last executing test programs:

10.265332535s ago: executing program 4 (id=1850):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x7fff, 0x400202)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
unshare(0x6a040000)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$alg(r1, &(0x7f0000002280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-asm\x00'}, 0x58)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0xfff, 0x2000000000000004, 0x0, 0x3}, 0x0)
r4 = syz_open_dev$video(&(0x7f0000000240), 0x80000000a7, 0x40801)
ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000005c0)={0x1, @pix_mp={0xe, 0x40, 0x47524247, 0x2, 0x9, [{0x3, 0x4}, {0x5, 0x4}, {0x3, 0x3}, {0xbc, 0x6}, {0x8, 0x30000000}, {0xfffffffe, 0x38}, {0xe, 0x2}, {0x80000001, 0x15}], 0x49, 0x6, 0x8, 0x0, 0x4}})
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'wg1\x00', &(0x7f0000000040)=@ethtool_cmd={0x28, 0x6, 0xff, 0xfce, 0xfa, 0xfa, 0x1, 0x9, 0x3, 0x0, 0x7fffffff, 0xcdd, 0x24, 0x4, 0x8, 0x0, [0x6e, 0x7]}})
execve(0x0, 0x0, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$int_in(r5, 0x5452, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f0000000000)=0xffb)
fcntl$setstatus(r5, 0x4, 0x0)
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000100)={{0x0, 0x3938700}, {0x77359400}}, 0x0)
r6 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000002300)="bc3009bb66682c9d4233b0cc644f5fdae5b9d17f7ada03bc77aea173022c18232e1fb162caf50d08fda40c6e9c515c4a2c7245660296c0460cbff563b781695432f5a83f5ab8979bf6fd1c17aaa22ada927f1feb5074053514edf5734d63b2b58e5c5b848d6fa38f7956549438addc5e72bb0cdbce326b0b3f673b017494917392", 0x81, 0xfffffffffffffffe)
r7 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r6, r7, r6}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

8.805063113s ago: executing program 3 (id=1852):
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x1b, 0x7, 0x0, 0x8000}, 0x50)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
mknod$loop(&(0x7f0000000040)='./bus\x00', 0x200, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000, 0x0, 0x0, 0x18, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e6fe80b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

8.498985889s ago: executing program 3 (id=1853):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000000200)={0x2020, 0x0, <r4=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r3, &(0x7f0000002300)={0x50, 0x0, r4, {0x7, 0x9, 0x0, 0x31008003, 0xfffe}}, 0x50)
read$FUSE(r3, &(0x7f0000004580)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r3, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r5}, 0x10)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup3(r6, r3, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
sendfile(r7, r8, 0x0, 0xff7e82)
ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000200))
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000"])
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x9)

8.262434038s ago: executing program 4 (id=1855):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$can_j1939(0x1d, 0x2, 0x7)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
rmdir(0x0)
syz_usb_connect(0x0, 0x36, 0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
ftruncate(0xffffffffffffffff, 0xffff)
r3 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f00000000c0)={0xffffffffffffffff, 0x1, 0x10000})
syz_io_uring_submit(0x0, 0x0, 0x0)
epoll_create(0x7fffffff)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x52, 0x1, 0x1, {0x1, 0x1}, {0x41, 0x2}, @cond=[{0x1, 0x8000, 0xc3, 0x401, 0x8, 0x4}, {0x55b, 0x6, 0x7, 0xb, 0x7ff, 0x6}]})
write$char_usb(0xffffffffffffffff, &(0x7f0000000280)="e27a3236a0bd4da6e29f55ec0bed511d49354ef347ae36661c5283ee262c1b66134699d5e7bb998214cbbd286637a3a63a4321656e6bf0db42a4f5f323383111227cf7a146087db93f6d0ac2b752692ded4cb362f5a8a2fcd590a021697c52cc3eefa75c34fa5e021cb1f26eecf29fd8eebb914ad1492e9cf77741f5b4", 0x7d)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000440)={'gre0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0xffffffff, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xfc, 0x2f, 0x0, @loopback, @empty}}}})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYRESHEX=r3, @ANYBLOB="ce121a16cecd5cde12dd10070391312c84efa51b00a76109250cf56e9f799d8d53c7f6d68508a5ae1315989d86fd98ebceb91d94918193585f29b35526498b5fb2db4d2fa1d625cd19efc237304a0d57e8cfae94af61ef34c2acb70a2cc30e3257aa54e617baf5d0b210755aba8c1afab4990784c952dc84bcf8dc87c72b39b2c952eebaee95", @ANYBLOB="00000000000400002400128009000100626f6e64000000001400028004001f00040000000800070005"], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)

7.969895935s ago: executing program 3 (id=1858):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r7, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000000cc00000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e64021d683910c3090b3188a7c747eb2278a273c1b800294429118927"], 0xfdef)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f000001fc40)=[@text16={0x10, 0x0}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100000000000000064d564b"])
r9 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r9, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)=ANY=[@ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r10 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r10, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c)

7.382020309s ago: executing program 0 (id=1861):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) (async)
r0 = syz_io_uring_setup(0x4b3, &(0x7f00000001c0)={0x0, 0x247c, 0x2, 0x8, 0x1}, &(0x7f0000010080), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000100)=""/154, 0x9a}], 0x2)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) (async)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r1=>r0, {0x2}}, './file0\x00'})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000189000/0x1000)=nil, 0x1000}})
ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000080)={&(0x7f00009ef000/0x1000)=nil, 0x7fffffff, 0x3, 0x4}) (async)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)

6.988448795s ago: executing program 0 (id=1863):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$can_j1939(0x1d, 0x2, 0x7)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
rmdir(0x0)
syz_usb_connect(0x0, 0x36, 0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
ftruncate(0xffffffffffffffff, 0xffff)
r3 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f00000000c0)={0xffffffffffffffff, 0x1, 0x10000})
syz_io_uring_submit(0x0, 0x0, 0x0)
epoll_create(0x7fffffff)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x52, 0x1, 0x1, {0x1, 0x1}, {0x41, 0x2}, @cond=[{0x1, 0x8000, 0xc3, 0x401, 0x8, 0x4}, {0x55b, 0x6, 0x7, 0xb, 0x7ff, 0x6}]})
write$char_usb(0xffffffffffffffff, &(0x7f0000000280)="e27a3236a0bd4da6e29f55ec0bed511d49354ef347ae36661c5283ee262c1b66134699d5e7bb998214cbbd286637a3a63a4321656e6bf0db42a4f5f323383111227cf7a146087db93f6d0ac2b752692ded4cb362f5a8a2fcd590a021697c52cc3eefa75c34fa5e021cb1f26eecf29fd8eebb914ad1492e9cf77741f5b4", 0x7d)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000440)={'gre0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0xffffffff, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xfc, 0x2f, 0x0, @loopback, @empty}}}})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYRESHEX=r3, @ANYBLOB="ce121a16cecd5cde12dd10070391312c84efa51b00a76109250cf56e9f799d8d53c7f6d68508a5ae1315989d86fd98ebceb91d94918193585f29b35526498b5fb2db4d2fa1d625cd19efc237304a0d57e8cfae94af61ef34c2acb70a2cc30e3257aa54e617baf5d0b210755aba8c1afab4990784c952dc84bcf8dc87c72b39b2c952eebaee95", @ANYBLOB="00000000000400002400128009000100626f6e64000000001400028004001f00040000000800070005"], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)

6.389870626s ago: executing program 2 (id=1866):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0)
dup(0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000280)={0x1fe, 0x2, 0x5000, 0x1000, &(0x7f0000003000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f83"], 0x48)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000000)=0x1ff, 0x4)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000180)=""/25, &(0x7f0000000040)=0x19)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x802)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185)

5.305810661s ago: executing program 3 (id=1867):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f00000065c0)={0x0, 0x0, &(0x7f0000006580)={&(0x7f0000000f00)=ANY=[@ANYBLOB="1400000014003dd862c7ce00fedbdf252c0000007ae45dda7c019859a7a7638960f77df3297d4bba3e696a2b11b22ce2a18fedccd7b41e66bb04ad198fa1ebc7efaa4cc212b88de01262adae152573f9bf6d9f2b55247ac1750e601e6342994de6618f46efdc7a4f5dd9ea290d21ec73e1528b339d631f71f64b2a9f60e7b9f290e8ae04a0fd598d05df69ab66f1c55c569404c9c62c6b0b1e2e726d8a42ea8da75dc29fa219939448584131bd64f30142c16177a3d8d14bbf729a033eb242f97691dcbf0f30406ca3d51ee5bfef44ae93c687657f29e0ce0028f1"], 0x14}, 0x1, 0x0, 0x0, 0x4048844}, 0x840)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x49, 0x8101, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000001140)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001100)={&(0x7f0000001080)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000129bd7000ffdbdf2501000000040003004800018008000100", @ANYRES32=0x0, @ANYBLOB="9fdd0000", @ANYRES32=0x0, @ANYBLOB="080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000300010000001400020076657468315f766c616e0000000000000800030000000000"], 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket(0x80000000000000a, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x3, &(0x7f0000000100)=[{0x5}, {0x45}, {0x6}]})
setsockopt$inet6_group_source_req(r3, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x2, @remote}}}, 0x108)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000c00)={{0x1, 0x1, 0x18, <r4=>r1, {0x1000}}, './file0\x00'})
r5 = pidfd_getfd(r4, r4, 0x0)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000e80)={{&(0x7f0000306000/0x1000)=nil, 0x1000}})
setsockopt$inet6_group_source_req(r4, 0x29, 0x2f, &(0x7f0000000c40)={0x5, {{0xa, 0x4e20, 0x4, @local, 0x8}}, {{0xa, 0x4e20, 0x80, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x7fffffff}}}, 0x108)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d80)=ANY=[@ANYBLOB="f000000010000100feffffff00010000fe880000000000000000000000000001fc0100000000000000000000000000010001071c4e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000d46c0000007f48ca46aae625d400000100000000000000000000000000000000000000009201000000000000a39b000000000000ffff0000000000001c2500000000000000fcffffffffffffff0000000000000000ffffffffffffffff02000000000000001f00000000000000feffffffffffffff02000000fcffffff0b0000002abd700004350000020001002000"/175], 0xf0}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801bf001a000100feffffff0001000000000000000000000000ffffe0000002", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000ac14142500000000000000000000000000000000000000009201000000000000a39b000000000000ffff0000000000001c250800000000000500000000000000fcffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000fefffffffffffffffafffffffcffffff000000008000000000350000020001002000000000000000480003006465666c61746500"/240], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
sendmsg$nl_xfrm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001c0001"], 0x14}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff0000000015040200000000001d400200000000004704000001ed000062030000000000001d440000000000007a0a00fe00ffffffdb03000040000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa5b4e377184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7592566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6cb5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
io_setup(0x8, &(0x7f0000000000))

4.659446478s ago: executing program 4 (id=1868):
fsopen(&(0x7f0000000580)='overlay\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x9, 0x2, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x200000000000000)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$binfmt_script(r5, &(0x7f0000000100), 0xfffffd9d)
write$binfmt_script(r5, &(0x7f0000001b00), 0xfffffd9d)
ppoll(&(0x7f0000000540)=[{r4, 0x5086}], 0x1, 0x0, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x4000, 0x1, 0x40000333}, &(0x7f00000006c0)=<r7=>0x0, &(0x7f0000000240)=<r8=>0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c000000100003050000f3ffffffffffffff0000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e00010069703665727370616e0000001800028005001600020000000400120008000500"], 0x4c}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{0x0}], 0x1})
clock_gettime(0x0, &(0x7f00000003c0)={<r10=>0x0, <r11=>0x0})
mq_timedsend(r5, 0x0, 0x0, 0x0, &(0x7f0000000400)={r10, r11+10000000})
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0)
socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000000)=""/4102, &(0x7f0000001080)=0x1006)
io_uring_enter(r6, 0x847ba, 0x0, 0xe, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl2\x00', 0x0, 0x29, 0x7d, 0x9, 0x1, 0x51, @private2={0xfc, 0x2, '\x00', 0x1}, @loopback={0x0, 0x460c6}, 0x1, 0x0, 0x25a1, 0x40}})
getpgid(0xffffffffffffffff)

3.949024565s ago: executing program 0 (id=1870):
r0 = socket$packet(0x11, 0x2, 0x300)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
bind$packet(r0, &(0x7f00000000c0)={0x11, 0x18, r2, 0x1, 0x81}, 0x14)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r3 = socket$kcm(0x10, 0x100000000002, 0x4)
recvmsg$kcm(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x2)
sendmsg$kcm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0180000000171300883795c04a31ba377a1b2cc32b38d3740000ffffffffffffffff", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180000006fffffff00000000200000006700fcff0000020095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x52c405b0}, 0x94)

3.900535074s ago: executing program 3 (id=1871):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000000, 0x50, r5, 0x447b4000)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x7, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x5, 0x6, 0x1], 0xd5d5c004, 0x8340})
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000080)=@x86={0x84, 0x4, 0x5, 0x0, 0x9, 0x5, 0x40, 0x7, 0x6, 0x4, 0xf9, 0x8, 0x0, 0x0, 0x5, 0x2, 0x4, 0x3, 0x44, '\x00', 0x4, 0x9})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r6 = dup(0xffffffffffffffff)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
connect$inet6(r6, &(0x7f0000000180)={0xa, 0x4e22, 0x33, @loopback}, 0x1c)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r8 = accept4(r7, 0x0, 0x0, 0x800)
sendmmsg$alg(r8, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000001701000003000000010000000000000000000000000000001701000002000000000000007005baa38d33e2e1650de8f13f421b2d4b60252e76171216e42961c3b08d4d3dacb0a7089ff7cbfd613d46fa95d6e2f6e76ac3266c9b1a531c4bcf0e7071f117cca4e883b4a6eb5dee7a9ab4d05d7ee311ab1c55b817285e0c3714ee6137e3b8553de667701a7c93437583b5f0b285a188098c1ac4ebac40b315ff8db6f736992497879a42b95248fed4d4888970573d0e88ceead26d97e172588a3ad30fbd01b7bbeeaa668e835f7ae3113fe2d949bb47bc0b2c62541714cc0538601ae4bab19d69a5addee134dd447034da6dd89704603d31a3d25b9d5f46cfd43d9e29aac7422920d98e1463256bd4cc929373ad9000000000faf6a95a04ad3b9db9b230f8224a3d6db187a94e5dadfe181d20d3a4bd08e8b0e6eeb79fdee230dd852a36dfc9046d03b8f316b2d460ca5d08c515d914db8ce430ea0237911c440ee750fe787aaffa83b809651c529e4cf68c8219a827ea003c59e3e51b00cd7f9464f37be2eb3e1475819ad37edcc238b85ab205a2b394916815d9cf7bf3f8e3d19a4697756299e21f2afd3ae31e0f09b8153965635216de47156f4e5fc97cb04f9c5e13256be1d9e0a94f9c6387940de1bcd7b532d16ebba216601cf23be6a7c259550bd059a5a7aee85eb558de8201c1d9c7b29e27313f61cf0b07dd790071bdbceabdd32ce2bcc279b1575a1431b03e5dc37307d15a2782175c87dad1a3aadf48b382bea4ae0b423edee0e12ada4c1dacc40bf387630792ab5c7ed6e2ef7e8a77268b0ff8978ccddfa8da4521d24b3fddc70d181c20caa9a584df9b2e"], 0x18}], 0x4924924924924fd, 0x0)
recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
setsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, &(0x7f0000000280)=0x1, 0x4)
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f00000002c0)={0x14, 0x10, 0x3, 0xb, 0x4, 0x2, 0x3, 0x84, 0x1})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x84, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3.793300364s ago: executing program 0 (id=1872):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r2, 0x6, 0x17, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f00000003c0)=0x560, 0x4)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0xffffffff}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd7000fedbdf2530000040080023000d838d85862a3c19b18d81bdab04e6bf1cc941f684fca41e5c0d3505d24fedd19823ae01043997dc9bfecc6f4ef3dd2de88da7bfbf5cec11f8ffa13ccb45505ddb8bdad5bb70872ec22999505de67494509db03a44999f0f97af49fe3fceea2d3e86200d0fabc77092129e049570341ae1c6cbb70f9fc95dbc6354277013429840b7bf9b4871babb12b8443ef06a79e4e68de42b5d3250f4ad10c71b5061e8aec22a23912fb00169cf3be04a50d6e0ce8b8572845a03539fe958af3c71f973a8cccac94125628d0e78bd0b50cba69a20296d0b1737710e1bc8a4", @ANYRES32=r5], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x20004800)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f00000020c0)=ANY=[@ANYBLOB="1201010200000010f3044d0740000102030109022d"], 0x0)
mlock2(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1)
syz_usb_connect$printer(0x6, 0x2d, &(0x7f0000002100)=ANY=[@ANYBLOB="12010200000000000000a8a440000102030109021b0001018140950904006d01070101050905ee827937c33d089e0b117141386b8d1a0102ff030d090d08a894ed3097a625910d73e9c2f09081ad74e46a073be233222d"], &(0x7f0000002440)={0xa, &(0x7f0000002240)={0xa, 0x6, 0x201, 0x6, 0x1, 0x2, 0x10, 0xd}, 0x5, &(0x7f0000002280)={0x5, 0xf, 0x5}})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000001b80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
r7 = socket$pptp(0x18, 0x1, 0x2)
connect$pptp(r7, &(0x7f0000000100)={0x18, 0x2, {0x0, @multicast2}}, 0x1e)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000001a0000000c00018008000100", @ANYRES32, @ANYBLOB="a55772ee0b53f39e77b5752baff489e686cea6977c949335dfe543026cdb7c9e3672ed2aa95ee92264b8a94b0f183ad4faa6af812bb4d774454fe4f5d87930ce61969a5a555960740ffb49cd6e2b4428c0662b85c5153990903e1f3a033bb05f9bfb654505bbd9accd95320a21847c83502588997b62fbeadbd933044ea72534db1094e6ee8217e3dedc2633047135954aac5993260aa8ee061a6c58519ba3f07d451b2e715ad11c6b334e83739a4098"], 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

3.46930661s ago: executing program 1 (id=1874):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/hardlockup_count', 0x800, 0x4)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r3, 0x114, 0xa, &(0x7f0000000300)=ANY=[@ANYRES16=0x0], 0x1)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000000080000000000000000000003000005050003000600000005000300110000000900010073797a300000000005000300210000000c00048008002140ffffffff06d50c186df9d6f4445363aaa5229b9662455a98658e6cd92260b9087e2d7e8322de25c345488bce2221b84538ef4abf53d6680cd1966792f2712cdbd04dc5ffb9a90d05d363c5b44922c6f8cafa73f5"], 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

3.193507348s ago: executing program 2 (id=1875):
io_setup(0x222, &(0x7f0000000180)=<r0=>0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0)
io_submit(r0, 0x2, &(0x7f0000000080)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x6417, r1, &(0x7f00000002c0)="ab", 0x1, 0x6ed}, &(0x7f0000000380)={0x3f000000, 0x0, 0x0, 0x7, 0x89, r1, 0x0, 0x0, 0x1}])

3.025303717s ago: executing program 2 (id=1876):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001540)=ANY=[@ANYBLOB="4400000010003b1500080000ed00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000b401001c00128009000100626f6e64000000000c000280050001000600000008000a00", @ANYRES32], 0x44}}, 0x0)

2.749965705s ago: executing program 2 (id=1877):
io_setup(0x2, &(0x7f0000000000)=<r0=>0x0)
r1 = fsopen(&(0x7f0000002e40)='pvfs2\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r2 = eventfd(0x78)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x242)
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000340)={0x1})
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYRES32=r0, @ANYRES32=r6, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x20000044)
r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/igmp\x00')
preadv(r7, &(0x7f0000010800)=[{&(0x7f00000000c0)=""/181, 0xb5}], 0x1, 0x2, 0x5)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r11 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r11, 0x4601, &(0x7f0000000100)={0xc80, 0x300, 0xc80, 0x40, 0x81, 0x0, 0x4, 0x0, {0x0, 0x3, 0x1002}, {0x350, 0xfffffffd, 0x1}, {0xf4f3}, {0x8000, 0x0, 0xffe}, 0x0, 0x80, 0x2, 0xd618, 0x0, 0x4, 0xaf9, 0x205, 0x0, 0x6, 0x0, 0x20, 0x8, 0x4, 0x0, 0xb})
write$RDMA_USER_CM_CMD_CREATE_ID(r10, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x6e, 0x6, 0x0, 0x1, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
sendmsg$nl_route(r12, 0x0, 0x0)

2.54887503s ago: executing program 1 (id=1878):
r0 = memfd_secret(0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)=<r1=>0x0)
ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, @nfc={0x27, r1, 0xffffffffffffffff, 0x7}, @ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4}, @nl=@kern={0x10, 0x0, 0x0, 0x40}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='wg2\x00', 0x2d5, 0x100, 0x5}) (async)
ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, @nfc={0x27, r1, 0xffffffffffffffff, 0x7}, @ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4}, @nl=@kern={0x10, 0x0, 0x0, 0x40}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='wg2\x00', 0x2d5, 0x100, 0x5})
fsetxattr$security_ima(r0, &(0x7f0000000100), &(0x7f0000000140)=@sha1={0x1, "e2dc455ba22b4cf566569dddd7bf8c3e92302717"}, 0x15, 0x3)
r2 = socket$inet6(0xa, 0xa, 0x3dc)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000180)={@loopback, 0x39})
ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f00000001c0)={0x4000, 0x48, 0xc35, 0x3})
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG(r3, 0x4008af74, &(0x7f0000000240)={0x1, 0x90, "d4a4ccda7f970e8a38323fd9b730d0d0e61cbfe2bce78b815a6ba2651c2daa41d4e81c3143ee74714a707235b0fa41b6336d1bdb5f342897fc2b26c853e633fd60147b49b2c83d5833eeb1bd4b52a0d14e88b778dabc935e4a4260ae367155609b6c91f813e2a157bfd6c38568992d8fe17800c82fd3d1a696d591de4787e54b4f4bfecca510dd90733b8583578425b2"}) (async)
ioctl$VHOST_VDPA_SET_CONFIG(r3, 0x4008af74, &(0x7f0000000240)={0x1, 0x90, "d4a4ccda7f970e8a38323fd9b730d0d0e61cbfe2bce78b815a6ba2651c2daa41d4e81c3143ee74714a707235b0fa41b6336d1bdb5f342897fc2b26c853e633fd60147b49b2c83d5833eeb1bd4b52a0d14e88b778dabc935e4a4260ae367155609b6c91f813e2a157bfd6c38568992d8fe17800c82fd3d1a696d591de4787e54b4f4bfecca510dd90733b8583578425b2"})
ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201)
ioctl$KVM_GET_MSRS_sys(r0, 0xc008ae88, &(0x7f0000000300)={0x1, 0x0, [{0xdc2, 0x0, 0x20000000000}]})
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000380)={0x6, &(0x7f0000000340)=[{0x5, 0x9, 0xd}, {0x0, 0x0, 0xe, 0x62ec}, {0xdc, 0x4, 0x2}, {0x0, 0x3, 0x0, 0xffff}, {0xfffe, 0x4, 0x0, 0x1}, {0x5, 0x1, 0x97, 0x1}]})
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f00000003c0)={r2, 0x4, 0x13ec80000000, 0x1}) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f00000003c0)={<r5=>r2, 0x4, 0x13ec80000000, 0x1})
userfaultfd(0x80800) (async)
userfaultfd(0x80800)
ioctl$FUSE_DEV_IOC_BACKING_CLOSE(r3, 0x4004e502, &(0x7f0000000400)=0x6) (async)
ioctl$FUSE_DEV_IOC_BACKING_CLOSE(r3, 0x4004e502, &(0x7f0000000400)=0x6)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), r0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r5, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x14, r6, 0x200, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x8040) (async)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r5, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x14, r6, 0x200, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x8040)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000580)) (async)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000580))
mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(0xffffffffffffffff, 0x8002f515, &(0x7f0000000600)) (async)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(0xffffffffffffffff, 0x8002f515, &(0x7f0000000600))
ioctl$sock_inet6_udp_SIOCOUTQ(r5, 0x5411, &(0x7f0000000640))
bind$inet6(r2, &(0x7f0000000680)={0xa, 0x4e23, 0x1, @private1, 0x3}, 0x1c)
syz_open_dev$evdev(&(0x7f00000006c0), 0xc, 0x4002) (async)
r7 = syz_open_dev$evdev(&(0x7f00000006c0), 0xc, 0x4002)
ioctl$EVIOCGUNIQ(r7, 0x80404508, &(0x7f0000000700)=""/122) (async)
ioctl$EVIOCGUNIQ(r7, 0x80404508, &(0x7f0000000700)=""/122)
read$FUSE(r0, &(0x7f0000000780)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_GETXATTR(r0, &(0x7f00000027c0)={0x18, 0x0, r8, {0x1}}, 0x18)
bind$unix(r5, &(0x7f0000002800)=@file={0x0, './file0\x00'}, 0x6e)
pwrite64(r0, &(0x7f0000002880)="d2325eb4162048ebeb5fd654f823ec5b67040bcb3e574103bf4f32df42e3d1448740f8ba787b43", 0x27, 0x2)
lsetxattr$trusted_overlay_redirect(&(0x7f00000028c0)='./file0\x00', &(0x7f0000002900), &(0x7f0000002940)='./file0\x00', 0x8, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r0, 0x4068aea3, &(0x7f0000002980)={0x80, 0x0, 0x3})

2.441422904s ago: executing program 1 (id=1879):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0xc2, &(0x7f0000000200)={@remote, @local, @val={@void}, {@llc_tr={0x11, {@llc={0xfe, 0x7e, 'B', "a99ae81f6b1bac639fd3a32717aeb4fe30daf0e7c84b644b98c4e7db770f30b04db7ab39092c9be98668233ed090243f16be82d418df18420f3a3ae2ee05956de2249711b36ea2a8863391486ec84df8f234ce4c901cabdd479b02ce11a84152049aaf24d86ec6b4b0e467ad51efd90485c9bfb52680a86db3009010ec03252f048a8d7c183a4dd22d02dae9b7f3cf616e748a0e476bc9e28f158e3ae73b8704b64e11ab938b3fe7779eb9eb6f"}}}}}, &(0x7f0000000000)={0x0, 0x1, [0x898, 0x36a, 0x3bc, 0x4ec]})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000040)={'ip_vti0\x00', &(0x7f00000001c0)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14}}}})
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r2 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000d40)=[{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000640)="eb5974e8be09e387ab90b1569489ca152362cb44b1952d7a95d4e348dd0a24fdb5fbd2dc1f3ddba2f36dd88226e8ab7b58818a357b167f7671a57d73594a9107053189f3589268715fdfc605ce82d5053ca0394bd3ef6ccbdf534483f3c1d4f9ff65fb1863033c0b1caa3693e04df2ec20276f06deaacfacc12fcba68de29bde9a2ea9ba457ea429c807659f0625a5eb47b1ec44b0aa784104dfb70463705ab40799c86b2eb83432002fec798f0bdef9e3129d6fd289675b3398fa9f922160f45eade8d18b595a0fc72cd89e7ce9112fdd0994337ac9fdf91c43f4551bc2e594a4ed9151fe9bdfa478ce6047b4a2f3a6e1a2c24151a1", 0xf6}, {&(0x7f00000022c0)="c16c1cb56e011137d8fad178027b2faacf212c800a3de527f2d7063269c4571f027798da84ad51c859e750f5391da059f59e968f9dd2244b5fd4683b2b73e92a79bca3157f7af8988fc91c526b8e9200ca6b1784f45393c105404888f76dc03459d97a23d0d9bf29d87ad64a2d3535c2b73846a89f4001a2e174516afd324cb44dacd99f89f2d47476ee4cb3fe674ebf0d0028acae0ee0e083766a5f84ed4e2a6138340dceeb9c5ef49198e92ac562344a32d8fc9b59c995551e25a95330ac7b14940cf69fa391f9437cef06f764cbfea6baef017bdd7cc7864cd966089940405a8746af3d86c75e2465f6f1bf33583ed433d324056d6bf9dc8568e0fd335d146b7869b965be706d62bba2b8c02e8fb777b784c4a2662ac694b80d8b2a8aff93b9bbfea5ba817e161ce5249251bb9091ab2a3349f6a1458d1b79879dd987c75dba8bd71acb9dc8557a75a5a45095620211330f3ef2622e2169cee55d93259181d777c3a00151d971688032472596dfb36cfc9a5f9faead6dff1d23ce238bf3e6f9a4235a61af0266d50e9b704685d86fdc716044883f03074356e3744c85c048c904827f3d6540e9c6b253deb96ee952e8ebdd907f326392ba4de9a3d4c409ccb31ad8a5b907650851912f5fe358a29d4b8a5295c57c0f351a2c00d8516b4cad18de8df71be4c52de2ced61c0f8fc7591ea98506493e43b66bc2f7b6f4a5a4fdce5d228f4fde275f0f3bda10ae8bae4c09f30b5c57e6517dc6121b9e95b69e9ae576691ae8f996075f9811db3a0efbaf295b21ce197c4f51eae561f2ee088cbfda03023db0980792afb6e8a211a01a142b8af10ea469060a61845ea97572be246e2de97e3f039a061c3b47e8d8c2d060a303f7cddde779cb486eb29c0c7db5e22a05d61f0df07706554f125decc4e4e9859034c02c85fb613b3d4ac7e430af512b8086dfbe81d893d05fa94e03de868bb4e08977d2d127452a0f3b4b4c7aa3422b630ead6a3f5c3b0d909716d80a87c005f9c377e6baaa477ca2fb2c912f0df04a252adb879af0862467dfff3fa02b59ad408a3c05fcc449a44c2e5b095dba299252b754f1e59c384703ac217c57d9ee30a65abee918737d7d34e52d405b07c3e115e9ab00e9e094f9b619130360b54455d577e5f864c11d5439ff1a757b4f5637700b5f54e1db74b6e0d72026474660f3ae2707aa1b91e3171797e5d56fb4868d954357cc14d769c5043d1ed7042a36dcf2f28ce469c92ebf29c67173d8568a1ca1a9b24e5cfe96b16d0003579c0e610d5d4eccc0527d9280dcedece5b3219f755daa005ef4da75d7e0e29a5d4732c1853bbe7942eca24161b6bd3c7394605d0377808bc8ac428fc55d5760e12c2d103ec6c3ae5c17ad5c58315ebaa2ccf0816528532427e9207f55181341b1699eea62aa69b21a8ba134dd07dc2c8500e8f45e30c0c7a245e58bfbf82be8caf3b0a2146fe237865478578530a780e685238c09084c13c64e20c40eac93c886e2f8534e33aaaf27101ffac1fa8e6a7e4f0ece22e3cc92c9be92a3eb2b550ea93dd46dffbd76549d98974736ad97cbc6ca4414be163d77e6d27ba01ff228457184bbbd7998f19b3e1d929d7ce1a3d2d5759f10ac450cdb867b7129c6d00501806e8880e53d6fc22f9eade87b125fef0ce45be9640f9bfe65c7e42d49687efe8dffc84d29676b4e6964fe3cf93589570d1b6ca0ef6eb9fd7cdcf3bf7ca99e95ff43f40361fb455e7242788afe77f963dd970e571614e5d09ed31d02ac6b8e4b7f86b6761299e97faa224a5cbd9fdff77161bbca6ae98a2733f21e72948655df0a0b8c9dd4e7a79298c98a0f9b364377626e35dc06231d4c76e38f86e71c47808b6e452886cc8033cd70959d6709d925f793d24278790e324918964362a0face0aa9a9bb0fac1fd28e8e0736f01a875f6b646667bfb711673a3ad0de4ae2cf1322a0b974bb18d4278f594ff9d5041f68a079479dd36243f2851eb28c5495f4a6338bb9f4e5242b05404798c662c5eb7b7ccfc4bff0f09dc4a30a1263c85233863653454f978c17461af6abfc45e14d546d418655e26dbe376340cec4403753615c38514893e1fb9e67450ab2e9431a126e55cd11a40aad93ba70d829f7ff7b51ffebf81bb565e1a6231c669edf995873fea1252bd3bc9947748598213c9f3a3c3ea42240052862cc14d634802951c3c9736a698f145572703edb59506cf29725a3907f74a2c9d17964243fe8b746d7e94c7cf0ab50d9f1a81ceef0ebb57a4b8a8f957d35ede12b29bdeb4d744a3ecc7fcef39e08eccf74c1187419022e1c0351521b077bd6a2ee98bcb291560ff263b699452dc27d072c9a75b01d5ea669cda64b99cc96d07d116b02a4197386e20072f64159dbd7b2b6f4c3d2eb84f1b8d495b8513cc47d67453b5c3a5148115f1dfa507b680365d503fd199697caee6d26bfd829ffffedd308fc55f6de4aa5e30929d6fc48fd8ea0bd8119d96fd183ef449a81f6d6b34f14cddc326859533c57ee88355bd45d2b5064466d0849b0065e98e573c6ee4f933e0b03ac72c19256c6f64857aa4512afbf26dea80795b029c8e7c20c686ecb8a5ab4e5b2b76657c8665674bcb2e795898899704d8127eb544691576f02f202443a599bca674aad8b9472bdec4a5fe81e77085f1cdc5ee1faa01dd78b5a9072ef93610d8ba284b539729466c088f80d9ff3ee657b4c3879735672ee24df6eb38ffe3af90b0b4d84677f8ec4391ddc440fdfb05b8498e77b1480b00a1c9ffd6888f7844583ca08dc9f78173ff91fb8fc7b8ece7f752c199c2be1733f9a0af0231c39fc9256698f6ccf0ed5c7381fc6d26131c68d1a088233e0998a3db490f12e21b9a5fdc9b29fd1976e6ac16a45b6c6a4ecd970e744cb21a66fdd24db7baa6ce942977e3d19058f9154b20626f91bd0bc51766f447a3601c9aa285380a9f3d8f4aa5d8d23b3ba7ff444da5518da7a12d638ed6e568ae05e5643b85660b5cd9dfa6b2ebd8cb31f0685acb98ff8952ec6bfdd81cd206389874cc5d1b1610f8a651080431d36505c8732bd699142f4eaa5c86204a0e8e4f3f1a7d09737f63ffc9ad6716d5289bb34f0c04b3fbe6a158abe8d81a657e8fbf602ffb30a1d5ab752c9253a086e46d10d32b9e1007ffebaa7ea38fcb99cb99dcc36f8a2ca695b009a8f9e6a278b320783298f8e970c85c8cd6d2b48d4714374c735d69cb4206104b59650739dc832337b0815e00c807f0e6cc8e0d8ae68cfb436918a6b032213a70a332ee92735ab398ddc80c36a2e9f447f1041ed40b014d4e4f4fcb8138a2f26f809a4c44dcc6522c5dce5d3d3fe4fc9a78179b12c776693853d6e39df5b4cee8ec927a31420d7afdd1db544cceeb13512f8ee5eb19cc5d66326641d912d56e6e4c205cae12d40e2f5e04e430e295ca6213924365eec25cc01864f1a7f76fab0c074ff7c48b6584e3cbb57fe4554eaded4862370e1bad4b0a6883651a2afc15d17cef8e71c71be33a981977170f668b99f71402e9a254aa5b207d3d7b98bda8f2d977e9a09443f3d5206a88c088af1530d3a838dcfa3d76b81f680017dbcebf37c5c6c6642df7d90f82fb56561ee3e3d48c47501ce216119ae9089c6ea29207d77f4c0651d3133d891d509a1abfc41cca386c2fc689d62c5d6b9bdf40304388f689b493d809719a441b302d2804baaf6f95a3b6a5268d4e756a5767010888f41f7c83b1faef52906641cabd8fa49a102b532b50014fc64a2d1838d9369a8695ca1fc3b85ddefb6ca65f57a1623b72671b6a1137b3a25a877e4be8a76978fd24f7f15e482c482a0df4bf6ca2a70975074c396acedeb9f4039ac92ff0f54a509b87bcef1522d6d6ef4b72b34f0e19a45f023d6ac7ab53dd447bbf6476923d205f21fb0f1844cd175a72ce5c53c68fb80c435f6fa823bf229332efad640c4ffcaeeeee4abf1df595e0b5b4141bfc0e7d175b209dd12bd2bdb7393f8e2bf83bba591076eff7e6f15f36e4c68718a45e9e4c867aff17902d7cfff0f8978d40b06fcdc5b41f1ea889aa5e5ee6547550089cd05fd93e41eafc30be0d91850b7f2e150608d4acdd932849c50f06b8583f09096fb09d8", 0xb60}, {&(0x7f0000000840)="a4037a2eb666b127cbe155276b5127577479a26ad832ef75fa12b804a3ab6ad766cfcb43abc2fe7a26e3bd20d86a6c58086bc324e1fe598c4a8676d46dd7a1f33ab1f3297ce4a869487cc9dd1323b82cdeca2ac5ae993db6697b89223d5d5efc8618969b2b3829c0f5f69fbeab35faafb2076c140af2b456e4087bd0d0153e8683d0c59c58151d7d3441edee14cf86cc7de3ef8d66ceff08a3", 0x99}, {&(0x7f0000000080)="fc79ea35d065b9ab3476a577889a62263064a4f9365db73c96a2400dc5e53ae73f60b7254d3278aa75b0a65755395ca9de7ecf950a347b85775287a2fae0c370b5829b030c08d2571c104a342e4d1050b0422de409d7cb8a94b330cc7d125cf20f442f", 0x63}, {&(0x7f0000000900)="ea47bc5a315cb2157880ce304c1abce402167fd4bedfea9bbcc20cf6de0308c26ade72d36e2f01eb0e20a7b506b3c21e39c540cd8c10f12cd3bcd024240058198d7b5ab8b13a401e0ef540e84c344fc9ef33cc7a03b39d275822c8042bbac5b0553282a5931d458a28949a6540655dff4ccb62c28b165fe9fee71d10d88000ec0db22336ed6b6db60d2d766d0f736e", 0x8f}, {&(0x7f00000009c0)="8465f974b3e02d242b46ef902928809312de5adb9fc3efedeb11c99628cfeec4a7918887ba379f68ffaf7e88157baf179d50cd31c4faacfbaf87f7c30c6ffbed1bf304c2b3e2cf5e9351d8c861e3072379e113511a8199ffffe0c171582cbc39f2c1c2c7b4dae0d4dc7b2c27d23175e14043b0b5ab1f0441460fa161766205fc4522e3c5dd17b8f61bb2ddea83db1750b23f3ed934b59119e9a36f6eca6c616191d55e82e44bbd4fcae0b21c627285185c78986f573f56a6249e915b07c81d437b655864b3dd5c6b44da82f037caf7", 0xcf}], 0x6, 0x0, 0x0, 0x20008014}], 0x1, 0x4814)
recvmmsg(r2, &(0x7f000000c4c0)=[{{0x0, 0x0, &(0x7f0000007340)=[{&(0x7f00000052c0)=""/4096, 0x1000}], 0x1}, 0x4}], 0x1, 0x400101c3, 0x0)

2.427252751s ago: executing program 1 (id=1880):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x40, 0x1000, 0x0, 0xd968d5b908ac0cde, 0x0, {0x0, 0x8}, {0x350, 0x20002}, {0xf4ef}, {0x0, 0x0, 0xffe}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xb}) (async)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x40, 0x1000, 0x0, 0xd968d5b908ac0cde, 0x0, {0x0, 0x8}, {0x350, 0x20002}, {0xf4ef}, {0x0, 0x0, 0xffe}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xb})
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a64000000060a0b04000000000000000002000000380004803400018009000100686173680000000024000280080007400000050000000440000400000800024b0000000e080006ec000000070900010073797a30000000000900020073797a32"], 0x8c}}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000001c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0, <r4=>0x0}, &(0x7f00000000c0)=0xc)
stat(&(0x7f0000002200)='./file0\x00', &(0x7f0000002240)) (async)
stat(&(0x7f0000002200)='./file0\x00', &(0x7f0000002240)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
write$FUSE_CREATE_OPEN(r1, &(0x7f00000022c0)={0xa0, 0x0, r3, {{0x1, 0x2, 0x9, 0x9, 0x7fffffff, 0xfffffffc, {0x0, 0x8000000000000000, 0x0, 0xfffffffffffff001, 0xffff, 0x7f, 0x1, 0x7, 0x3, 0x2000, 0x0, r4, r5, 0x4}}, {0x0, 0xa}}}, 0xa0) (async)
write$FUSE_CREATE_OPEN(r1, &(0x7f00000022c0)={0xa0, 0x0, r3, {{0x1, 0x2, 0x9, 0x9, 0x7fffffff, 0xfffffffc, {0x0, 0x8000000000000000, 0x0, 0xfffffffffffff001, 0xffff, 0x7f, 0x1, 0x7, 0x3, 0x2000, 0x0, r4, r5, 0x4}}, {0x0, 0xa}}}, 0xa0)

2.281500581s ago: executing program 1 (id=1881):
syz_open_dev$loop(&(0x7f0000000040), 0x7, 0x20080)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f00000002c0)=[{0x4, 0x80, 0x9c, 0x6, @time={0x38, 0x7}, {0xe, 0xe}, {0x2, 0x9}, @connect={{0x6, 0x2}, {0x9, 0x9}}}, {0x0, 0x7, 0x7, 0x8, @time={0x85, 0x2}, {0x1, 0x4}, {0x6, 0xe}, @connect={{0x1, 0x4}, {0xe, 0x8}}}, {0xa, 0xb, 0x7, 0x7c, @time={0x5, 0x6}, {0x6, 0x9b}, {0x4, 0xe9}, @addr={0xfa, 0x7f}}, {0xb, 0x7, 0x9, 0x7, @time={0x81, 0x5}, {0xb, 0x10}, {0x0, 0xc}, @ext={0x0, 0x0}}, {0x9, 0x84, 0x2, 0x3, @time={0x5, 0x3ff}, {0x60, 0x1}, {0x9, 0x1}, @queue={0x1, {0x6, 0x1}}}], 0x8c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_open_dev$usbfs(&(0x7f0000000100), 0x775, 0x8000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000240002801400018008000100000000000a000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x32}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x10, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}]}]}]}, 0x74}}, 0x0)
dup(r2)
r6 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000003c0)={0x48, 0xc, r1, 0x0, 0x0, 0x200000000})
syz_open_dev$char_usb(0xc, 0xb4, 0x2000000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0xffffffffffffffff, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x11079, 0x2b}, [@IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc}}}, @IFLA_IFALIASn={0x4}, @IFLA_LINKMODE={0x0, 0x11, 0x7}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x40000)

1.661510112s ago: executing program 2 (id=1882):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180)={'#! ', './file1/../file0', [{}, {0x20, 'cgroup.stat\x00'}, {0x20, '/dev/loop#\x00'}, {0x20, '\x8f\xf5`\x15p\xc9?\x145\xb7\xd7\xe2\xed\xd2\xb41?\xc2;\x10\xb03\x05\x19\x8fr\x0e\xa4\x1aH\x8ei\x1ce\x04\xaa\xcc\xeb\xa8\xe0\x7f\xf4\xb2\xe4\x1b\xf3\x04\xf3\xfe\"`\x1a\x91\xe3\xf6\x97\x05\x870\f\xbc\xa4\xb4\x9b}\xa0j7\xfc%.\xfb\xb8KlZ8zRr\x88\a.\x05\x81\xc0nW9\xb0g\xf5\xe1^\xf1\xb43_:\xc2\x01xGn>\x98\x83/&IV#,\xa5\x16\xc3\xd4\v\xa9>*\xd1\x15\x1b\xb8\xfa]'}], 0xa, "b524be350e768000000000104cf68e00000000000000000000000000200080ca925fbc554e8cbab6290e38d30000d66c23ef689b28aaa419845a"}, 0xe8)
write$UHID_INPUT(r1, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf0e3a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc53349068054be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b1794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ef54f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746063d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c5169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a60000564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9de9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab000078cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc549000000000000000015a34abef947b5b9a950e780662de18873e55899c92db3ad00437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb00800000000000000ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c040000002b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e400", 0x1000}}, 0x1006)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000480)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8, 0x10000000000, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3e06e00d96072081000000000040002000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a03c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x200000000]}})

1.587085094s ago: executing program 4 (id=1883):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="f6ffffff01000000400000004000000000020000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r1], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000180), 0x1003, r2}, 0x38)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7)
ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000040)={0x74, 0x0, 0xc3})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.45348793s ago: executing program 2 (id=1884):
r0 = socket(0x200000100000011, 0x5, 0x4)
syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x903d01)
syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
write(r0, &(0x7f0000000080), 0xfffffefa)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x8, 0x1000, 0x0, 0xb4b, 0x9, 0x9, 0x1, 0x400002}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1f0000000000000000000000001000", @ANYRES32, @ANYBLOB="0000000400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/15], 0x50)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f00000000c0)=0x3)
landlock_create_ruleset(&(0x7f0000000280)={0x2050, 0x0, 0x1}, 0x18, 0x0)
socket$alg(0x26, 0x5, 0x0)
syz_open_dev$radio(&(0x7f0000000040), 0x1, 0x2)
rt_sigaction(0x42, &(0x7f0000000140)={&(0x7f0000000000)="24339e9e0f1c2bdfd5c4a2f10027c6c43b640febce41d3ca6566f00fc02c101c65d2150e000000dbf5", 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000380))
r4 = syz_open_procfs(0x0, &(0x7f00000004c0)='stat\x00')
read$FUSE(r4, &(0x7f0000004180)={0x2020}, 0x2020)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000140)=""/92, 0x64}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}, {&(0x7f0000000340)=""/6, 0x6}], 0x9, &(0x7f0000000600)=""/191, 0xbf, 0x34000}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400})
unlink(&(0x7f0000000300)='./file0\x00')
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000005b80)=@delchain={0x24, 0x26, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {0x9}, {0xffff}}}, 0x24}}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)

1.297041321s ago: executing program 4 (id=1885):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
r2 = socket(0xb, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001c80)=@newqdisc={0x1c8, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x198, 0x2, [@TCA_GRED_LIMIT={0x23, 0x5, 0xb96}, @TCA_GRED_PARMS={0x38, 0x1, {0x1, 0x0, 0xfffffff9, 0x5, 0x3ff, 0x8, 0x148, 0x8, 0x2, 0x6c6, 0xc, 0x1c, 0xa, 0x9, 0x3, 0xfffffffd}}, @TCA_GRED_LIMIT={0x8, 0x5, 0x9}, @TCA_GRED_LIMIT={0x8, 0x5, 0xc}, @TCA_GRED_PARMS={0x38, 0x1, {0xfffffffe, 0x40, 0x5, 0x8, 0x5, 0x1005, 0x7, 0x9, 0x3d, 0xc88a, 0x20, 0x16, 0x1, 0x1, 0x5, 0x5}}, @TCA_GRED_STAB={0x104, 0x2, "00559446a386a6437f9b8e0b240a39da782ff0f4d94bc93cf96924149ce0daab8c929f675a06bb6f8c3b5d7c255f2aea9eb0bb26b7813e99f62f1c3a448051f2795358ca7deea38bc54f318137f4e0dcb8638368f710005fefbce63cc4558556cbe799ba955e7350cc37aa572ce87310b2612eeffe4cd38bf8b4318bb73db294a108330d0534ef7679b8365253821be0d2f419761499165762da9eb2b8f7db0cad2b6ae42d340bd631fca1a59b71fdc0ab63aaba4787601311c280d25ba58d6de1257ed22599757a49fd3be6371d096fe15115d8d68f1132dd29eb8a5afb8a709fb88f161127e9806600d3fdce7324c2a0d6c02a1a289afb3ac7ebfeac2f3dd4"}, @TCA_GRED_LIMIT={0x8, 0x5, 0x51d}]}}]}, 0x1c8}}, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000001c0)={0x1, 0x0, [{0x400, 0x1, 0x0, 0x0, @irqchip={0x2, 0x6512}}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x39383ddd, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x2010000000000000, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(r4, 0xc01c64a3, &(0x7f0000000180)={0x1, 0x0, 0x5, 0x10002, 0x20000a, 0x1ff, 0xffffffff})
ioctl$DRM_IOCTL_MODE_CURSOR2(r4, 0xc02464bb, &(0x7f0000000080)={0x2, 0x0, 0x1fa, 0x0, 0x4, 0x800008, 0x0, 0x4, 0x4000})

581.277139ms ago: executing program 4 (id=1886):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x92, 0xe, &(0x7f0000000000)=0x10)
timer_create(0x2, 0x0, &(0x7f0000000280))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket(0x1e, 0x4, 0x0)
r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80680, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x6, 0x4, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r8, {0xffff, 0x7}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x84)
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r11, {0x5, 0x7}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x84)
r12 = userfaultfd(0x801)
ioctl$UFFDIO_API(r12, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x20})
ioctl$UFFDIO_REGISTER(r12, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000200)="5e73663bf4082f7c6cbecbf09d6dd7be5a4563f329c16f799d1836bfc45a7badc8faed24bb77c848723ad00fb243c3111dda42112650cc00", 0x0, 0x48)
ioctl$UFFDIO_UNREGISTER(r12, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x4000)=nil, 0x4000})
r13 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r13, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0xfffffffc}, 0x10)
recvmmsg$unix(r0, &(0x7f00000019c0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/92, 0x5c}], 0x1}}], 0x1, 0x0, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

424.968212ms ago: executing program 0 (id=1887):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_TP_METER(r2, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x30, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {0x2, 0x0, 0x500}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780"], 0x64}}, 0x0)
io_setup(0x3ff, &(0x7f0000000500))
openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_getnexthop={0x24, 0x6a, 0x300, 0x70bd2d, 0x25dfdbfd, {}, [@NHA_FDB={0x4}, @NHA_OIF={0x8, 0x5, r4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000884}, 0x0)

196.326923ms ago: executing program 0 (id=1888):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/hardlockup_count', 0x800, 0x4)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r3, 0x114, 0xa, &(0x7f0000000300)=ANY=[@ANYRES16=0x0], 0x1)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000000080000000000000000000003000005050003000600000005000300110000000900010073797a300000000005000300210000000c00048008002140ffffffff06d50c186df9d6f4445363aaa5229b9662455a98658e6cd92260b9087e2d7e8322de25c345488bce2221b84538ef4abf53d6680cd1966792f2712cdbd04dc5ffb9a90d05d363c5b44922c6f8cafa73f5"], 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

49.330248ms ago: executing program 3 (id=1889):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x9, 0x6d, 0x5c, 0x40, 0x2304, 0x23e, 0xd769, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd9, 0x0, 0x0, 0x37, 0x10, 0xeb}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000000)={0x0, 0x0, 0x1, "ac"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
r2 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e5cf01406e0510401c20000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$printer(r2, 0x0, &(0x7f00000003c0)={0x34, &(0x7f0000000140)={0x0, 0xc, 0x1, '.'}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r2, 0x0, &(0x7f0000001700)={0x34, &(0x7f0000001440)={0x20, 0x15, 0x2, "fe10"}, 0x0, 0x0, 0x0, 0x0, 0x0})
pwritev(r1, &(0x7f0000000840)=[{&(0x7f0000000380)='\f', 0x1}], 0x1, 0x5, 0xb2)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

0s ago: executing program 1 (id=1890):
socket(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x22042, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x1000, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="850000002f000000840000000000000095000000000000008560fc2b2062f611fc2f864ef177d634e46e8dcfe61b4fb9f600344d592fee49e176fe6ad28fbcb1f9259bfc63e9030971917e30b6f42e8f9dd6ab0ce07312a135cd363aa7e5bcef8fd0e8c7d2082584156c52ebfd69e8e13b7a8b477abc86468e11b6242133ce882f05e16b91c37b3437347f6058b4489c759783b9d4dfb55d0085a26e41201a6d8c8ced33e10048e756a40538b32bf653fa3c831a4e60599ed7a0f999d18de9984522a7cdb6fc30015633a0132c9578b7da5bd7280a5f7e28fd858ba712020b23ef8a2785b6c146c48b48ca7e232d0489661396e9303b38aa5d26d06e2e676795fd2733f95da570bab301000000ffffffff2a2792a630d8fcdc"], &(0x7f0000000180)='GPL\x00'}, 0x48)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r3, 0x4)
syz_emit_ethernet(0x4a, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd600a843500142f00fe8000000000000000000000000000bbfe80000000000000000000000000008a3c0022eb", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
r4 = socket$kcm(0x2, 0x3, 0x2)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@newtfilter={0x884, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xd, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_route={{0xa}, {0x854, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0xe9}, @TCA_ROUTE4_POLICE={0x848, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x4, 0x7f, 0x2, 0x7, {0x9, 0x2, 0x5, 0x4, 0x2, 0x1}, {0x3, 0x1, 0x8, 0x1, 0x3, 0x9}, 0x2fb8, 0x5, 0x2}}, @TCA_POLICE_RATE={0x404, 0x2, [0xffffffff, 0xad4, 0x10000, 0x5, 0xb60b, 0x2, 0x8, 0x1, 0x2, 0x8, 0x5, 0x4, 0xb2, 0x3, 0xcb9, 0x7, 0x7, 0x8000, 0x9, 0x10, 0xce3, 0x9, 0x7, 0x414b, 0x4603, 0x7, 0xff, 0x1, 0x5, 0x10, 0x7, 0x1ff, 0x100, 0x80002, 0x639d, 0x0, 0x2, 0x9, 0x15b, 0x9, 0x0, 0x80, 0x40, 0x1, 0x29, 0x3ff, 0x542, 0x3, 0x3, 0x4, 0x6, 0x4, 0x6, 0x6, 0x15e6, 0xc, 0x4, 0x7f, 0x9, 0x0, 0x83c, 0x0, 0x8, 0x52, 0x2, 0xa7ac, 0x7, 0xfffffffa, 0x4, 0x3, 0x2, 0x0, 0x9, 0x8, 0x9, 0x34b, 0x2, 0x0, 0xcd, 0x40, 0x4, 0x6, 0x44, 0x8, 0x1, 0x80, 0x3, 0xffff, 0x0, 0x4, 0x2, 0xd, 0x1, 0x8, 0x5, 0x100, 0x0, 0x7, 0x6, 0xfffffff7, 0x5, 0x2c000000, 0x64454b99, 0x1, 0x2, 0x3, 0x401, 0x4, 0x447, 0x0, 0x5c58, 0x0, 0x8001, 0x80000001, 0x16b, 0x3, 0x4, 0xfffffff8, 0x584b, 0x7a498270, 0x7, 0x2, 0x3ec, 0x8, 0x1ff, 0xbc5f, 0x0, 0x7b685e6b, 0x9, 0x0, 0x7, 0x6, 0x8001, 0x9, 0x0, 0x5, 0x400, 0x0, 0xfff, 0x9, 0x6, 0x10000, 0x9cd, 0x6, 0x4, 0x7, 0x6, 0xb1, 0x7, 0x2a34, 0x80, 0x2, 0x4, 0x6, 0xf0, 0x8, 0x8, 0x3, 0x8, 0x3, 0x0, 0x9, 0x6, 0x1ff, 0x10001, 0x2, 0x6, 0xfffffffe, 0x4, 0xfffffff8, 0x3, 0x5, 0x8, 0x6, 0x3, 0x0, 0xffffffff, 0x1, 0x4, 0x7, 0x4, 0x5, 0x4, 0x1ff, 0xfffffffc, 0x5, 0x952, 0x0, 0x7f, 0x3, 0x326, 0x5, 0x3, 0x0, 0x5, 0x0, 0x1, 0x6, 0x100, 0x4, 0x5, 0xe87b, 0x2, 0x8, 0x7fff, 0x9, 0x4, 0x2, 0x6, 0x7fff, 0x1, 0x2, 0xa, 0xf, 0x800, 0x0, 0x2e, 0x4, 0x100, 0x6, 0x2, 0x5d6, 0x0, 0x2, 0xee4, 0x9, 0x3, 0x7, 0x0, 0x4, 0x30e73fe0, 0x7, 0x3, 0x7ff, 0x2, 0x400, 0x1, 0x400000, 0x96c3, 0x1000, 0x0, 0x322c, 0x10001, 0x3, 0x94b, 0x4, 0x2, 0x2, 0x5, 0x8, 0x4, 0x3, 0x2, 0x9, 0x1]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3, 0x0, 0x2, 0x400, 0xb94, 0x1000, 0x9, 0x1, 0x1, 0xfffffffd, 0x3ff, 0x5, 0xe0ff, 0x3, 0x38, 0x101, 0x1, 0x8, 0x517, 0x3, 0x240, 0x80000001, 0x401, 0x5, 0x2, 0x200, 0x10, 0x1, 0x66, 0x7, 0x0, 0x9c, 0x7, 0x9, 0x46047eae, 0x6, 0xe, 0x2, 0x5, 0x16, 0x8c, 0x3b0, 0xffffffff, 0x10000, 0x3, 0x8, 0x0, 0xfffffffc, 0x2, 0x4, 0x8, 0x8, 0xd675, 0xf, 0x8, 0x8001, 0xfff, 0x6, 0x5, 0xfffffffa, 0x80000001, 0xe, 0x3, 0x0, 0x100, 0x100, 0x205f800, 0x7fff, 0x3, 0xfc73, 0x2, 0x10001, 0xa473, 0xfffffffd, 0x11, 0x1, 0x9, 0x5, 0x73ec, 0x4, 0xffffffff, 0xffffffff, 0xffffffff, 0x7, 0x8, 0x0, 0xbb, 0x1, 0x3, 0x7, 0x3ff, 0x9, 0x1, 0xf9bb, 0x13, 0x81, 0x7, 0x7, 0x9, 0x7, 0x1, 0xb7, 0x4, 0x1, 0x92b, 0x1, 0x7, 0x8, 0x10, 0x85, 0x5a07f1ff, 0x57ae807c, 0x1ff, 0xfffffff7, 0x6, 0xc, 0x0, 0x8, 0xfffffffb, 0x1, 0x8, 0x8, 0x9, 0xa8, 0xb, 0x2, 0x1, 0x3, 0x8, 0x7f, 0x9, 0xe0, 0xffff751a, 0x2, 0x0, 0x7, 0x9, 0x6, 0x8, 0x8, 0x8, 0x6, 0xc, 0x0, 0x8, 0x3, 0x8, 0xbff1f336, 0x7, 0x5, 0x7, 0x1, 0x8, 0x0, 0x2, 0x4, 0x5, 0x18, 0x5f8381a, 0xa, 0x1fe0000, 0x10, 0x3b, 0x7, 0x2, 0x8, 0x1, 0x9, 0x8000, 0x200, 0x8, 0xfffffffe, 0x6, 0x80, 0xa6c, 0x7, 0x5, 0x6, 0x4, 0x3, 0x0, 0x9, 0xa, 0x0, 0xce, 0x10000, 0x1000, 0xff, 0xe2, 0x7, 0x7f, 0x4, 0x2e3e, 0x6, 0x5, 0xf, 0x9, 0x5170, 0x6, 0x6, 0xffff, 0x9, 0xffffff1e, 0xe, 0x7d12, 0x0, 0xff, 0x2, 0x8000, 0x400, 0xf3, 0xd8fb, 0x5, 0x4, 0x3f8, 0x9, 0x9, 0x1, 0xe23, 0x6, 0x9, 0x7ff, 0x2, 0xa, 0xb, 0x3, 0x9, 0x7, 0xf, 0x128, 0x7, 0xd, 0x4, 0x9, 0x101, 0x1c00, 0x0, 0x7, 0x2, 0x9748, 0x8, 0x400, 0x3, 0x0, 0x1, 0x100, 0x2, 0x5, 0x2cf, 0x6, 0xff, 0x1, 0x794, 0x8a43bf80, 0x2444, 0x8]}]}]}}]}, 0x884}, 0x1, 0x0, 0x0, 0x8c8}, 0x20004804)
r9 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000140)=0x2000)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @private=0xa010101}, 0x10)
syz_usb_connect(0x0, 0x5d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000551b8920b822276080c20102030109024b0001000000000904000000020a0000052406000005241d00000d240f01000200000000000200072414001824d0072413"], 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

]  <TASK>
[  435.281295][T11250]  dump_stack_lvl+0x189/0x250
[  435.281319][T11250]  ? __pfx____ratelimit+0x10/0x10
[  435.281335][T11250]  ? __pfx_dump_stack_lvl+0x10/0x10
[  435.281354][T11250]  ? __pfx__printk+0x10/0x10
[  435.281378][T11250]  ? __pfx___might_resched+0x10/0x10
[  435.281392][T11250]  ? fs_reclaim_acquire+0x7d/0x100
[  435.281413][T11250]  should_fail_ex+0x414/0x560
[  435.281443][T11250]  should_failslab+0xa8/0x100
[  435.281467][T11250]  __kmalloc_node_noprof+0xd1/0x4e0
[  435.281488][T11250]  ? qdisc_alloc+0x97/0xaa0
[  435.281511][T11250]  qdisc_alloc+0x97/0xaa0
[  435.281537][T11250]  qdisc_create+0x12c/0xea0
[  435.281563][T11250]  ? nla_strcmp+0xe6/0x140
[  435.281585][T11250]  tc_modify_qdisc+0x1538/0x20e0
[  435.281624][T11250]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  435.281677][T11250]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  435.281698][T11250]  rtnetlink_rcv_msg+0x77c/0xb70
[  435.281717][T11250]  ? __lock_acquire+0xab9/0xd20
[  435.281740][T11250]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  435.281757][T11250]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  435.281796][T11250]  netlink_rcv_skb+0x208/0x470
[  435.281814][T11250]  ? __lock_acquire+0xab9/0xd20
[  435.281836][T11250]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  435.281854][T11250]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  435.281881][T11250]  ? netlink_deliver_tap+0x2e/0x1b0
[  435.281904][T11250]  netlink_unicast+0x82c/0x9e0
[  435.281936][T11250]  ? __pfx_netlink_unicast+0x10/0x10
[  435.281960][T11250]  ? netlink_sendmsg+0x642/0xb30
[  435.281982][T11250]  ? skb_put+0x11b/0x210
[  435.282004][T11250]  netlink_sendmsg+0x805/0xb30
[  435.282032][T11250]  ? __pfx_netlink_sendmsg+0x10/0x10
[  435.282054][T11250]  ? aa_sock_msg_perm+0xf1/0x1d0
[  435.282074][T11250]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  435.282092][T11250]  ? __pfx_netlink_sendmsg+0x10/0x10
[  435.282110][T11250]  __sock_sendmsg+0x21c/0x270
[  435.282136][T11250]  ____sys_sendmsg+0x505/0x830
[  435.282163][T11250]  ? __pfx_____sys_sendmsg+0x10/0x10
[  435.282193][T11250]  ? import_iovec+0x74/0xa0
[  435.282218][T11250]  ___sys_sendmsg+0x21f/0x2a0
[  435.282241][T11250]  ? __pfx____sys_sendmsg+0x10/0x10
[  435.282299][T11250]  ? __fget_files+0x2a/0x420
[  435.282314][T11250]  ? __fget_files+0x3a0/0x420
[  435.282340][T11250]  __x64_sys_sendmsg+0x19b/0x260
[  435.282364][T11250]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  435.282395][T11250]  ? __pfx_ksys_write+0x10/0x10
[  435.282414][T11250]  ? rcu_is_watching+0x15/0xb0
[  435.282438][T11250]  ? do_syscall_64+0xbe/0x3b0
[  435.282461][T11250]  do_syscall_64+0xfa/0x3b0
[  435.282478][T11250]  ? lockdep_hardirqs_on+0x9c/0x150
[  435.282495][T11250]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.282512][T11250]  ? clear_bhb_loop+0x60/0xb0
[  435.282533][T11250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.282550][T11250] RIP: 0033:0x7f88e518ec29
[  435.282567][T11250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  435.282582][T11250] RSP: 002b:00007f88e5fbf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  435.282602][T11250] RAX: ffffffffffffffda RBX: 00007f88e53d5fa0 RCX: 00007f88e518ec29
[  435.282615][T11250] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000003
[  435.282626][T11250] RBP: 00007f88e5fbf090 R08: 0000000000000000 R09: 0000000000000000
[  435.282638][T11250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  435.282648][T11250] R13: 00007f88e53d6038 R14: 00007f88e53d5fa0 R15: 00007f88e54ffa28
[  435.282679][T11250]  </TASK>
[  435.646135][    C0] vkms_vblank_simulate: vblank timer overrun
[  435.695999][T11255] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1426'.
[  435.929781][T11262] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1430'.
[  436.017807][ T5920] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  436.047790][   T24] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  436.200202][   T24] usb 4-1: device descriptor read/64, error -71
[  436.208315][ T5920] usb 2-1: config 0 has an invalid interface number: 3 but max is 0
[  436.216510][ T5920] usb 2-1: config 0 has no interface number 0
[  436.224982][ T5920] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0xD has an invalid bInterval 104, changing to 10
[  436.237326][ T5920] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  436.290625][ T5920] usb 2-1: New USB device found, idVendor=1660, idProduct=1921, bcdDevice=1f.84
[  436.320663][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.352871][ T5920] usb 2-1: Product: syz
[  436.369706][ T5920] usb 2-1: Manufacturer: syz
[  436.375576][ T5920] usb 2-1: SerialNumber: syz
[  436.396271][ T5920] usb 2-1: config 0 descriptor??
[  436.437612][   T24] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[  436.567634][   T24] usb 4-1: device descriptor read/64, error -71
[  436.623302][T11257] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  436.637035][T11257] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  436.653895][ T5920] dvb-usb: found a 'Medion CTX1921 DVB-T USB' in warm state.
[  436.673921][ T5920] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  436.729466][   T24] usb usb4-port1: attempt power cycle
[  436.746152][ T5920] dvbdev: DVB: registering new adapter (Medion CTX1921 DVB-T USB)
[  436.777388][ T5920] usb 2-1: media controller created
[  436.811901][ T5920] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  437.064974][ T5920] DVB: Unable to find symbol dib7000p_attach()
[  437.168169][   T24] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  437.220837][T11285] netlink: 264 bytes leftover after parsing attributes in process `syz.1.1427'.
[  437.273353][   T24] usb 4-1: device descriptor read/8, error -71
[  437.288154][ T5920] dvb-usb: no frontend was attached by 'Medion CTX1921 DVB-T USB'
[  437.388955][ T5920] rc_core: IR keymap rc-dib0700-rc5 not found
[  437.395280][ T5920] Registered IR keymap rc-empty
[  437.403574][ T5920] dvb-usb: could not initialize remote control.
[  437.410229][ T5920] dvb-usb: Medion CTX1921 DVB-T USB successfully initialized and connected.
[  437.527735][   T24] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  438.127604][   T24] usb 4-1: device descriptor read/8, error -71
[  438.329736][ T5920] usb 2-1: USB disconnect, device number 57
[  438.380682][   T24] usb usb4-port1: unable to enumerate USB device
[  438.597824][ T5920] dvb-usb: Medion CTX1921 DVB-T USB successfully deinitialized and disconnected.
[  438.965955][T11297] FAULT_INJECTION: forcing a failure.
[  438.965955][T11297] name failslab, interval 1, probability 0, space 0, times 0
[  438.978654][T11297] CPU: 1 UID: 0 PID: 11297 Comm: syz.1.1438 Not tainted syzkaller #0 PREEMPT(full) 
[  438.978678][T11297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  438.978688][T11297] Call Trace:
[  438.978696][T11297]  <TASK>
[  438.978703][T11297]  dump_stack_lvl+0x189/0x250
[  438.978721][T11297]  ? __pfx____ratelimit+0x10/0x10
[  438.978733][T11297]  ? __pfx_dump_stack_lvl+0x10/0x10
[  438.978744][T11297]  ? __pfx__printk+0x10/0x10
[  438.978761][T11297]  ? __pfx___might_resched+0x10/0x10
[  438.978772][T11297]  should_fail_ex+0x414/0x560
[  438.978790][T11297]  ? netem_change+0x222/0x29a0
[  438.978800][T11297]  should_failslab+0xa8/0x100
[  438.978816][T11297]  __kvmalloc_node_noprof+0x161/0x5f0
[  438.978831][T11297]  ? netem_change+0x222/0x29a0
[  438.978842][T11297]  netem_change+0x222/0x29a0
[  438.978854][T11297]  ? do_raw_spin_lock+0x121/0x290
[  438.978867][T11297]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  438.978882][T11297]  ? __pfx_netem_change+0x10/0x10
[  438.978895][T11297]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  438.978911][T11297]  ? lockdep_hardirqs_on+0x9c/0x150
[  438.978928][T11297]  ? __hrtimer_setup+0x187/0x210
[  438.978938][T11297]  ? __pfx_netem_init+0x10/0x10
[  438.978946][T11297]  ? __pfx_netem_init+0x10/0x10
[  438.978955][T11297]  netem_init+0x65/0xc0
[  438.978964][T11297]  qdisc_create+0x7ac/0xea0
[  438.978984][T11297]  tc_modify_qdisc+0x1538/0x20e0
[  438.979006][T11297]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  438.979035][T11297]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  438.979048][T11297]  rtnetlink_rcv_msg+0x77c/0xb70
[  438.979060][T11297]  ? __lock_acquire+0xab9/0xd20
[  438.979075][T11297]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  438.979084][T11297]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  438.979103][T11297]  netlink_rcv_skb+0x208/0x470
[  438.979113][T11297]  ? __lock_acquire+0xab9/0xd20
[  438.979127][T11297]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  438.979138][T11297]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  438.979154][T11297]  ? netlink_deliver_tap+0x2e/0x1b0
[  438.979168][T11297]  netlink_unicast+0x82c/0x9e0
[  438.979188][T11297]  ? __pfx_netlink_unicast+0x10/0x10
[  438.979204][T11297]  ? netlink_sendmsg+0x642/0xb30
[  438.979213][T11297]  ? skb_put+0x11b/0x210
[  438.979227][T11297]  netlink_sendmsg+0x805/0xb30
[  438.979242][T11297]  ? __pfx_netlink_sendmsg+0x10/0x10
[  438.979254][T11297]  ? aa_sock_msg_perm+0xf1/0x1d0
[  438.979266][T11297]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  438.979276][T11297]  ? __pfx_netlink_sendmsg+0x10/0x10
[  438.979287][T11297]  __sock_sendmsg+0x21c/0x270
[  438.979304][T11297]  ____sys_sendmsg+0x505/0x830
[  438.979324][T11297]  ? __pfx_____sys_sendmsg+0x10/0x10
[  438.979351][T11297]  ? import_iovec+0x74/0xa0
[  438.979370][T11297]  ___sys_sendmsg+0x21f/0x2a0
[  438.979389][T11297]  ? __pfx____sys_sendmsg+0x10/0x10
[  438.979442][T11297]  ? __fget_files+0x2a/0x420
[  438.979455][T11297]  ? __fget_files+0x3a0/0x420
[  438.979469][T11297]  __x64_sys_sendmsg+0x19b/0x260
[  438.979483][T11297]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  438.979500][T11297]  ? __pfx_ksys_write+0x10/0x10
[  438.979512][T11297]  ? rcu_is_watching+0x15/0xb0
[  438.979525][T11297]  ? do_syscall_64+0xbe/0x3b0
[  438.979539][T11297]  do_syscall_64+0xfa/0x3b0
[  438.979548][T11297]  ? lockdep_hardirqs_on+0x9c/0x150
[  438.979558][T11297]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.979577][T11297]  ? clear_bhb_loop+0x60/0xb0
[  438.979593][T11297]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.979603][T11297] RIP: 0033:0x7f1a17b8ec29
[  438.979614][T11297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  438.979622][T11297] RSP: 002b:00007f1a18956038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  438.979634][T11297] RAX: ffffffffffffffda RBX: 00007f1a17dd5fa0 RCX: 00007f1a17b8ec29
[  438.979641][T11297] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000003
[  438.979647][T11297] RBP: 00007f1a18956090 R08: 0000000000000000 R09: 0000000000000000
[  438.979652][T11297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  438.979658][T11297] R13: 00007f1a17dd6038 R14: 00007f1a17dd5fa0 R15: 00007f1a17effa28
[  438.979674][T11297]  </TASK>
[  438.979724][T11297] netem: change failed
[  439.400683][T11293] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1436'.
[  439.853486][T11304] xt_l2tp: missing protocol rule (udp|l2tpip)
[  439.907573][   T24] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  440.037575][   T24] usb 3-1: device descriptor read/64, error -71
[  440.082281][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  440.094778][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  440.347587][   T24] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  440.545797][T11316] trusted_key: encrypted_key: master key parameter 'user:' is invalid
[  440.576966][   T24] usb 3-1: device descriptor read/64, error -71
[  440.604583][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  440.604601][   T30] audit: type=1326 audit(1758503963.694:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11310 comm="syz.1.1442" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1a17b8ec29 code=0x0
[  440.767635][   T24] usb usb3-port1: attempt power cycle
[  441.186538][   T24] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  441.228065][   T24] usb 3-1: device descriptor read/8, error -71
[  441.533551][   T24] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  441.569320][   T24] usb 3-1: device descriptor read/8, error -71
[  441.678789][   T24] usb usb3-port1: unable to enumerate USB device
[  441.797554][ T5920] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  442.039753][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  442.040105][T11331] loop6: detected capacity change from 0 to 524287999
[  442.059905][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  442.070617][ T5920] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  442.086814][ T5920] usb 4-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[  442.097145][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  442.120906][ T5920] usb 4-1: config 0 descriptor??
[  442.711405][ T5920] dragonrise 0003:0079:0011.000F: hidraw0: USB HID v0.00 Device [HID 0079:0011] on usb-dummy_hcd.3-1/input0
[  442.952752][ T5940] usb 4-1: USB disconnect, device number 93
[  443.088837][T11341] fido_id[11341]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  443.453572][T11350] netlink: 'syz.1.1452': attribute type 2 has an invalid length.
[  443.461528][T11350] netlink: 'syz.1.1452': attribute type 8 has an invalid length.
[  443.472720][T11350] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1452'.
[  443.747716][ T5949] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  443.909241][ T5949] usb 2-1: config 1 has an invalid interface number: 7 but max is 0
[  443.927840][ T5949] usb 2-1: config 1 has no interface number 0
[  444.167652][ T5949] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0xE has invalid maxpacket 64
[  444.180804][T11228] Set syz1 is full, maxelem 65536 reached
[  444.203088][ T5949] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  444.238319][T11369] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1458'.
[  444.247854][ T5949] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  444.259553][ T5949] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.347402][T11369] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1458'.
[  444.359711][ T5949] usb 2-1: Product: syz
[  444.365939][ T5949] usb 2-1: Manufacturer: syz
[  444.372601][ T5949] usb 2-1: SerialNumber: syz
[  444.410378][T11355] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  444.421901][ T5949] usb 2-1: Error in usbnet_get_endpoints (-22)
[  444.592214][T11372] fuse: blksize only supported for fuseblk
[  445.617094][T11384] xt_l2tp: missing protocol rule (udp|l2tpip)
[  446.043885][T11355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.053809][T11355] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  446.068005][ T5949] usb 3-1: new low-speed USB device number 67 using dummy_hcd
[  446.205526][T11401] fuse: Invalid uid '00000000000000000007'
[  446.245786][ T5949] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4
[  446.266199][ T5949] usb 3-1: New USB device found, idVendor=54ef, idProduct=6047, bcdDevice= 0.20
[  446.275985][ T5949] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.288810][ T5949] usb 3-1: config 0 descriptor??
[  446.504584][ T5920] usb 3-1: USB disconnect, device number 67
[  447.243125][T11414] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1471'.
[  447.274362][T11414] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1471'.
[  447.295980][ T5920] usb 2-1: USB disconnect, device number 58
[  448.024524][T11426] loop6: detected capacity change from 0 to 7
[  448.043680][T11426] Dev loop6: unable to read RDB block 7
[  448.058071][T11426]  loop6: unable to read partition table
[  448.072020][T11426] loop6: partition table beyond EOD, truncated
[  448.088768][T11426] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  448.501548][T11449] netlink: 'syz.0.1480': attribute type 5 has an invalid length.
[  448.518510][T11449] bridge0: port 3(macsec0) entered blocking state
[  448.531849][T11449] bridge0: port 3(macsec0) entered disabled state
[  448.544710][T11449] macsec0: entered allmulticast mode
[  448.561634][T11449] macsec0: entered promiscuous mode
[  448.586053][T11453] loop8: detected capacity change from 0 to 8
[  448.595713][ T5965] Dev loop8: unable to read RDB block 8
[  448.604094][ T5965]  loop8: unable to read partition table
[  448.610483][ T5965] loop8: partition table beyond EOD, truncated
[  448.619046][T11453] Dev loop8: unable to read RDB block 8
[  448.624755][T11453]  loop8: unable to read partition table
[  448.633321][T11453] loop8: partition table beyond EOD, truncated
[  448.640846][T11453] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  449.031849][T11463] loop6: detected capacity change from 0 to 7
[  449.045323][T11463] Dev loop6: unable to read RDB block 7
[  449.055820][T11463]  loop6: unable to read partition table
[  449.064762][T11463] loop6: partition table beyond EOD, truncated
[  449.076773][T11463] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  449.288193][   T24] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  449.461138][   T24] usb 3-1: Using ep0 maxpacket: 8
[  449.486748][   T24] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  449.503276][   T24] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  449.513650][   T24] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  449.528276][T11480] loop8: detected capacity change from 0 to 8
[  449.530916][   T24] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  449.546900][T11480] Dev loop8: unable to read RDB block 8
[  449.601705][   T24] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  449.618269][T11480]  loop8: unable to read partition table
[  449.626528][T11480] loop8: partition table beyond EOD, truncated
[  449.633532][   T24] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  449.643639][T11480] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  449.666543][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  449.905055][   T24] usb 3-1: usb_control_msg returned -32
[  449.914161][   T24] usbtmc 3-1:16.0: can't read capabilities
[  450.031898][T11493] loop6: detected capacity change from 0 to 7
[  450.051399][T11493] Dev loop6: unable to read RDB block 7
[  450.063200][T11493]  loop6: unable to read partition table
[  450.070393][T11496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  450.074099][T11493] loop6: partition table beyond EOD, truncated
[  450.128647][T11496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  450.132596][T11493] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  450.200852][T11498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  450.211532][T11498] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  450.224197][T11496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  450.236603][T11496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  450.256865][T11500] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  450.271138][T11500] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  450.279063][   T24] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  450.341586][T11500] usbtmc 3-1:16.0: INITIATE_ABORT_BULK_IN returned 0
[  450.584406][ T5920] usb 3-1: USB disconnect, device number 68
[  450.713464][T11506] FAULT_INJECTION: forcing a failure.
[  450.713464][T11506] name failslab, interval 1, probability 0, space 0, times 0
[  450.726502][T11506] CPU: 1 UID: 0 PID: 11506 Comm: syz.3.1503 Not tainted syzkaller #0 PREEMPT(full) 
[  450.726526][T11506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  450.726543][T11506] Call Trace:
[  450.726551][T11506]  <TASK>
[  450.726559][T11506]  dump_stack_lvl+0x189/0x250
[  450.726584][T11506]  ? __pfx____ratelimit+0x10/0x10
[  450.726603][T11506]  ? __pfx_dump_stack_lvl+0x10/0x10
[  450.726623][T11506]  ? __pfx__printk+0x10/0x10
[  450.726648][T11506]  ? __pfx___might_resched+0x10/0x10
[  450.726664][T11506]  ? fs_reclaim_acquire+0x7d/0x100
[  450.726683][T11506]  should_fail_ex+0x414/0x560
[  450.726710][T11506]  should_failslab+0xa8/0x100
[  450.726730][T11506]  __kmalloc_noprof+0xcb/0x4f0
[  450.726746][T11506]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  450.726768][T11506]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  450.726792][T11506]  genl_family_rcv_msg_doit+0xb8/0x300
[  450.726813][T11506]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  450.726836][T11506]  ? apparmor_capable+0x137/0x1b0
[  450.726854][T11506]  ? bpf_lsm_capable+0x9/0x20
[  450.726871][T11506]  ? security_capable+0x7e/0x2e0
[  450.726895][T11506]  genl_rcv_msg+0x60e/0x790
[  450.726916][T11506]  ? __pfx_genl_rcv_msg+0x10/0x10
[  450.726932][T11506]  ? __pfx_ovs_ct_limit_cmd_del+0x10/0x10
[  450.726961][T11506]  netlink_rcv_skb+0x208/0x470
[  450.726974][T11506]  ? __lock_acquire+0xab9/0xd20
[  450.726992][T11506]  ? __pfx_genl_rcv_msg+0x10/0x10
[  450.727009][T11506]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  450.727037][T11506]  ? down_read+0x1ad/0x2e0
[  450.727055][T11506]  genl_rcv+0x28/0x40
[  450.727070][T11506]  netlink_unicast+0x82c/0x9e0
[  450.727095][T11506]  ? __pfx_netlink_unicast+0x10/0x10
[  450.727114][T11506]  ? netlink_sendmsg+0x642/0xb30
[  450.727127][T11506]  ? skb_put+0x11b/0x210
[  450.727145][T11506]  netlink_sendmsg+0x805/0xb30
[  450.727166][T11506]  ? __pfx_netlink_sendmsg+0x10/0x10
[  450.727182][T11506]  ? aa_sock_msg_perm+0xf1/0x1d0
[  450.727196][T11506]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  450.727210][T11506]  ? __pfx_netlink_sendmsg+0x10/0x10
[  450.727225][T11506]  __sock_sendmsg+0x21c/0x270
[  450.727246][T11506]  ____sys_sendmsg+0x505/0x830
[  450.727266][T11506]  ? __pfx_____sys_sendmsg+0x10/0x10
[  450.727289][T11506]  ? import_iovec+0x74/0xa0
[  450.727310][T11506]  ___sys_sendmsg+0x21f/0x2a0
[  450.727328][T11506]  ? __pfx____sys_sendmsg+0x10/0x10
[  450.727371][T11506]  ? __fget_files+0x2a/0x420
[  450.727382][T11506]  ? __fget_files+0x3a0/0x420
[  450.727402][T11506]  __x64_sys_sendmsg+0x19b/0x260
[  450.727420][T11506]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  450.727451][T11506]  ? __pfx_ksys_write+0x10/0x10
[  450.727468][T11506]  ? rcu_is_watching+0x15/0xb0
[  450.727490][T11506]  ? do_syscall_64+0xbe/0x3b0
[  450.727508][T11506]  do_syscall_64+0xfa/0x3b0
[  450.727521][T11506]  ? lockdep_hardirqs_on+0x9c/0x150
[  450.727534][T11506]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.727553][T11506]  ? clear_bhb_loop+0x60/0xb0
[  450.727569][T11506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.727582][T11506] RIP: 0033:0x7f88e518ec29
[  450.727595][T11506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  450.727607][T11506] RSP: 002b:00007f88e5f7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  450.727622][T11506] RAX: ffffffffffffffda RBX: 00007f88e53d6180 RCX: 00007f88e518ec29
[  450.727632][T11506] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000008
[  450.727641][T11506] RBP: 00007f88e5f7d090 R08: 0000000000000000 R09: 0000000000000000
[  450.727649][T11506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  450.727657][T11506] R13: 00007f88e53d6218 R14: 00007f88e53d6180 R15: 00007f88e54ffa28
[  450.727679][T11506]  </TASK>
[  451.122984][T11508] capability: warning: `syz.1.1505' uses deprecated v2 capabilities in a way that may be insecure
[  451.263019][T11511] tty tty29: ldisc open failed (-12), clearing slot 28
[  451.845333][T11531] loop8: detected capacity change from 0 to 8
[  451.858398][T11531] Dev loop8: unable to read RDB block 8
[  451.864242][T11531]  loop8: unable to read partition table
[  451.882910][T11531] loop8: partition table beyond EOD, truncated
[  451.946496][T11531] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  451.959382][ T5949] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  452.187781][ T5949] usb 2-1: unable to get BOS descriptor or descriptor too short
[  452.206895][ T5949] usb 2-1: config 1 has an invalid interface descriptor of length 5, skipping
[  452.219557][ T5949] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  452.281662][ T5949] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  452.340680][ T5949] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  452.353615][ T5949] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.361980][ T5949] usb 2-1: Product: syz
[  452.366167][ T5949] usb 2-1: Manufacturer: syz
[  452.377822][ T5949] usb 2-1: SerialNumber: syz
[  452.894493][T11556] 8021q: adding VLAN 0 to HW filter on device bond8
[  452.928023][T11558] netlink: 312 bytes leftover after parsing attributes in process `syz.4.1516'.
[  453.058291][T11556] team0: Port device bond8 added
[  453.278955][T11560] bridge5: the hash_elasticity option has been deprecated and is always 16
[  453.635528][T11563] loop8: detected capacity change from 0 to 8
[  453.644905][T11563] Dev loop8: unable to read RDB block 8
[  453.650689][T11563]  loop8: unable to read partition table
[  453.660142][T11563] loop8: partition table beyond EOD, truncated
[  453.666430][T11563] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  453.947701][ T5940] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  453.991847][T11567] loop6: detected capacity change from 0 to 7
[  454.003114][ T6615] Dev loop6: unable to read RDB block 7
[  454.009462][ T6615]  loop6: AHDI p2 p3
[  454.014143][ T6615] loop6: partition table partially beyond EOD, truncated
[  454.025027][ T6615] loop6: p2 size 46 extends beyond EOD, truncated
[  454.041961][T11567] Dev loop6: unable to read RDB block 7
[  454.048558][T11567]  loop6: AHDI p2 p3
[  454.052939][T11567] loop6: partition table partially beyond EOD, truncated
[  454.064697][T11567] loop6: p2 size 46 extends beyond EOD, truncated
[  454.079395][ T5940] usb 1-1: device descriptor read/64, error -71
[  454.145004][ T6615] udevd[6615]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  454.330729][ T6615] udevd[6615]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  454.352045][ T5949] usb 2-1: 0:2 : does not exist
[  454.408700][ T5940] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  454.447740][ T5949] usb 2-1: USB disconnect, device number 59
[  454.547731][ T5940] usb 1-1: device descriptor read/64, error -71
[  454.617165][ T5965] udevd[5965]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  454.658059][ T5940] usb usb1-port1: attempt power cycle
[  454.756914][T11581] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1527'.
[  455.069444][ T5940] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  455.078130][ T5949] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  455.109820][ T5940] usb 1-1: device descriptor read/8, error -71
[  455.227666][T11591] 8021q: adding VLAN 0 to HW filter on device bond9
[  455.236294][T11591] bond9: entered promiscuous mode
[  455.261719][T11591] team0: Port device bond9 added
[  455.267162][ T5949] usb 5-1: config 8 has an invalid interface number: 53 but max is 1
[  455.287357][ T5949] usb 5-1: config 8 has an invalid interface number: 158 but max is 1
[  455.307743][ T5949] usb 5-1: config 8 has no interface number 0
[  455.353415][ T5949] usb 5-1: config 8 has no interface number 1
[  455.367525][ T5940] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  455.375392][ T5949] usb 5-1: config 8 interface 53 altsetting 5 endpoint 0xD has an invalid bInterval 129, changing to 7
[  455.400388][ T5949] usb 5-1: config 8 interface 53 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  455.432866][T11594] bridge0: the hash_elasticity option has been deprecated and is always 16
[  455.444267][ T5940] usb 1-1: device descriptor read/8, error -71
[  455.511650][ T5949] usb 5-1: config 8 interface 158 altsetting 7 endpoint 0x4 has invalid maxpacket 1552, setting to 64
[  455.567311][ T5949] usb 5-1: config 8 interface 53 has no altsetting 0
[  455.591944][ T5940] usb usb1-port1: unable to enumerate USB device
[  455.621100][ T5949] usb 5-1: config 8 interface 158 has no altsetting 0
[  455.664749][ T5949] usb 5-1: New USB device found, idVendor=19d2, idProduct=ff4b, bcdDevice=df.95
[  455.707507][ T5949] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.715541][ T5949] usb 5-1: Product: syz
[  455.766530][ T5949] usb 5-1: Manufacturer: ᪰⿇鄓舀뎥蹂ëＢ덞頉艫嫂ɞ쾀१䄆똗嘻
[  455.797219][T11608] FAULT_INJECTION: forcing a failure.
[  455.797219][T11608] name failslab, interval 1, probability 0, space 0, times 0
[  455.811536][T11608] CPU: 1 UID: 0 PID: 11608 Comm: syz.2.1534 Not tainted syzkaller #0 PREEMPT(full) 
[  455.811560][T11608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  455.811570][T11608] Call Trace:
[  455.811576][T11608]  <TASK>
[  455.811583][T11608]  dump_stack_lvl+0x189/0x250
[  455.811607][T11608]  ? __pfx____ratelimit+0x10/0x10
[  455.811626][T11608]  ? __pfx_dump_stack_lvl+0x10/0x10
[  455.811646][T11608]  ? __pfx__printk+0x10/0x10
[  455.811672][T11608]  ? __pfx___might_resched+0x10/0x10
[  455.811687][T11608]  ? fs_reclaim_acquire+0x7d/0x100
[  455.811708][T11608]  should_fail_ex+0x414/0x560
[  455.811735][T11608]  should_failslab+0xa8/0x100
[  455.811760][T11608]  kmem_cache_alloc_noprof+0x73/0x3c0
[  455.811781][T11608]  ? vm_area_alloc+0x24/0x140
[  455.811801][T11608]  vm_area_alloc+0x24/0x140
[  455.811818][T11608]  mmap_region+0xdc7/0x20c0
[  455.811835][T11608]  ? __lock_acquire+0xab9/0xd20
[  455.811867][T11608]  ? __lock_acquire+0xab9/0xd20
[  455.811891][T11608]  ? __pfx_mmap_region+0x10/0x10
[  455.811975][T11608]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[  455.812011][T11608]  ? bpf_lsm_mmap_addr+0x9/0x20
[  455.812027][T11608]  ? security_mmap_addr+0x71/0x270
[  455.812051][T11608]  ? shmem_mapping+0xd/0x50
[  455.812066][T11608]  ? memfd_check_seals_mmap+0xc5/0x200
[  455.812085][T11608]  do_mmap+0xc45/0x10d0
[  455.812125][T11608]  ? __pfx_do_mmap+0x10/0x10
[  455.812142][T11608]  ? down_write_killable+0x178/0x230
[  455.812166][T11608]  ? __pfx_down_write_killable+0x10/0x10
[  455.812182][T11608]  ? common_file_perm+0x1b5/0x230
[  455.812207][T11608]  vm_mmap_pgoff+0x2a6/0x4d0
[  455.812235][T11608]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  455.812256][T11608]  ? __fget_files+0x2a/0x420
[  455.812276][T11608]  ? __fget_files+0x3a0/0x420
[  455.812291][T11608]  ? __fget_files+0x2a/0x420
[  455.812310][T11608]  ksys_mmap_pgoff+0x51f/0x760
[  455.812338][T11608]  do_syscall_64+0xfa/0x3b0
[  455.812356][T11608]  ? lockdep_hardirqs_on+0x9c/0x150
[  455.812373][T11608]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.812390][T11608]  ? clear_bhb_loop+0x60/0xb0
[  455.812410][T11608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.812427][T11608] RIP: 0033:0x7f9ee1b8ec29
[  455.812443][T11608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.812457][T11608] RSP: 002b:00007f9ee29ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  455.812476][T11608] RAX: ffffffffffffffda RBX: 00007f9ee1dd5fa0 RCX: 00007f9ee1b8ec29
[  455.812489][T11608] RDX: 0000000000000005 RSI: 0000000000003000 RDI: 0000200000000000
[  455.812500][T11608] RBP: 00007f9ee29ac090 R08: 0000000000000003 R09: 0000000000000000
[  455.812511][T11608] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[  455.812522][T11608] R13: 00007f9ee1dd6038 R14: 00007f9ee1dd5fa0 R15: 00007f9ee1effa28
[  455.812551][T11608]  </TASK>
[  456.151657][ T5949] usb 5-1: SerialNumber: syz
[  456.178529][T11610] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1533'.
[  456.425912][T11612] netlink: del zone limit has 4 unknown bytes
[  456.768605][ T5940] usb 2-1: new full-speed USB device number 60 using dummy_hcd
[  457.076489][ T5940] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  457.141932][ T5940] usb 2-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  457.239419][ T5940] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.250445][ T5940] usb 2-1: Product: syz
[  457.268135][ T5940] usb 2-1: Manufacturer: syz
[  457.284281][ T5940] usb 2-1: SerialNumber: syz
[  457.386863][ T5940] usb 2-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  457.803674][T11627] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  457.859997][ T5949] option 5-1:8.53: GSM modem (1-port) converter detected
[  457.869810][T11627] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  457.898343][T11627] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  457.919596][ T5949] usb 5-1: USB disconnect, device number 64
[  457.941847][ T5949] option 5-1:8.53: device disconnected
[  457.950129][T11627] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  457.980501][T11630] loop8: detected capacity change from 0 to 8
[  457.995385][T11627] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  458.007478][T11627] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  458.017513][T11627] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  458.025931][T11627] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  458.036526][T11627] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  458.043885][T11627] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  458.145810][T11630] Dev loop8: unable to read RDB block 8
[  458.151792][T11630]  loop8: unable to read partition table
[  458.157768][T11630] loop8: partition table beyond EOD, truncated
[  458.177150][T11630] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  459.025666][T11643] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  459.049379][T11643] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  459.666826][ T5940] usb 2-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  459.887310][ T5940] usb 2-1: USB disconnect, device number 60
[  460.131422][T11658] loop6: detected capacity change from 0 to 7
[  460.153409][ T5965] Dev loop6: unable to read RDB block 7
[  460.172764][ T5965]  loop6: unable to read partition table
[  460.187842][ T5965] loop6: partition table beyond EOD, truncated
[  460.195579][T11658] Dev loop6: unable to read RDB block 7
[  460.202141][T11658]  loop6: unable to read partition table
[  460.208442][T11658] loop6: partition table beyond EOD, truncated
[  460.218203][T11658] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  460.825555][T11668] loop8: detected capacity change from 0 to 8
[  460.834500][T11668] Dev loop8: unable to read RDB block 8
[  460.841469][T11668]  loop8: unable to read partition table
[  460.848354][T11668] loop8: partition table beyond EOD, truncated
[  460.864896][T11668] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  461.112488][T11677] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1556'.
[  461.447574][  T919] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  461.640597][T11691] loop6: detected capacity change from 0 to 7
[  461.741506][T11691] Dev loop6: unable to read RDB block 7
[  461.765654][T11691]  loop6: unable to read partition table
[  461.773306][  T919] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  461.782913][  T919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.806043][  T919] usb 4-1: Product: syz
[  461.815720][T11691] loop6: partition table beyond EOD, truncated
[  461.964038][  T919] usb 4-1: Manufacturer: syz
[  462.052421][  T919] usb 4-1: SerialNumber: syz
[  462.080686][  T919] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  462.089235][T11691] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  462.251499][ T5920] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  462.472377][  T919] usb 4-1: USB disconnect, device number 95
[  462.593056][   T30] audit: type=1326 audit(1758503985.684:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11694 comm="syz.2.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ee1b8ec29 code=0x7ffc0000
[  462.627883][   T30] audit: type=1326 audit(1758503985.684:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11694 comm="syz.2.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7f9ee1b8ec29 code=0x7ffc0000
[  462.665991][   T30] audit: type=1326 audit(1758503985.694:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11694 comm="syz.2.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ee1b8ec29 code=0x7ffc0000
[  462.692247][   T30] audit: type=1326 audit(1758503985.694:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11694 comm="syz.2.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f9ee1b8ec29 code=0x7ffc0000
[  462.722646][   T30] audit: type=1326 audit(1758503985.694:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11694 comm="syz.2.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ee1b8ec29 code=0x7ffc0000
[  462.753625][   T30] audit: type=1326 audit(1758503985.694:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11694 comm="syz.2.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9ee1b8ec29 code=0x7ffc0000
[  462.779683][   T30] audit: type=1326 audit(1758503985.694:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11694 comm="syz.2.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ee1b8ec29 code=0x7ffc0000
[  462.931837][   T30] audit: type=1326 audit(1758503985.694:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11694 comm="syz.2.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9ee1b8ec29 code=0x7ffc0000
[  463.022175][   T30] audit: type=1326 audit(1758503985.694:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11694 comm="syz.2.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ee1b8ec29 code=0x7ffc0000
[  463.087021][   T30] audit: type=1326 audit(1758503985.694:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11694 comm="syz.2.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9ee1b8ec29 code=0x7ffc0000
[  463.183653][T11705] netlink: 'syz.1.1562': attribute type 1 has an invalid length.
[  463.357583][ T5920] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  463.366906][ T5920] ath9k_htc: Failed to initialize the device
[  463.395939][  T919] usb 4-1: ath9k_htc: USB layer deinitialized
[  463.770542][T11720] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1567'.
[  463.779628][  T919] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[  463.787409][T11720] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1567'.
[  463.796548][T11720] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1567'.
[  463.875911][   T24] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  463.960799][  T919] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  463.977739][  T919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.987993][ T5940] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  463.999262][  T919] usb 4-1: config 0 descriptor??
[  464.050480][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  464.062444][   T24] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  464.269524][T11726] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1563'.
[  464.270149][ T5940] usb 1-1: Using ep0 maxpacket: 8
[  464.300385][ T5940] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  464.312594][ T5940] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.324176][ T5940] usb 1-1: Product: syz
[  464.332006][ T5940] usb 1-1: Manufacturer: syz
[  464.366914][  T919] pegasus 4-1:0.0: probe with driver pegasus failed with error -71
[  464.382445][ T5940] usb 1-1: SerialNumber: syz
[  464.389766][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.394789][ T5940] usb 1-1: config 0 descriptor??
[  464.409695][ T5940] gspca_main: se401-2.14.0 probing 047d:5003
[  464.471054][  T919] usb 4-1: USB disconnect, device number 96
[  464.497100][   T24] usb 2-1: config 0 descriptor??
[  464.518662][   T24] pwc: Askey VC010 type 2 USB webcam detected.
[  464.826053][ T5940] gspca_se401: ExtraFeatures: 255
[  464.831256][ T5940] gspca_se401: Too many frame sizes
[  464.921567][   T24] pwc: recv_control_msg error -32 req 02 val 2b00
[  464.931251][   T24] pwc: recv_control_msg error -32 req 02 val 2700
[  464.940588][   T24] pwc: recv_control_msg error -32 req 02 val 2c00
[  464.957761][   T24] pwc: recv_control_msg error -32 req 04 val 1000
[  464.971766][   T24] pwc: recv_control_msg error -32 req 04 val 1300
[  464.984966][   T24] pwc: recv_control_msg error -32 req 04 val 1400
[  464.997972][   T24] pwc: recv_control_msg error -32 req 02 val 2000
[  465.010899][   T24] pwc: recv_control_msg error -32 req 02 val 2100
[  465.020738][   T24] pwc: recv_control_msg error -32 req 04 val 1500
[  465.028035][   T24] pwc: recv_control_msg error -32 req 02 val 2500
[  465.034984][   T24] pwc: recv_control_msg error -32 req 02 val 2400
[  465.046305][T11718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.049137][   T24] pwc: recv_control_msg error -32 req 02 val 2600
[  465.057131][T11718] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.084385][  T919] usb 1-1: USB disconnect, device number 64
[  465.189791][T11741] ptrace attach of "./syz-executor exec"[5878] was attempted by ""[11741]
[  465.279952][   T24] pwc: recv_control_msg error -71 req 02 val 2800
[  465.294832][   T24] pwc: recv_control_msg error -71 req 04 val 1100
[  465.303010][   T24] pwc: recv_control_msg error -71 req 04 val 1200
[  465.319474][   T24] pwc: Registered as video103.
[  465.329576][   T24] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input22
[  465.381397][   T24] usb 2-1: USB disconnect, device number 61
[  465.501360][T11752] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1578'.
[  466.757018][T11776] netlink: del zone limit has 4 unknown bytes
[  468.562869][T11809] loop8: detected capacity change from 0 to 8
[  468.571476][T11809] Dev loop8: unable to read RDB block 8
[  468.577233][T11809]  loop8: unable to read partition table
[  468.583872][T11809] loop8: partition table beyond EOD, truncated
[  468.591456][T11809] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  468.783687][T11816] input: syz1 as /devices/virtual/input/input23
[  469.546584][T11832] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1592'.
[  471.022495][T11864] loop8: detected capacity change from 0 to 8
[  471.031241][T11864] Dev loop8: unable to read RDB block 8
[  471.036811][T11864]  loop8: unable to read partition table
[  471.081261][T11864] loop8: partition table beyond EOD, truncated
[  471.150826][T11864] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  471.612002][T11874] netlink: 312 bytes leftover after parsing attributes in process `syz.4.1599'.
[  471.727861][ T5940] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  471.903557][ T5940] usb 3-1: too many configurations: 9, using maximum allowed: 8
[  471.919148][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  471.937399][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  471.960912][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  471.976255][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  472.002142][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  472.037591][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  472.046491][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  472.058700][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  472.082849][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  472.093713][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  472.119285][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  472.141483][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  472.160742][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  472.182547][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  472.188813][T11876] netlink: 'syz.0.1600': attribute type 23 has an invalid length.
[  472.196638][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  472.231551][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  472.242763][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  472.286221][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  472.304071][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  472.314165][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  472.329638][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  472.339700][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  472.349262][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  472.363056][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  472.407160][ T5940] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  472.417244][ T5940] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  472.439765][ T5940] usb 3-1: Product: syz
[  472.444130][ T5940] usb 3-1: Manufacturer: syz
[  472.457077][ T5940] usb 3-1: SerialNumber: syz
[  472.507811][ T5940] usb 3-1: config 0 descriptor??
[  472.547652][ T5940] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[  473.144995][T11885] loop6: detected capacity change from 0 to 7
[  473.159535][T11885] Dev loop6: unable to read RDB block 7
[  473.170977][T11885]  loop6: AHDI p2 p3
[  473.175521][T11885] loop6: partition table partially beyond EOD, truncated
[  473.185100][T11885] loop6: p2 size 46 extends beyond EOD, truncated
[  473.258617][ T5965] udevd[5965]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  473.522768][T11890] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1603'.
[  473.760394][   T30] kauditd_printk_skb: 50 callbacks suppressed
[  473.760411][   T30] audit: type=1326 audit(1758503996.864:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11886 comm="syz.4.1603" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd68158ec29 code=0x0
[  474.296661][    C0] usb 3-1: yurex_control_callback - control failed: -2
[  474.333072][ T5940] usb 3-1: USB disconnect, device number 69
[  474.365459][ T5940] yurex 3-1:0.0: USB YUREX #0 now disconnected
[  476.664228][T11925] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1612'.
[  476.675387][T11925] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1612'.
[  477.017137][T11931] loop8: detected capacity change from 0 to 8
[  477.079927][T11931] Dev loop8: unable to read RDB block 8
[  477.097559][T11931]  loop8: unable to read partition table
[  477.128539][T11931] loop8: partition table beyond EOD, truncated
[  477.180308][T11931] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  477.257665][ T5949] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  477.823937][T11945] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  477.903950][T11950] loop6: detected capacity change from 0 to 7
[  477.913821][T11950] Dev loop6: unable to read RDB block 7
[  477.923665][T11950]  loop6: AHDI p2 p3
[  477.931791][T11950] loop6: partition table partially beyond EOD, truncated
[  477.957700][T11950] loop6: p2 size 46 extends beyond EOD, truncated
[  478.084430][ T5965] udevd[5965]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  478.550333][T11959] random: crng reseeded on system resumption
[  478.917682][   T24] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  479.077568][   T24] usb 5-1: Using ep0 maxpacket: 8
[  479.084717][   T24] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  479.094379][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  479.132671][   T24] pvrusb2: Hardware description: Terratec Grabster AV400
[  479.188818][   T24] pvrusb2: **********
[  479.206834][   T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  479.402196][   T24] pvrusb2: Important functionality might not be entirely working.
[  479.538949][   T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  479.574025][   T24] pvrusb2: **********
[  479.594320][ T2346] pvrusb2: Invalid write control endpoint
[  479.718207][ T6012] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  479.742831][T11976] loop6: detected capacity change from 0 to 7
[  479.756204][T11976] Dev loop6: unable to read RDB block 7
[  479.764143][T11976]  loop6: unable to read partition table
[  479.770871][T11976] loop6: partition table beyond EOD, truncated
[  479.777283][T11976] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  479.789386][T11961] pvrusb2: Invalid write control endpoint
[  479.798129][T11977] loop8: detected capacity change from 0 to 8
[  479.869764][T11977] Dev loop8: unable to read RDB block 8
[  479.875505][T11977]  loop8: unable to read partition table
[  479.882062][T11977] loop8: partition table beyond EOD, truncated
[  479.888943][T11977] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  479.907713][ T6012] usb 4-1: Using ep0 maxpacket: 8
[  479.952624][ T6012] usb 4-1: unable to get BOS descriptor or descriptor too short
[  479.964074][   T24] usb 5-1: USB disconnect, device number 65
[  480.091294][ T2346] pvrusb2: Invalid write control endpoint
[  480.100837][ T6012] usb 4-1: config 8 has an invalid interface number: 56 but max is 0
[  480.109225][ T6012] usb 4-1: config 8 has no interface number 0
[  480.115486][ T6012] usb 4-1: too many endpoints for config 8 interface 56 altsetting 49: 56, using maximum allowed: 30
[  480.127036][ T6012] usb 4-1: config 8 interface 56 altsetting 49 has 0 endpoint descriptors, different from the interface descriptor's value: 56
[  480.141148][ T2346] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  480.262099][ T2346] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  480.338679][ T6012] usb 4-1: config 8 interface 56 has no altsetting 0
[  480.358095][ T5949] usb 3-1: unable to get BOS descriptor or descriptor too short
[  480.372065][ T5949] usb 3-1: unable to read config index 0 descriptor/start: -71
[  480.382028][ T2346] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  480.417336][ T6012] usb 4-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf
[  480.430227][ T6012] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.438935][ T5949] usb 3-1: can't read configurations, error -71
[  480.445372][ T6012] usb 4-1: Product: syz
[  480.450845][ T6012] usb 4-1: Manufacturer: syz
[  480.455461][ T6012] usb 4-1: SerialNumber: syz
[  480.462114][ T2346] pvrusb2: Device being rendered inoperable
[  480.474194][ T2346] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  480.482854][ T2346] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  480.498185][ T2346] pvrusb2: Attached sub-driver cx25840
[  480.504116][ T2346] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  480.514586][ T2346] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  480.979730][   T30] audit: type=1326 audit(1758504004.084:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11994 comm="syz.2.1634" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ee1b8ec29 code=0x0
[  480.997752][   T24] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  481.157694][   T24] usb 5-1: Using ep0 maxpacket: 32
[  481.165112][   T24] usb 5-1: config 0 has an invalid interface number: 111 but max is 1
[  481.191097][   T24] usb 5-1: config 0 has no interface number 1
[  481.238635][   T24] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83
[  481.254922][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.286789][   T24] usb 5-1: Product: syz
[  481.298897][   T24] usb 5-1: Manufacturer: syz
[  481.309235][   T24] usb 5-1: SerialNumber: syz
[  481.321786][   T24] usb 5-1: config 0 descriptor??
[  481.350056][T12007] loop8: detected capacity change from 0 to 8
[  481.371893][ T6095] Dev loop8: unable to read RDB block 8
[  481.381158][ T6095]  loop8: unable to read partition table
[  481.403475][ T6095] loop8: partition table beyond EOD, truncated
[  481.428872][T12007] Dev loop8: unable to read RDB block 8
[  481.437177][T12007]  loop8: unable to read partition table
[  481.458120][T12007] loop8: partition table beyond EOD, truncated
[  481.477861][T12007] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  481.702531][T12011] loop6: detected capacity change from 0 to 7
[  481.717197][T12011] Dev loop6: unable to read RDB block 7
[  481.739729][T12011]  loop6: unable to read partition table
[  481.762106][T12011] loop6: partition table beyond EOD, truncated
[  481.886134][T12011] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  482.161849][   T24] snd-usb-6fire 5-1:0.111: unable to receive device firmware state.
[  482.195473][   T24] snd-usb-6fire 5-1:0.111: probe with driver snd-usb-6fire failed with error -71
[  482.238683][   T24] usb 5-1: USB disconnect, device number 66
[  482.282564][T12020] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1642'.
[  482.395682][T12024] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1641'.
[  482.406130][T12024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1641'.
[  482.747619][ T6017] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  482.778558][ T6012] usb 4-1: selecting invalid altsetting 1
[  483.018609][ T6012] catc 4-1:8.56: Can't set altsetting 1.
[  483.034583][ T6012] catc 4-1:8.56: probe with driver catc failed with error -5
[  483.062788][ T6012] usb 4-1: USB disconnect, device number 97
[  483.689317][T12051] loop8: detected capacity change from 0 to 8
[  483.877697][ T6615] Dev loop8: unable to read RDB block 8
[  483.982303][ T6615]  loop8: unable to read partition table
[  484.057077][ T6615] loop8: partition table beyond EOD, truncated
[  484.085920][T12051] Dev loop8: unable to read RDB block 8
[  484.120782][T12051]  loop8: unable to read partition table
[  484.134268][T12051] loop8: partition table beyond EOD, truncated
[  484.153310][T12051] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  484.618267][T12055] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1649'.
[  485.187577][ T6012] usb 4-1: new full-speed USB device number 99 using dummy_hcd
[  485.305765][T12067] CUSE: unknown device info "�"
[  485.323240][T12067] CUSE: unknown device info "�"
[  485.339345][ T6012] usb 4-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[  485.354885][ T6012] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.365742][T12067] CUSE: unknown device info "
"
[  485.419372][ T6012] usb 4-1: config 0 descriptor??
[  485.425592][T12067] CUSE: unknown device info "�"
[  485.476075][T12067] CUSE: unknown device info "����"
[  485.481363][T12067] CUSE: unknown device info ""
[  485.486278][T12067] CUSE: unknown device info ""
[  485.497649][T12067] CUSE: unknown device info ""
[  485.502657][T12067] CUSE: zero length info key specified
[  485.564776][ T6012] pwc: Samsung MPC-C10 USB webcam detected.
[  485.827484][T12063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  485.883726][T12063] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  486.225341][ T6017] usb 1-1: unable to get BOS descriptor or descriptor too short
[  486.242852][ T6017] usb 1-1: unable to read config index 0 descriptor/start: -71
[  486.270860][ T6017] usb 1-1: can't read configurations, error -71
[  486.331402][ T6012] pwc: send_video_command error -71
[  486.337322][ T6012] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  486.353378][ T6012] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71
[  486.436374][ T6012] usb 4-1: USB disconnect, device number 99
[  486.620161][T12097] bridge3: the hash_elasticity option has been deprecated and is always 16
[  486.672051][   T24] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  486.837560][   T24] usb 5-1: Using ep0 maxpacket: 8
[  486.844818][   T24] usb 5-1: config 0 has an invalid interface number: 186 but max is 0
[  486.875591][   T24] usb 5-1: config 0 has no interface number 0
[  486.896597][   T24] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  486.994395][   T24] usb 5-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  487.047233][   T24] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  487.116859][   T24] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  487.127095][ T5920] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  487.144771][   T24] usb 5-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  487.177352][   T24] usb 5-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  487.197050][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.221649][   T24] usb 5-1: Product: syz
[  487.258828][   T24] usb 5-1: Manufacturer: syz
[  487.263675][   T24] usb 5-1: SerialNumber: syz
[  487.274319][   T24] usb 5-1: config 0 descriptor??
[  487.303711][ T5920] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  487.313226][ T5920] usb 3-1: config 0 has no interface number 0
[  487.324031][ T5920] usb 3-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  487.333635][ T5920] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.349603][ T5920] usb 3-1: Product: syz
[  487.364345][ T5920] usb 3-1: Manufacturer: syz
[  487.420044][ T5920] usb 3-1: SerialNumber: syz
[  487.601149][   T24] iowarrior 5-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  487.620928][T12114] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1663'.
[  487.643140][ T5920] usb 3-1: config 0 descriptor??
[  487.680790][ T5920] gspca_main: sq905c-2.14.0 probing 2770:9052
[  487.698152][   T24] usb 5-1: USB disconnect, device number 67
[  488.250728][T12122] loop6: detected capacity change from 0 to 7
[  488.263788][ T6615] Dev loop6: unable to read RDB block 7
[  488.301640][ T6615]  loop6: unable to read partition table
[  488.310391][ T5920] gspca_sq905c: sq905c_command: usb_control_msg failed (-71)
[  488.310722][ T6615] loop6: partition table beyond EOD, truncated
[  488.330414][ T5920] sq905c 3-1:0.1: probe with driver sq905c failed with error -71
[  488.343726][T12122] Dev loop6: unable to read RDB block 7
[  488.356461][T12122]  loop6: unable to read partition table
[  488.369307][T12122] loop6: partition table beyond EOD, truncated
[  488.375709][T12122] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  488.390441][ T5920] usb 3-1: USB disconnect, device number 72
[  488.557738][ T5872] usb 2-1: new full-speed USB device number 62 using dummy_hcd
[  488.731041][ T5872] usb 2-1: unable to get BOS descriptor or descriptor too short
[  488.746610][ T5872] usb 2-1: not running at top speed; connect to a high speed hub
[  488.757212][ T5872] usb 2-1: config 4 has an invalid interface number: 147 but max is 0
[  488.770734][ T5872] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  488.783391][ T5872] usb 2-1: config 4 has no interface number 0
[  488.800727][ T5872] usb 2-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  488.813336][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.821483][ T5872] usb 2-1: Product: syz
[  488.825822][ T5872] usb 2-1: Manufacturer: syz
[  488.835945][ T5872] usb 2-1: SerialNumber: syz
[  489.095981][ T5872] usb 2-1: Found UVC 0.02 device syz (04f2:b746)
[  489.120774][ T5872] usb 2-1: No streaming interface found for terminal 6.
[  489.208353][ T5872] usb 2-1: USB disconnect, device number 62
[  489.419465][T12146] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1675'.
[  489.517664][ T5920] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  489.717572][ T5920] usb 5-1: Using ep0 maxpacket: 32
[  489.849017][ T5920] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  489.857206][ T5920] usb 5-1: config 0 has no interface number 0
[  489.879029][ T5920] usb 5-1: config 0 interface 184 has no altsetting 0
[  489.895202][ T5920] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  489.904759][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  489.936619][ T5920] usb 5-1: Product: syz
[  489.941097][ T5920] usb 5-1: Manufacturer: syz
[  489.945682][ T5920] usb 5-1: SerialNumber: syz
[  490.144647][ T5920] usb 5-1: config 0 descriptor??
[  490.164768][T12159] loop6: detected capacity change from 0 to 7
[  490.223652][T12161] xt_l2tp: missing protocol rule (udp|l2tpip)
[  490.242952][T12159] Dev loop6: unable to read RDB block 7
[  490.248488][ T5920] smsc75xx v1.0.0
[  490.248791][T12159]  loop6: unable to read partition table
[  490.259469][T12159] loop6: partition table beyond EOD, truncated
[  490.272869][T12159] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  490.277924][ T5920] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  490.373979][ T5920] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -22
[  490.749290][ T5920] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  490.849525][T12173] bridge6: the hash_elasticity option has been deprecated and is always 16
[  490.910361][ T5920] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[  490.926953][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  490.941592][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  490.969152][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  490.985665][ T5920] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  490.995976][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.004555][ T5920] usb 2-1: Product: syz
[  491.030988][ T5920] usb 2-1: Manufacturer: syz
[  491.039624][ T5920] usb 2-1: SerialNumber: syz
[  491.056264][ T5920] usb 2-1: config 0 descriptor??
[  491.085279][ T5920] iguanair 2-1:0.0: probe with driver iguanair failed with error -12
[  491.286256][ T5920] usb 2-1: USB disconnect, device number 63
[  491.757573][ T6017] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  491.912542][ T6017] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  491.951351][   T30] audit: type=1326 audit(1758504015.044:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.1.1689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a17b8ec29 code=0x7ffc0000
[  491.974064][ T6017] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  491.984016][ T6017] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  492.010537][ T6017] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.046203][ T6017] usb 1-1: config 0 descriptor??
[  492.096171][   T30] audit: type=1326 audit(1758504015.044:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.1.1689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f1a17b8d497 code=0x7ffc0000
[  492.122741][   T30] audit: type=1326 audit(1758504015.044:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.1.1689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a17b8ec29 code=0x7ffc0000
[  492.171769][   T30] audit: type=1326 audit(1758504015.044:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.1.1689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f1a17b8ec29 code=0x7ffc0000
[  492.220622][ T5920] usb 5-1: USB disconnect, device number 68
[  492.253639][   T30] audit: type=1326 audit(1758504015.044:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.1.1689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a17b8ec29 code=0x7ffc0000
[  492.305007][   T30] audit: type=1326 audit(1758504015.044:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.1.1689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1a17b8ec29 code=0x7ffc0000
[  492.334089][   T30] audit: type=1326 audit(1758504015.044:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.1.1689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a17b8ec29 code=0x7ffc0000
[  492.344965][T12199] loop6: detected capacity change from 0 to 7
[  492.377954][   T30] audit: type=1326 audit(1758504015.044:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.1.1689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1a17b8ec29 code=0x7ffc0000
[  492.672197][T12199] Dev loop6: unable to read RDB block 7
[  492.686559][T12199]  loop6: unable to read partition table
[  492.689333][ T6017] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  492.704495][T12199] loop6: partition table beyond EOD, truncated
[  492.733360][ T6017] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  492.738825][   T30] audit: type=1326 audit(1758504015.054:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.1.1689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a17b8ec29 code=0x7ffc0000
[  492.763952][T12199] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  492.766115][ T6017] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  492.796729][ T6017] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  492.810678][ T6017] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  492.822514][   T30] audit: type=1326 audit(1758504015.054:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.1.1689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1a17b8ec29 code=0x7ffc0000
[  492.827314][ T6017] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  492.864470][ T6017] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  492.972736][ T6017] cp2112 0003:10C4:EA90.0010: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0
[  493.047645][ T6012] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  493.098641][ T6017] cp2112 0003:10C4:EA90.0010: Part Number: 0x00 Device Version: 0x00
[  493.307673][T12211] netlink: del zone limit has 4 unknown bytes
[  493.341768][ T6012] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  493.363293][ T6012] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  493.383765][ T6012] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  493.414733][ T6012] usb 2-1: config 0 interface 0 has no altsetting 0
[  493.443781][ T6012] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  493.479120][ T6012] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  493.501065][ T6012] usb 2-1: config 0 interface 0 has no altsetting 0
[  493.518420][ T6012] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  493.527420][ T6012] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  493.544069][ T6012] usb 2-1: config 0 interface 0 has no altsetting 0
[  493.560687][ T6012] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  493.571623][ T6012] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  493.583029][ T6012] usb 2-1: config 0 interface 0 has no altsetting 0
[  493.600187][ T6012] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  493.611068][ T6012] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  493.632771][ T6012] usb 2-1: config 0 interface 0 has no altsetting 0
[  493.642866][ T6012] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  493.655357][T12186] cp2112 0003:10C4:EA90.0010: Error starting transaction: -38
[  493.684492][T12186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  493.695201][ T6012] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  493.715832][T12186] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  493.740598][ T6012] usb 2-1: config 0 interface 0 has no altsetting 0
[  493.842990][ T6012] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  493.865047][T12186] pimreg: tun_chr_ioctl cmd 2147767520
[  493.895014][ T6012] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  493.978466][ T6012] usb 2-1: config 0 interface 0 has no altsetting 0
[  493.996853][ T6012] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  494.006144][ T6012] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  494.021944][ T6012] usb 2-1: config 0 interface 0 has no altsetting 0
[  494.032913][ T6017] cp2112 0003:10C4:EA90.0010: error reading lock byte: -71
[  494.071040][ T6012] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  494.080504][ T6012] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  494.123763][ T6012] usb 2-1: Product: syz
[  494.149592][ T6012] usb 2-1: Manufacturer: syz
[  494.154497][ T6012] usb 2-1: SerialNumber: syz
[  494.174908][ T6012] usb 2-1: config 0 descriptor??
[  494.205435][ T6012] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[  494.844544][ T6017] usb 1-1: USB disconnect, device number 67
[  495.128921][T12230] netlink: 312 bytes leftover after parsing attributes in process `syz.0.1696'.
[  496.237540][ T5872] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  496.387757][ T5872] usb 3-1: device descriptor read/64, error -71
[  496.521230][T12242] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1699'.
[  496.558676][ T6017] usb 2-1: USB disconnect, device number 64
[  496.598286][ T6017] yurex 2-1:0.0: USB YUREX #0 now disconnected
[  496.687913][ T5872] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  496.827741][ T5872] usb 3-1: device descriptor read/64, error -71
[  497.009077][ T5872] usb usb3-port1: attempt power cycle
[  497.127945][ T5920] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  497.287865][ T5920] usb 1-1: Using ep0 maxpacket: 8
[  497.305933][ T5920] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  497.333509][ T5920] usb 1-1: config 0 has no interface number 0
[  497.398885][ T5920] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  497.409900][ T5872] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  497.445845][ T5920] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  497.467827][ T5872] usb 3-1: device descriptor read/8, error -71
[  497.507217][ T5920] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  497.527597][ T6017] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  497.556729][ T5920] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  497.587085][ T5920] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  497.647626][ T5920] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  497.670063][T12275] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1707'.
[  497.687685][ T6017] usb 2-1: Using ep0 maxpacket: 8
[  497.689506][T12275] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1707'.
[  497.703763][ T5920] usb 1-1: config 0 descriptor??
[  497.719398][ T6017] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  497.727827][ T5872] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  497.736369][ T5920] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  497.738778][ T6017] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.766379][ T5872] usb 3-1: device descriptor read/8, error -71
[  497.772937][ T6017] usb 2-1: Product: syz
[  497.772966][ T6017] usb 2-1: Manufacturer: syz
[  497.772977][ T6017] usb 2-1: SerialNumber: syz
[  497.785908][ T6017] usb 2-1: config 0 descriptor??
[  497.925135][ T5872] usb usb3-port1: unable to enumerate USB device
[  497.991983][ T5872] usb 1-1: USB disconnect, device number 68
[  497.992063][    C1] ldusb 1-1:0.55: usb_submit_urb failed (-19)
[  497.999010][ T6017] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  498.023142][ T5872] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  498.107618][ T5920] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  498.259756][ T5920] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  498.269360][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.287068][ T5920] usb 4-1: config 0 descriptor??
[  498.295348][ T5920] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  498.495264][T12276] delete_channel: no stack
[  498.499813][ T5920] usb 4-1: USB disconnect, device number 100
[  498.856541][T12287] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1712'.
[  498.921117][T12289] loop6: detected capacity change from 0 to 7
[  498.930348][ T5965] Dev loop6: unable to read RDB block 7
[  498.935972][ T5965]  loop6: AHDI p2 p3
[  498.940951][ T5965] loop6: partition table partially beyond EOD, truncated
[  498.948814][ T5965] loop6: p2 size 46 extends beyond EOD, truncated
[  498.965450][T12289] Dev loop6: unable to read RDB block 7
[  498.971823][T12289]  loop6: AHDI p2 p3
[  498.975863][T12289] loop6: partition table partially beyond EOD, truncated
[  498.983652][T12289] loop6: p2 size 46 extends beyond EOD, truncated
[  499.071339][ T5965] udevd[5965]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  499.150005][ T5965] udevd[5965]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  499.198721][T12299] bridge0: the hash_elasticity option has been deprecated and is always 16
[  499.421884][ T5940] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  499.433514][ T6017] usb write operation failed. (-71)
[  499.522030][ T6017] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  499.533676][ T6017] dvbdev: DVB: registering new adapter (Terratec H7)
[  499.600364][ T6017] usb 2-1: media controller created
[  499.617200][T12320] input: syz1 as /devices/virtual/input/input25
[  499.617407][ T5940] usb 3-1: too many configurations: 9, using maximum allowed: 8
[  499.642630][ T6017] usb read operation failed. (-71)
[  499.656692][ T6017] usb write operation failed. (-71)
[  499.669226][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  499.680980][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  499.691938][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  499.707850][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  499.717015][ T6017] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  499.726287][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  499.769822][ T6017] usb 2-1: USB disconnect, device number 65
[  499.775817][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  499.843939][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  499.858641][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  499.869737][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  499.877790][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  499.887291][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  499.898640][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  499.907970][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  499.918967][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  499.931391][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  499.986495][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  500.018133][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  500.053839][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  500.070270][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  500.079240][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  500.098023][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  500.106052][ T5940] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  500.115070][ T5940] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  500.126046][ T6017] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  500.133667][ T5940] usb 3-1: config 0 interface 0 has no altsetting 0
[  500.142735][ T5940] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  500.151949][ T5940] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  500.160345][ T5940] usb 3-1: Product: syz
[  500.164564][ T5940] usb 3-1: Manufacturer: syz
[  500.169223][ T5940] usb 3-1: SerialNumber: syz
[  500.182892][ T5940] usb 3-1: config 0 descriptor??
[  500.192365][ T5940] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[  500.327562][ T6017] usb 2-1: device descriptor read/64, error -71
[  500.597570][ T6017] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  500.787640][ T6017] usb 2-1: device descriptor read/64, error -71
[  500.897726][ T6017] usb usb2-port1: attempt power cycle
[  501.327699][ T6017] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  501.338358][ T5940] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  501.367605][ T6017] usb 2-1: device descriptor read/8, error -71
[  501.422371][T12336] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1725'.
[  501.521214][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  501.534759][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  501.587562][ T5940] usb 4-1: device descriptor read/64, error -71
[  501.679791][ T6017] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  501.697674][ T6012] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  501.760376][ T6017] usb 2-1: device descriptor read/8, error -71
[  501.837795][ T5940] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  501.882814][ T6017] usb usb2-port1: unable to enumerate USB device
[  501.897626][ T6012] usb 1-1: Using ep0 maxpacket: 16
[  502.073476][T12338] loop8: detected capacity change from 0 to 8
[  502.089371][T12338] Dev loop8: unable to read RDB block 8
[  502.120715][ T5940] usb 4-1: device descriptor read/64, error -71
[  502.159621][T12338]  loop8: unable to read partition table
[  502.165482][T12338] loop8: partition table beyond EOD, truncated
[  502.187707][T12338] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  502.241001][ T5940] usb usb4-port1: attempt power cycle
[  502.388823][ T5920] usb 3-1: USB disconnect, device number 77
[  502.536461][ T5920] yurex 3-1:0.0: USB YUREX #0 now disconnected
[  502.595604][T12344] loop6: detected capacity change from 0 to 7
[  502.604435][T12344] Dev loop6: unable to read RDB block 7
[  502.610614][T12341] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1727'.
[  502.625764][T12344]  loop6: AHDI p2 p3
[  502.640476][T12344] loop6: partition table partially beyond EOD, truncated
[  502.656507][T12344] loop6: p2 size 46 extends beyond EOD, truncated
[  502.737651][ T5940] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  502.763749][ T5965] udevd[5965]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  502.775071][ T5940] usb 4-1: device descriptor read/8, error -71
[  502.986506][T12349] bridge7: the hash_elasticity option has been deprecated and is always 16
[  503.020389][ T5940] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  503.121212][ T5940] usb 4-1: device descriptor read/8, error -71
[  503.237673][ T5949] usb 5-1: new full-speed USB device number 69 using dummy_hcd
[  503.259562][ T5940] usb usb4-port1: unable to enumerate USB device
[  503.725681][ T5949] usb 5-1: device descriptor read/64, error -71
[  504.046965][ T5949] usb 5-1: new full-speed USB device number 70 using dummy_hcd
[  504.243458][ T5949] usb 5-1: device descriptor read/64, error -71
[  504.383535][ T5949] usb usb5-port1: attempt power cycle
[  504.727851][ T5949] usb 5-1: new full-speed USB device number 71 using dummy_hcd
[  504.776347][ T5949] usb 5-1: device descriptor read/8, error -71
[  504.956032][ T6012] usb 1-1: unable to get BOS descriptor or descriptor too short
[  504.990482][ T6012] usb 1-1: unable to read config index 0 descriptor/start: -71
[  505.017527][ T5949] usb 5-1: new full-speed USB device number 72 using dummy_hcd
[  505.048040][ T6012] usb 1-1: can't read configurations, error -71
[  505.059880][ T5949] usb 5-1: device descriptor read/8, error -71
[  505.308569][ T5949] usb usb5-port1: unable to enumerate USB device
[  506.347622][ T5920] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  506.828425][ T5920] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  506.838452][ T5920] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  506.927016][ T5920] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  507.105891][ T5920] usb 5-1: config 0 interface 0 has no altsetting 0
[  507.115503][ T5920] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  507.124835][ T5920] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  507.135983][ T5920] usb 5-1: config 0 interface 0 has no altsetting 0
[  507.164182][ T5872] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  507.178641][ T5920] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  507.187878][ T5920] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  507.202696][ T5920] usb 5-1: config 0 interface 0 has no altsetting 0
[  507.211839][ T5920] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  507.240797][ T5920] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  507.265539][T12405] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1743'.
[  507.277056][T12405] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1743'.
[  507.385129][ T5872] usb 4-1: device descriptor read/64, error -71
[  507.391658][ T5920] usb 5-1: config 0 interface 0 has no altsetting 0
[  507.403099][ T5920] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  507.412381][ T5920] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  507.423585][ T5920] usb 5-1: config 0 interface 0 has no altsetting 0
[  507.437891][ T5920] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  507.451124][ T5920] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  507.540682][T12409] netlink: 'syz.0.1744': attribute type 3 has an invalid length.
[  507.548687][T12409] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1744'.
[  507.856229][ T6012] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  507.864018][ T5872] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  508.167676][ T5872] usb 4-1: device descriptor read/64, error -71
[  508.190216][ T5920] usb 5-1: config 0 interface 0 has no altsetting 0
[  508.464810][ T5872] usb usb4-port1: attempt power cycle
[  508.495287][ T5920] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  508.506135][ T5920] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  508.552146][ T5920] usb 5-1: config 0 interface 0 has no altsetting 0
[  508.567397][ T5920] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  508.582701][ T5920] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  508.687499][ T5920] usb 5-1: config 0 interface 0 has no altsetting 0
[  508.721053][ T5920] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  508.734415][ T5920] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  508.755964][ T5920] usb 5-1: Product: syz
[  508.768620][ T5920] usb 5-1: Manufacturer: syz
[  508.782890][T12414] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  508.812173][ T5872] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[  508.827135][ T5920] usb 5-1: SerialNumber: syz
[  508.874653][ T5872] usb 4-1: device descriptor read/8, error -71
[  508.884684][ T5920] usb 5-1: config 0 descriptor??
[  508.910502][ T5920] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[  508.924699][T12415] vivid-000: disconnect
[  508.934728][T12414] netlink: 'syz.2.1745': attribute type 1 has an invalid length.
[  508.950200][T12413] vivid-000: reconnect
[  509.087184][ T5940] usb 5-1: USB disconnect, device number 73
[  509.096143][ T5940] yurex 5-1:0.0: USB YUREX #0 now disconnected
[  509.148222][ T5872] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  509.211594][ T5872] usb 4-1: device descriptor read/8, error -71
[  509.235719][T12419] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1746'.
[  509.348081][ T5872] usb usb4-port1: unable to enumerate USB device
[  509.685910][T12425] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1748'.
[  510.269617][    C0] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  510.279498][    C0] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  510.323238][T12436] netlink: 'syz.4.1751': attribute type 16 has an invalid length.
[  510.331276][T12436] netlink: 'syz.4.1751': attribute type 17 has an invalid length.
[  510.382638][T12436] 8021q: adding VLAN 0 to HW filter on device team0
[  510.418462][ T5920] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  510.506637][T12436] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  510.856104][ T6012] usb 2-1: unable to get BOS descriptor or descriptor too short
[  510.864260][ T1124] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  510.875340][ T6012] usb 2-1: unable to read config index 0 descriptor/start: -71
[  510.885011][ T6012] usb 2-1: can't read configurations, error -71
[  510.981483][T12444] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1753'.
[  511.006945][T12444] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1753'.
[  511.037912][ T5872] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  511.576527][T12457] loop6: detected capacity change from 0 to 7
[  511.659603][T12457] Dev loop6: unable to read RDB block 7
[  511.679001][T12457]  loop6: unable to read partition table
[  511.700200][T12457] loop6: partition table beyond EOD, truncated
[  511.716839][T12462] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1757'.
[  511.764486][T12457] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  511.918303][   T49] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  511.960572][   T49] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  512.325840][ T5872] usb 3-1: new full-speed USB device number 78 using dummy_hcd
[  512.345470][ T5949] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  512.444756][   T24] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  512.519183][ T5872] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  512.530589][ T5872] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  512.573953][ T5872] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  512.690769][   T24] usb 2-1: device descriptor read/64, error -71
[  512.717473][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.717615][ T5949] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[  512.798043][T12482] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  512.845994][  T919] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  512.936689][ T5872] usb 3-1: GET_CAPABILITIES returned 0
[  512.944373][   T24] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  512.955181][ T5872] usbtmc 3-1:16.0: can't read capabilities
[  512.999777][ T5949] usb 4-1: config 8 has an invalid interface number: 53 but max is 1
[  513.011461][ T5949] usb 4-1: config 8 has an invalid interface number: 158 but max is 1
[  513.035657][ T5949] usb 4-1: config 8 has no interface number 0
[  513.070183][ T5949] usb 4-1: config 8 has no interface number 1
[  513.113124][ T5949] usb 4-1: config 8 interface 53 altsetting 5 endpoint 0xD has an invalid bInterval 129, changing to 7
[  513.142349][T12470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.157808][ T6012] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  513.179981][ T5949] usb 4-1: config 8 interface 53 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  513.204688][ T5949] usb 4-1: config 8 interface 158 altsetting 7 endpoint 0x4 has invalid maxpacket 1552, setting to 64
[  513.225173][ T5949] usb 4-1: config 8 interface 53 has no altsetting 0
[  513.238408][ T5949] usb 4-1: config 8 interface 158 has no altsetting 0
[  513.248666][T12470] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  513.323672][ T5872] usb 3-1: USB disconnect, device number 78
[  513.337635][   T24] usb 2-1: device descriptor read/64, error -71
[  513.346940][ T6012] usb 5-1: Using ep0 maxpacket: 8
[  513.376411][ T6012] usb 5-1: unable to get BOS descriptor or descriptor too short
[  513.432775][ T6012] usb 5-1: config 4 interface 0 has no altsetting 0
[  513.471714][ T6012] usb 5-1: string descriptor 0 read error: -22
[  513.486235][ T5949] usb 4-1: New USB device found, idVendor=19d2, idProduct=ff4b, bcdDevice=df.95
[  513.498446][ T6012] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  513.507835][ T5949] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.515837][ T5949] usb 4-1: Product: syz
[  513.520754][ T6012] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.528816][ T5949] usb 4-1: Manufacturer: ᪰⿇鄓舀뎥蹂ëＢ덞頉艫嫂ɞ쾀१䄆똗嘻
[  513.603665][   T24] usb usb2-port1: attempt power cycle
[  513.627141][ T6012] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  513.639693][ T5949] usb 4-1: SerialNumber: syz
[  513.759762][ T6012] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  513.815915][ T6012] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  513.827730][ T6012] usb 5-1: media controller created
[  513.848085][ T6012] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  513.876801][ T5872] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  513.922157][ T6012] zl10353_read_register: readreg error (reg=127, ret==0)
[  513.957940][   T24] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  514.020271][   T24] usb 2-1: device descriptor read/8, error -71
[  514.085910][ T6012] usb 5-1: USB disconnect, device number 74
[  514.337603][   T24] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  514.438657][   T24] usb 2-1: device descriptor read/8, error -71
[  514.604463][   T24] usb usb2-port1: unable to enumerate USB device
[  514.656113][T12504] bridge8: the hash_elasticity option has been deprecated and is always 16
[  514.707782][ T5920] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  514.871465][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  514.946149][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  514.971200][ T5920] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  515.026531][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.086433][ T5920] usb 5-1: config 0 descriptor??
[  515.535706][ T5920] cm6533_jd 0003:0D8C:0022.0011: unknown main item tag 0x0
[  515.557647][ T6012] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  515.630521][ T5920] cm6533_jd 0003:0D8C:0022.0011: unknown main item tag 0x0
[  515.733160][ T6012] usb 1-1: device descriptor read/64, error -71
[  515.807825][ T5920] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0011/input/input28
[  516.028164][ T6012] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  516.295496][ T5949] option 4-1:8.53: GSM modem (1-port) converter detected
[  516.344795][ T5920] cm6533_jd 0003:0D8C:0022.0011: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  516.397649][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  516.408627][ T6012] usb 1-1: device descriptor read/64, error -71
[  516.475227][ T5920] usb 5-1: USB disconnect, device number 75
[  516.508389][ T5949] usb 4-1: USB disconnect, device number 109
[  516.520110][ T6012] usb usb1-port1: attempt power cycle
[  516.554925][ T5949] option 4-1:8.53: device disconnected
[  516.665271][T12529] fido_id[12529]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  516.927685][ T6012] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  516.976297][T12546] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  517.067134][ T6012] usb 1-1: device descriptor read/8, error -71
[  517.395393][ T6012] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  517.431413][T12527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1779'.
[  517.443083][T12527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1779'.
[  517.965915][ T6012] usb 1-1: device descriptor read/8, error -71
[  518.017712][ T5920] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[  518.078130][ T6012] usb usb1-port1: unable to enumerate USB device
[  518.297595][ T5920] usb 4-1: device descriptor read/64, error -71
[  518.567556][ T5920] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[  518.897705][ T5920] usb 4-1: device descriptor read/64, error -71
[  519.028069][ T5920] usb usb4-port1: attempt power cycle
[  519.508345][ T5920] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[  519.596273][ T5920] usb 4-1: device descriptor read/8, error -71
[  519.606678][T12572] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1791'.
[  520.007834][ T5920] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[  520.304585][ T5949] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  520.587546][ T5949] usb 5-1: device descriptor read/64, error -71
[  520.772563][ T5920] usb 4-1: device descriptor read/8, error -71
[  520.870093][ T5949] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  520.903770][ T5920] usb usb4-port1: unable to enumerate USB device
[  521.032866][ T5949] usb 5-1: device descriptor read/64, error -71
[  521.154005][ T5949] usb usb5-port1: attempt power cycle
[  521.228392][   T24] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  521.344768][T12594] input: syz1 as /devices/virtual/input/input30
[  521.390377][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  521.410599][ T5920] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[  521.432988][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  521.463511][   T24] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  521.484599][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  521.495863][   T24] usb 2-1: SerialNumber: syz
[  521.508075][ T5949] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  521.534615][T12596] xt_l2tp: missing protocol rule (udp|l2tpip)
[  521.542727][ T5949] usb 5-1: device descriptor read/8, error -71
[  521.592239][ T5920] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  521.612740][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  521.647562][ T5920] usb 4-1: Product: syz
[  521.651795][ T5920] usb 4-1: Manufacturer: syz
[  521.656507][ T5920] usb 4-1: SerialNumber: syz
[  521.681574][ T5920] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  521.701977][ T5872] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  521.734561][   T24] usb 2-1: 0:2 : does not exist
[  521.789511][   T24] usb 2-1: USB disconnect, device number 76
[  521.808531][ T5949] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  521.844901][ T5965] udevd[5965]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  521.863566][ T5949] usb 5-1: device descriptor read/8, error -71
[  521.922777][ T5940] usb 4-1: USB disconnect, device number 114
[  521.977924][ T5949] usb usb5-port1: unable to enumerate USB device
[  522.077596][ T6012] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  522.240053][ T6012] usb 1-1: device descriptor read/64, error -71
[  522.262043][T12613] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1803'.
[  522.507754][ T6012] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  522.626748][T12621] bridge7: the hash_elasticity option has been deprecated and is always 16
[  522.667633][   T24] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  522.679137][ T6012] usb 1-1: device descriptor read/64, error -71
[  522.797588][ T5872] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  522.800974][ T6012] usb usb1-port1: attempt power cycle
[  522.804866][ T5872] ath9k_htc: Failed to initialize the device
[  522.816930][ T5940] usb 4-1: ath9k_htc: USB layer deinitialized
[  522.837589][   T24] usb 2-1: device descriptor read/64, error -71
[  522.956175][T12634] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1809'.
[  522.965199][ T5949] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  523.017930][T12636] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1809'.
[  523.141704][ T5949] usb 3-1: Using ep0 maxpacket: 32
[  523.155906][ T5949] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  523.184382][ T5949] usb 3-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58
[  523.217367][ T5949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.240108][T12635] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1810'.
[  523.249392][ T6012] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  523.263496][ T5949] usb 3-1: Product: syz
[  523.272439][ T5949] usb 3-1: Manufacturer: syz
[  523.277045][ T5949] usb 3-1: SerialNumber: syz
[  523.301535][ T6012] usb 1-1: device descriptor read/8, error -71
[  523.318075][T12638] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1810'.
[  523.321178][ T5949] usb 3-1: config 0 descriptor??
[  523.380674][ T5949] gspca_main: sunplus-2.14.0 probing 08ca:2060
[  523.427708][   T24] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  523.581557][T12626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  523.591620][T12626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  523.603074][ T6012] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  523.619461][T12626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  523.640957][ T6012] usb 1-1: device descriptor read/8, error -71
[  523.650306][ T5920] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  523.707534][   T24] usb 2-1: device descriptor read/64, error -71
[  523.727926][T12626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  523.737415][T12626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  523.750232][T12626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  523.768273][ T6012] usb usb1-port1: unable to enumerate USB device
[  523.791889][T12626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  523.804496][ T5872] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[  523.818859][   T24] usb usb2-port1: attempt power cycle
[  523.841107][T12626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  523.911130][T12626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  523.935606][ T5949] gspca_sunplus: reg_r err -110
[  524.027879][T12626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.207680][   T24] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  524.259257][   T24] usb 2-1: device descriptor read/8, error -71
[  524.516626][   T24] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  524.679193][   T24] usb 2-1: device descriptor read/8, error -71
[  524.858121][   T24] usb usb2-port1: unable to enumerate USB device
[  524.998263][ T5949] sunplus 3-1:0.0: probe with driver sunplus failed with error -110
[  525.017541][ T5949] usb 3-1: USB disconnect, device number 79
[  525.366451][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  525.366463][   T30] audit: type=1326 audit(1758504048.464:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e7358ec29 code=0x7ffc0000
[  525.394989][    C1] vkms_vblank_simulate: vblank timer overrun
[  525.446651][   T30] audit: type=1326 audit(1758504048.464:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e7358ec29 code=0x7ffc0000
[  525.484173][   T30] audit: type=1326 audit(1758504048.504:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7f4e7358ec29 code=0x7ffc0000
[  525.509158][   T30] audit: type=1326 audit(1758504048.504:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e7358ec29 code=0x7ffc0000
[  525.691473][   T30] audit: type=1326 audit(1758504048.504:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e7358ec29 code=0x7ffc0000
[  525.713912][    C1] vkms_vblank_simulate: vblank timer overrun
[  525.812528][   T30] audit: type=1326 audit(1758504048.504:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f4e7358ec29 code=0x7ffc0000
[  525.837873][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  525.911821][ T5920] usb 5-1: unable to get BOS descriptor or descriptor too short
[  525.924103][   T30] audit: type=1326 audit(1758504048.504:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e7358ec29 code=0x7ffc0000
[  525.946450][    C1] vkms_vblank_simulate: vblank timer overrun
[  525.962484][ T5920] usb 5-1: unable to read config index 0 descriptor/start: -71
[  525.980585][ T5920] usb 5-1: can't read configurations, error -71
[  526.064415][ T5872] usb 4-1: unable to get BOS descriptor or descriptor too short
[  526.081195][   T30] audit: type=1326 audit(1758504048.504:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e7358ec29 code=0x7ffc0000
[  526.117525][ T5872] usb 4-1: unable to read config index 0 descriptor/start: -71
[  526.129135][ T5872] usb 4-1: can't read configurations, error -71
[  526.183083][   T30] audit: type=1326 audit(1758504048.514:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f4e7358ec29 code=0x7ffc0000
[  526.246279][   T30] audit: type=1326 audit(1758504048.514:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12657 comm="syz.0.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e7358ec29 code=0x7ffc0000
[  526.407557][ T5920] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  526.518340][ T5872] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[  526.719316][ T5949] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  526.881248][ T5949] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16
[  526.892925][ T5949] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[  526.906192][ T5949] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  527.105251][ T5872] usb 4-1: device descriptor read/64, error -71
[  527.158411][ T5920] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  527.167664][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.176293][ T5920] usb 5-1: Product: syz
[  527.203849][ T5920] usb 5-1: Manufacturer: syz
[  527.207414][ T5949] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  527.217726][ T5949] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  527.225712][ T5949] usb 3-1: SerialNumber: syz
[  527.237969][T12679] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  527.245299][T12679] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  527.255407][ T5872] usb usb4-port1: attempt power cycle
[  527.271082][ T5920] usb 5-1: SerialNumber: syz
[  527.312412][ T5920] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  527.330315][   T24] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  527.501149][ T5949] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[  527.582972][ T5920] usb 5-1: USB disconnect, device number 81
[  527.627545][ T5872] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[  527.638905][ T5949] usb 3-1: USB disconnect, device number 80
[  527.650091][ T5872] usb 4-1: device descriptor read/8, error -71
[  527.907683][ T5872] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[  528.000075][ T5872] usb 4-1: device descriptor read/8, error -71
[  528.107568][  T919] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  528.115940][ T5872] usb usb4-port1: unable to enumerate USB device
[  528.247609][ T5949] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  528.250716][  T919] usb 1-1: device descriptor read/64, error -71
[  528.402539][   T24] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  528.417804][ T5949] usb 2-1: device descriptor read/64, error -71
[  528.532609][   T24] ath9k_htc: Failed to initialize the device
[  528.567988][ T5920] usb 5-1: ath9k_htc: USB layer deinitialized
[  528.657721][ T5949] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  528.658688][  T919] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  528.818025][  T919] usb 1-1: device descriptor read/64, error -71
[  528.857616][ T5949] usb 2-1: device descriptor read/64, error -71
[  528.868001][T12704] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1829'.
[  528.882435][T12704] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1829'.
[  528.931193][  T919] usb usb1-port1: attempt power cycle
[  528.937552][ T5920] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  528.998037][ T5949] usb usb2-port1: attempt power cycle
[  529.169037][ T5920] usb 5-1: Using ep0 maxpacket: 8
[  529.212660][ T5920] usb 5-1: config 1 has an invalid descriptor of length 41, skipping remainder of the config
[  529.248470][ T5920] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x11, changing to 0x1
[  529.258193][ T6012] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  529.270118][ T5920] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 64
[  529.301143][ T5920] usb 5-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  529.318456][ T5920] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  529.327976][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.335992][ T5920] usb 5-1: Product: syz
[  529.347580][ T5949] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  529.365431][ T5920] usb 5-1: Manufacturer: syz
[  529.370466][  T919] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  529.398267][  T919] usb 1-1: device descriptor read/8, error -71
[  529.410270][ T5949] usb 2-1: device descriptor read/8, error -71
[  529.410272][ T5920] usb 5-1: SerialNumber: syz
[  529.431686][T12698] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  529.647546][  T919] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  529.718923][  T919] usb 1-1: device descriptor read/8, error -71
[  529.747563][ T5949] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  529.779228][ T5920] cdc_ncm 5-1:1.0: bind() failure
[  529.821326][ T5920] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  529.827985][ T5949] usb 2-1: device descriptor read/8, error -71
[  529.835041][  T919] usb usb1-port1: unable to enumerate USB device
[  529.854144][ T5920] cdc_ncm 5-1:1.1: bind() failure
[  529.878256][ T5920] usb 5-1: USB disconnect, device number 82
[  530.028051][ T5949] usb usb2-port1: unable to enumerate USB device
[  530.886393][T12718] input: syz1 as /devices/virtual/input/input31
[  531.562187][T12714] bridge0: entered allmulticast mode
[  532.048537][ T6012] usb 3-1: unable to get BOS descriptor or descriptor too short
[  532.094190][ T6012] usb 3-1: unable to read config index 0 descriptor/start: -71
[  532.115452][ T6012] usb 3-1: can't read configurations, error -71
[  532.129358][T12733] loop6: detected capacity change from 0 to 7
[  532.174543][T12733] Dev loop6: unable to read RDB block 7
[  532.191947][T12733]  loop6: unable to read partition table
[  532.217928][T12733] loop6: partition table beyond EOD, truncated
[  532.224191][T12733] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  532.383025][T12741] bridge10: the hash_elasticity option has been deprecated and is always 16
[  532.427959][   T24] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  532.591736][   T24] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  532.607695][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.626348][   T24] usb 1-1: Product: syz
[  532.632087][   T24] usb 1-1: Manufacturer: syz
[  532.645848][   T24] usb 1-1: SerialNumber: syz
[  532.667174][   T24] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  532.683740][ T5920] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  532.807783][ T6012] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  532.900784][ T5949] usb 1-1: USB disconnect, device number 83
[  532.949639][ T6012] usb 3-1: device descriptor read/64, error -71
[  533.044781][T12758] batadv_slave_1: entered promiscuous mode
[  533.059560][ T6012] usb usb3-port1: attempt power cycle
[  533.068229][T12757] tipc: Started in network mode
[  533.073305][T12757] tipc: Node identity fe0fedefb131, cluster identity 4711
[  533.080798][T12757] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  533.090137][T12757] syzkaller0: entered promiscuous mode
[  533.095635][T12757] syzkaller0: entered allmulticast mode
[  533.118129][T12757] tipc: Resetting bearer <eth:syzkaller0>
[  533.128196][T12757] batadv_slave_1: left promiscuous mode
[  533.154955][T12756] tipc: Resetting bearer <eth:syzkaller0>
[  533.221609][T12756] tipc: Disabling bearer <eth:syzkaller0>
[  533.255617][T12764] input: syz1 as /devices/virtual/input/input33
[  533.366034][T12768] loop6: detected capacity change from 0 to 7
[  533.391823][T12768] Dev loop6: unable to read RDB block 7
[  533.398107][T12768]  loop6: AHDI p2 p3
[  533.402156][T12768] loop6: partition table partially beyond EOD, truncated
[  533.414079][T12768] loop6: p2 size 46 extends beyond EOD, truncated
[  533.417543][ T6012] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  533.485242][ T6012] usb 3-1: device descriptor read/8, error -71
[  533.526010][ T7308] tipc: Left network mode
[  533.547195][ T5965] udevd[5965]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  533.655845][T12774] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1849'.
[  533.768086][ T5920] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  533.790346][ T5920] ath9k_htc: Failed to initialize the device
[  533.903154][ T6012] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  533.911091][ T5949] usb 1-1: ath9k_htc: USB layer deinitialized
[  533.980154][ T6012] usb 3-1: device descriptor read/8, error -71
[  534.262577][ T6012] usb usb3-port1: unable to enumerate USB device
[  535.072097][T12784] loop6: detected capacity change from 0 to 7
[  535.079391][T12784] Dev loop6: unable to read RDB block 7
[  535.085402][T12784]  loop6: unable to read partition table
[  535.183640][T12784] loop6: partition table beyond EOD, truncated
[  535.195271][T12782] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  535.228193][T12784] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  535.443865][T12789] fuse: Unknown parameter '��������0x00000000000000030x000000000000000400000000000000000000'
[  535.582623][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  535.582641][   T30] audit: type=1804 audit(1758504058.684:477): pid=12787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1853" name="/newroot/355/file1" dev="fuse" ino=1 res=1 errno=0
[  536.210038][T12809] loop6: detected capacity change from 0 to 7
[  536.245167][T12809] Dev loop6: unable to read RDB block 7
[  536.251647][T12810] FAULT_INJECTION: forcing a failure.
[  536.251647][T12810] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  536.276841][T12809]  loop6: AHDI p2 p3
[  536.281408][T12809] loop6: partition table partially beyond EOD, truncated
[  536.313145][T12809] loop6: p2 size 46 extends beyond EOD, truncated
[  536.403334][ T5965] udevd[5965]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  536.443765][T12810] CPU: 1 UID: 0 PID: 12810 Comm: syz.1.1859 Not tainted syzkaller #0 PREEMPT(full) 
[  536.443791][T12810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  536.443803][T12810] Call Trace:
[  536.443810][T12810]  <TASK>
[  536.443819][T12810]  dump_stack_lvl+0x189/0x250
[  536.443846][T12810]  ? __pfx____ratelimit+0x10/0x10
[  536.443866][T12810]  ? __pfx_dump_stack_lvl+0x10/0x10
[  536.443886][T12810]  ? __pfx__printk+0x10/0x10
[  536.443906][T12810]  ? __might_fault+0xb0/0x130
[  536.443937][T12810]  should_fail_ex+0x414/0x560
[  536.443965][T12810]  _copy_from_iter+0x1de/0x1790
[  536.443988][T12810]  ? rcu_is_watching+0x15/0xb0
[  536.444009][T12810]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  536.444040][T12810]  ? __pfx__copy_from_iter+0x10/0x10
[  536.444062][T12810]  ? __build_skb_around+0x257/0x3e0
[  536.444084][T12810]  ? netlink_sendmsg+0x642/0xb30
[  536.444099][T12810]  ? skb_put+0x11b/0x210
[  536.444122][T12810]  netlink_sendmsg+0x6b2/0xb30
[  536.444150][T12810]  ? __pfx_netlink_sendmsg+0x10/0x10
[  536.444169][T12810]  ? aa_sock_msg_perm+0xf1/0x1d0
[  536.444186][T12810]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  536.444203][T12810]  ? __pfx_netlink_sendmsg+0x10/0x10
[  536.444220][T12810]  __sock_sendmsg+0x21c/0x270
[  536.444245][T12810]  ____sys_sendmsg+0x505/0x830
[  536.444272][T12810]  ? __pfx_____sys_sendmsg+0x10/0x10
[  536.444300][T12810]  ? import_iovec+0x74/0xa0
[  536.444324][T12810]  ___sys_sendmsg+0x21f/0x2a0
[  536.444345][T12810]  ? __pfx____sys_sendmsg+0x10/0x10
[  536.444401][T12810]  ? __fget_files+0x2a/0x420
[  536.444416][T12810]  ? __fget_files+0x3a0/0x420
[  536.444442][T12810]  __x64_sys_sendmsg+0x19b/0x260
[  536.444464][T12810]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  536.444492][T12810]  ? __pfx_ksys_write+0x10/0x10
[  536.444510][T12810]  ? rcu_is_watching+0x15/0xb0
[  536.444529][T12810]  ? do_syscall_64+0xbe/0x3b0
[  536.444550][T12810]  do_syscall_64+0xfa/0x3b0
[  536.444565][T12810]  ? lockdep_hardirqs_on+0x9c/0x150
[  536.444581][T12810]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.444596][T12810]  ? clear_bhb_loop+0x60/0xb0
[  536.444617][T12810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.444633][T12810] RIP: 0033:0x7f1a17b8ec29
[  536.444650][T12810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  536.444664][T12810] RSP: 002b:00007f1a18956038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  536.444682][T12810] RAX: ffffffffffffffda RBX: 00007f1a17dd5fa0 RCX: 00007f1a17b8ec29
[  536.444695][T12810] RDX: 0000000020040084 RSI: 0000200000003140 RDI: 0000000000000006
[  536.444706][T12810] RBP: 00007f1a18956090 R08: 0000000000000000 R09: 0000000000000000
[  536.444716][T12810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  536.444726][T12810] R13: 00007f1a17dd6038 R14: 00007f1a17dd5fa0 R15: 00007f1a17effa28
[  536.444757][T12810]  </TASK>
[  537.664428][T12833] IPv6: sit1: Disabled Multicast RS
[  537.828208][ T5920] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  537.980761][ T5920] usb 3-1: device descriptor read/64, error -71
[  538.247745][ T5920] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  538.517565][ T5920] usb 3-1: device descriptor read/64, error -71
[  538.698362][ T5920] usb usb3-port1: attempt power cycle
[  538.752903][   T30] audit: type=1326 audit(1758504061.784:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12834 comm="syz.3.1867" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f88e518ec29 code=0x0
[  539.079164][ T5920] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  539.099815][ T5920] usb 3-1: device descriptor read/8, error -71
[  539.339760][ T5920] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  539.369015][ T5920] usb 3-1: device descriptor read/8, error -71
[  539.515091][ T5920] usb usb3-port1: unable to enumerate USB device
[  540.089228][T12857] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1872'.
[  540.179118][ T5920] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[  540.350557][ T5949] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  540.367559][ T5920] usb 4-1: Using ep0 maxpacket: 32
[  540.374482][ T5920] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  540.384845][ T5920] usb 4-1: config 0 has no interface number 0
[  540.392681][ T5920] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  540.408039][ T5920] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  540.419524][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.428857][ T5920] usb 4-1: Product: syz
[  540.433154][ T5920] usb 4-1: Manufacturer: syz
[  540.448645][ T5920] usb 4-1: SerialNumber: syz
[  540.469583][ T5920] usb 4-1: config 0 descriptor??
[  540.479095][ T5920] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  540.491310][ T5920] em28xx 4-1:0.132: Video interface 132 found:
[  540.530227][ T5949] usb 1-1: Using ep0 maxpacket: 16
[  540.883092][ T5920] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[  540.928666][T12866] bond10 (unregistering): Released all slaves
[  541.203642][T12870] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  541.218448][T12870] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  541.452207][T12880] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1880'.
[  541.482851][ T5920] em28xx 4-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=0)
[  541.502708][ T5920] em28xx 4-1:0.132: board has no eeprom
[  541.813230][T12886] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1881'.
[  541.831062][T12886] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  541.840562][T12886] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1881'.
[  542.150122][T12889] loop8: detected capacity change from 0 to 8
[  542.159131][T12889] Dev loop8: unable to read RDB block 8
[  542.165060][T12889]  loop8: unable to read partition table
[  542.202257][T12889] loop8: partition table beyond EOD, truncated
[  542.223595][T12889] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  543.180074][ T5949] usb 1-1: unable to get BOS descriptor or descriptor too short
[  543.386608][ T5949] usb 1-1: unable to read config index 0 descriptor/start: -71
[  543.387503][ T5920] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  543.414209][ T5920] em28xx 4-1:0.132: analog set to bulk mode.
[  543.421560][   T24] em28xx 4-1:0.132: Registering V4L2 extension
[  543.459578][ T5949] usb 1-1: can't read configurations, error -71
[  543.532433][   T24] em28xx 4-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  543.546019][   T24] em28xx 4-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[  543.556898][   T24] em28xx 4-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  543.597753][   T24] em28xx 4-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  543.664939][ T5920] usb 4-1: USB disconnect, device number 119
[  543.728356][ T5920] em28xx 4-1:0.132: Disconnecting em28xx
[  543.757600][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  543.914039][   T24] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[  543.931242][   T24] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[  543.950028][   T24] em28xx 4-1:0.132: No AC97 audio processor
[  543.967988][   T24] usb 4-1: Decoder not found
[  543.972624][   T24] em28xx 4-1:0.132: failed to create media graph
[  544.088835][   T24] em28xx 4-1:0.132: V4L2 device video103 deregistered
[  544.154728][T12917] ==================================================================
[  544.162829][T12917] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xc7/0x430
[  544.170196][T12917] Read of size 8 at addr ffff88807ae10740 by task v4l_id/12917
[  544.177726][T12917] 
[  544.180047][T12917] CPU: 0 UID: 0 PID: 12917 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  544.180065][T12917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  544.180074][T12917] Call Trace:
[  544.180082][T12917]  <TASK>
[  544.180089][T12917]  dump_stack_lvl+0x189/0x250
[  544.180112][T12917]  ? rcu_is_watching+0x15/0xb0
[  544.180126][T12917]  ? __kasan_check_byte+0x12/0x40
[  544.180145][T12917]  ? __pfx_dump_stack_lvl+0x10/0x10
[  544.180159][T12917]  ? rcu_is_watching+0x15/0xb0
[  544.180171][T12917]  ? lock_release+0x4b/0x3e0
[  544.180191][T12917]  ? __virt_addr_valid+0x1c8/0x5c0
[  544.180207][T12917]  ? __virt_addr_valid+0x4a5/0x5c0
[  544.180223][T12917]  print_report+0xca/0x240
[  544.180236][T12917]  ? v4l2_fh_open+0xc7/0x430
[  544.180249][T12917]  kasan_report+0x118/0x150
[  544.180267][T12917]  ? v4l2_fh_open+0xc7/0x430
[  544.180282][T12917]  v4l2_fh_open+0xc7/0x430
[  544.180297][T12917]  em28xx_v4l2_open+0x157/0x9a0
[  544.180319][T12917]  v4l2_open+0x20f/0x360
[  544.180335][T12917]  chrdev_open+0x4c9/0x5e0
[  544.180348][T12917]  ? __pfx_chrdev_open+0x10/0x10
[  544.180362][T12917]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  544.180383][T12917]  ? __pfx_chrdev_open+0x10/0x10
[  544.180394][T12917]  do_dentry_open+0x950/0x13f0
[  544.180413][T12917]  vfs_open+0x3b/0x340
[  544.180425][T12917]  ? path_openat+0x2ecd/0x3830
[  544.180441][T12917]  path_openat+0x2ee5/0x3830
[  544.180455][T12917]  ? arch_stack_walk+0xfc/0x150
[  544.180476][T12917]  ? stack_depot_save_flags+0x40/0x860
[  544.180499][T12917]  ? __pfx_path_openat+0x10/0x10
[  544.180513][T12917]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.180532][T12917]  do_filp_open+0x1fa/0x410
[  544.180547][T12917]  ? __lock_acquire+0xab9/0xd20
[  544.180565][T12917]  ? __pfx_do_filp_open+0x10/0x10
[  544.180586][T12917]  ? _raw_spin_unlock+0x28/0x50
[  544.180605][T12917]  ? alloc_fd+0x64c/0x6c0
[  544.180626][T12917]  do_sys_openat2+0x121/0x1c0
[  544.180640][T12917]  ? __pfx_do_sys_openat2+0x10/0x10
[  544.180654][T12917]  ? exc_page_fault+0x76/0xf0
[  544.180669][T12917]  ? do_user_addr_fault+0xc8a/0x1390
[  544.180689][T12917]  __x64_sys_openat+0x138/0x170
[  544.180704][T12917]  do_syscall_64+0xfa/0x3b0
[  544.180718][T12917]  ? lockdep_hardirqs_on+0x9c/0x150
[  544.180731][T12917]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.180743][T12917]  ? clear_bhb_loop+0x60/0xb0
[  544.180758][T12917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.180771][T12917] RIP: 0033:0x7f52896a7407
[  544.180785][T12917] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  544.180797][T12917] RSP: 002b:00007ffc2add8d30 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  544.180812][T12917] RAX: ffffffffffffffda RBX: 00007f5289e3f880 RCX: 00007f52896a7407
[  544.180823][T12917] RDX: 0000000000000000 RSI: 00007ffc2addaf1b RDI: ffffffffffffff9c
[  544.180833][T12917] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  544.180841][T12917] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  544.180849][T12917] R13: 00007ffc2add8f80 R14: 00007f5289fa6000 R15: 00005626e86cc4d8
[  544.180864][T12917]  </TASK>
[  544.180869][T12917] 
[  544.488330][T12917] Allocated by task 24:
[  544.492479][T12917]  kasan_save_track+0x3e/0x80
[  544.497165][T12917]  __kasan_kmalloc+0x93/0xb0
[  544.501754][T12917]  __kmalloc_cache_noprof+0x230/0x3d0
[  544.507119][T12917]  em28xx_v4l2_init+0x10b/0x2e70
[  544.512073][T12917]  em28xx_init_extension+0x120/0x1c0
[  544.517347][T12917]  process_scheduled_works+0xae1/0x17b0
[  544.522883][T12917]  worker_thread+0x8a0/0xda0
[  544.527462][T12917]  kthread+0x70e/0x8a0
[  544.531523][T12917]  ret_from_fork+0x439/0x7d0
[  544.536101][T12917]  ret_from_fork_asm+0x1a/0x30
[  544.540854][T12917] 
[  544.543171][T12917] Freed by task 24:
[  544.546955][T12917]  kasan_save_track+0x3e/0x80
[  544.551625][T12917]  kasan_save_free_info+0x46/0x50
[  544.556632][T12917]  __kasan_slab_free+0x5b/0x80
[  544.561389][T12917]  kfree+0x18e/0x440
[  544.565359][T12917]  em28xx_v4l2_init+0x1683/0x2e70
[  544.570370][T12917]  em28xx_init_extension+0x120/0x1c0
[  544.575639][T12917]  process_scheduled_works+0xae1/0x17b0
[  544.581167][T12917]  worker_thread+0x8a0/0xda0
[  544.585740][T12917]  kthread+0x70e/0x8a0
[  544.589794][T12917]  ret_from_fork+0x439/0x7d0
[  544.594377][T12917]  ret_from_fork_asm+0x1a/0x30
[  544.599127][T12917] 
[  544.601440][T12917] The buggy address belongs to the object at ffff88807ae10000
[  544.601440][T12917]  which belongs to the cache kmalloc-8k of size 8192
[  544.615570][T12917] The buggy address is located 1856 bytes inside of
[  544.615570][T12917]  freed 8192-byte region [ffff88807ae10000, ffff88807ae12000)
[  544.629522][T12917] 
[  544.631833][T12917] The buggy address belongs to the physical page:
[  544.638240][T12917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ae10
[  544.646983][T12917] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  544.655487][T12917] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  544.663023][T12917] page_type: f5(slab)
[  544.667003][T12917] raw: 00fff00000000040 ffff88801a442280 dead000000000100 dead000000000122
[  544.675570][T12917] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  544.684139][T12917] head: 00fff00000000040 ffff88801a442280 dead000000000100 dead000000000122
[  544.692879][T12917] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  544.701542][T12917] head: 00fff00000000003 ffffea0001eb8401 00000000ffffffff 00000000ffffffff
[  544.710199][T12917] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  544.718850][T12917] page dumped because: kasan: bad access detected
[  544.725245][T12917] page_owner tracks the page as allocated
[  544.730949][T12917] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 11238, tgid 11237 (syz.1.1420), ts 434670251034, free_ts 428964535729
[  544.753076][T12917]  post_alloc_hook+0x240/0x2a0
[  544.757839][T12917]  get_page_from_freelist+0x21e4/0x22c0
[  544.763380][T12917]  __alloc_frozen_pages_noprof+0x181/0x370
[  544.769192][T12917]  alloc_pages_mpol+0x232/0x4a0
[  544.774064][T12917]  allocate_slab+0x8a/0x370
[  544.778558][T12917]  ___slab_alloc+0xbeb/0x1420
[  544.783222][T12917]  __kmalloc_cache_noprof+0x296/0x3d0
[  544.788581][T12917]  audit_log_d_path+0xb5/0x190
[  544.793336][T12917]  audit_log_d_path_exe+0x42/0x70
[  544.798348][T12917]  audit_log_task+0x2b3/0x3c0
[  544.803099][T12917]  audit_seccomp+0x86/0x190
[  544.807589][T12917]  __seccomp_filter+0x9aa/0x1a40
[  544.812515][T12917]  syscall_trace_enter+0xaa/0x160
[  544.817530][T12917]  do_syscall_64+0xd3/0x3b0
[  544.822021][T12917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.827992][T12917] page last free pid 11152 tgid 11152 stack trace:
[  544.834492][T12917]  __free_frozen_pages+0xbc4/0xd30
[  544.839596][T12917]  __put_partials+0x156/0x1a0
[  544.844264][T12917]  put_cpu_partial+0x17c/0x250
[  544.849011][T12917]  __slab_free+0x2d5/0x3c0
[  544.853412][T12917]  qlist_free_all+0x97/0x140
[  544.858000][T12917]  kasan_quarantine_reduce+0x148/0x160
[  544.863450][T12917]  __kasan_slab_alloc+0x22/0x80
[  544.868296][T12917]  __kvmalloc_node_noprof+0x2b0/0x5f0
[  544.873658][T12917]  seq_read_iter+0x1fd/0xe10
[  544.878233][T12917]  proc_reg_read_iter+0x1b7/0x280
[  544.883252][T12917]  vfs_read+0x557/0xa30
[  544.887396][T12917]  ksys_read+0x145/0x250
[  544.891626][T12917]  do_syscall_64+0xfa/0x3b0
[  544.896114][T12917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.902003][T12917] 
[  544.904307][T12917] Memory state around the buggy address:
[  544.909929][T12917]  ffff88807ae10600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  544.918011][T12917]  ffff88807ae10680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  544.926067][T12917] >ffff88807ae10700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  544.934113][T12917]                                            ^
[  544.940247][T12917]  ffff88807ae10780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  544.948311][T12917]  ffff88807ae10800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  544.956367][T12917] ==================================================================
[  545.017638][   T24] em28xx 4-1:0.132: Remote control support is not available for this card.
[  545.027980][ T5920] em28xx 4-1:0.132: Closing input extension
[  545.157577][  T919] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  545.176286][T12917] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  545.183502][T12917] CPU: 1 UID: 0 PID: 12917 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  545.192506][T12917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  545.202629][T12917] Call Trace:
[  545.205895][T12917]  <TASK>
[  545.208808][T12917]  dump_stack_lvl+0x99/0x250
[  545.213387][T12917]  ? __asan_memcpy+0x40/0x70
[  545.217960][T12917]  ? __pfx_dump_stack_lvl+0x10/0x10
[  545.223161][T12917]  ? __pfx__printk+0x10/0x10
[  545.227747][T12917]  vpanic+0x281/0x750
[  545.231735][T12917]  ? preempt_schedule+0xae/0xc0
[  545.236567][T12917]  ? __pfx_vpanic+0x10/0x10
[  545.241147][T12917]  ? preempt_schedule_common+0x83/0xd0
[  545.246599][T12917]  ? preempt_schedule+0xae/0xc0
[  545.251455][T12917]  ? __pfx_preempt_schedule+0x10/0x10
[  545.256816][T12917]  panic+0xb9/0xc0
[  545.260524][T12917]  ? __pfx_panic+0x10/0x10
[  545.264948][T12917]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  545.270897][T12917]  ? v4l2_fh_open+0xc7/0x430
[  545.275473][T12917]  check_panic_on_warn+0x89/0xb0
[  545.280403][T12917]  ? v4l2_fh_open+0xc7/0x430
[  545.284987][T12917]  end_report+0x78/0x160
[  545.289225][T12917]  kasan_report+0x129/0x150
[  545.293724][T12917]  ? v4l2_fh_open+0xc7/0x430
[  545.298502][T12917]  v4l2_fh_open+0xc7/0x430
[  545.302936][T12917]  em28xx_v4l2_open+0x157/0x9a0
[  545.307875][T12917]  v4l2_open+0x20f/0x360
[  545.312147][T12917]  chrdev_open+0x4c9/0x5e0
[  545.316583][T12917]  ? __pfx_chrdev_open+0x10/0x10
[  545.321523][T12917]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  545.328131][T12917]  ? __pfx_chrdev_open+0x10/0x10
[  545.333056][T12917]  do_dentry_open+0x950/0x13f0
[  545.337815][T12917]  vfs_open+0x3b/0x340
[  545.341881][T12917]  ? path_openat+0x2ecd/0x3830
[  545.346651][T12917]  path_openat+0x2ee5/0x3830
[  545.351250][T12917]  ? arch_stack_walk+0xfc/0x150
[  545.356267][T12917]  ? stack_depot_save_flags+0x40/0x860
[  545.361726][T12917]  ? __pfx_path_openat+0x10/0x10
[  545.366660][T12917]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.372744][T12917]  do_filp_open+0x1fa/0x410
[  545.377241][T12917]  ? __lock_acquire+0xab9/0xd20
[  545.382090][T12917]  ? __pfx_do_filp_open+0x10/0x10
[  545.387113][T12917]  ? _raw_spin_unlock+0x28/0x50
[  545.391967][T12917]  ? alloc_fd+0x64c/0x6c0
[  545.396298][T12917]  do_sys_openat2+0x121/0x1c0
[  545.400966][T12917]  ? __pfx_do_sys_openat2+0x10/0x10
[  545.406152][T12917]  ? exc_page_fault+0x76/0xf0
[  545.410825][T12917]  ? do_user_addr_fault+0xc8a/0x1390
[  545.416132][T12917]  __x64_sys_openat+0x138/0x170
[  545.421023][T12917]  do_syscall_64+0xfa/0x3b0
[  545.425512][T12917]  ? lockdep_hardirqs_on+0x9c/0x150
[  545.430692][T12917]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.436740][T12917]  ? clear_bhb_loop+0x60/0xb0
[  545.441397][T12917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.447269][T12917] RIP: 0033:0x7f52896a7407
[  545.451669][T12917] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  545.471259][T12917] RSP: 002b:00007ffc2add8d30 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  545.479675][T12917] RAX: ffffffffffffffda RBX: 00007f5289e3f880 RCX: 00007f52896a7407
[  545.487639][T12917] RDX: 0000000000000000 RSI: 00007ffc2addaf1b RDI: ffffffffffffff9c
[  545.495608][T12917] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  545.503573][T12917] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  545.511533][T12917] R13: 00007ffc2add8f80 R14: 00007f5289fa6000 R15: 00005626e86cc4d8
[  545.519510][T12917]  </TASK>
[  545.522682][T12917] Kernel Offset: disabled
[  545.527060][T12917] Rebooting in 86400 seconds..