? __pfx_get_compat_msghdr+0x10/0x10
[  456.265671][T11510]  ? get_pid_task+0x20/0x1f0
[  456.265699][T11510]  ___sys_recvmsg+0x17f/0x510
[  456.265726][T11510]  ? __pfx____sys_recvmsg+0x10/0x10
[  456.265769][T11510]  ? __fget_files+0x3a0/0x420
[  456.265795][T11510]  __sys_recvmsg+0x161/0x220
[  456.265817][T11510]  ? __pfx___sys_recvmsg+0x10/0x10
[  456.265853][T11510]  ? lockdep_hardirqs_on+0x9c/0x150
[  456.265874][T11510]  __do_fast_syscall_32+0xb6/0x2b0
[  456.265894][T11510]  ? lockdep_hardirqs_on+0x9c/0x150
[  456.265916][T11510]  do_fast_syscall_32+0x34/0x80
[  456.265934][T11510]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  456.265954][T11510] RIP: 0023:0xf7ff3539
[  456.265969][T11510] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  456.265983][T11510] RSP: 002b:00000000f54f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000174
[  456.266002][T11510] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000400
[  456.266014][T11510] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  456.266023][T11510] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  456.266033][T11510] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  456.266043][T11510] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  456.266069][T11510]  </TASK>
[  457.477864][T11537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1541'.
[  457.487741][T11537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1541'.
[  457.498278][T11537] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1541'.
[  457.507650][T11537] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1541'.
[  457.600655][T11539] binder: 11538:11539 unknown command 0
[  457.606308][T11539] binder: 11538:11539 ioctl c0306201 80000080 returned -22
[  457.617428][ T5918] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  457.835013][T11544] binder: 11540:11544 ioctl 4018620d 0 returned -22
[  457.880513][T11544] binder: 11540:11544 ioctl c0306201 80000080 returned -14
[  457.890668][T11544] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  457.906164][ T5918] usb 4-1: Using ep0 maxpacket: 32
[  457.960966][ T5918] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  457.975053][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.045096][T11545] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1543'.
[  458.055420][ T5918] usb 4-1: config 0 descriptor??
[  458.266349][ T5918] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  458.283038][ T5918] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  458.313946][ T5918] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  458.331687][ T5918] usb 4-1: media controller created
[  458.404582][ T5918] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  459.397815][ T5918] stb0899_attach: Driver disabled by Kconfig
[  459.403877][ T5918] az6027: no front-end attached
[  459.403877][ T5918] 
[  459.413209][ T5918] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  459.434536][ T5918] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input17
[  459.463808][ T5918] dvb-usb: schedule remote query interval to 400 msecs.
[  459.477246][ T5918] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  459.512614][T11564] FAULT_INJECTION: forcing a failure.
[  459.512614][T11564] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  459.566955][T11564] CPU: 0 UID: 0 PID: 11564 Comm: syz.1.1551 Not tainted syzkaller #0 PREEMPT(full) 
[  459.566990][T11564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  459.567001][T11564] Call Trace:
[  459.567008][T11564]  <TASK>
[  459.567016][T11564]  dump_stack_lvl+0x189/0x250
[  459.567041][T11564]  ? __pfx____ratelimit+0x10/0x10
[  459.567060][T11564]  ? __pfx_dump_stack_lvl+0x10/0x10
[  459.567079][T11564]  ? __pfx__printk+0x10/0x10
[  459.567113][T11564]  should_fail_ex+0x414/0x560
[  459.567142][T11564]  _copy_to_user+0x31/0xb0
[  459.567165][T11564]  simple_read_from_buffer+0xe1/0x170
[  459.567194][T11564]  proc_fail_nth_read+0x1b3/0x220
[  459.567215][T11564]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  459.567236][T11564]  ? rw_verify_area+0x2a6/0x4d0
[  459.567255][T11564]  ? __lock_acquire+0xab9/0xd20
[  459.567275][T11564]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  459.567295][T11564]  vfs_read+0x200/0xa30
[  459.567314][T11564]  ? fdget_pos+0x247/0x320
[  459.567334][T11564]  ? __pfx___mutex_lock+0x10/0x10
[  459.567354][T11564]  ? __pfx_vfs_read+0x10/0x10
[  459.567376][T11564]  ? __fget_files+0x2a/0x420
[  459.567396][T11564]  ? __fget_files+0x3a0/0x420
[  459.567408][T11564]  ? __fget_files+0x2a/0x420
[  459.567429][T11564]  ksys_read+0x145/0x250
[  459.567452][T11564]  ? __pfx_ksys_read+0x10/0x10
[  459.567475][T11564]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.567492][T11564]  __do_fast_syscall_32+0xb6/0x2b0
[  459.567512][T11564]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.567532][T11564]  do_fast_syscall_32+0x34/0x80
[  459.567550][T11564]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  459.567570][T11564] RIP: 0023:0xf7ff3539
[  459.567583][T11564] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  459.567594][T11564] RSP: 002b:00000000f54f6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  459.567609][T11564] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f54f6620
[  459.567619][T11564] RDX: 000000000000000f RSI: 00000000f7484ff4 RDI: 0000000000000000
[  459.567626][T11564] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  459.567634][T11564] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  459.567642][T11564] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  459.567663][T11564]  </TASK>
[  459.804630][T10747] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  460.014630][T10747] usb 6-1: config 0 has an invalid descriptor of length 60, skipping remainder of the config
[  460.040542][T10747] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  460.082613][T10747] usb 6-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00
[  460.111031][T10747] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.135305][T10747] usb 6-1: config 0 descriptor??
[  460.150036][T10747] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  460.158998][T11569] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1552'.
[  460.824760][T10747] usb 4-1: USB disconnect, device number 44
[  460.939921][T10747] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  461.159482][T10757] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  461.316602][T10757] usb 2-1: Using ep0 maxpacket: 32
[  461.323620][T10757] usb 2-1: config 0 has an invalid interface number: 86 but max is 0
[  461.336760][T10757] usb 2-1: config 0 has no interface number 0
[  461.343203][T10757] usb 2-1: config 0 interface 86 altsetting 2 endpoint 0x9 has an invalid bInterval 0, changing to 7
[  461.375535][T10757] usb 2-1: config 0 interface 86 altsetting 2 endpoint 0x9 has invalid wMaxPacketSize 0
[  461.386705][T10757] usb 2-1: config 0 interface 86 has no altsetting 0
[  461.421499][T10757] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=33.7a
[  461.466799][T10757] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.475820][T10757] usb 2-1: Product: syz
[  461.483750][T10757] usb 2-1: Manufacturer: syz
[  461.491006][T10757] usb 2-1: SerialNumber: syz
[  461.511472][T10757] usb 2-1: config 0 descriptor??
[  461.699411][T11594] FAULT_INJECTION: forcing a failure.
[  461.699411][T11594] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  461.736153][T11594] CPU: 0 UID: 0 PID: 11594 Comm: syz.3.1558 Not tainted syzkaller #0 PREEMPT(full) 
[  461.736178][T11594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  461.736188][T11594] Call Trace:
[  461.736194][T11594]  <TASK>
[  461.736202][T11594]  dump_stack_lvl+0x189/0x250
[  461.736227][T11594]  ? __pfx____ratelimit+0x10/0x10
[  461.736244][T11594]  ? __pfx_dump_stack_lvl+0x10/0x10
[  461.736262][T11594]  ? __pfx__printk+0x10/0x10
[  461.736295][T11594]  should_fail_ex+0x414/0x560
[  461.736324][T11594]  _copy_to_user+0x31/0xb0
[  461.736347][T11594]  simple_read_from_buffer+0xe1/0x170
[  461.736375][T11594]  proc_fail_nth_read+0x1b3/0x220
[  461.736398][T11594]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  461.736421][T11594]  ? rw_verify_area+0x2a6/0x4d0
[  461.736443][T11594]  ? __lock_acquire+0xab9/0xd20
[  461.736461][T11594]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  461.736479][T11594]  vfs_read+0x200/0xa30
[  461.736497][T11594]  ? fdget_pos+0x247/0x320
[  461.736515][T11594]  ? __pfx___mutex_lock+0x10/0x10
[  461.736533][T11594]  ? __pfx_vfs_read+0x10/0x10
[  461.736554][T11594]  ? __fget_files+0x2a/0x420
[  461.736572][T11594]  ? __fget_files+0x3a0/0x420
[  461.736585][T11594]  ? __fget_files+0x2a/0x420
[  461.736610][T11594]  ksys_read+0x145/0x250
[  461.736634][T11594]  ? __pfx_ksys_read+0x10/0x10
[  461.736659][T11594]  ? lockdep_hardirqs_on+0x9c/0x150
[  461.736681][T11594]  __do_fast_syscall_32+0xb6/0x2b0
[  461.736701][T11594]  ? lockdep_hardirqs_on+0x9c/0x150
[  461.736723][T11594]  do_fast_syscall_32+0x34/0x80
[  461.736743][T11594]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  461.736764][T11594] RIP: 0023:0xf705e539
[  461.736779][T11594] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  461.736794][T11594] RSP: 002b:00000000f544e590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  461.736814][T11594] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f544e620
[  461.736825][T11594] RDX: 000000000000000f RSI: 00000000f73e4ff4 RDI: 0000000000000000
[  461.736836][T11594] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  461.736846][T11594] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  461.736857][T11594] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  461.736890][T11594]  </TASK>
[  462.037004][T10747] usb 2-1: USB disconnect, device number 38
[  462.416739][ T5981] usb 4-1: new full-speed USB device number 45 using dummy_hcd
[  462.518558][ T5947] usb 6-1: USB disconnect, device number 38
[  462.548187][T11606] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1563'.
[  462.572225][T11604] binder: 11599:11604 ioctl 4018620d 0 returned -22
[  462.580907][T11604] binder: 11599:11604 ioctl c0306201 80000080 returned -14
[  462.591037][T11604] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  462.640348][T11606] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  462.650235][ T5981] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  462.660678][ T5981] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  463.094344][ T5981] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  463.130992][ T5981] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.131039][T11611] FAULT_INJECTION: forcing a failure.
[  463.131039][T11611] name failslab, interval 1, probability 0, space 0, times 0
[  463.152090][T11611] CPU: 1 UID: 0 PID: 11611 Comm: syz.1.1564 Not tainted syzkaller #0 PREEMPT(full) 
[  463.152113][T11611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  463.152125][T11611] Call Trace:
[  463.152132][T11611]  <TASK>
[  463.152139][T11611]  dump_stack_lvl+0x189/0x250
[  463.152162][T11611]  ? __pfx____ratelimit+0x10/0x10
[  463.152173][T11611]  ? __pfx_dump_stack_lvl+0x10/0x10
[  463.152185][T11611]  ? __pfx__printk+0x10/0x10
[  463.152201][T11611]  ? __pfx___might_resched+0x10/0x10
[  463.152211][T11611]  ? fs_reclaim_acquire+0x7d/0x100
[  463.152222][T11611]  should_fail_ex+0x414/0x560
[  463.152240][T11611]  should_failslab+0xa8/0x100
[  463.152256][T11611]  __kmalloc_noprof+0xcb/0x4f0
[  463.152268][T11611]  ? kfree+0x4d/0x440
[  463.152278][T11611]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  463.152292][T11611]  tomoyo_realpath_from_path+0xe3/0x5d0
[  463.152303][T11611]  ? tomoyo_domain+0xd9/0x130
[  463.152316][T11611]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  463.152330][T11611]  tomoyo_path_number_perm+0x1e8/0x5a0
[  463.152346][T11611]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  463.152369][T11611]  ? __lock_acquire+0xab9/0xd20
[  463.152393][T11611]  ? __fget_files+0x2a/0x420
[  463.152405][T11611]  ? __fget_files+0x3a0/0x420
[  463.152413][T11611]  ? __fget_files+0x2a/0x420
[  463.152423][T11611]  security_file_ioctl_compat+0xcb/0x2d0
[  463.152438][T11611]  __ia32_compat_sys_ioctl+0x128/0x840
[  463.152452][T11611]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  463.152484][T11611]  ? __fget_files+0x3a0/0x420
[  463.152496][T11611]  ? fput+0xa0/0xd0
[  463.152507][T11611]  ? ksys_write+0x22a/0x250
[  463.152525][T11611]  ? lockdep_hardirqs_on+0x9c/0x150
[  463.152537][T11611]  __do_fast_syscall_32+0xb6/0x2b0
[  463.152549][T11611]  ? lockdep_hardirqs_on+0x9c/0x150
[  463.152561][T11611]  do_fast_syscall_32+0x34/0x80
[  463.152572][T11611]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  463.152584][T11611] RIP: 0023:0xf7ff3539
[  463.152594][T11611] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  463.152603][T11611] RSP: 002b:00000000f54f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  463.152614][T11611] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004028700f
[  463.152621][T11611] RDX: 0000000080000240 RSI: 0000000000000000 RDI: 0000000000000000
[  463.152626][T11611] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  463.152632][T11611] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  463.152637][T11611] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  463.152651][T11611]  </TASK>
[  463.152657][T11611] ERROR: Out of memory at tomoyo_realpath_from_path.
[  463.207926][ T5981] usb 4-1: config 0 descriptor??
[  463.458129][T11610] rtc_cmos 00:00: Alarms can be up to one day in the future
[  463.494169][ T5981] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  463.501076][ T5981] dvb-usb: bulk message failed: -22 (3/0)
[  463.510065][ T5981] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  463.519426][ T5981] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  463.532223][ T5981] usb 4-1: media controller created
[  463.540907][ T5981] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  463.584802][ T5981] dvb-usb: bulk message failed: -22 (6/0)
[  463.616861][ T5981] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  463.666359][ T5981] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input18
[  463.696065][T11598] binder: BINDER_SET_CONTEXT_MGR already set
[  463.705579][T11598] binder: 11597:11598 ioctl 4018620d 80000040 returned -16
[  463.753226][ T5981] dvb-usb: schedule remote query interval to 150 msecs.
[  463.776840][ T5981] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  463.900314][T11617] loop3: detected capacity change from 0 to 1
[  463.937044][ T5981] dvb-usb: bulk message failed: -22 (1/0)
[  463.951086][T11617] Dev loop3: unable to read RDB block 1
[  463.961006][ T5981] dvb-usb: error while querying for an remote control event.
[  463.988983][T11617]  loop3: unable to read partition table
[  463.995534][T11617] loop3: partition table beyond EOD, truncated
[  464.006064][T11617] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[  464.028568][T11598] syz.3.1559 (11598): drop_caches: 2
[  464.032248][T11616] rtc_cmos 00:00: Alarms can be up to one day in the future
[  464.099584][ T5947] rtc_cmos 00:00: Alarms can be up to one day in the future
[  464.107630][ T5947] rtc_cmos 00:00: Alarms can be up to one day in the future
[  464.115158][ T5947] rtc_cmos 00:00: Alarms can be up to one day in the future
[  464.151518][ T5981] dvb-usb: bulk message failed: -22 (1/0)
[  464.165856][ T5947] rtc_cmos 00:00: Alarms can be up to one day in the future
[  464.171273][ T5981] dvb-usb: error while querying for an remote control event.
[  464.199161][ T5947] rtc rtc0: __rtc_set_alarm: err=-22
[  464.248133][T11631] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  464.305839][T11598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  464.327004][T11598] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.366583][ T5981] dvb-usb: bulk message failed: -22 (1/0)
[  464.372383][ T5981] dvb-usb: error while querying for an remote control event.
[  464.492260][ T5947] usb 4-1: USB disconnect, device number 45
[  464.544038][ T5947] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  465.389742][T11656] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1576'.
[  465.574441][T11661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.620400][T11661] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.807160][T11669] binder: 11664:11669 ioctl 4018620d 0 returned -22
[  465.827095][T11671] netlink: 'syz.2.1581': attribute type 10 has an invalid length.
[  465.837173][T11669] binder: 11664:11669 ioctl c0306201 80000080 returned -14
[  465.847062][T11669] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  466.174824][T11671] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1581'.
[  466.228038][T11671] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  466.310887][T11674] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  466.606643][T10747] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  466.769983][T10747] usb 3-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  466.787458][T10747] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  466.795698][T10747] usb 3-1: Manufacturer: syz
[  466.811761][T10747] usb 3-1: config 0 descriptor??
[  466.819691][T11688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1585'.
[  466.837054][T11688] netlink: 'syz.0.1585': attribute type 18 has an invalid length.
[  466.873829][T11688] vxlan0: entered promiscuous mode
[  466.999715][   T36] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  467.026932][   T36] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  467.072612][   T36] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  467.090648][   T36] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  467.118096][T10747] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  467.126964][T10747] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  467.144622][T10747] usb 3-1: USB disconnect, device number 31
[  467.936410][T11706] kvm: emulating exchange as write
[  468.444255][T11711] FAULT_INJECTION: forcing a failure.
[  468.444255][T11711] name failslab, interval 1, probability 0, space 0, times 0
[  468.516603][T11711] CPU: 1 UID: 0 PID: 11711 Comm: syz.0.1590 Not tainted syzkaller #0 PREEMPT(full) 
[  468.516633][T11711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  468.516644][T11711] Call Trace:
[  468.516651][T11711]  <TASK>
[  468.516658][T11711]  dump_stack_lvl+0x189/0x250
[  468.516676][T11711]  ? __pfx____ratelimit+0x10/0x10
[  468.516688][T11711]  ? __pfx_dump_stack_lvl+0x10/0x10
[  468.516700][T11711]  ? __pfx__printk+0x10/0x10
[  468.516714][T11711]  ? __lock_acquire+0xab9/0xd20
[  468.516734][T11711]  should_fail_ex+0x414/0x560
[  468.516752][T11711]  should_failslab+0xa8/0x100
[  468.516768][T11711]  kmem_cache_alloc_noprof+0x73/0x3c0
[  468.516781][T11711]  ? skb_clone+0x212/0x3a0
[  468.516797][T11711]  skb_clone+0x212/0x3a0
[  468.516811][T11711]  __netlink_deliver_tap+0x404/0x850
[  468.516828][T11711]  ? netlink_deliver_tap+0x2e/0x1b0
[  468.516839][T11711]  netlink_deliver_tap+0x19c/0x1b0
[  468.516850][T11711]  netlink_unicast+0x7fa/0x9e0
[  468.516870][T11711]  ? __pfx_netlink_unicast+0x10/0x10
[  468.516885][T11711]  ? netlink_sendmsg+0x642/0xb30
[  468.516895][T11711]  ? skb_put+0x11b/0x210
[  468.516908][T11711]  netlink_sendmsg+0x805/0xb30
[  468.516923][T11711]  ? __pfx_netlink_sendmsg+0x10/0x10
[  468.516935][T11711]  ? __import_iovec+0x5d4/0x7f0
[  468.516946][T11711]  ? aa_sock_msg_perm+0xf1/0x1d0
[  468.516958][T11711]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  468.516969][T11711]  ? __pfx_netlink_sendmsg+0x10/0x10
[  468.516979][T11711]  __sock_sendmsg+0x21c/0x270
[  468.516996][T11711]  ____sys_sendmsg+0x505/0x830
[  468.517011][T11711]  ? __pfx_____sys_sendmsg+0x10/0x10
[  468.517032][T11711]  ___sys_sendmsg+0x21f/0x2a0
[  468.517045][T11711]  ? __pfx____sys_sendmsg+0x10/0x10
[  468.517076][T11711]  ? __fget_files+0x2a/0x420
[  468.517084][T11711]  ? __fget_files+0x3a0/0x420
[  468.517098][T11711]  __sys_sendmsg+0x164/0x220
[  468.517111][T11711]  ? __pfx___sys_sendmsg+0x10/0x10
[  468.517139][T11711]  ? lockdep_hardirqs_on+0x9c/0x150
[  468.517151][T11711]  __do_fast_syscall_32+0xb6/0x2b0
[  468.517163][T11711]  ? lockdep_hardirqs_on+0x9c/0x150
[  468.517175][T11711]  do_fast_syscall_32+0x34/0x80
[  468.517186][T11711]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  468.517198][T11711] RIP: 0023:0xf7ff1539
[  468.517207][T11711] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  468.517216][T11711] RSP: 002b:00000000f54f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  468.517227][T11711] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  468.517234][T11711] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  468.517240][T11711] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  468.517245][T11711] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  468.517251][T11711] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  468.517265][T11711]  </TASK>
[  469.262919][T11715] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  470.196539][T10755] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  470.358799][T10755] usb 2-1: device descriptor read/64, error -71
[  471.222724][T10755] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  471.303237][T11746] binder: 11743:11746 ioctl 4018620d 0 returned -22
[  471.367856][T11746] binder: 11743:11746 ioctl c0306201 80000080 returned -14
[  471.409659][T11746] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  471.646574][T10755] usb 2-1: device descriptor read/64, error -71
[  471.828954][T10755] usb usb2-port1: attempt power cycle
[  472.226904][T10755] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  472.307318][T10755] usb 2-1: device descriptor read/8, error -71
[  472.571235][T10755] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  472.628860][T10755] usb 2-1: device descriptor read/8, error -71
[  472.772758][T10755] usb usb2-port1: unable to enumerate USB device
[  473.386636][T10747] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  473.569997][T10747] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  473.587870][T10747] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.695273][ T5948] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  473.726547][T10747] usb 2-1: Product: syz
[  473.730938][T10747] usb 2-1: Manufacturer: syz
[  473.739985][T10747] usb 2-1: SerialNumber: syz
[  473.749430][T10747] usb 2-1: config 0 descriptor??
[  473.805353][T10747] gspca_main: sunplus-2.14.0 probing 055f:c230
[  473.870936][T11762] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  473.888250][ T5948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  473.918253][ T5948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  473.947001][ T5948] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  473.965466][ T5948] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  473.975424][ T5948] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.031498][T11769] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  474.038887][T10747] gspca_sunplus: reg_r err -71
[  474.044316][T10747] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  474.059163][ T5948] usb 4-1: config 0 descriptor??
[  474.094462][T10747] usb 2-1: USB disconnect, device number 43
[  474.455897][T10747] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  474.626989][T10747] usb 2-1: Using ep0 maxpacket: 8
[  474.635066][T10747] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  474.643917][T10747] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  474.663908][T10747] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  474.682951][T10747] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  474.814060][T10747] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  474.934356][T10755] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  474.934393][T10747] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  475.104594][T10747] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.117471][T10757] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  475.134730][T10755] usb 6-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df
[  475.146576][T10755] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.198094][T10755] usb 6-1: config 0 descriptor??
[  475.218915][T10755] gspca_main: benq-2.14.0 probing 04a5:3035
[  475.323982][T10757] usb 3-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df
[  475.336130][T10757] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.350831][T10757] usb 3-1: config 0 descriptor??
[  475.369490][T10757] gspca_main: benq-2.14.0 probing 04a5:3035
[  475.375469][T10757] videodev: could not get a free minor
[  475.387988][T10757] gspca_main: video_register_device err -23
[  475.394166][T10757] benq 3-1:0.0: probe with driver benq failed with error -23
[  475.456612][T11777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  475.465463][   T30] audit: type=1400 audit(1758487672.244:561): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F04
[  475.468615][T11777] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  475.701635][   T30] audit: type=1400 audit(1758487672.504:562): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F04
[  475.737146][T11785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  475.914450][T11785] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  476.098939][T10757] usb 2-1: USB disconnect, device number 44
[  476.398247][ T5948] usbhid 4-1:0.0: can't add hid device: -71
[  476.407948][ T5948] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  476.500536][ T5948] usb 4-1: USB disconnect, device number 46
[  477.126785][T10747] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  477.447321][T10757] usb 3-1: USB disconnect, device number 32
[  477.526579][T10747] usb 2-1: Using ep0 maxpacket: 32
[  477.533549][T10747] usb 2-1: config 0 has an invalid interface number: 54 but max is 0
[  477.549532][T11804] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  477.564500][T10747] usb 2-1: config 0 has no interface number 0
[  477.804000][T10747] usb 2-1: config 0 interface 54 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  477.815117][T10747] usb 2-1: config 0 interface 54 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  477.828030][T10747] usb 2-1: config 0 interface 54 has no altsetting 0
[  477.839807][T10747] usb 2-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=46.42
[  477.874437][T10747] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.901934][T10747] usb 2-1: Product: syz
[  477.913002][T10747] usb 2-1: Manufacturer: syz
[  477.926555][T10747] usb 2-1: SerialNumber: syz
[  477.948924][T10747] usb 2-1: config 0 descriptor??
[  477.998719][T11798] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  478.006125][T11798] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  478.182136][T11815] binder: 11812:11815 ioctl 4018620d 0 returned -22
[  478.193816][T11815] binder: 11812:11815 ioctl c0306201 80000080 returned -14
[  478.207344][T11815] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  478.233932][T11798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  478.252952][T11798] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  478.828091][T10747] ums_eneub6250 2-1:0.54: USB Mass Storage device detected
[  478.872218][T10747] scsi host1: usb-storage 2-1:0.54
[  478.948662][T10757] usb 6-1: USB disconnect, device number 39
[  479.139400][T10747] ums_eneub6250 2-1:0.54: probe with driver ums_eneub6250 failed with error 3
[  479.190134][T10747] usb 2-1: USB disconnect, device number 45
[  479.376975][T10757] usb 6-1: new low-speed USB device number 40 using dummy_hcd
[  479.548733][T10757] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0x81 has invalid maxpacket 64, setting to 8
[  479.576642][T10757] usb 6-1: config 1 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  479.608292][T10757] usb 6-1: config 1 interface 0 has no altsetting 0
[  479.623986][T10757] usb 6-1: string descriptor 0 read error: -22
[  479.631330][T10757] usb 6-1: New USB device found, idVendor=05ac, idProduct=025a, bcdDevice= 0.40
[  479.645069][T10757] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.664838][T11822] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  479.685872][T10757] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input19
[  479.695319][T10755] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  479.846529][T10755] usb 4-1: Using ep0 maxpacket: 8
[  479.853382][T10755] usb 4-1: config 93 has an invalid interface number: 31 but max is 0
[  479.862428][T10755] usb 4-1: config 93 has an invalid descriptor of length 0, skipping remainder of the config
[  479.876550][T10755] usb 4-1: config 93 has no interface number 0
[  479.886410][T11822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  479.897207][T11822] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  479.908002][ T5219] bcm5974 6-1:1.0: could not read from device
[  479.909725][T10755] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  479.925817][ T5219] bcm5974 6-1:1.0: could not read from device
[  479.937380][ T5219] bcm5974 6-1:1.0: could not read from device
[  479.944075][T10755] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.957187][T10757] usb 6-1: USB disconnect, device number 40
[  479.960283][ T5219] bcm5974 6-1:1.0: could not read from device
[  479.970216][T10560] bcm5974 6-1:1.0: could not read from device
[  479.971323][T10755] usb 4-1: Product: syz
[  479.980899][T10755] usb 4-1: Manufacturer: syz
[  479.993188][T10755] usb 4-1: SerialNumber: syz
[  480.000135][T10560] udevd[10560]: Error opening device "/dev/input/event4": No such device
[  480.006291][T10755] usb 4-1: Found UVC 0.00 device syz (046d:08c3)
[  480.010556][T10560] udevd[10560]: Unable to EVIOCGABS device "/dev/input/event4"
[  480.028429][T10755] usb 4-1: No valid video chain found.
[  480.046642][T10560] udevd[10560]: Unable to EVIOCGABS device "/dev/input/event4"
[  480.054532][T10560] udevd[10560]: Unable to EVIOCGABS device "/dev/input/event4"
[  480.062752][T10560] udevd[10560]: Unable to EVIOCGABS device "/dev/input/event4"
[  480.262589][ T5918] usb 4-1: USB disconnect, device number 47
[  480.468322][T10747] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  480.506278][T11857] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  480.632439][T11860] input: syz1 as /devices/virtual/input/input20
[  480.655006][T10747] usb 3-1: Using ep0 maxpacket: 8
[  480.692266][T10747] usb 3-1: config 11 has an invalid interface number: 95 but max is 0
[  480.703305][T10747] usb 3-1: config 11 has no interface number 0
[  480.710196][T10747] usb 3-1: config 11 interface 95 altsetting 64 endpoint 0x82 has invalid wMaxPacketSize 0
[  480.720613][T10747] usb 3-1: config 11 interface 95 has no altsetting 0
[  480.886881][T10747] usb 3-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  480.932769][T10747] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.975059][T10747] usb 3-1: Product: syz
[  480.979415][T10747] usb 3-1: Manufacturer: syz
[  480.985551][T10747] usb 3-1: SerialNumber: syz
[  481.114727][T11869] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.1633'.
[  482.299335][T11876] batadv_slave_0: entered promiscuous mode
[  482.474066][T11884] binder: 11879:11884 ioctl 4018620d 0 returned -22
[  482.551022][T11884] binder: 11879:11884 ioctl c0306201 80000080 returned -14
[  482.573078][T11884] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  483.367523][T11876] batadv_slave_0: left promiscuous mode
[  483.734629][T10747] usbtouchscreen 3-1:11.95: probe with driver usbtouchscreen failed with error -8
[  483.835596][T10747] usb 3-1: USB disconnect, device number 33
[  483.954718][T11888] 8021q: adding VLAN 0 to HW filter on device bond0
[  483.976204][T11888] 8021q: adding VLAN 0 to HW filter on device team0
[  484.072989][T11888] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  484.861441][T11915] fuse: Unknown parameter 'Òo™P›³{o9<a9%ã¿W–f.üƒ‹¾HX§9ÿ'
[  485.674965][T11919] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  486.908734][T11948] binder: 11941:11948 ioctl 4018620d 0 returned -22
[  486.918024][T11948] binder: 11941:11948 ioctl c0306201 80000080 returned -14
[  486.962932][T11948] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  487.349340][T11964] binder: 11959:11964 ioctl 4018620d 0 returned -22
[  487.358467][T11964] binder: 11959:11964 ioctl c0306201 80000080 returned -14
[  487.370222][T11964] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  489.164470][T11984] 8021q: VLANs not supported on vxcan1
[  489.345507][T11989] 
: renamed from bond_slave_0
[  489.398689][T11993] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  489.667469][T12003] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1672'.
[  489.678608][T12004] netlink: 'syz.1.1671': attribute type 10 has an invalid length.
[  489.803719][T12004] syz_tun: entered promiscuous mode
[  489.836058][T12004] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  490.037620][T12013] netlink: 'syz.1.1675': attribute type 1 has an invalid length.
[  490.082161][T12013] 8021q: adding VLAN 0 to HW filter on device bond2
[  490.109442][T12017] bond2: (slave veth3): Enslaving as an active interface with a down link
[  490.147677][T12013] bond2: (slave dummy0): making interface the new active one
[  490.156967][T10757] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  490.166288][T12013] dummy0: entered promiscuous mode
[  490.172056][T12013] bond2: (slave dummy0): Enslaving as an active interface with an up link
[  490.181429][T12017] netlink: 'syz.1.1675': attribute type 10 has an invalid length.
[  490.190311][T12017] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1675'.
[  490.212759][T12017] bond2: (slave dummy0): Releasing active interface
[  490.318385][T10757] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  490.340065][T10757] usb 6-1: config 0 has no interfaces?
[  490.355679][T10757] usb 6-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  490.369816][T10757] usb 6-1: New USB device strings: Mfr=14, Product=0, SerialNumber=0
[  490.389185][T10757] usb 6-1: Manufacturer: syz
[  490.416710][T10757] usb 6-1: config 0 descriptor??
[  490.497673][   T30] audit: type=1326 audit(1758487687.304:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12002 comm="syz.2.1672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e539 code=0x7fc00000
[  490.519679][    C1] vkms_vblank_simulate: vblank timer overrun
[  490.543736][T12023] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  490.572661][   T30] audit: type=1326 audit(1758487687.324:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12002 comm="syz.2.1672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf710e539 code=0x7fc00000
[  490.631558][T12011] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  490.676498][   T30] audit: type=1326 audit(1758487687.324:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12002 comm="syz.2.1672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e539 code=0x7fc00000
[  490.706662][    C0] IPv4: Oversized IP packet from 127.0.0.1
[  490.774446][ T5948] usb 6-1: USB disconnect, device number 41
[  490.830947][   T30] audit: type=1326 audit(1758487687.324:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12002 comm="syz.2.1672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e539 code=0x7fc00000
[  490.853011][    C1] vkms_vblank_simulate: vblank timer overrun
[  490.891177][   T30] audit: type=1326 audit(1758487687.324:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12002 comm="syz.2.1672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e539 code=0x7fc00000
[  490.947780][   T30] audit: type=1326 audit(1758487687.324:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12002 comm="syz.2.1672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e539 code=0x7fc00000
[  491.074490][   T30] audit: type=1326 audit(1758487687.334:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12002 comm="syz.2.1672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e539 code=0x7fc00000
[  491.101939][   T30] audit: type=1326 audit(1758487687.334:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12002 comm="syz.2.1672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e539 code=0x7fc00000
[  491.132814][   T30] audit: type=1326 audit(1758487687.334:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12002 comm="syz.2.1672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e539 code=0x7fc00000
[  491.165417][   T30] audit: type=1326 audit(1758487687.334:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12002 comm="syz.2.1672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e539 code=0x7fc00000
[  491.187544][    C1] vkms_vblank_simulate: vblank timer overrun
[  491.253740][T12040] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1684'.
[  491.466840][T12040] bond0: (slave bond_slave_0): Releasing backup interface
[  491.490493][T12040] bond0: (slave bond_slave_1): Releasing backup interface
[  491.502976][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057dc3800: rx timeout, send abort
[  491.562321][T12041] netlink: 'syz.0.1684': attribute type 10 has an invalid length.
[  491.605485][T12040] team0: Port device team_slave_0 removed
[  491.635843][T12047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1684'.
[  491.663846][T12040] team0: Port device team_slave_1 removed
[  491.710228][T12040] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  491.742250][T12040] batman_adv: batadv0: Removing interface: batadv_slave_0
[  491.754039][T12040] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  491.771622][T12040] batman_adv: batadv0: Removing interface: batadv_slave_1
[  491.865897][T12041] 8021q: adding VLAN 0 to HW filter on device bond0
[  491.904879][T12041] team0: Port device bond0 added
[  492.003093][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057dc1400: rx timeout, send abort
[  492.012416][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057dc3800: abort rx timeout. Force session deactivation
[  492.456335][T12047] team0 (unregistering): Port device bond0 removed
[  492.511418][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057dc1400: abort rx timeout. Force session deactivation
[  492.545701][T12061] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  492.593683][T12071] bridge0: port 2(bridge_slave_1) entered blocking state
[  492.600945][T12071] bridge0: port 2(bridge_slave_1) entered forwarding state
[  492.608610][T12071] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.615773][T12071] bridge0: port 1(bridge_slave_0) entered forwarding state
[  492.700655][T12071] 8021q: adding VLAN 0 to HW filter on device team0
[  492.769903][T12076] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.1692'.
[  492.783306][T12071] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  494.110330][T12097] FAULT_INJECTION: forcing a failure.
[  494.110330][T12097] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  494.132498][T12097] CPU: 0 UID: 0 PID: 12097 Comm: syz.3.1700 Not tainted syzkaller #0 PREEMPT(full) 
[  494.132515][T12097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  494.132521][T12097] Call Trace:
[  494.132526][T12097]  <TASK>
[  494.132532][T12097]  dump_stack_lvl+0x189/0x250
[  494.132549][T12097]  ? __pfx____ratelimit+0x10/0x10
[  494.132560][T12097]  ? __pfx_dump_stack_lvl+0x10/0x10
[  494.132572][T12097]  ? __pfx__printk+0x10/0x10
[  494.132592][T12097]  should_fail_ex+0x414/0x560
[  494.132610][T12097]  _copy_to_user+0x31/0xb0
[  494.132625][T12097]  simple_read_from_buffer+0xe1/0x170
[  494.132642][T12097]  proc_fail_nth_read+0x1b3/0x220
[  494.132656][T12097]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  494.132675][T12097]  ? rw_verify_area+0x2a6/0x4d0
[  494.132687][T12097]  ? __lock_acquire+0xab9/0xd20
[  494.132701][T12097]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  494.132713][T12097]  vfs_read+0x200/0xa30
[  494.132725][T12097]  ? fdget_pos+0x247/0x320
[  494.132736][T12097]  ? __pfx___mutex_lock+0x10/0x10
[  494.132748][T12097]  ? __pfx_vfs_read+0x10/0x10
[  494.132761][T12097]  ? __fget_files+0x2a/0x420
[  494.132771][T12097]  ? __fget_files+0x3a0/0x420
[  494.132779][T12097]  ? __fget_files+0x2a/0x420
[  494.132792][T12097]  ksys_read+0x145/0x250
[  494.132806][T12097]  ? __pfx_ksys_read+0x10/0x10
[  494.132820][T12097]  ? lockdep_hardirqs_on+0x9c/0x150
[  494.132832][T12097]  __do_fast_syscall_32+0xb6/0x2b0
[  494.132844][T12097]  ? lockdep_hardirqs_on+0x9c/0x150
[  494.132855][T12097]  do_fast_syscall_32+0x34/0x80
[  494.132866][T12097]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  494.132878][T12097] RIP: 0023:0xf705e539
[  494.132887][T12097] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  494.132895][T12097] RSP: 002b:00000000f544e590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  494.132906][T12097] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f544e620
[  494.132913][T12097] RDX: 000000000000000f RSI: 00000000f73e4ff4 RDI: 0000000000000000
[  494.132919][T12097] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  494.132924][T12097] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  494.132930][T12097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  494.132944][T12097]  </TASK>
[  494.438860][T12098] input: syz1 as /devices/virtual/input/input23
[  495.257112][T12119] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1705'.
[  495.756646][T10757] usb 4-1: new full-speed USB device number 48 using dummy_hcd
[  495.873670][T12132] tipc: Enabled bearer <udp:syz2>, priority 10
[  495.895116][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  495.928401][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  495.934698][T10757] usb 4-1: config index 0 descriptor too short (expected 38, got 36)
[  495.961136][T10757] usb 4-1: config 0 has an invalid interface number: 5 but max is 0
[  495.987953][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  495.996016][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  495.996284][T10757] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  496.004723][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.028371][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.040670][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.049897][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.051005][T10757] usb 4-1: config 0 has no interface number 0
[  496.058293][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.073849][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.087369][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.098349][T10757] usb 4-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[  496.101679][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.107842][T10757] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  496.117858][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.135761][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.144253][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.154986][T10757] usb 4-1: config 0 descriptor??
[  496.155940][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.176746][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.184950][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.251105][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.276552][T10755] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  496.276610][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.312103][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.336564][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.352983][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.384994][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.440313][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.451203][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.457082][T10755] usb 3-1: Using ep0 maxpacket: 32
[  496.459657][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.468231][T10755] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  496.487553][T10755] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  496.501813][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.526939][T10755] usb 3-1: config 0 descriptor??
[  496.546841][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.565721][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.586302][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.605825][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.620543][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.629375][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.638979][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.689321][T12132] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  496.752666][T12137] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  496.778964][T12135] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  496.789306][T12135] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  496.836665][T10755] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  496.857886][T10755] usb 3-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  496.872418][T10755] usb 3-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  496.985168][T12144] netlink: 'syz.0.1713': attribute type 10 has an invalid length.
[  496.993994][T12144] syz_tun: entered promiscuous mode
[  497.000792][T12144] FAULT_INJECTION: forcing a failure.
[  497.000792][T12144] name failslab, interval 1, probability 0, space 0, times 0
[  497.013879][T12144] CPU: 0 UID: 0 PID: 12144 Comm: syz.0.1713 Not tainted syzkaller #0 PREEMPT(full) 
[  497.013903][T12144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  497.013913][T12144] Call Trace:
[  497.013920][T12144]  <TASK>
[  497.013927][T12144]  dump_stack_lvl+0x189/0x250
[  497.013952][T12144]  ? __pfx____ratelimit+0x10/0x10
[  497.013971][T12144]  ? __pfx_dump_stack_lvl+0x10/0x10
[  497.013990][T12144]  ? __pfx__printk+0x10/0x10
[  497.014024][T12144]  should_fail_ex+0x414/0x560
[  497.014053][T12144]  should_failslab+0xa8/0x100
[  497.014076][T12144]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  497.014099][T12144]  ? __alloc_skb+0x112/0x2d0
[  497.014122][T12144]  __alloc_skb+0x112/0x2d0
[  497.014139][T12144]  ? __neigh_notify+0x29/0x310
[  497.014159][T12144]  __neigh_notify+0x15c/0x310
[  497.014181][T12144]  neigh_cleanup_and_release+0xb0/0x290
[  497.014206][T12144]  __neigh_ifdown+0x1e8/0x8b0
[  497.014237][T12144]  ? __pfx___neigh_ifdown+0x10/0x10
[  497.014263][T12144]  ? rt_cache_flush+0x1e/0x30
[  497.014282][T12144]  ? fib_disable_ip+0x149/0x170
[  497.014306][T12144]  neigh_ifdown+0x1f/0x30
[  497.014327][T12144]  fib_netdev_event+0x318/0x490
[  497.014353][T12144]  notifier_call_chain+0x1b3/0x3e0
[  497.014379][T12144]  __dev_notify_flags+0x18d/0x2e0
[  497.014402][T12144]  ? __pfx___dev_notify_flags+0x10/0x10
[  497.014419][T12144]  ? __dev_change_flags+0x4cc/0x6d0
[  497.014444][T12144]  ? __pfx___dev_change_flags+0x10/0x10
[  497.014464][T12144]  ? __pfx_console_unlock+0x10/0x10
[  497.014482][T12144]  ? irq_work_queue+0xbc/0x140
[  497.014502][T12144]  netif_change_flags+0xe8/0x1a0
[  497.014523][T12144]  do_setlink+0xc55/0x41c0
[  497.014555][T12144]  ? __pfx_do_setlink+0x10/0x10
[  497.014573][T12144]  ? _printk+0xcf/0x120
[  497.014591][T12144]  ? __pfx____ratelimit+0x10/0x10
[  497.014612][T12144]  ? __lock_acquire+0xab9/0xd20
[  497.014649][T12144]  ? __mutex_trylock_common+0x153/0x260
[  497.014666][T12144]  ? __pfx___mutex_trylock_common+0x10/0x10
[  497.014686][T12144]  ? rcu_is_watching+0x15/0xb0
[  497.014704][T12144]  ? trace_contention_end+0x39/0x120
[  497.014721][T12144]  ? __mutex_lock+0x335/0x1350
[  497.014747][T12144]  ? rtnl_newlink+0x8db/0x1c70
[  497.014766][T12144]  ? __pfx___mutex_lock+0x10/0x10
[  497.014791][T12144]  ? ns_capable+0x8a/0xf0
[  497.014810][T12144]  ? rtnl_link_get_net_capable+0x16a/0x350
[  497.014833][T12144]  rtnl_newlink+0x160b/0x1c70
[  497.014849][T12144]  ? netlink_sendmsg+0x805/0xb30
[  497.014880][T12144]  ? __pfx_rtnl_newlink+0x10/0x10
[  497.014924][T12144]  ? kasan_quarantine_put+0xdd/0x220
[  497.014944][T12144]  ? lockdep_hardirqs_on+0x9c/0x150
[  497.014968][T12144]  ? nlmon_xmit+0xb0/0x100
[  497.014985][T12144]  ? kmem_cache_free+0x18f/0x400
[  497.015015][T12144]  ? __local_bh_enable_ip+0x12d/0x1c0
[  497.015032][T12144]  ? lockdep_hardirqs_on+0x9c/0x150
[  497.015050][T12144]  ? __local_bh_enable_ip+0x12d/0x1c0
[  497.015067][T12144]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  497.015089][T12144]  ? __dev_queue_xmit+0x27b/0x3b50
[  497.015111][T12144]  ? __dev_queue_xmit+0x27b/0x3b50
[  497.015129][T12144]  ? __dev_queue_xmit+0x27b/0x3b50
[  497.015151][T12144]  ? __dev_queue_xmit+0x1d79/0x3b50
[  497.015177][T12144]  ? __lock_acquire+0xab9/0xd20
[  497.015226][T12144]  ? __pfx_rtnl_newlink+0x10/0x10
[  497.015244][T12144]  rtnetlink_rcv_msg+0x7cc/0xb70
[  497.015266][T12144]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  497.015283][T12144]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  497.015299][T12144]  ? ref_tracker_free+0x63a/0x7d0
[  497.015317][T12144]  ? __asan_memcpy+0x40/0x70
[  497.015335][T12144]  ? __pfx_ref_tracker_free+0x10/0x10
[  497.015363][T12144]  netlink_rcv_skb+0x208/0x470
[  497.015383][T12144]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  497.015402][T12144]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  497.015433][T12144]  ? netlink_deliver_tap+0x2e/0x1b0
[  497.015460][T12144]  netlink_unicast+0x82c/0x9e0
[  497.015493][T12144]  ? __pfx_netlink_unicast+0x10/0x10
[  497.015518][T12144]  ? netlink_sendmsg+0x642/0xb30
[  497.015534][T12144]  ? skb_put+0x11b/0x210
[  497.015558][T12144]  netlink_sendmsg+0x805/0xb30
[  497.015586][T12144]  ? __pfx_netlink_sendmsg+0x10/0x10
[  497.015606][T12144]  ? __import_iovec+0x5d4/0x7f0
[  497.015630][T12144]  ? aa_sock_msg_perm+0xf1/0x1d0
[  497.015649][T12144]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  497.015666][T12144]  ? __pfx_netlink_sendmsg+0x10/0x10
[  497.015685][T12144]  __sock_sendmsg+0x21c/0x270
[  497.015712][T12144]  ____sys_sendmsg+0x505/0x830
[  497.015738][T12144]  ? __pfx_____sys_sendmsg+0x10/0x10
[  497.015776][T12144]  ___sys_sendmsg+0x21f/0x2a0
[  497.015799][T12144]  ? __pfx____sys_sendmsg+0x10/0x10
[  497.015855][T12144]  ? __fget_files+0x2a/0x420
[  497.015868][T12144]  ? __fget_files+0x3a0/0x420
[  497.015893][T12144]  __sys_sendmsg+0x164/0x220
[  497.015915][T12144]  ? __pfx___sys_sendmsg+0x10/0x10
[  497.015951][T12144]  ? lockdep_hardirqs_on+0x9c/0x150
[  497.015972][T12144]  __do_fast_syscall_32+0xb6/0x2b0
[  497.015991][T12144]  ? lockdep_hardirqs_on+0x9c/0x150
[  497.016012][T12144]  do_fast_syscall_32+0x34/0x80
[  497.016031][T12144]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  497.016051][T12144] RIP: 0023:0xf7ff1539
[  497.016067][T12144] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  497.016081][T12144] RSP: 002b:00000000f54f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  497.016100][T12144] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000600
[  497.016113][T12144] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  497.016123][T12144] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  497.016133][T12144] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  497.016143][T12144] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  497.016171][T12144]  </TASK>
[  497.639220][T12144] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  497.670156][ T5918] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  497.775553][T12152] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  497.836890][ T5918] usb 2-1: device descriptor read/64, error -71
[  497.917888][T12158] binder: 12153:12158 ioctl 4018620d 0 returned -22
[  497.927759][T12158] binder: 12153:12158 ioctl c0306201 80000080 returned -14
[  497.946593][T12158] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  498.271473][ T5918] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  498.459364][ T5918] usb 2-1: device descriptor read/64, error -71
[  498.549133][T12167] F2FS-fs: Conflicting test_dummy_encryption options
[  498.589509][ T5918] usb usb2-port1: attempt power cycle
[  498.936629][ T5918] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  498.957358][ T5918] usb 2-1: device descriptor read/8, error -71
[  499.198132][ T5918] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  499.227391][ T5918] usb 2-1: device descriptor read/8, error -71
[  499.266615][ T5948] usb 6-1: new full-speed USB device number 42 using dummy_hcd
[  499.336806][ T5918] usb usb2-port1: unable to enumerate USB device
[  499.429659][ T5948] usb 6-1: New USB device found, idVendor=0458, idProduct=5017, bcdDevice= 0.00
[  499.439543][ T5948] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.453363][ T5948] usb 6-1: config 0 descriptor??
[  499.500136][T12175] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  499.508949][ T5918] IPVS: starting estimator thread 0...
[  499.596750][T12177] IPVS: using max 50 ests per chain, 120000 per kthread
[  499.703403][ T5918] usb 4-1: USB disconnect, device number 48
[  499.874059][ T5948] kye 0003:0458:5017.000C: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  499.954072][ T5948] kye 0003:0458:5017.000C: hidraw0: USB HID v0.00 Device [HID 0458:5017] on usb-dummy_hcd.5-1/input0
[  500.048075][ T5948] kye 0003:0458:5017.000C: tablet-enabling feature report not found
[  500.066566][ T5948] kye 0003:0458:5017.000C: tablet enabling failed
[  500.226652][ T5981] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  500.406761][ T5981] usb 2-1: Using ep0 maxpacket: 16
[  500.416324][ T5981] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  500.438658][ T5981] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  500.450845][ T5981] usb 2-1: config 0 interface 0 has no altsetting 0
[  500.458204][ T5981] usb 2-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[  500.467585][ T5981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  500.487104][ T5981] usb 2-1: config 0 descriptor??
[  500.899424][T12183] input: syz1 as /devices/virtual/input/input25
[  500.953440][ T5981] hid_parser_main: 4 callbacks suppressed
[  500.953454][ T5981] apple 0003:05AC:0247.000D: unknown main item tag 0x0
[  500.991701][ T5981] apple 0003:05AC:0247.000D: unknown main item tag 0x0
[  500.999033][T10757] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  501.016634][ T5981] apple 0003:05AC:0247.000D: unexpected long global item
[  501.026086][ T5981] apple 0003:05AC:0247.000D: parse failed
[  501.033560][ T5981] apple 0003:05AC:0247.000D: probe with driver apple failed with error -22
[  501.155616][T12183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  501.164586][T12183] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  501.184763][ T5948] usb 2-1: USB disconnect, device number 50
[  501.220414][T10757] usb 4-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df
[  501.242105][T10757] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.260282][T10757] usb 4-1: config 0 descriptor??
[  501.280065][T10757] gspca_main: benq-2.14.0 probing 04a5:3035
[  501.520578][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  501.527027][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  501.654179][T12195] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  501.667079][T12195] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  501.681391][   T30] kauditd_printk_skb: 53 callbacks suppressed
[  501.681409][   T30] audit: type=1400 audit(1758487698.434:626): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F04
[  501.966653][ T5981] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  502.130279][T10757] usb 6-1: USB disconnect, device number 42
[  502.296582][ T5981] usb 2-1: Using ep0 maxpacket: 16
[  502.304087][ T5981] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  502.318557][ T5981] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  502.331712][ T5981] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  502.343775][ T5981] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  502.353691][ T5981] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  502.362108][ T5981] usb 2-1: Product: syz
[  502.366884][ T5981] usb 2-1: Manufacturer: syz
[  502.371591][ T5981] usb 2-1: SerialNumber: syz
[  502.651236][T12208] binder: 12205:12208 ioctl 4018620d 0 returned -22
[  502.660510][T12208] binder: 12205:12208 ioctl c0306201 80000080 returned -14
[  503.363713][ T5981] usb 2-1: 0:2 : does not exist
[  503.591100][ T5948] usb 4-1: USB disconnect, device number 49
[  503.628822][ T5981] usb 2-1: USB disconnect, device number 51
[  503.637077][T12218] Invalid logical block size (16896)
[  503.858667][T10560] udevd[10560]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  504.309775][T12232] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  504.546790][ T5981] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  504.936683][ T5981] usb 2-1: Using ep0 maxpacket: 32
[  504.993606][ T5981] usb 2-1: config 11 has an invalid descriptor of length 234, skipping remainder of the config
[  505.010183][ T5981] usb 2-1: config 11 has 0 interfaces, different from the descriptor's value: 1
[  505.041514][ T5981] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  505.051233][ T5981] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.064336][ T5981] usb 2-1: Product: syz
[  505.116210][ T5981] usb 2-1: Manufacturer: syz
[  505.125221][ T5981] usb 2-1: SerialNumber: syz
[  505.448096][ T5918] usb 2-1: USB disconnect, device number 52
[  505.970465][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  506.076615][ T5981] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  506.244638][ T5981] usb 2-1: config 0 has no interfaces?
[  506.254475][ T5981] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  506.263842][ T5981] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.289941][ T5981] usb 2-1: Product: syz
[  506.294155][ T5981] usb 2-1: Manufacturer: syz
[  506.298953][ T5981] usb 2-1: SerialNumber: syz
[  506.334509][ T5981] usb 2-1: config 0 descriptor??
[  506.575303][T12251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  506.678406][T12251] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  507.157024][T12278] binder: 12272:12278 ioctl 4018620d 0 returned -22
[  507.164276][T12274] syz.3.1748 (12274): drop_caches: 2
[  507.185064][T12278] binder: 12272:12278 ioctl c0306201 80000080 returned -14
[  507.187273][T12274] syz.3.1748 (12274): drop_caches: 2
[  507.206858][T12278] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  507.437263][T12281] fuse: Bad value for 'fd'
[  508.736572][ T5918] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  508.763597][T10747] usb 2-1: USB disconnect, device number 53
[  508.909967][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  508.965798][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  509.008912][ T5918] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  509.056327][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  509.104605][ T5918] usb 6-1: config 0 descriptor??
[  509.581802][T12310] FAULT_INJECTION: forcing a failure.
[  509.581802][T12310] name failslab, interval 1, probability 0, space 0, times 0
[  509.599996][ T5918] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  509.616511][ T5918] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  509.634460][T12310] CPU: 1 UID: 0 PID: 12310 Comm: syz.3.1760 Not tainted syzkaller #0 PREEMPT(full) 
[  509.634486][T12310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  509.634496][T12310] Call Trace:
[  509.634504][T12310]  <TASK>
[  509.634512][T12310]  dump_stack_lvl+0x189/0x250
[  509.634537][T12310]  ? __pfx____ratelimit+0x10/0x10
[  509.634556][T12310]  ? __pfx_dump_stack_lvl+0x10/0x10
[  509.634576][T12310]  ? __pfx__printk+0x10/0x10
[  509.634612][T12310]  should_fail_ex+0x414/0x560
[  509.634641][T12310]  should_failslab+0xa8/0x100
[  509.634666][T12310]  __kmalloc_cache_noprof+0x70/0x3d0
[  509.634687][T12310]  ? sctp_add_bind_addr+0x8c/0x370
[  509.634708][T12310]  sctp_add_bind_addr+0x8c/0x370
[  509.634729][T12310]  sctp_copy_local_addr_list+0x30b/0x4e0
[  509.634756][T12310]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  509.634780][T12310]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  509.634801][T12310]  ? sctp_association_new+0x18b3/0x25f0
[  509.634822][T12310]  ? sctp_v6_is_any+0x64/0x80
[  509.634842][T12310]  ? sctp_copy_one_addr+0x93/0x360
[  509.634862][T12310]  sctp_bind_addr_copy+0xb3/0x3c0
[  509.634880][T12310]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  509.634906][T12310]  sctp_connect_new_asoc+0x2e0/0x690
[  509.634930][T12310]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  509.634948][T12310]  ? __local_bh_enable_ip+0x12d/0x1c0
[  509.634972][T12310]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  509.634991][T12310]  ? security_sctp_bind_connect+0x7e/0x2e0
[  509.635015][T12310]  sctp_sendmsg+0x155c/0x2810
[  509.635046][T12310]  ? __pfx_sctp_sendmsg+0x10/0x10
[  509.635069][T12310]  ? aa_sk_perm+0x81e/0x950
[  509.635098][T12310]  ? __pfx_aa_sk_perm+0x10/0x10
[  509.635125][T12310]  ? sock_rps_record_flow+0x19/0x410
[  509.635150][T12310]  ? inet_sendmsg+0x2f4/0x370
[  509.635182][T12310]  __sock_sendmsg+0x19c/0x270
[  509.635209][T12310]  __sys_sendto+0x3bd/0x520
[  509.635230][T12310]  ? __pfx___sys_sendto+0x10/0x10
[  509.635247][T12310]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  509.635279][T12310]  ? __fget_files+0x3a0/0x420
[  509.635306][T12310]  ? ksys_write+0x22a/0x250
[  509.635337][T12310]  __ia32_sys_sendto+0xdd/0x100
[  509.635360][T12310]  __do_fast_syscall_32+0xb6/0x2b0
[  509.635380][T12310]  ? lockdep_hardirqs_on+0x9c/0x150
[  509.635401][T12310]  do_fast_syscall_32+0x34/0x80
[  509.635423][T12310]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  509.635443][T12310] RIP: 0023:0xf705e539
[  509.635458][T12310] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  509.635472][T12310] RSP: 002b:00000000f544e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  509.635491][T12310] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000100
[  509.635503][T12310] RDX: 000000000000ffe0 RSI: 000000002000c851 RDI: 0000000080000140
[  509.635515][T12310] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[  509.635526][T12310] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  509.635536][T12310] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  509.635564][T12310]  </TASK>
[  509.636089][ T5918] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  509.637447][T12307] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1758'.
[  509.669341][ T5918] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  509.889037][    C1] vkms_vblank_simulate: vblank timer overrun
[  509.974340][ T5918] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  509.982937][ T5918] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  509.993258][ T5918] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  510.007971][T12313] overlayfs: missing 'lowerdir'
[  510.060753][ T5918] cp2112 0003:10C4:EA90.000E: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0
[  510.137906][ T5918] cp2112 0003:10C4:EA90.000E: Part Number: 0x00 Device Version: 0x00
[  510.858118][T12287] cp2112 0003:10C4:EA90.000E: Error starting transaction: -38
[  510.871983][ T5918] usb 6-1: USB disconnect, device number 43
[  511.121607][T12343] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1769'.
[  511.132312][T12343] fuse: Bad value for 'user_id'
[  511.137316][T12343] fuse: Bad value for 'user_id'
[  511.145690][T12343] netlink: 'syz.1.1769': attribute type 10 has an invalid length.
[  511.153682][T12343] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1769'.
[  511.163057][T12343] batadv0: entered promiscuous mode
[  511.168358][T12343] batadv0: entered allmulticast mode
[  511.177472][T12343] 8021q: adding VLAN 0 to HW filter on device batadv0
[  511.185537][T12343] bridge0: port 3(batadv0) entered blocking state
[  511.192312][T12343] bridge0: port 3(batadv0) entered disabled state
[  511.203359][T12343] bridge0: port 3(batadv0) entered blocking state
[  511.209965][T12343] bridge0: port 3(batadv0) entered listening state
[  511.558009][T11844] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  511.567397][T11844] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  511.779948][T12350] qrtr: Invalid version 0
[  512.419666][T10757] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  512.590284][T10757] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  512.610397][T10757] usb 2-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  512.624396][T10757] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.633594][ T5981] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  512.660402][T10757] usb 2-1: config 0 descriptor??
[  512.786542][ T5981] usb 4-1: Using ep0 maxpacket: 8
[  512.798343][ T5981] usb 4-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice=58.4c
[  512.809568][ T5981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  512.817828][ T5981] usb 4-1: Product: syz
[  512.822124][ T5981] usb 4-1: Manufacturer: syz
[  512.830658][ T5981] usb 4-1: SerialNumber: syz
[  512.839259][ T5981] usb 4-1: config 0 descriptor??
[  513.052111][ T5981] usb 4-1: USB disconnect, device number 50
[  513.076962][T10757] logitech 0003:046D:C626.000F: ignoring exceeding usage max
[  513.091786][T10757] logitech 0003:046D:C626.000F: unbalanced delimiter at end of report description
[  513.110033][T10757] logitech 0003:046D:C626.000F: parse failed
[  513.118829][T10757] logitech 0003:046D:C626.000F: probe with driver logitech failed with error -22
[  513.288372][T10757] usb 2-1: USB disconnect, device number 54
[  513.678726][T12384] bond0: Caught tx_queue_len zero misconfig
[  513.780893][T12386] vlan4: entered allmulticast mode
[  514.126518][ T5981] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  514.345756][ T5981] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  514.367869][ T5981] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  514.386747][ T5981] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  514.395181][ T5981] usb 4-1: Product: syz
[  514.400135][ T5981] usb 4-1: Manufacturer: syz
[  514.404746][ T5981] usb 4-1: SerialNumber: syz
[  514.557239][ T5981] usb 4-1: config 0 descriptor??
[  514.601462][ T5981] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22
[  514.657955][T10560] udevd[10560]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  514.764654][ T5918] usb 4-1: USB disconnect, device number 51
[  514.814109][T12405] program syz.1.1791 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  514.831063][T12405] pim6reg: entered allmulticast mode
[  515.096764][ T5981] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  515.248273][ T5981] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  515.259423][ T5981] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  515.269699][ T5981] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  515.279189][ T5981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.290819][T12409] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  515.310514][ T5981] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  515.385280][T12413] team0: entered promiscuous mode
[  515.392834][T12413] team_slave_0: entered promiscuous mode
[  515.400477][T12413] team_slave_1: entered promiscuous mode
[  515.415754][T12413] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  515.831231][T12409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  515.869068][T12409] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  516.361909][T10757] usb 2-1: USB disconnect, device number 55
[  516.721904][T12437] sctp: [Deprecated]: syz.2.1804 (pid 12437) Use of int in max_burst socket option.
[  516.721904][T12437] Use struct sctp_assoc_value instead
[  517.526856][T10747] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  517.688441][T10747] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  517.708765][T10747] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  517.724825][T10747] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  517.745107][T10747] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.764290][T10747] usb 6-1: config 0 descriptor??
[  517.858000][T12459] binder: 12454:12459 ioctl 4018620d 0 returned -22
[  517.870213][T12459] binder: 12454:12459 ioctl c0306201 80000080 returned -14
[  517.883837][T12459] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  518.202236][T10747] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  518.213087][T10747] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  518.227073][T10747] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  518.234250][T10747] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  518.244204][T10747] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  518.255417][T10747] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  518.271336][T10747] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  518.296127][T10747] cp2112 0003:10C4:EA90.0010: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0
[  518.734680][T10747] cp2112 0003:10C4:EA90.0010: Part Number: 0x00 Device Version: 0x00
[  519.145887][T12467] netlink: 'syz.2.1811': attribute type 21 has an invalid length.
[  519.158981][T12467] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1811'.
[  519.276739][T10757] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  519.376693][T12445] cp2112 0003:10C4:EA90.0010: Error starting transaction: -38
[  519.385251][T10747] usb 6-1: USB disconnect, device number 44
[  519.430602][T10757] usb 2-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df
[  519.441896][T10757] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.450041][ T5939] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  519.460470][T10757] usb 2-1: config 0 descriptor??
[  519.472024][T10757] gspca_main: benq-2.14.0 probing 04a5:3035
[  519.618552][ T5939] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  519.633327][ T5939] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00
[  519.642653][ T5939] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.654265][ T5939] usb 4-1: config 0 descriptor??
[  519.691481][   T30] audit: type=1400 audit(1758487716.494:627): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F04
[  519.695904][T12468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.797010][T12468] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  520.092326][ T5939] logitech-hidpp-device 0003:046D:C086.0011: item fetching failed at offset 1/3
[  520.115033][ T5939] logitech-hidpp-device 0003:046D:C086.0011: hidpp_probe:parse failed
[  520.124009][ T5939] logitech-hidpp-device 0003:046D:C086.0011: probe with driver logitech-hidpp-device failed with error -22
[  520.318283][ T5939] usb 4-1: USB disconnect, device number 52
[  521.154979][T10753] usb 2-1: USB disconnect, device number 56
[  521.274107][   T30] audit: type=1326 audit(1758487718.054:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12493 comm="syz.0.1820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  521.344155][T12498] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  521.447440][   T30] audit: type=1326 audit(1758487718.054:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12493 comm="syz.0.1820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  521.994849][   T30] audit: type=1326 audit(1758487718.054:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12493 comm="syz.0.1820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  522.042618][T12502] binder: 12499:12502 ioctl 4018620d 0 returned -22
[  522.077666][T12502] binder: 12499:12502 ioctl c0306201 80000080 returned -14
[  522.099478][   T30] audit: type=1326 audit(1758487718.054:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12493 comm="syz.0.1820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  522.157715][   T30] audit: type=1326 audit(1758487718.054:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12493 comm="syz.0.1820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  522.220377][T12506] binder: 12503:12506 ioctl 4018620d 0 returned -22
[  522.233343][T12506] binder: 12503:12506 ioctl c0306201 80000080 returned -14
[  522.244726][T12506] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  522.441900][   T30] audit: type=1326 audit(1758487718.054:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12493 comm="syz.0.1820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  522.646763][   T30] audit: type=1326 audit(1758487718.054:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12493 comm="syz.0.1820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=261 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  522.703974][   T30] audit: type=1326 audit(1758487718.054:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12493 comm="syz.0.1820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  522.726732][   T30] audit: type=1326 audit(1758487718.054:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12493 comm="syz.0.1820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  523.014857][T12515] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1827'.
[  523.163469][T12523] syz.0.1826 (12523): drop_caches: 2
[  523.191239][T12523] syz.0.1826 (12523): drop_caches: 2
[  524.316724][T10747] usb 4-1: new full-speed USB device number 53 using dummy_hcd
[  524.494651][T10747] usb 4-1: config 0 has no interfaces?
[  524.511656][T10747] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  524.526268][T10747] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.548663][T10747] usb 4-1: Product: syz
[  524.563597][T10747] usb 4-1: Manufacturer: syz
[  524.580725][T10747] usb 4-1: SerialNumber: syz
[  524.605672][T10747] usb 4-1: config 0 descriptor??
[  524.834255][T12535] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1830'.
[  525.189911][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  525.189930][   T30] audit: type=1326 audit(1758487721.864:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.3.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000
[  525.189965][   T30] audit: type=1326 audit(1758487721.864:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.3.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=243 compat=1 ip=0xf705e539 code=0x7ffc0000
[  525.189991][   T30] audit: type=1326 audit(1758487721.864:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.3.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000
[  525.190012][   T30] audit: type=1326 audit(1758487721.864:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.3.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf705e539 code=0x7ffc0000
[  525.190033][   T30] audit: type=1326 audit(1758487721.864:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.3.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000
[  525.190054][   T30] audit: type=1326 audit(1758487721.864:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.3.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf705e539 code=0x7ffc0000
[  525.190076][   T30] audit: type=1326 audit(1758487721.864:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.3.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000
[  525.190100][   T30] audit: type=1326 audit(1758487721.864:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.3.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf705e539 code=0x7ffc0000
[  525.190121][   T30] audit: type=1326 audit(1758487721.864:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.3.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000
[  525.190141][   T30] audit: type=1326 audit(1758487721.864:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.3.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf705e539 code=0x7ffc0000
[  525.239527][    C0] vkms_vblank_simulate: vblank timer overrun
[  525.251215][T10747] usb 6-1: new full-speed USB device number 45 using dummy_hcd
[  525.590332][T10747] usb 6-1: config 0 has no interfaces?
[  525.612030][T10747] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  525.612061][T10747] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.612080][T10747] usb 6-1: Product: syz
[  525.612094][T10747] usb 6-1: Manufacturer: syz
[  525.612106][T10747] usb 6-1: SerialNumber: syz
[  526.327016][T10747] usb 6-1: config 0 descriptor??
[  527.509815][T12570] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  527.763134][T12575] binder: 12572:12575 ioctl 4018620d 0 returned -22
[  527.779186][T12575] binder: 12572:12575 ioctl c0306201 80000080 returned -14
[  527.884351][T10747] usb 4-1: USB disconnect, device number 53
[  528.042173][T12579] fuse: Unknown parameter 'fd)0x00000000000000050000000000000000000000300000000000000000000'
[  528.492552][T12584] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1843'.
[  528.501715][T10747] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  528.636267][T10757] usb 6-1: USB disconnect, device number 45
[  528.713471][T10747] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  528.748971][T10747] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  528.764089][T10747] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  528.775007][T10747] usb 4-1: config 220 has no interface number 2
[  528.787663][T10747] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  528.944037][T10747] usb 4-1: config 220 interface 0 has no altsetting 0
[  528.951833][T10747] usb 4-1: config 220 interface 76 has no altsetting 0
[  528.962877][T10747] usb 4-1: config 220 interface 1 has no altsetting 0
[  529.143963][T10747] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  529.154572][T10747] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.181259][T10747] usb 4-1: Product: syz
[  529.196795][T10747] usb 4-1: Manufacturer: syz
[  529.207504][T10747] usb 4-1: SerialNumber: syz
[  529.464210][T12577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  529.473032][T12577] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  529.490793][T10747] usb 4-1: selecting invalid altsetting 0
[  529.497325][T10747] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  529.521301][T10747] usb 4-1: No valid video chain found.
[  529.697304][T12596] netlink: 'syz.1.1846': attribute type 56 has an invalid length.
[  529.747867][T10747] usb 4-1: selecting invalid altsetting 0
[  529.756355][T12596] netlink: 'syz.1.1846': attribute type 1 has an invalid length.
[  529.764528][T10747] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  529.805494][T10747] usb 4-1: USB disconnect, device number 54
[  530.157357][T12610] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1848'.
[  530.166901][T12610] bridge0: port 3(batadv0) entered disabled state
[  530.326759][T12610] bridge_slave_1: left allmulticast mode
[  530.333733][T12610] bridge_slave_1: left promiscuous mode
[  530.341075][T12610] bridge0: port 2(bridge_slave_1) entered disabled state
[  530.354833][T12610] bridge_slave_0: left promiscuous mode
[  530.363333][T12610] bridge0: port 1(bridge_slave_0) entered disabled state
[  530.489204][T12614] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  531.314003][T12625] dlm: Unknown command passed to DLM device : 0
[  531.314003][T12625] 
[  531.894200][T12631] FAULT_INJECTION: forcing a failure.
[  531.894200][T12631] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  531.935042][T12631] CPU: 0 UID: 0 PID: 12631 Comm: syz.0.1855 Not tainted syzkaller #0 PREEMPT(full) 
[  531.935068][T12631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  531.935086][T12631] Call Trace:
[  531.935097][T12631]  <TASK>
[  531.935104][T12631]  dump_stack_lvl+0x189/0x250
[  531.935130][T12631]  ? __pfx____ratelimit+0x10/0x10
[  531.935151][T12631]  ? __pfx_dump_stack_lvl+0x10/0x10
[  531.935169][T12631]  ? __pfx__printk+0x10/0x10
[  531.935188][T12631]  ? __might_fault+0xb0/0x130
[  531.935220][T12631]  should_fail_ex+0x414/0x560
[  531.935249][T12631]  copy_fpstate_to_sigframe+0xa18/0xce0
[  531.935278][T12631]  ? copy_fpstate_to_sigframe+0x181/0xce0
[  531.935306][T12631]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  531.935350][T12631]  ? fpu__alloc_mathframe+0xad/0x130
[  531.935375][T12631]  get_sigframe+0x58d/0x7d0
[  531.935404][T12631]  ? __pfx_get_sigframe+0x10/0x10
[  531.935436][T12631]  ? posixtimer_deliver_signal+0x305/0x410
[  531.935465][T12631]  ia32_setup_rt_frame+0x106/0xb70
[  531.935485][T12631]  ? _raw_spin_unlock_irq+0x23/0x50
[  531.935507][T12631]  ? lockdep_hardirqs_on+0x9c/0x150
[  531.935526][T12631]  ? _raw_spin_unlock_irq+0x2e/0x50
[  531.935547][T12631]  ? get_signal+0x1151/0x1340
[  531.935572][T12631]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  531.935600][T12631]  arch_do_signal_or_restart+0x40f/0x750
[  531.935623][T12631]  ? __fget_files+0x3a0/0x420
[  531.935643][T12631]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  531.935680][T12631]  ? exit_to_user_mode_loop+0x40/0x110
[  531.935704][T12631]  exit_to_user_mode_loop+0x75/0x110
[  531.935725][T12631]  __do_fast_syscall_32+0x1f4/0x2b0
[  531.935744][T12631]  ? asm_int80_emulation+0x1a/0x20
[  531.935758][T12631]  ? do_int80_emulation+0x1f3/0x390
[  531.935781][T12631]  do_fast_syscall_32+0x34/0x80
[  531.935799][T12631]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  531.935819][T12631] RIP: 0023:0xf7ff1539
[  531.935835][T12631] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  531.935850][T12631] RSP: 002b:00000000f54f6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  531.935868][T12631] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 00000000f54f6610
[  531.935880][T12631] RDX: 0000000000000001 RSI: 00000000f7484ff4 RDI: 0000000000000000
[  531.935890][T12631] RBP: 00000000f74b4f80 R08: 0000000000000000 R09: 0000000000000000
[  531.935901][T12631] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  531.935911][T12631] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  531.935938][T12631]  </TASK>
[  532.188215][    C0] vkms_vblank_simulate: vblank timer overrun
[  532.268416][T12638] binder: 12629:12638 ioctl 4018620d 0 returned -22
[  532.279031][T12638] binder: 12629:12638 ioctl c0306201 80000080 returned -14
[  534.026687][T10747] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  534.316986][T10747] usb 4-1: Using ep0 maxpacket: 8
[  534.356571][T10747] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  534.408005][T10747] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  534.446726][T10747] usb 4-1: New USB device found, idVendor=5543, idProduct=0004, bcdDevice= 0.00
[  534.483516][T10747] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.568101][T10747] usb 4-1: config 0 descriptor??
[  534.809888][T12692] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1871'.
[  535.149270][T10747] uclogic 0003:5543:0004.0012: hidraw0: USB HID v0.00 Device [HID 5543:0004] on usb-dummy_hcd.3-1/input0
[  535.215182][T12696] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1873'.
[  535.307838][T10753] usb 4-1: USB disconnect, device number 55
[  535.414877][T12707] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1872'.
[  535.424304][T12707] bridge_slave_1: left allmulticast mode
[  535.430363][T12707] bridge_slave_1: left promiscuous mode
[  535.436350][T12707] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.473359][T12697] fido_id[12697]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  535.537583][T12707] bridge_slave_0: left promiscuous mode
[  535.575193][T12707] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.070289][T12716] tipc: New replicast peer: 255.255.255.255
[  536.101629][T12716] tipc: Enabled bearer <udp:syz2>, priority 10
[  536.128740][T12716] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1877'.
[  536.166562][T12716] tipc: Disabling bearer <udp:syz2>
[  537.256876][ T5918] usb 6-1: new full-speed USB device number 46 using dummy_hcd
[  537.474778][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  537.484826][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  537.503522][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  537.513738][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  537.563881][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  537.566690][T12741] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1884'.
[  537.573994][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  537.642816][ T5918] usb 6-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9
[  537.654662][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.664194][ T5918] usb 6-1: Product: syz
[  537.671150][ T5918] usb 6-1: Manufacturer: syz
[  537.675978][ T5918] usb 6-1: SerialNumber: syz
[  537.691636][ T5918] usb 6-1: config 0 descriptor??
[  537.703846][ T5918] ti_usb_3410_5052 6-1:0.0: TI USB 5052 2 port adapter converter detected
[  537.713421][ T5918] ti_usb_3410_5052 6-1:0.0: missing endpoints
[  537.910094][ T5918] usb 6-1: USB disconnect, device number 46
[  538.397264][ T5918] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  538.461291][T12754] FAULT_INJECTION: forcing a failure.
[  538.461291][T12754] name failslab, interval 1, probability 0, space 0, times 0
[  538.474395][T12754] CPU: 1 UID: 0 PID: 12754 Comm: syz.2.1887 Not tainted syzkaller #0 PREEMPT(full) 
[  538.474419][T12754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  538.474428][T12754] Call Trace:
[  538.474436][T12754]  <TASK>
[  538.474443][T12754]  dump_stack_lvl+0x189/0x250
[  538.474465][T12754]  ? __pfx____ratelimit+0x10/0x10
[  538.474484][T12754]  ? __pfx_dump_stack_lvl+0x10/0x10
[  538.474504][T12754]  ? __pfx__printk+0x10/0x10
[  538.474532][T12754]  ? __pfx___might_resched+0x10/0x10
[  538.474549][T12754]  ? fs_reclaim_acquire+0x7d/0x100
[  538.474571][T12754]  should_fail_ex+0x414/0x560
[  538.474600][T12754]  should_failslab+0xa8/0x100
[  538.474625][T12754]  __kmalloc_noprof+0xcb/0x4f0
[  538.474645][T12754]  ? kfree+0x4d/0x440
[  538.474662][T12754]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  538.474693][T12754]  tomoyo_realpath_from_path+0xe3/0x5d0
[  538.474726][T12754]  tomoyo_check_open_permission+0x1c1/0x3b0
[  538.474748][T12754]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  538.474769][T12754]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  538.474792][T12754]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  538.474813][T12754]  ? __io_issue_sqe+0x17e/0x4b0
[  538.474866][T12754]  ? lockref_get+0x15/0x60
[  538.474892][T12754]  ? tomoyo_file_open+0x165/0x220
[  538.474917][T12754]  security_file_open+0xb1/0x270
[  538.474940][T12754]  do_dentry_open+0x384/0x13f0
[  538.474965][T12754]  ? vfs_open+0x31/0x340
[  538.474987][T12754]  vfs_open+0x3b/0x340
[  538.475002][T12754]  ? path_openat+0x2ecd/0x3830
[  538.475025][T12754]  path_openat+0x2ee5/0x3830
[  538.475048][T12754]  ? is_bpf_text_address+0x26/0x2b0
[  538.475075][T12754]  ? kernel_text_address+0xa5/0xe0
[  538.475121][T12754]  ? __pfx_path_openat+0x10/0x10
[  538.475142][T12754]  ? stack_depot_save_flags+0x40/0x860
[  538.475173][T12754]  ? kasan_save_track+0x4f/0x80
[  538.475201][T12754]  do_filp_open+0x1fa/0x410
[  538.475218][T12754]  ? __lock_acquire+0xab9/0xd20
[  538.475243][T12754]  ? __pfx_do_filp_open+0x10/0x10
[  538.475286][T12754]  ? _raw_spin_unlock+0x28/0x50
[  538.475308][T12754]  ? alloc_fd+0x64c/0x6c0
[  538.475343][T12754]  io_openat2+0x3e0/0x5c0
[  538.475369][T12754]  ? __pfx_io_openat2+0x10/0x10
[  538.475396][T12754]  ? io_openat_prep+0x45b/0x5a0
[  538.475418][T12754]  __io_issue_sqe+0x17e/0x4b0
[  538.475440][T12754]  ? __pfx_io_openat_prep+0x10/0x10
[  538.475463][T12754]  io_issue_sqe+0x165/0xfd0
[  538.475494][T12754]  io_submit_sqes+0xa34/0x1d30
[  538.475549][T12754]  __se_sys_io_uring_enter+0x2df/0x2b20
[  538.475592][T12754]  ? ksys_write+0x1cb/0x250
[  538.475617][T12754]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  538.475637][T12754]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  538.475656][T12754]  ? __pfx_vfs_write+0x10/0x10
[  538.475686][T12754]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  538.475709][T12754]  ? __fget_files+0x3a0/0x420
[  538.475732][T12754]  ? fput+0xa0/0xd0
[  538.475750][T12754]  ? ksys_write+0x22a/0x250
[  538.475780][T12754]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[  538.475807][T12754]  __do_fast_syscall_32+0xb6/0x2b0
[  538.475827][T12754]  ? lockdep_hardirqs_on+0x9c/0x150
[  538.475850][T12754]  do_fast_syscall_32+0x34/0x80
[  538.475869][T12754]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  538.475889][T12754] RIP: 0023:0xf710e539
[  538.475904][T12754] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  538.475918][T12754] RSP: 002b:00000000f54bc55c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[  538.475937][T12754] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000003516
[  538.475949][T12754] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  538.475959][T12754] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  538.475968][T12754] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  538.475978][T12754] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  538.476011][T12754]  </TASK>
[  538.476033][T12754] ERROR: Out of memory at tomoyo_realpath_from_path.
[  539.666752][ T5918] usb 2-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df
[  539.677890][ T5918] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.705960][ T5918] usb 2-1: config 0 descriptor??
[  539.749040][ T5918] gspca_main: benq-2.14.0 probing 04a5:3035
[  539.797678][T12777] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1892'.
[  539.936348][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  539.936361][   T30] audit: type=1326 audit(1758487736.734:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12778 comm="syz.5.1893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  540.026671][   T30] audit: type=1326 audit(1758487736.804:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12778 comm="syz.5.1893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  540.099460][T12750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  540.119646][T12750] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  540.169399][ T5918] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  540.256641][   T30] audit: type=1326 audit(1758487736.854:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12778 comm="syz.5.1893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  540.316032][   T30] audit: type=1326 audit(1758487736.854:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12778 comm="syz.5.1893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  540.339990][   T30] audit: type=1400 audit(1758487736.874:675): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F04
[  540.340076][   T30] audit: type=1326 audit(1758487736.914:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12778 comm="syz.5.1893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf703e539 code=0x7ffc0000
[  540.578550][ T5918] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  540.601078][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  540.616592][   T30] audit: type=1326 audit(1758487736.914:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12778 comm="syz.5.1893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  540.639126][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  540.649353][ T5918] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  540.666306][   T30] audit: type=1326 audit(1758487736.914:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12778 comm="syz.5.1893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf703e539 code=0x7ffc0000
[  540.695550][ T5918] usb 4-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[  540.705523][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.728328][   T30] audit: type=1326 audit(1758487736.914:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12778 comm="syz.5.1893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  540.755765][ T5918] usb 4-1: config 0 descriptor??
[  540.795547][   T30] audit: type=1326 audit(1758487736.914:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12778 comm="syz.5.1893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf703e539 code=0x7ffc0000
[  541.235068][ T5918] hid-picolcd 0003:04D8:C002.0013: unknown main item tag 0x7
[  541.268093][ T5918] hid-picolcd 0003:04D8:C002.0013: unknown main item tag 0x0
[  541.289752][ T5918] hid-picolcd 0003:04D8:C002.0013: unknown main item tag 0x0
[  541.322380][ T5918] hid-picolcd 0003:04D8:C002.0013: unknown main item tag 0x0
[  541.323166][T12789] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1896'.
[  541.357086][ T5918] hid-picolcd 0003:04D8:C002.0013: unknown main item tag 0x0
[  541.386563][T10747] usb 2-1: USB disconnect, device number 57
[  541.516877][ T5918] hid-picolcd 0003:04D8:C002.0013: No report with id 0x11 found
[  541.551900][ T5918] usb 4-1: USB disconnect, device number 56
[  541.603611][T12794] binder: binder_mmap: 12793 80000000-80003000 bad vm_flags failed -1
[  542.456569][ T5918] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  542.630827][ T5918] usb 6-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df
[  542.645980][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.659113][ T5918] usb 6-1: config 0 descriptor??
[  542.702145][ T5918] gspca_main: benq-2.14.0 probing 04a5:3035
[  542.883337][T12804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  542.895128][T12804] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  544.630526][ T5918] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  544.804292][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  544.818683][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  544.829201][ T5918] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  544.838479][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.850609][ T5918] usb 4-1: config 0 descriptor??
[  545.286297][ T5918] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  545.293849][ T5918] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  545.305312][ T5918] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  545.312441][ T5918] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  545.322505][ T5918] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0
[  545.332221][ T5918] cp2112 0003:10C4:EA90.0014: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[  545.481760][ T5918] cp2112 0003:10C4:EA90.0014: Part Number: 0x00 Device Version: 0x00
[  545.738444][T10747] usb 6-1: USB disconnect, device number 47
[  546.563431][T12830] cp2112 0003:10C4:EA90.0014: Error starting transaction: -38
[  547.373675][T10757] usb 4-1: USB disconnect, device number 57
[  547.404576][T12838] netlink: 'syz.3.1911': attribute type 21 has an invalid length.
[  547.418048][T12838] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1911'.
[  547.432961][T12838] netlink: 'syz.3.1911': attribute type 4 has an invalid length.
[  547.446639][T12838] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1911'.
[  547.806892][T12851] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1913'.
[  547.842893][T12851] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1913'.
[  547.862451][T12851] netlink: 107 bytes leftover after parsing attributes in process `syz.2.1913'.
[  548.268398][T12859] binder: BINDER_SET_CONTEXT_MGR already set
[  548.274706][T12859] binder: 12858:12859 ioctl 40046207 0 returned -16
[  548.282827][T12859] binder: BINDER_SET_CONTEXT_MGR already set
[  548.290772][T12859] binder: 12858:12859 ioctl 4018620d 80004a80 returned -16
[  548.589870][T12866] 
[  548.592216][T12866] =====================================================
[  548.599141][T12866] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  548.606587][T12866] syzkaller #0 Not tainted
[  548.610979][T12866] -----------------------------------------------------
[  548.617991][T12866] syz.3.1918/12866 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  548.625694][T12866] ffff8880517d1360 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0
[  548.634385][T12866] 
[  548.634385][T12866] and this task is already holding:
[  548.641739][T12866] ffff88807d53d028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[  548.651465][T12866] which would create a new lock dependency:
[  548.657370][T12866]  (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}
[  548.665444][T12866] 
[  548.665444][T12866] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  548.674890][T12866]  (&dev->event_lock#2){..-.}-{3:3}
[  548.674915][T12866] 
[  548.674915][T12866] ... which became SOFTIRQ-irq-safe at:
[  548.688051][T12866]   lock_acquire+0x120/0x360
[  548.692631][T12866]   _raw_spin_lock_irqsave+0xa7/0xf0
[  548.697900][T12866]   input_inject_event+0xa5/0x340
[  548.702907][T12866]   kd_sound_helper+0x101/0x210
[  548.707736][T12866]   input_handler_for_each_handle+0x101/0x1c0
[  548.713807][T12866]   call_timer_fn+0x17b/0x5f0
[  548.718494][T12866]   __run_timer_base+0x61a/0x860
[  548.723424][T12866]   run_timer_softirq+0xb7/0x180
[  548.728357][T12866]   handle_softirqs+0x283/0x870
[  548.733206][T12866]   __irq_exit_rcu+0xca/0x1f0
[  548.737869][T12866]   irq_exit_rcu+0x9/0x30
[  548.742179][T12866]   sysvec_apic_timer_interrupt+0xa6/0xc0
[  548.747878][T12866]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  548.753927][T12866]   finish_task_switch+0x26b/0x950
[  548.759022][T12866]   __schedule+0x17a0/0x4cc0
[  548.763600][T12866]   schedule_idle+0x52/0x90
[  548.768082][T12866]   do_idle+0x4ad/0x510
[  548.772217][T12866]   cpu_startup_entry+0x44/0x60
[  548.777056][T12866]   rest_init+0x2de/0x300
[  548.781384][T12866]   start_kernel+0x3a9/0x410
[  548.785972][T12866]   x86_64_start_reservations+0x24/0x30
[  548.791500][T12866]   x86_64_start_kernel+0x143/0x1c0
[  548.796686][T12866]   common_startup_64+0x13e/0x147
[  548.801712][T12866] 
[  548.801712][T12866] to a SOFTIRQ-irq-unsafe lock:
[  548.808714][T12866]  (tasklist_lock){.+.+}-{3:3}
[  548.808736][T12866] 
[  548.808736][T12866] ... which became SOFTIRQ-irq-unsafe at:
[  548.821332][T12866] ...
[  548.821339][T12866]   lock_acquire+0x120/0x360
[  548.828471][T12866]   _raw_read_lock+0x36/0x50
[  548.833046][T12866]   __do_wait+0xde/0x740
[  548.837292][T12866]   do_wait+0x1f8/0x520
[  548.841446][T12866]   kernel_wait+0xab/0x170
[  548.845848][T12866]   call_usermodehelper_exec_work+0xbe/0x230
[  548.851811][T12866]   process_scheduled_works+0xae1/0x17b0
[  548.857441][T12866]   worker_thread+0x8a0/0xda0
[  548.862122][T12866]   kthread+0x70e/0x8a0
[  548.866260][T12866]   ret_from_fork+0x439/0x7d0
[  548.870919][T12866]   ret_from_fork_asm+0x1a/0x30
[  548.875759][T12866] 
[  548.875759][T12866] other info that might help us debug this:
[  548.875759][T12866] 
[  548.885984][T12866] Chain exists of:
[  548.885984][T12866]   &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
[  548.885984][T12866] 
[  548.899542][T12866]  Possible interrupt unsafe locking scenario:
[  548.899542][T12866] 
[  548.907846][T12866]        CPU0                    CPU1
[  548.913190][T12866]        ----                    ----
[  548.918535][T12866]   lock(tasklist_lock);
[  548.922757][T12866]                                local_irq_disable();
[  548.929489][T12866]                                lock(&dev->event_lock#2);
[  548.936669][T12866]                                lock(&client->buffer_lock);
[  548.944017][T12866]   <Interrupt>
[  548.947457][T12866]     lock(&dev->event_lock#2);
[  548.952322][T12866] 
[  548.952322][T12866]  *** DEADLOCK ***
[  548.952322][T12866] 
[  548.960444][T12866] 7 locks held by syz.3.1918/12866:
[  548.965620][T12866]  #0: ffff88802997c118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480
[  548.974734][T12866]  #1: ffff888147681230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340
[  548.984809][T12866]  #2: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340
[  548.994438][T12866]  #3: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890
[  549.003981][T12866]  #4: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340
[  549.013085][T12866]  #5: ffff88807d53d028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[  549.023230][T12866]  #6: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0
[  549.032245][T12866] 
[  549.032245][T12866] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  549.042621][T12866]  -> (&dev->event_lock#2){..-.}-{3:3} {
[  549.048239][T12866]     IN-SOFTIRQ-W at:
[  549.052281][T12866]                       lock_acquire+0x120/0x360
[  549.058679][T12866]                       _raw_spin_lock_irqsave+0xa7/0xf0
[  549.065685][T12866]                       input_inject_event+0xa5/0x340
[  549.072424][T12866]                       kd_sound_helper+0x101/0x210
[  549.078991][T12866]                       input_handler_for_each_handle+0x101/0x1c0
[  549.086768][T12866]                       call_timer_fn+0x17b/0x5f0
[  549.093160][T12866]                       __run_timer_base+0x61a/0x860
[  549.099810][T12866]                       run_timer_softirq+0xb7/0x180
[  549.106464][T12866]                       handle_softirqs+0x283/0x870
[  549.113024][T12866]                       __irq_exit_rcu+0xca/0x1f0
[  549.119428][T12866]                       irq_exit_rcu+0x9/0x30
[  549.125470][T12866]                       sysvec_apic_timer_interrupt+0xa6/0xc0
[  549.132919][T12866]                       asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  549.140701][T12866]                       finish_task_switch+0x26b/0x950
[  549.147525][T12866]                       __schedule+0x17a0/0x4cc0
[  549.153822][T12866]                       schedule_idle+0x52/0x90
[  549.160034][T12866]                       do_idle+0x4ad/0x510
[  549.165900][T12866]                       cpu_startup_entry+0x44/0x60
[  549.172462][T12866]                       rest_init+0x2de/0x300
[  549.178595][T12866]                       start_kernel+0x3a9/0x410
[  549.184900][T12866]                       x86_64_start_reservations+0x24/0x30
[  549.192158][T12866]                       x86_64_start_kernel+0x143/0x1c0
[  549.199073][T12866]                       common_startup_64+0x13e/0x147
[  549.205816][T12866]     INITIAL USE at:
[  549.209771][T12866]                      lock_acquire+0x120/0x360
[  549.215989][T12866]                      _raw_spin_lock_irqsave+0xa7/0xf0
[  549.222905][T12866]                      input_inject_event+0xa5/0x340
[  549.229556][T12866]                      kbd_led_trigger_activate+0xbc/0x100
[  549.236731][T12866]                      led_trigger_set+0x52d/0x950
[  549.243204][T12866]                      led_trigger_set_default+0x260/0x2a0
[  549.250423][T12866]                      led_classdev_register_ext+0x73d/0x930
[  549.257771][T12866]                      input_leds_connect+0x517/0x790
[  549.264514][T12866]                      input_register_device+0xcfd/0x1140
[  549.271611][T12866]                      atkbd_connect+0x72e/0xa00
[  549.277915][T12866]                      serio_driver_probe+0x82/0xd0
[  549.284476][T12866]                      really_probe+0x26a/0x9e0
[  549.290714][T12866]                      __driver_probe_device+0x18c/0x2f0
[  549.297714][T12866]                      driver_probe_device+0x4f/0x430
[  549.304453][T12866]                      __driver_attach+0x452/0x700
[  549.310932][T12866]                      bus_for_each_dev+0x230/0x2b0
[  549.317509][T12866]                      serio_handle_event+0x1f9/0x8d0
[  549.324245][T12866]                      process_scheduled_works+0xae1/0x17b0
[  549.331500][T12866]                      worker_thread+0x8a0/0xda0
[  549.337802][T12866]                      kthread+0x70e/0x8a0
[  549.343584][T12866]                      ret_from_fork+0x439/0x7d0
[  549.349884][T12866]                      ret_from_fork_asm+0x1a/0x30
[  549.356388][T12866]   }
[  549.358957][T12866]   ... key      at: [<ffffffff99e33000>] input_allocate_device.__key.5+0x0/0x20
[  549.368044][T12866] -> (&client->buffer_lock){....}-{3:3} {
[  549.373749][T12866]    INITIAL USE at:
[  549.377619][T12866]                    lock_acquire+0x120/0x360
[  549.383667][T12866]                    _raw_spin_lock+0x2e/0x40
[  549.389711][T12866]                    evdev_handle_get_val+0x70/0x9f0
[  549.396360][T12866]                    evdev_ioctl_handler+0x1202/0x1f10
[  549.403186][T12866]                    __ia32_compat_sys_ioctl+0x540/0x840
[  549.410189][T12866]                    __do_fast_syscall_32+0xb6/0x2b0
[  549.416844][T12866]                    do_fast_syscall_32+0x34/0x80
[  549.423237][T12866]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  549.431105][T12866]  }
[  549.433580][T12866]  ... key      at: [<ffffffff99e332a0>] evdev_open.__key.25+0x0/0x20
[  549.441707][T12866]  ... acquired at:
[  549.445500][T12866]    lock_acquire+0x120/0x360
[  549.450157][T12866]    _raw_spin_lock+0x2e/0x40
[  549.454813][T12866]    evdev_handle_get_val+0x70/0x9f0
[  549.460074][T12866]    evdev_ioctl_handler+0x1202/0x1f10
[  549.465510][T12866]    __ia32_compat_sys_ioctl+0x540/0x840
[  549.471138][T12866]    __do_fast_syscall_32+0xb6/0x2b0
[  549.476404][T12866]    do_fast_syscall_32+0x34/0x80
[  549.481433][T12866]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  549.487911][T12866] 
[  549.490308][T12866] 
[  549.490308][T12866] the dependencies between the lock to be acquired
[  549.490314][T12866]  and SOFTIRQ-irq-unsafe lock:
[  549.503817][T12866]   -> (tasklist_lock){.+.+}-{3:3} {
[  549.509115][T12866]      HARDIRQ-ON-R at:
[  549.513252][T12866]                         lock_acquire+0x120/0x360
[  549.519739][T12866]                         _raw_read_lock+0x36/0x50
[  549.526216][T12866]                         __do_wait+0xde/0x740
[  549.532360][T12866]                         do_wait+0x1f8/0x520
[  549.538421][T12866]                         kernel_wait+0xab/0x170
[  549.544739][T12866]                         call_usermodehelper_exec_work+0xbe/0x230
[  549.552616][T12866]                         process_scheduled_works+0xae1/0x17b0
[  549.560150][T12866]                         worker_thread+0x8a0/0xda0
[  549.566725][T12866]                         kthread+0x70e/0x8a0
[  549.572778][T12866]                         ret_from_fork+0x439/0x7d0
[  549.579341][T12866]                         ret_from_fork_asm+0x1a/0x30
[  549.586084][T12866]      SOFTIRQ-ON-R at:
[  549.590218][T12866]                         lock_acquire+0x120/0x360
[  549.596697][T12866]                         _raw_read_lock+0x36/0x50
[  549.603171][T12866]                         __do_wait+0xde/0x740
[  549.609310][T12866]                         do_wait+0x1f8/0x520
[  549.615358][T12866]                         kernel_wait+0xab/0x170
[  549.621671][T12866]                         call_usermodehelper_exec_work+0xbe/0x230
[  549.629542][T12866]                         process_scheduled_works+0xae1/0x17b0
[  549.637062][T12866]                         worker_thread+0x8a0/0xda0
[  549.643637][T12866]                         kthread+0x70e/0x8a0
[  549.649682][T12866]                         ret_from_fork+0x439/0x7d0
[  549.656245][T12866]                         ret_from_fork_asm+0x1a/0x30
[  549.663074][T12866]      INITIAL USE at:
[  549.667118][T12866]                        lock_acquire+0x120/0x360
[  549.673511][T12866]                        _raw_write_lock_irq+0xa2/0xf0
[  549.680332][T12866]                        copy_process+0x224f/0x3c00
[  549.686899][T12866]                        kernel_clone+0x21e/0x840
[  549.693292][T12866]                        user_mode_thread+0xdd/0x140
[  549.700049][T12866]                        rest_init+0x23/0x300
[  549.706092][T12866]                        start_kernel+0x3a9/0x410
[  549.712481][T12866]                        x86_64_start_reservations+0x24/0x30
[  549.719831][T12866]                        x86_64_start_kernel+0x143/0x1c0
[  549.726843][T12866]                        common_startup_64+0x13e/0x147
[  549.733672][T12866]      INITIAL READ USE at:
[  549.738149][T12866]                             lock_acquire+0x120/0x360
[  549.744979][T12866]                             _raw_read_lock+0x36/0x50
[  549.751802][T12866]                             __do_wait+0xde/0x740
[  549.758283][T12866]                             do_wait+0x1f8/0x520
[  549.764678][T12866]                             kernel_wait+0xab/0x170
[  549.771329][T12866]                             call_usermodehelper_exec_work+0xbe/0x230
[  549.779551][T12866]                             process_scheduled_works+0xae1/0x17b0
[  549.787435][T12866]                             worker_thread+0x8a0/0xda0
[  549.794342][T12866]                             kthread+0x70e/0x8a0
[  549.800739][T12866]                             ret_from_fork+0x439/0x7d0
[  549.807648][T12866]                             ret_from_fork_asm+0x1a/0x30
[  549.814766][T12866]    }
[  549.817425][T12866]    ... key      at: [<ffffffff8de0c058>] tasklist_lock+0x18/0x40
[  549.825302][T12866]    ... acquired at:
[  549.829259][T12866]    lock_acquire+0x120/0x360
[  549.833918][T12866]    _raw_read_lock+0x36/0x50
[  549.838570][T12866]    send_sigio+0x101/0x370
[  549.843053][T12866]    dnotify_handle_event+0x169/0x440
[  549.848406][T12866]    fsnotify+0x1814/0x1a80
[  549.852890][T12866]    path_openat+0x171e/0x3830
[  549.857635][T12866]    do_filp_open+0x1fa/0x410
[  549.862290][T12866]    do_sys_openat2+0x121/0x1c0
[  549.867115][T12866]    __ia32_compat_sys_open+0x117/0x140
[  549.872639][T12866]    __do_fast_syscall_32+0xb6/0x2b0
[  549.877902][T12866]    do_fast_syscall_32+0x34/0x80
[  549.882904][T12866]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  549.889747][T12866] 
[  549.892051][T12866]  -> (&f_owner->lock){....}-{3:3} {
[  549.897324][T12866]     INITIAL USE at:
[  549.901282][T12866]                      lock_acquire+0x120/0x360
[  549.907508][T12866]                      _raw_write_lock_irq+0xa2/0xf0
[  549.914161][T12866]                      __f_setown+0x67/0x370
[  549.920116][T12866]                      generic_setlease+0xd60/0x1240
[  549.926791][T12866]                      fcntl_setlease+0x3a2/0x4c0
[  549.933196][T12866]                      do_fcntl+0x6a9/0x1910
[  549.939150][T12866]                      do_compat_fcntl64+0x477/0x720
[  549.945816][T12866]                      __do_fast_syscall_32+0xb6/0x2b0
[  549.952640][T12866]                      do_fast_syscall_32+0x34/0x80
[  549.959201][T12866]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  549.967265][T12866]     INITIAL READ USE at:
[  549.971668][T12866]                           lock_acquire+0x120/0x360
[  549.978325][T12866]                           _raw_read_lock_irqsave+0xaf/0x100
[  549.985754][T12866]                           send_sigio+0x38/0x370
[  549.992149][T12866]                           kill_fasync+0x24d/0x4d0
[  549.998718][T12866]                           lease_break_callback+0x26/0x30
[  550.005892][T12866]                           __break_lease+0x6a2/0x1620
[  550.012804][T12866]                           do_dentry_open+0x8b7/0x13f0
[  550.019717][T12866]                           vfs_open+0x3b/0x340
[  550.025934][T12866]                           path_openat+0x2ee5/0x3830
[  550.032683][T12866]                           do_filp_open+0x1fa/0x410
[  550.039335][T12866]                           io_openat2+0x3e0/0x5c0
[  550.045815][T12866]                           __io_issue_sqe+0x17e/0x4b0
[  550.052670][T12866]                           io_issue_sqe+0x165/0xfd0
[  550.059326][T12866]                           io_submit_sqes+0xa34/0x1d30
[  550.066240][T12866]                           __se_sys_io_uring_enter+0x2df/0x2b20
[  550.073960][T12866]                           __do_fast_syscall_32+0xb6/0x2b0
[  550.081248][T12866]                           do_fast_syscall_32+0x34/0x80
[  550.088253][T12866]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  550.096732][T12866]   }
[  550.099296][T12866]   ... key      at: [<ffffffff99b33fe0>] file_f_owner_allocate.__key+0x0/0x20
[  550.108219][T12866]   ... acquired at:
[  550.112083][T12866]    lock_acquire+0x120/0x360
[  550.116741][T12866]    _raw_read_lock_irqsave+0xaf/0x100
[  550.122172][T12866]    send_sigio+0x38/0x370
[  550.126583][T12866]    kill_fasync+0x24d/0x4d0
[  550.131171][T12866]    lease_break_callback+0x26/0x30
[  550.136362][T12866]    __break_lease+0x6a2/0x1620
[  550.141192][T12866]    do_dentry_open+0x8b7/0x13f0
[  550.146104][T12866]    vfs_open+0x3b/0x340
[  550.150328][T12866]    path_openat+0x2ee5/0x3830
[  550.155071][T12866]    do_filp_open+0x1fa/0x410
[  550.159807][T12866]    io_openat2+0x3e0/0x5c0
[  550.164286][T12866]    __io_issue_sqe+0x17e/0x4b0
[  550.169129][T12866]    io_issue_sqe+0x165/0xfd0
[  550.173789][T12866]    io_submit_sqes+0xa34/0x1d30
[  550.178740][T12866]    __se_sys_io_uring_enter+0x2df/0x2b20
[  550.184805][T12866]    __do_fast_syscall_32+0xb6/0x2b0
[  550.190082][T12866]    do_fast_syscall_32+0x34/0x80
[  550.195199][T12866]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  550.201680][T12866] 
[  550.203981][T12866] -> (&new->fa_lock){....}-{3:3} {
[  550.209082][T12866]    INITIAL USE at:
[  550.212957][T12866]                    lock_acquire+0x120/0x360
[  550.219007][T12866]                    _raw_write_lock_irq+0xa2/0xf0
[  550.225504][T12866]                    fasync_remove_entry+0xf1/0x1c0
[  550.232073][T12866]                    sock_fasync+0x85/0xf0
[  550.237862][T12866]                    __fput+0x8a2/0xa70
[  550.243409][T12866]                    task_work_run+0x1d1/0x260
[  550.249572][T12866]                    exit_to_user_mode_loop+0xec/0x110
[  550.256427][T12866]                    __do_fast_syscall_32+0x1f4/0x2b0
[  550.263193][T12866]                    do_fast_syscall_32+0x34/0x80
[  550.269600][T12866]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  550.277508][T12866]    INITIAL READ USE at:
[  550.281879][T12866]                         lock_acquire+0x120/0x360
[  550.288367][T12866]                         _raw_read_lock_irqsave+0xaf/0x100
[  550.295631][T12866]                         kill_fasync+0x199/0x4d0
[  550.302048][T12866]                         lease_break_callback+0x26/0x30
[  550.309058][T12866]                         __break_lease+0x6a2/0x1620
[  550.315715][T12866]                         do_dentry_open+0x8b7/0x13f0
[  550.322457][T12866]                         vfs_open+0x3b/0x340
[  550.328504][T12866]                         path_openat+0x2ee5/0x3830
[  550.335082][T12866]                         do_filp_open+0x1fa/0x410
[  550.341562][T12866]                         io_openat2+0x3e0/0x5c0
[  550.347871][T12866]                         __io_issue_sqe+0x17e/0x4b0
[  550.354529][T12866]                         io_issue_sqe+0x165/0xfd0
[  550.361010][T12866]                         io_submit_sqes+0xa34/0x1d30
[  550.367756][T12866]                         __se_sys_io_uring_enter+0x2df/0x2b20
[  550.375297][T12866]                         __do_fast_syscall_32+0xb6/0x2b0
[  550.382389][T12866]                         do_fast_syscall_32+0x34/0x80
[  550.389221][T12866]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  550.397528][T12866]  }
[  550.400006][T12866]  ... key      at: [<ffffffff99b34000>] fasync_insert_entry.__key+0x0/0x20
[  550.408660][T12866]  ... acquired at:
[  550.412456][T12866]    lock_acquire+0x120/0x360
[  550.417114][T12866]    _raw_read_lock_irqsave+0xaf/0x100
[  550.422547][T12866]    kill_fasync+0x199/0x4d0
[  550.427138][T12866]    evdev_pass_values+0x627/0xbd0
[  550.432229][T12866]    evdev_events+0x1e6/0x340
[  550.436885][T12866]    input_pass_values+0x288/0x890
[  550.441989][T12866]    input_event_dispose+0x330/0x6b0
[  550.447251][T12866]    input_inject_event+0x1dd/0x340
[  550.452430][T12866]    evdev_write+0x2fc/0x480
[  550.456995][T12866]    vfs_write+0x27b/0xb30
[  550.461394][T12866]    ksys_write+0x145/0x250
[  550.465875][T12866]    __do_fast_syscall_32+0xb6/0x2b0
[  550.471141][T12866]    do_fast_syscall_32+0x34/0x80
[  550.476144][T12866]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  550.482807][T12866] 
[  550.485111][T12866] 
[  550.485111][T12866] stack backtrace:
[  550.490982][T12866] CPU: 0 UID: 0 PID: 12866 Comm: syz.3.1918 Not tainted syzkaller #0 PREEMPT(full) 
[  550.490995][T12866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  550.491002][T12866] Call Trace:
[  550.491008][T12866]  <TASK>
[  550.491014][T12866]  dump_stack_lvl+0x189/0x250
[  550.491029][T12866]  ? __pfx_dump_stack_lvl+0x10/0x10
[  550.491040][T12866]  ? __pfx__printk+0x10/0x10
[  550.491056][T12866]  validate_chain+0x1f05/0x2140
[  550.491071][T12866]  __lock_acquire+0xab9/0xd20
[  550.491086][T12866]  ? kill_fasync+0x199/0x4d0
[  550.491097][T12866]  lock_acquire+0x120/0x360
[  550.491110][T12866]  ? kill_fasync+0x199/0x4d0
[  550.491123][T12866]  _raw_read_lock_irqsave+0xaf/0x100
[  550.491133][T12866]  ? kill_fasync+0x199/0x4d0
[  550.491143][T12866]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[  550.491151][T12866]  ? do_raw_spin_lock+0x121/0x290
[  550.491164][T12866]  kill_fasync+0x199/0x4d0
[  550.491175][T12866]  ? kill_fasync+0x53/0x4d0
[  550.491185][T12866]  evdev_pass_values+0x627/0xbd0
[  550.491197][T12866]  ? evdev_pass_values+0x601/0xbd0
[  550.491207][T12866]  evdev_events+0x1e6/0x340
[  550.491216][T12866]  ? evdev_events+0x79/0x340
[  550.491225][T12866]  ? input_pass_values+0x8d/0x890
[  550.491233][T12866]  input_pass_values+0x288/0x890
[  550.491244][T12866]  ? input_handle_event+0x70c/0xf30
[  550.491257][T12866]  input_event_dispose+0x330/0x6b0
[  550.491271][T12866]  input_inject_event+0x1dd/0x340
[  550.491289][T12866]  ? input_inject_event+0xb6/0x340
[  550.491302][T12866]  evdev_write+0x2fc/0x480
[  550.491313][T12866]  ? __pfx_evdev_write+0x10/0x10
[  550.491323][T12866]  ? bpf_lsm_file_permission+0x9/0x20
[  550.491335][T12866]  ? security_file_permission+0x75/0x290
[  550.491349][T12866]  ? rw_verify_area+0x255/0x4d0
[  550.491361][T12866]  ? __lock_acquire+0xab9/0xd20
[  550.491374][T12866]  ? __pfx_evdev_write+0x10/0x10
[  550.491384][T12866]  vfs_write+0x27b/0xb30
[  550.491398][T12866]  ? __pfx_vfs_write+0x10/0x10
[  550.491410][T12866]  ? __fget_files+0x2a/0x420
[  550.491419][T12866]  ? __fget_files+0x2a/0x420
[  550.491427][T12866]  ? __fget_files+0x3a0/0x420
[  550.491434][T12866]  ? __fget_files+0x2a/0x420
[  550.491443][T12866]  ksys_write+0x145/0x250
[  550.491456][T12866]  ? __pfx_ksys_write+0x10/0x10
[  550.491469][T12866]  ? lockdep_hardirqs_on+0x9c/0x150
[  550.491480][T12866]  __do_fast_syscall_32+0xb6/0x2b0
[  550.491491][T12866]  ? lockdep_hardirqs_on+0x9c/0x150
[  550.491501][T12866]  do_fast_syscall_32+0x34/0x80
[  550.491511][T12866]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  550.491524][T12866] RIP: 0023:0xf705e539
[  550.491534][T12866] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  550.491542][T12866] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  550.491553][T12866] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000040
[  550.491560][T12866] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000
[  550.491566][T12866] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  550.491571][T12866] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  550.491577][T12866] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  550.491585][T12866]  </TASK>
[  557.839819][T10755] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  557.855394][T10755] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  557.868508][T10755] usb 3-1: USB disconnect, device number 34