last executing test programs:

23m53.660201211s ago: executing program 4 (id=2378):
openat$userio(0xffffff9c, 0x0, 0x400100, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) (async)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={0x2, 0x3, 0x0, 0x2, 0x12, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "a3"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_x_nat_t_type={0x1}, @sadb_x_nat_t_port={0x1, 0x16}]}, 0x90}, 0x1, 0x7}, 0x0) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x30, 0xde, 0xf, 0x10, 0x5dc, 0x1, 0x1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x14, [{{0x9, 0x4, 0xa1, 0x5, 0x0, 0x96, 0x91, 0x3a}}]}}]}}, 0x0)

23m52.201082724s ago: executing program 4 (id=2385):
io_uring_setup(0x6c0a, &(0x7f0000000100)={0x0, 0x9705, 0x10, 0x0, 0x71})
syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000d44ebb40ec188832cf690102030109021b00010000000009040000010e0100000905", @ANYRES64], 0x0)

23m50.401794976s ago: executing program 4 (id=2395):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x80280, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$kcm(0x29, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000180)={&(0x7f0000000080)=@sco, 0x80, &(0x7f0000001e40)=[{&(0x7f0000000140)="a062dc997b41cd4ba305", 0xa}, {&(0x7f0000000740)="2a102f3a27d784c7100bf009544434698fa5b5da44e25f281ecc808289e1a7c71593c5d07e22fbc6d0452266aed4085c0e45e827244b104f6c6f07d2b5d48fcb940a4bb5a27ac7085fb425005fc126af0c6e210b41767abc5abe2042e6e944043567ceb9b588e40981d2bf3cf08cfe7c54166fad24bc364a24a3b2fab7d8fd5bcf5a5cb81f9e5dc64e245c07a0bac6c91fcf01f499b4f773b1e20dd62796a6e13c9277919d329414f459f61212fd33d6b2cb112ed3627923bb012bac26091a1b123b66aec0fe14e1f375da36a6406065514e04a542220100f9ccbfa4c09d69a65888f369ffe804f0ed5f3ac409b72b2616bf25a94f010a004e326f345e310a3a9fe1a7e65ecaa7b76488d5e6e259f12a33280c26423ba05c4c9c2b4b1a7ee542f7fb07df9d750298f183e9611a23d62fc5db4cb3b6cf8b2d6ef8eaf55201534352eab1a770e24350132fc329f3884f47169fbe93ce40af55ecb748c0cce4fe52671c1115ef9f96619a389a1161e488b705d8720b5eb1b2b9848f48311ad42f2743ad2ee6d2b3e3c198ff2d8bd4601cc07255dc40487b5acdf18be406a81e6044a73813a35373024f216952df91d02dfb991da326ed15aab145c00d704e033b48d0684d37752128a2e3f7c2616e212d589644814bd3ae7448b36da178845e33f8f310c2aa53dda68fa48b2b97a3fce67e2fdfe92c14a3e884f7f1e1513649319928579fa83a0a3b31c4d3957d5054c631dab644cde9f84d428ac0d7ed1c2900e5adb1513b389861311e91740eb16dd11a0a03f1246752d7d24b48a6127e00362d08edc1f0617e950b2b5094009113231ab25d8b1483095d851e5ed3c9a6b8767a5745d9e66b5207c060ddc09c05014d8ef81cf755f74fc8b52d1bbb23f208ab9d4acaa9f02d597783ffa7f5f60622303d6c2bd55232e3024f30a0d1e35f642cb1cabd0a7ebb1084ba82168b43c7cfce6cb2c844551acd305c0e42ac38c9d6d5636267d758afd21e2b8405fdfdfd4c7f8f5f401671f3ab6b4d4696f179396c7cfdb3f2fca0e93174c26c107442324a2752c7f4055b5e4b515872b262532d49de2311a771865ea9b8dcdeee03f34e6a20e4643a86730ab32ef632ef7fbc866a6fd96c406505ccfdda41b865f77d2e7d8f5234b257945d39985bfddd3534ab1b1329a2fe6df10d6b43c532860cafcaa9274ced2d9711f26b7fe43d9b85f2319c4ec2fc5944e9de2ac1c10df344b52397e3aaa3646b1c220bae545d8b28db1aeb44448afffc94cafae8ba38177dd647c9387179967e5fc0b886e67bea9c47f85a6683281ed245347534157ef4c9c56cafab42508950d8be6b667171cad75828c6223589c3dd33f5b02ecb94a8530e1c518ddb3bd572360a618ba2bbcc3717d12c73c33c8d26e925d66d034d7421c5da562cee528f33451c44ff664e51171d60938ece8bdb9858cf609a73c1c491f4245b457740b5ce5f9b085afd9deb5f52f789b3f14db171fb94335612edf551edddb4c3051dee8b39b340468eae59dd7bdb61768263f65caa7103c93de72975d930929a43098c2a8195f5f03bb713d843f8fc434fa48cd5d11c2d9c43b7d318d546f8ce287941272de22c6d4c82e4e160de247d905bf49fa4b4843ccde5d19ada48ec054f477b2364e7a2cc3402de29fbd77df7405f3b87dfdd56c4b2360fea2e5b1b7419e0b332564f91fa527451bd707de22902872a6fbc2bc62bc64e3267dc5a75541a528119d583bd665ce650cc4517c8eed8a6e4c5a09081e48b4ab0c33d3a026ae0ee12df59cc28269ea41f5781290607f6ac5d0eee55a0fe817cda95deed2e004197cf31b226ffbca8b66efc5acaf9bea8de180e7d31ba34df039ae95c9e77181331632365a7ff809ca8de6f8a5959b276f8198e756a2803b39f239b0fc603b43e776852baf5c35b3bef497ca3230eb5abea7a13882b4dd1cf2abb0726ae19e1a7892a00e0854a24cf33368f9f3fb6d13b69df46f32bbc6d25b179620fdd6e76b142b388fdde4ddf39ab1b0646f55b16a84db56d30d02b67feba0e8df4a5fecae46df74d7a4a5d3a014ebc021ccbaade7073249c108111530746b806e108608ccc66f34691c7da1a8952770d81c79fbadf1a4e15e3cf6b779e736426130f4f3a686f2444855917686075e6f8bb98a08592fec15713ce003da4926de4c330d449587ffd36cc59bb12704c5333bda50f6389057403266354ca5151097d19ab58d5fa7d514f18debd5defab3ab1bb88123a55a0584c493c1403cd11c9a44ae0864704062b5faab9698e5204b640fba355d13f1910c0211b90361d00813da0fe6886f661b8d9af91864b6fbb890dfeb0620a2e59fb269413dc5d12c484246c5402bcef29f518f934714b1c7e8ff53e7154f0daa79f5efa01a88ac66321f536d88f9e1f3477360226c1661e11935286f1e84e6e7043c969a7e7a0f1d46791481499d258b19a517e3cee5dd5ec2819e50585f1e8c10697fb1504a7005aed51556ecdee025b3eb3fd869b9f797d9d5ffd90068f99a3f70422db1dca9f70601554d70cba66453018a7a5c953b2f650de61a65ad7d183efb96193858260a2b3308d32fa2ab60b1e4a86e3c9b1b1a21d4f94e29a317cdf42f2df9ac348a7a06f78ebbdf2f2296880b1197162b2a7ec684bce51e87cf362151ab54bb8eb0b2c99952d2aa397680e4bc2e621d839ed8cfddc089abc10640f6f360a69c5654e09a4e6ac76c9753c927c60cd94947805f1340e7ec50679b508b76a83213824ea3f199fbc4226926842fa5954bd5de47a0fdfc418458e3b899a4800624ff79090da18b901a0d290d89971244eb4ccb6d3286407d1ffe6d43c37f78d7d3baa130f4f4f38f7537c36339c49037648f43e531b613346b184753cb7c86f8428ee995a880b9205fc5aeafd90f1714f7f151f185b727ce1feb57c2d8be24199b8f8d19a6afd31e6c233273ec4c981803cad0ed5d8b035f82dedd94404210219f15b682515c8315fe31c03a0a123c84bf60224be8e982a108c4384f1ebc093801aae074515d12c7ca29a40fcf198e273715d28385f60563a3d8e2d9cdd1271263bec2a8bf6091688606fb68eb65e8814c7c7b41188bb5f6ebeb01f1695dfc59ce2976289cf957eef040d0b80e0686224edb08a29a07f1542111366ac78021c75e4f47be4fc4d80c280cb849c4273f791e89a674b1ae7176963ab00e9d3bf05382a11de7b584cd05bd3bcd5fd314ff1c2ee86c6929e448ea94b4456ddd3fa43051ed3bba17410980bd650a4aab4eeca95458f0dabedda9283ee4ac95b405a5b19361f07f480edbb917ad10d2ec8dd617d8816cebec284e3366bb31be8445cc59684e4ad69c32905a3c61bef3482b81e88b590d4e6c275c6c26572b6a697a545a469c0a2941ea4ed021c47a9ca21036739496e60fe95f332d3d77a6bc3ecaaf975f9f4becaec8fee8935674438ba289855efed9dcca9469ef92292ec95d0a83d22d8106e548000a71d61b1da879647f837fe953f4ff21a63cfd781016d95fb1daddcd9bbb7c235ad40e5a87c75f73be93d4d1ee107e1d8561a7e9130930c787e61564ee970f000938d33d9e79366348d9acca317cfaf67cb96614d71deb59bd313fa137106ac3d01d0d0ddad98d72c4e0162024ecb813829dd9912da3ef3b4501a8dd520e7c4a6db32557e2362cc65a810e5edf32f5887bebb774f0d4526565a9d289c251e0dfa7c36b2a1e7b73248d30e8bc237c9caf670b7283c58a7fcf13c47774eea5df1557ac21d4f6f479809f4c4ba88d8fd079b85ebb7997535ac629d20321a08cbfbc7d9f506feb9308d6d2a362207c9967a22881b760eab4959bd4189b05812b295daa5811625328db899f43325fdcefcedab103460e6a2c5472ac812e606da54201f970669187ef205776e8e0a05111a171970eace13455a876861252977a9d811f861b68a351fe7f1948d46280a5f712c4f6f523e52ef7d722cd06f312f2de6642d56cfa46ccd514617c0c0c3853c1185c17f12e43689259bf4a233f5dde64a1801faaaa91eaf1cb1eb4639b4f4213acedb103fdd5668f721d29dd322c3684b7c29e292774c4d3e9517184923ef2ec4639ca4c87b097fbab2754df1e14764acda62024708cce70c96c78781d684fad73784d9690de6aab0a1f3222ae4c17d58eac22c00bcc5c83d120ee0253701d9cb50defe44a922e6fd8c5304af1ad0708cc080c54e3766432e027846f61a853ed5275b9d0bf3ccccca32fd3d5df3c792eda0daad2d7b0ab1c4c9af6311814604704853f26e81d5db6a9cffec6782c8cffea906a3a552134bff831fbe5112c644521faff2844976cbf0902fb76657975fe072d36cd00319d986c46a63cf04717f2000c8fc2e51a6da624d64c49d9a7e3dff47330265bb61ab81608531ef51d6e5c8236e1c793bdab2bb94304d9c879d64113a62694318c5e9ce2baf6c6977399318b247bf44dfe82b03da682a135c95f5da01646c75a628a157e70077b0f43012e5e4033f9c59e20adac0e6e11457f66bbe7e13b62fe7304977154a040718d7f1d5e0a87da450ca0aee936cab09c15c1fe6c5cc15b0e690da18465f619072519a3a833138ee8a8f0e40203ebfbd4504e2302aa21eba5a631465d326c2f7e6ccc5998826c665c7f03f5d2766cf962c8912ff372149f96c3a0569d7c7350f6f4c5f4a20322119b4fd5da5bdc4a96ea92479d92cc53008aa7b0384898462dd6325934c8b8207cdb7a6df21b08d7d49d5dfc5a03f98ce6646cf99e0dabbf2cfa2ab985419b71ed17800bc32eac2aa5b67faaff6c18425a6af5bc1a450217775a7e60f9161aab4a89608425cfafb1e9e99a41ff845091664b1ac3a721a9b29ed9899a67b9c817651ab304e3c4b89336d8dda7a2be6dfade9ba08febcc5071f960879313a9a8f5294854f286b49b21e26cb81236dffc23af4f19d099f05acb5cff8f02182826a9590b9654b8c8e945143d7d6fd749c857840ba719ba407a7c0964140dc1ab4040b2ba10514b659f651a6b86325b05cb526822b8f2e526b078c0697055463de3666f21b533892bcdb7750e0dfd91fcbe6805880f72c5f1d03bbc3f4e7faa134cad024d577463681c6e256a5f513342739b083d8686aa8d0149eff90da500df432064f3b223935e0c723759772a9425abc5d70e4c4003f52a813bc21ab4ccea6b3086e1d7a4c51d30888ce0d07c78164ce7bb7c16f8e07c65ecb230f18c520c04237670a8b0f87d6df38c36cd598eeae9fe732b257b1afc17c79844472a39e990259e9c36cc493ed13a3a7336d8a6c9c04d36b5a6f1e531ab51c955f5f99d6b4be061add1ca1e40830bf1264edcb23e6efdf3bb95bbc328d05444573e9bce278dc21d223c54b5c8be8bb188dadfe5b2d6b33f35ceb7c29005dfe697ea9390558d959764d367dc2be17104d63b6ec1a30f3e74d82f56b7ef21e6ceaa17a1a5c5003d40ae78e374c9dddc101c7d618254453842a88e9dc195c44bdc8226a8e9c5bed9f777418c6910f9faacb88a3da882f3d2b7289418b11fd16d693c1f6bcca757cd5116e4169bd04fb17bce19b847993d7bcb2ea21fed5d636e5ebf4a15453046c9b325da0903f9444a7a103d5b905b88fa97d37a36cea43c8aeda6f052ab1a6cd705f326f8a9b716cd7e07ff3696522bfa90945851015b564894b8e43feeb1650ac69739dcb194e3954b63a7f57dfdfcb23b7c7178ebc7f311e57ab0b6868a45d408b6b079807bcc073d220ee15a2c225c5dcda21811163ab7ec491bee799ea8000b9438456c6", 0x1000}, {&(0x7f0000000440)="caeaa11638c793ce4a1456d6836e74e6093e85386f87c584a0b2cd82fa13436143c19fefb6e2c9448f7c83333ef35e730341a4f0cc29507e26309ca035109ab68dd6a201b1a78170ca06a26a32999ba642d1dd06b8ab962f46c5c1d448ed7566b6729b1688b0d2d156089aa087c1bfbe0ba4dc3db94363fc91293057809cb88c8ae000", 0x83}, {&(0x7f0000000600)="b4ef749bc84960533343377b53e2ad37bfdfe59f71d94cb1673e464c1948856e033d542333aedc448429f98ccbc10f192b2ec68391d6e41d3d32965255c463b991076ed902a592771a5d63cfffa0182217332d43d69e649bb7f58a2d44f917078c8ff3e21cb75a843545b745c48cafa51c0f89489fb56e240752b2311b2a849dbeec5a2862d8717cf9b4e329", 0x8c}, {&(0x7f0000001740)="f7ceaeab67b53bdeb32d864af609a81f5f65003efc6f000f005889d52d7d826792039b6754c7dfbe26ae7600b040ff1e385c44db11adc6a1920e18681f644d73c4abf8bd0084642949aae90af9bef836aca5e3b23c3140c667595f08318cf7668b8400bbe53fe63e6482c085e2bc01810cc88e847b064ab4c45980aff56fa431682b2b638c61595800feffccdb55db12ea633269272b82d76288faff3c09e3bd014414ab968df0b2d75c410b95114555e7d5de18e78266ac1a03282637a6a9c8cf55c3650e6a413ad71fbb", 0xcb}, {&(0x7f0000001840)="0459a7cb946ad1afc1e12d4a92659057f69fe477ebc2626cb828c65c16c4aaae29af6e4f25540e59b46ad2ad53e0f5300740d44a2860f8f47b27aad0afee62806358961a8675c3f572ba10d28532555f714c7ca0f06b469477bdd0732ba9c34220458d58df7689d6d94369a57207be98d9ea9f381588606873a2bf16d8030a369d150793f50d14d6", 0x88}, {&(0x7f0000001c80)="99da970dfb46c232400e2acd68d10b75ca1357aec2f061cf9230f6acdd55e6542bc7fa76a94236b5f6cf03cbb2619cbfa9b75ccebeb8db986d46d37acf5fb7cd4c5cc6784a4c1e71aacbaa95c0a09a60400382f294b4295b2569177223486b90b28ac9029210423ef100186c9cf363d042bc5cc34f9510ad83a7349c8237d844390edc0a22a8b7e931da7bd2398f9f6643b15f9a58a5026722aa9ac74a96f0746aabdd568d091a0eef5f", 0xaa}, {&(0x7f0000000500)="533bc5f081bdf0a869f546b2044808c5395503d7fe8a78d97a149da60a1420459da53c2914304206f7e7d19051adcb8a41c2bf9383a3e836dc92a752fc38fd964db23f50ee9ea70057a51c51d0293c668567788c564144ea8651d7c1486054fc48723be705c485392b175a0e47207c879e17", 0x72}, {&(0x7f0000001d40)="3abbeec87a60197f866dd76fa47929f3b95ece846b82097073779ef1f3b05ad18e961801d4af6d3a15fbb47f65d74742a57bbb1f60b72343006056938258e09e7d0a7156b36689746016d6fea1f400c78aeae3877f61752a4691d5d00eec0d713024c788a4d4230333288566219e2c09a05ac6f76cbf726eac2080e6f9e0431d8c5dc5887dd826bffcb7b88e69f7dc56a7abd15f5843c848ff50863ca29be162cd1fe7dddf5af3f68114f3fe067484f15c6339816bc963203bc8ea8d49573baee6e453ec4ee754acfda86e2a8043aa283fc176116591e8222329dbd952", 0xdd}], 0x9, &(0x7f0000001900)=ANY=[@ANYBLOB="580000000000000084000000000000009680bf2b540ac99c20a82143d930d0137c3e187ed99cd885022ad3892ad28beebe211b3b5a62afcfacf70f5af5b3d8f63206f693f2f3a740d1aae10e99a819aaf82bfb746f4c000028000000000000001301000050160000b2729568e5e7d2cb88b8e36708493f030265a78d00000000800000000000000011000000000800001b5736b31b353c1887b134dbaafb72486b90df7ed8dd64a322cc0ff51149fcacef56a3906cbe42db9d16a8e6e53dd2a80543a636ba93c1d2dcb801629d87f34107347eed0399866fc948c94c615a0d72065db2764f7778d80c93d388fdeefcf2152a706e50f1c6619de228153e000000a000000000000000010100000a000000933eea38d9f09c73f90187830194e3b53f5dc34fb5bb002479aa3037518de3fc70420580ce2bac939eca9e2a88d6ddcb3867431ed6a58813d9364229f2c1871667006ce7bdce687a18ee1045821fa1ab96f6b66a1fdc9cddb2398fa218bb3e8ccbe7296cc1dbc8acd117b2917f5d2c757934331b4aa1e854d8504768e20e93f3c75ce55683790000000000c0000000000000001701000000000000cc926de7328c8e2e209f4af0d8605d825efa436bcde86296dea8b7ce629de6c32058edfbebb4d5c1a518b9b6fe2b4c9257d5d12b7b4cdf8262169642c76ca3d75e12fc676d06f25c4052043419790d438758056bed0a6cef5befc4cef6404025b55809dad51e97ff601586f1f181caa917ac9d9c4dd42b29f1c2d0eb8b32665f83c04b625c82ebdb97ae6a2a0252350ac58d8656cf09a184cd2dd468b6d67d3d9f9fd73d610cbe70162fbc41c13e1d61100100000000000001010000030000009c9ec768df8a7ce4407d2325ad5a89b397b9abcdbe3dbd0c4f04416bbd2114ed84234ba655c0cba465cd79913d6ce9ed2b2fd098db061251b935451e2b1227633f0689fe49ed55772b914e92d4c7f16357db284c5379a473d33e92149b27d73949421cd3d4cdce2739b006207af548b442d51499b19835b5c0d3e2be7f5e7a887fc1ff3d2e4ff7fe63db59886f15ff20e0f56f1f3738457969331b893c2f74c803380fc4757f8cf3e9e4e9c5e7d0927ebbd4c407893dd2a5aeac6a41dcdadafd2b2fd8d6bf9d511cf043d20767ecfbce7bd24e29b959a08bf5c94f5f1b714b61f6347664ac437ccbea39cd1f801a5dd9c1a8f0b4c57930b4c94800"/880], 0x370}, 0x41)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
read$FUSE(0xffffffffffffffff, &(0x7f00000022c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
fcntl$setown(r2, 0x8, r5)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='fdinfo\x00')
io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0x698c, 0x1, 0x2, 0xfffffffe})
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r6, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0)
sendmmsg$inet(r6, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0)
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
pipe(&(0x7f00000002c0))
ioctl$KVM_SET_CPUID2(r8, 0x4048aecb, &(0x7f0000000580)=ANY=[@ANYBLOB="050000ff0000000001"])
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r9, {0x0, 0xd}, {0xffff, 0xb}, {0xfffe, 0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r10 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r10, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x11, r9, 0x1, 0xd8, 0x6, @multicast}, 0x14)

23m49.823410304s ago: executing program 4 (id=2401):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x5)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006300)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r6, 0x4c00, r5)
ioctl$LOOP_SET_FD(r6, 0x4c05, r6)
dup2(r5, r3)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=@updpolicy={0xc4, 0x19, 0x501, 0x0, 0x0, {{@in6=@private0, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x16}}, [@offload={0xc, 0x1c, {0x0, 0x4}}]}, 0xc4}}, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0x9, 0x0)
r8 = syz_io_uring_setup(0x5c08, &(0x7f0000000080)={0x0, 0x0, 0x800, 0x4, 0x2de}, &(0x7f0000000100)=<r9=>0x0, &(0x7f0000000200)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0xa0}})
io_uring_enter(r8, 0x2def, 0xb80c, 0x0, 0x0, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r11, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="38000000020001002cbd7000fcdbdf25020020002489070000005b08adb59821942c00"/47, @ANYRES32=0x0, @ANYBLOB="0000000014000100fc0200000000000000000000000000000800020007000000"], 0x38}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r12 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
close_range(r12, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
r13 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$x86(r13, &(0x7f0000000000)={0x0, &(0x7f0000000440)=[@wrmsr={0x65, 0x20, {0x894, 0x800}}, @wr_drn={0x68, 0x20, {0x6, 0x4}}, @wr_drn={0x68, 0x20, {0x5, 0x1}}, @rdmsr={0x66, 0x18, {0x89c}}, @wrmsr={0x65, 0x20, {0x810, 0x5}}, @out_dx={0x6a, 0x28, {0xd965, 0x0, 0x3}}, @nested_vmlaunch={0x12f, 0x18, 0x2}, @nested_create_vm={0x12d, 0x18, 0x3}, @nested_create_vm={0x12d, 0x18, 0x1}, @nested_load_code={0x12e, 0x52, {0x1, "c402edbbcc440f1bfe0f910eb9800000c00f3235000100000f30440f20c03507000000440f22c0f34790420f32b9c00b00000f320f01d1440f09"}}, @rdmsr={0x66, 0x18, {0xb93}}, @nested_vmresume={0x130, 0x18, 0x1}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x3, @guest_nat=0x6804, 0x6, 0x6, 0x433cdbcd}}, @nested_load_code={0x12e, 0x5f, {0x0, "450f01c80f015c52032e660f75ce36f245e39c65363ef3410f09650f09b9800000c00f3235010000000f3066baf80cb870099b82ef66bafc0c66edb9d80800000f32c40179d6c9"}}, @code={0xa, 0x61, {"430f017b9ec44175f1f58f8978c7a70f480000470fc73266baf80cb84a10b087ef66bafc0c66ed42a100000080000000006667f3400f01eac4c2fd3f0d000000000f20c035000004000f22c0410f01df"}}, @nested_vmlaunch={0x12f, 0x18, 0x3}, @nested_amd_vmcb_write_mask={0x17c, 0x38, {0x2, @control_area=0x4c, 0x40, 0xfffffffffffffff7, 0x9}}, @wr_crn={0x67, 0x20, {0x3, 0x4}}, @enable_nested={0x12c, 0x18}, @wr_crn={0x67, 0x20, {0xa, 0x4}}, @cpuid={0x64, 0x18, {0xc42, 0x8ad}}, @set_irq_handler={0xc8, 0x20, {0xaf, 0x1}}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x0, @ro32=0x4402, 0x9, 0xd, 0x6}}, @wr_crn={0x67, 0x20, {0x8, 0x2bf9}}, @enable_nested={0x12c, 0x18}, @out_dx={0x6a, 0x28, {0x1a3a, 0x0, 0xd}}, @uexit={0x0, 0x18, 0x5}, @nested_load_code={0x12e, 0x4e, {0x3, "66440398b6000000676747dbce470f1b430d66b8a4008ec0260fc71966ba6100ec0f0f51e4a4b8010000000f01d92e0f01c546de65fa"}}, @set_irq_handler={0xc8, 0x20, {0x1a, 0x2}}, @wr_crn={0x67, 0x20, {0x8, 0x7}}, @in_dx={0x69, 0x20, {0xeb7d, 0x2}}, @wr_crn={0x67, 0x20, {0x0, 0xa431}}], 0x4e0})

23m49.439598534s ago: executing program 4 (id=2402):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0xfffffffffffffffd}, 0x68)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0x24004045)
io_uring_setup(0x80d85, &(0x7f0000000040)={0x0, 0xfc93, 0x400, 0x3, 0x253})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x7}, {0x0, 0xffff}}}, 0x24}}, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000500)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x88)
fchdir(r4)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r5 = open(&(0x7f0000000140)='./file1\x00', 0x141242, 0x40)
rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='./file1\x00')
r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r6, &(0x7f0000000280)=""/163, 0xbb)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48})
r7 = dup(0xffffffffffffffff)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f0000000280)={0x0, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000040), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0xe, &(0x7f0000001100)=ANY=[@ANYBLOB="b7020000c54a4530bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b706000008ffffffcf6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a1a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895c679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2dff0f000000000000bf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c048d46362ea0d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d120ea257bba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337dbcf3456ff6cd0d6b98a258e3509a7d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f2cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2bc30a96767f500b9e26e3b12854da63083320d8bfe49d85e0842803dc59d6375bce2b8a93caf39c0ba767880b9bf9407e6a6c0f9a43d1ab51dabf9423b482e848fbe1653ff0c6161fa43543546ce17a42e6cddadaf0767d84407478ffe2d0b567d81201efc81e800d4c0874235ff5cd7f5f0ee71cc2b0193bfc9290627ceaeb0b02931a817688f3a51fa2861e70cbab50a5d434ed8d8841694dba46f3d5a95ae86e4d471684ccf427b2ba53a157b2a7cf7a4c10051bb77822190a14c2ab1f271a7cf9c240b99"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340)={0xffffffff, 0x0, 0xff}, 0x10}, 0x94)
socket$can_bcm(0x1d, 0x2, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d8200000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x100001, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)

23m48.968097913s ago: executing program 4 (id=2403):
socket(0x1, 0x47103ec4e8b200ee, 0x0)
socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000400), 0x800000000401, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc040564a, &(0x7f0000002580)={0x0, 0x1, 0x1014, 0xffffffffffffffff, 0x0, 0x0})
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000940))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000440)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x41, 0x71, 0x10, 0x33}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x3, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
openat(0xffffffffffffff9c, 0x0, 0xa000, 0x1da)

23m48.601422027s ago: executing program 32 (id=2403):
socket(0x1, 0x47103ec4e8b200ee, 0x0)
socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000400), 0x800000000401, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc040564a, &(0x7f0000002580)={0x0, 0x1, 0x1014, 0xffffffffffffffff, 0x0, 0x0})
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000940))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000440)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x41, 0x71, 0x10, 0x33}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x3, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
openat(0xffffffffffffff9c, 0x0, 0xa000, 0x1da)

32.683422944s ago: executing program 2 (id=7377):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x1, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
ioctl$TUNSETOWNER(r0, 0x400454cc, 0xee01)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000240)=[@window={0x3, 0x7}, @sack_perm, @mss, @window={0x3, 0x0, 0x401}, @window, @window={0x3, 0x1, 0x9f}, @timestamp, @timestamp], 0x8)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000), 0xfffffef6)
sendto$inet(r2, &(0x7f00000003c0)="348245a3347c0c76ddbb5836f6b8ebf74838d1428bc027bd68865cf2741841cd074176c2650a65ff8b7e0e155f965ceb9d87102820e6fdb71b750d360c959ab7b860788422", 0xffffffffffffff94, 0x0, 0x0, 0xcbc33fce42d0e744)
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43cfffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a)

32.487913829s ago: executing program 2 (id=7379):
r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000140)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd7}}]}}, 0x0)
close(0x3)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x0, 0x0, 0x83, 0xec}}]}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001140)={0x34, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)={0x40, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000300)={0x34, &(0x7f0000000100)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000c00)={0x34, &(0x7f0000000a40)={0x7030ed4a42cd9ab6, 0x30}, 0x0, &(0x7f00000008c0)={0x0, 0x8, 0x1, 0xa}, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000580)={0x34, &(0x7f00000003c0)={0x20, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000400)={0x24, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000540)={0x34, &(0x7f0000000100)={0x20, 0x0, 0x2, "c306"}, 0x0, 0x0, 0x0, 0x0, 0x0})

28.585531262s ago: executing program 2 (id=7395):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='xprtrdma_err_unrecognized\x00', r2, 0x0, 0xfffffffffffffff3}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYRES8=r2, @ANYRESDEC, @ANYRES64=r0], &(0x7f0000000e40)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9e, 0x17, 0x36, 0x10, 0x17ef, 0x721e, 0xde06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r4, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000440)=ANY=[@ANYBLOB="3a0004000000a7212277"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r4, &(0x7f0000000940)={0x24, &(0x7f0000000a40)={0x40, 0xe, 0xc7, {0xc7, 0xa, "e357757f707771c55a529b4df63465b7bf2e42413359cd92795a1ad6cbb7c0231cab19570d6f4b5d10e8ba338a8a539afe244de62a82046b0b83347464e3bf4eb739fa8716b2998efbbf445f41ba13045322da8b172d079b1306b3a6e3fa3d52f7e123b987e7d1015a72399a8dd688d9fc237269bb7f7c23cdf0b81abce9371ab212379ec900a45492a0b291a984f8fa04b776e9fa63345af2a919564b4b0fcda77e489a238a54fec1732edc66af7963ee22d179ad74343386de51eada2b1ec5ebaf537a91"}}, &(0x7f0000000840)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x477}}, &(0x7f0000000880)=ANY=[@ANYBLOB="002205001000c3ac68fac5"], &(0x7f00000008c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0xf03d, 0x5, 0x1, {0x22, 0x73d}}}}, &(0x7f0000000bc0)={0x2c, &(0x7f0000000cc0)={0x40, 0xe, 0xd7, "8bc4376aee8d6fef99024641f039fe22a27342b1f5e3669fbadc225695316c30cee8efddbdb523bbdeeb1249979f876e163532646af09891ed3c9e47454adea26965b786fb1d19d21e001abc3816c8fb8585d933f9544a6358c46512ae21541aadb6b31836b8e3d54c9a3e422cac45dd2fb52d63a81800462eb5e5fbaac4c3c4522918eeab80ab9fbd58036d0f81652f760d2b955ddfb8141550fca1cc866706f51a4a1f9337a472c8a167e50bc650eed51900a35202acac645877ede718797b07693837be8ed57e0d734d9161e12ee573a4d118b35cc8"}, &(0x7f0000000980)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000b40)={0x0, 0x8, 0x1, 0x23}, &(0x7f0000000e80)=ANY=[@ANYBLOB="20018300000069c890738d540809d2d4628203cf3c3b799b8703fd18949f97fc836df6d7fa275e6993e49181fb816170210f825a17eef715d3b3fa969bdd61009a46870ba366d66579745561faa3d587719e06f74fd310b8d3ce2428a67f6e51a5817fbbbe3df572d828a15422dadd284c556fb51f14358073f7440a3db9dea6c672ae643a247c263531ceb49b34bb9299a54a61fdbd4c69dcb27da640effffe12167263a440bf7c021c21eda9dd0c5677efbe07eac25790997cc620f265c62042af08992bb01ad169dc8b512e8710b6f7458b6598a4ce6e070672a505e2f8b68a3cbdbe15888c9fa5290bb58b1f5bff00e22b7f955ecdb57d0608e86077b91666986073b35192263717111383a0a95e83b5e21cbae5c462e2c2a293c21d1dd3003d775790a70196a32f2d64db48a43f3f585b5a2682ac8406871d4211fa92653205ebca8bfd8499fa8e2321b353002699ebbb4409b7665625b9721ae67e7f6ad4892c1268415c7a1157a1fc9b566198e2b49a037f891b20bc306499e7c8f5bea222664589715a04672303f0d8cf96785ef01aba4a2d3a5feeba2ac594c035877bd33e30200bf95b48df1540739538d405c3f6784a98a49c04e4197884f34194c666211bab1ced73cb5e7eda32c0145d37f1ecdf142407c7f1950fb2fa0464e52bba1b32f55857c325c50aa3d7bf3961b02753c0c3e40ca87b6d6b78cd59a6e7929013f7efe49710012e89957b951e6b342d5c4bc318d4"], &(0x7f0000000b80)={0x20, 0x3, 0x1}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r3}, 0x10)
sync()
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, &(0x7f0000001ac0)=""/7, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)={0x2c, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc00}, 0x2de0d2a06d7aeea8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={0x0, @multicast2, @local}, &(0x7f00000002c0)=0xc)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000011c0)=ANY=[@ANYBLOB="2c000000190001092cbd700097dbdf25021800000002fd00001e0000080202000e93e0000001b43c92fb77d3149b1b5a641bdd146a212addaf8e2d4d8214ec619d625caadc564c9e7a589a8cb054bec52ba0afe68f3c65086876dada9e824f2c3699e55396eabc28d044db0e004a6afea8fde657157e043ff3b80f45d64a628b8e5c442f"], 0x2c}, 0x1, 0x0, 0x0, 0x40004}, 0x488d0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)

24.591889689s ago: executing program 2 (id=7413):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000008c0400"])
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00')
sendfile(r6, r6, &(0x7f0000000000)=0x2eb4, 0x2000007ff)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x4, 0x6, &(0x7f0000000080)=0x8})

23.47177286s ago: executing program 2 (id=7414):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff}) (async)
r1 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfdf7}, 0x0, 0x40000, 0x1})
io_uring_enter(r1, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12011001581c2908570b2085396d0102030109021b00010001000b0904c80201030102030905fbff"], 0x0)

23.279896755s ago: executing program 2 (id=7415):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000240)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
r1 = dup(r0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = fsopen(&(0x7f0000000100)='bpf\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='\x05\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000010000108000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000080004004400000008001b000000"], 0x30}}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x13f, 0x1}}, 0xfed7)

22.641338457s ago: executing program 33 (id=7415):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000240)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
r1 = dup(r0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = fsopen(&(0x7f0000000100)='bpf\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='\x05\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000010000108000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000080004004400000008001b000000"], 0x30}}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x13f, 0x1}}, 0xfed7)

11.186940999s ago: executing program 5 (id=7473):
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r1 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000003c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000010c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r3, @ANYBLOB="05", @ANYRES16=r3], 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x23)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
close(0x3)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, 0x0)
sendmmsg$inet_sctp(r6, 0x0, 0x0, 0x0)
setsockopt(r5, 0x84, 0x7f, &(0x7f0000000080)="010000000980ffff", 0x8)
r7 = getpgid(0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x2, 0x0)
syz_pidfd_open(r7, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
sendmmsg$inet(r2, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001580)="e7fd379780c24b198c9ebd2cbb2b697c63dcb2ad9924f068956ae9bff5b6d902955f083d7b63744819e97a58eda43c74e9d230bc284b81001b09ce5be3d9c808be0e4a06f04cd3b92717af30809bcb8660e838655d1f593b3d2d6ce2116da270d9f579336fae578558549f2b72b6eee49171b323c4b04f482877197be535fddd8c7710c5df4ff18be68856f2cdc2c9150a734c9e873ddb095f7c8d8520dab8b358b59a2c2dc5baf56eb7b8892847da1da3352bd078a54b58c147e25793a3318dd3b60e0b1f4de4bf6cf33d916ca1fdd2091c257cdac954320967fa95515b89ba1dcf4bdbcdce9129390d4f5484c1d29932547c71fd647e4439968c50f5fd216670412ede7666a114329f8dfb39309bc0931964ec5a28ac77925a80758f69989180241615e3ac5a02e46128e507691fcaadeeb5d2e277417e2a326acfea772bcbde319b563731a69e0db4", 0x14a}], 0x1}}], 0x1, 0x20048814)
r9 = openat$cgroup_ro(r1, &(0x7f0000000000)='cgroup.freeze\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xd, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000104000000000000020000009500000000000b000000000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7020000000000008500000086000000184900000600"/40], &(0x7f0000000040)='GPL\x00', 0x6, 0x20, &(0x7f0000000140)=""/32, 0x41100, 0x39, '\x00', r8, @fallback=0x2b, r0, 0x8, &(0x7f0000000180)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x1, 0xe, 0x1, 0x6}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x3, &(0x7f0000000240)=[r0, r1], &(0x7f0000000280)=[{0x2, 0x2, 0xa, 0x3}, {0x3, 0x5, 0x5, 0xd}, {0x2, 0x5, 0x10, 0x9}], 0x10, 0x7f}, 0x94)

9.242814255s ago: executing program 5 (id=7481):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs2/binder0\x00', 0x1000, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x16}, @remote, @private0, 0x800001, 0x6, 0xfffe, 0x100, 0x5ffffffe, 0x6820213})
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f00000000c0)=0x8, 0x4)
r1 = dup(r0)
bind$unix(r1, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
r2 = socket$inet6(0xa, 0x2, 0x0)
dup(r2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x1, 0x0)
socket(0x10, 0x803, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00'], 0x54}, 0x1, 0x0, 0x0, 0x40814}, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

8.931810066s ago: executing program 5 (id=7482):
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = io_uring_setup(0x4717, &(0x7f0000000200)={0x0, 0xeafc, 0x4, 0x2, 0x226, 0x0, r0})
io_uring_enter(r1, 0x7a17, 0xa709, 0x78, &(0x7f00000000c0)={[0x1000]}, 0x8)
bind$l2tp(r0, &(0x7f0000000080)={0x2, 0x0, @empty, 0x3}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r3 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r3, 0x0, 0x0)
sendto$inet(r2, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001e40)={0x1c, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x4}]}, 0x1c}}, 0x0)
recvmsg(r2, 0x0, 0x12100)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68)
r4 = syz_open_procfs(0x0, 0x0)
read$FUSE(r4, 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000000))

8.528031651s ago: executing program 5 (id=7483):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
read$FUSE(r1, 0x0, 0x7000)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000180)=ANY=[], 0x32)

8.526482836s ago: executing program 3 (id=7484):
r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100003afe1220e6040b000001010203010902240001000010000904140002a024260009050602ff03000000090582020800000000"], 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x101082, 0x0)
readv(r2, &(0x7f00000004c0)=[{0x0}, {&(0x7f0000000080)=""/29, 0x1d}, {&(0x7f00000000c0)=""/165, 0xa5}], 0x3)
r3 = accept4(r1, 0x0, 0x0, 0x80800)
sendmmsg$alg(r3, &(0x7f0000000280)=[{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000080)="f703010010fff3be522ba800000000", 0xf}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba12", 0x11}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2000847}], 0x1, 0x40800)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x38)
recvmmsg$unix(r3, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000001040)=""/6, 0x6}, {&(0x7f0000001080)=""/27, 0x1b}], 0x2}}], 0x1, 0x40000000, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100004b41460860163209ea80010203010902120001000000080904"], 0x0)
r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x2402)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000180)={&(0x7f0000000400)=[{0x1934, 0x1000, 0x0, 0x0}, {0xfe9c, 0x2a11, 0x0, 0x0}], 0x2})
r6 = syz_open_dev$mouse(&(0x7f0000000180), 0x0, 0x2)
read$snddsp(r6, 0x0, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r7, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r7, 0x24, &(0x7f0000000040)={0x2, 0x1, 0x83b, 0x1})
ioctl$SCSI_IOCTL_SYNC(r7, 0x4)
ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0xeb1f)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000740)={0x34, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x4000)
syz_usb_control_io(r0, 0x0, 0x0)

8.171967642s ago: executing program 5 (id=7487):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, 0x0)
fstatfs(0xffffffffffffffff, 0x0)

5.937238341s ago: executing program 0 (id=7489):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x3}}, 0x1c)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[], 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup(r4)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
ioctl$FBIOBLANK(r5, 0x4611, 0x3)
ioctl$KVM_SET_NESTED_STATE(r3, 0x4048aecb, &(0x7f0000001440)={{0x7, 0x0, 0x80, {0x4000000000000, 0xf000, 0x2}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9e7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf9758b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bfe98e94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30bfdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029e7a9e8b86a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf7b155ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f8edd941bff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf2805372a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f0050079601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22670812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5820a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac980acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de628d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa31819caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae399aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64ffff5208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c04799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e55037859293e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db63dec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd41d704bbdba7d282aac778b7ec769ef984527c8112d56e75ab77ff8898d9816abc77b0e693880bffffffffffffff7fb5cb6967fb0ea8e14efce120947092c3b601002f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6af1d8183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a5518b3c1de451f220c418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77030094543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c75f4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b769e44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd580800000000000000d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7073b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156fb4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d475bd5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95f3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641f9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33201f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49d2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a34313315836bb7291764b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2dbed5d52c8e976744da29f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3ad34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33dff5ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f6373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e02000000be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f00000000dfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c0851800c6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e400000f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
clock_gettime(0x0, &(0x7f00000000c0)={<r6=>0x0, <r7=>0x0})
pselect6(0x40, &(0x7f0000000000)={0x1, 0xffff, 0x0, 0x9c, 0x80, 0x3, 0xe, 0xffffffffffffffff}, &(0x7f0000000040)={0x6, 0x400, 0x1, 0xe, 0x9, 0xfffffffffffffffd, 0xffffffffffffffff, 0x100000001}, &(0x7f0000000080)={0x36, 0x4000, 0x5, 0x0, 0x9, 0xfff, 0x1, 0x81}, &(0x7f0000001140)={r6, r7+60000000}, &(0x7f00000011c0)={&(0x7f0000001180), 0x8})
ioctl$KVM_GET_XSAVE(r3, 0x9000aea4, &(0x7f0000000140))

5.748113313s ago: executing program 1 (id=7492):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000005c0)=@generic={&(0x7f0000000080)='./mnt\x00', 0x0, 0x18}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xf, 0x4, 0x0, 0x0, 0x6, 0x21, &(0x7f0000000200)=""/33, 0x41100, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0xffffffffffffffff, 0x10, 0x2}, 0x94)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
r4 = socket$netlink(0x10, 0x3, 0x15)
writev(r4, &(0x7f0000000100)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@generic={&(0x7f0000000340)='./mnt\x00', r2}, 0x5)
recvmmsg(r4, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x4}], 0x2, 0x40010000, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000280)={0x9, 0x1000, 0x2, 0xffffffffffffffff, 0x4})
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x71)
fsopen(0x0, 0x0)
unshare(0x40000080)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
readlinkat(0xffffffffffffffff, &(0x7f0000000140)='./mnt\x00', 0x0, 0x0)
setitimer(0x2, &(0x7f0000000580)={{0x77359400}}, 0x0)
unshare(0x42000080)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x4100)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x200000000000000)

5.699880107s ago: executing program 0 (id=7493):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000080), 0x0}, 0x20)

5.303175994s ago: executing program 3 (id=7496):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, 0x0, &(0x7f0000000040)=<r1=>0x0)
socket$inet6(0xa, 0x80000, 0xffffffff)
syz_io_uring_submit(0x0, r1, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
socket$unix(0x1, 0x5, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
close(r5)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000001700)=ANY=[@ANYBLOB="540200001600010000000000fedbdf25ff0100000000000000000000000000010a0101010000000000000000000000004e2200004e2300000a00200021000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc0000000000000000000000000000000000000033000000e0000002000000000000000000000000060000000000000019d000000000000009000000000000000000000000000000000000000000000008000000000000000000000000000000ff030000100000000300000000000000ffffffff00000000ffffff7f000000000900000000000000000000007f000000070000002bbd7000000000000200013f000000000000000001000000060000002c001300200100000000000000000000000000010000000000000000000000020000001c00040003004e204e210000fe"], 0x254}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r8, {}, {0xffe6, 0xb}, {0x7, 0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0xfffffc01}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008021}, 0x4008050)
ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

5.032121858s ago: executing program 5 (id=7497):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)=ANY=[@ANYBLOB="1201000035ffaa20cd0caf104e380102030109021b00010000100009045902019b042a00090582"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x101a00, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='R}A>te default t'], 0x20, 0xfffffffffffffffd)
syz_open_dev$vcsn(&(0x7f00000001c0), 0x1, 0x800)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x15)
write$uinput_user_dev(r1, &(0x7f0000000800)={'syz1\x00', {}, 0x4, [0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xb77b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c)
ioctl$UI_DEV_CREATE(r1, 0x5501)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"])
r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x2, 0x4002004c4, 0xffe, 0x0, 0x0, 0xfffffffffffffffd, 0x900f, 0x0, 0xd57b, 0x0, 0x7], 0xeeee8000, 0x2113c0})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000080)={r6, 0x0, {0x0, 0x600000000000000, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601a8ca5b07dcc141802c4dacf162e43ac61f7ad330000000000a04100", [0xfffffffffffffce8, 0xa]}})
pwritev(r5, &(0x7f0000000500)=[{&(0x7f0000000380)="9e", 0x1}], 0x1, 0x5, 0xfffffff9)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000300)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x1, 0x0, 0x0, 0x2c, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1}}}}}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000200)={0x20}, 0x0, 0x0, 0x0, 0x0})

4.83189185s ago: executing program 0 (id=7499):
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, 0x0, 0x0}, 0x20)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x169a7c, 0x41)
copy_file_range(r3, 0x0, r3, 0x0, 0x1, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/uevent_seqnum', 0x149b82, 0xb300bb1401d27a12)
write$cgroup_int(r4, &(0x7f0000000000)=0x800, 0x12)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000200)='./file0\x00', 0x8, 0x1)
r5 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, 0x0)
poll(&(0x7f00000000c0)=[{r5, 0x201}], 0x1, 0x4)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
dup(r7)

4.39386966s ago: executing program 3 (id=7500):
socket$inet6(0xa, 0x1, 0x0)
socket$isdn(0x22, 0x3, 0x25)
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000001400), 0x101)
epoll_create(0xff9)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
write$binfmt_misc(r0, &(0x7f0000000380)="c751b5b88abcaf8f615e0ee99ab9119ea35eff49c30ca151b33001ed04ed04c4f8a1bd26a8e1f1a5603fe38e5b0ed624c2505e93ef64e6593de0d9a59f4172598677e9c2a6b8fd8b6d0e36cca5e7e647445b57e8a18c9fff7adad46db1f99ac016", 0x61)

4.031462612s ago: executing program 3 (id=7501):
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11, 0x1, 0x0, 0x41000000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x4000)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
lseek(r2, 0x2000, 0x0)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, 0x0)

3.849334776s ago: executing program 6 (id=7502):
r0 = dup(0xffffffffffffffff)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="cd", 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e23, 0x6, @rand_addr=' \x01\x00', 0x7}, 0x1c, &(0x7f00000009c0)=[{&(0x7f0000000580)="1491", 0x2}], 0x1}}], 0x2, 0x8001)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000001c0)={0x0, 0x7, 0x401, 0x6, 0x2, 0x5c53, 0x800, 0x1, {0x0, @in={{0x2, 0x4e22, @private=0xa010100}}, 0x4, 0x52d, 0x7, 0x2, 0x7}}, &(0x7f0000000000)=0xb0)

3.751860725s ago: executing program 6 (id=7503):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x5, 0x8, 0x4932, 0xc2, 0x1, 0x1, 0x6}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000006c0), 0xca, r0}, 0x38)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
waitid(0x2000000, 0x0, 0x0, 0x4, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r2)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000200), 0x7, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000280))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004099}, 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x200005, @empty, 0xa09c}, {0xa, 0x4e21, 0x2, @mcast1, 0x9}, r6, 0x7ffe}}, 0x48)
unshare(0x2000000)
writev(r4, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r7, 0x1, 0x6, 0x0, 0x0)
sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x148, r3, 0xb03, 0x70bd26, 0x0, {}, [@TIPC_NLA_MON={0x4}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}]}, @TIPC_NLA_NET={0x50, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x40}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x79}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffff7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x40}]}, @TIPC_NLA_SOCK={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x800}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x401}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x555}]}, @TIPC_NLA_NODE={0x48, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x43, 0x4, {'gcm(aes)\x00', 0x1b, "f91e60e36e4e3dc11f2a1103d4f567b7cfafd331e5e24516c0621e"}}]}, @TIPC_NLA_NODE={0x2c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6b}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2c}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xb20e}]}]}, 0x148}}, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r8, &(0x7f0000003000)=@file={0x1}, 0x6e)
listen(r8, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x4)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1)
sendmsg$NL80211_CMD_START_P2P_DEVICE(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x9d5ca9d92fe6ea78}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, r10, 0x20, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x9, 0x7d}}}}, ["", "", "", "", ""]}, 0x20}}, 0xc0)
write(r9, &(0x7f00000002c0)="29000000140005b7ff00000004eabdeb0101b6ff02159f7e5520756b1933b49db96ad24d12595fbea5", 0x29)

3.699760711s ago: executing program 3 (id=7504):
r0 = syz_usb_connect$cdc_ecm(0x2, 0x68, &(0x7f0000000280)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x56, 0x1, 0x1, 0x5, 0x40, 0x9, [{{0x9, 0x4, 0x0, 0x7, 0x2, 0x2, 0x6, 0x0, 0x6, {{0x7, 0x24, 0x6, 0x0, 0x0, "baaf"}, {0x5, 0x24, 0x0, 0x7fff}, {0xd, 0x24, 0xf, 0x1, 0x9a5, 0x8, 0x7, 0x5}, [@call_mgmt={0x5}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x7, 0x7, 0xf6}, @acm={0x4, 0x24, 0x2, 0x8}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x10, 0x6c, 0x6, 0xff}}], {{0x9, 0x5, 0x82, 0x2, 0x200, 0xb, 0x9, 0xb6}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x81, 0x5d, 0x9}}}}}]}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x201, 0x7, 0x8, 0x6, 0xff, 0x7f}, 0x29, &(0x7f0000000140)={0x5, 0xf, 0x29, 0x4, [@ss_container_id={0x14, 0x10, 0x4, 0x4, "b83e0b6279f0c53c78296a2065905feb"}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x8, 0x2, 0x4}, @ptm_cap={0x3}]}, 0x2, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x4c0a}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x104d}}]})
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000480)={0x14, &(0x7f00000003c0)={0x20, 0xf, 0x6e, {0x6e, 0x31, "bda66d32b46c85b7d05f055599d903f41455377ed95cd276ddb7a5d873bc4fd5fc49242c950211ba4c0f555fdbe6c76ba72054e9cdde04696ae52c545ff15435fb3714c12f1e45017a9987d07ed5615a9cc07611c484bd20db69bbb22760bf32228870975b38582f13c41ffe"}}, &(0x7f0000000440)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000680)={0x1c, &(0x7f00000005c0)={0x0, 0xb, 0xb5, "608f554f5ab00d6ef3159d9a38f20ea778787055d67be241cb2b9cd51d08e2dd2e1edad22d596340e41af66c4f2ed9b41a870bb4cc05f2c9ecc42f890c5d855a2bb1f0dc215f215ef21391787d7f66e024493efc973209a0dcf261fce8edfacc8ed05fc1d1e568ebf31ef3b1ac704c653a1afce3c2c72464317365708d796de32730d0fa9f59d2dc5b2bbf582d5a7a500964bd849d92115f3bc597151b5d0d33b3135eca8d59d88a1211381b0fb616069593074006"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0xc}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x8}})
syz_emit_ethernet(0x56, &(0x7f0000000080)={@local, @remote, @val, {@ipv6={0x86dd, @generic={0x0, 0x6, "76cd8a", 0x18, 0x0, 0x0, @rand_addr=' \x01\x00', @dev, {[@hopopts={0x0, 0x2, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0xd600}}, @jumbo={0xc2, 0x4, 0x33}]}]}}}}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000170900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}}, 0x2000c450)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, 'b'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xe}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040890)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f0000000000000000140002"], 0x54}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c0001800600060065580000971b0280540211"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000100))
r4 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_REWIND(r4, 0x40084146, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x246, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, {0x9}}}]}}]}}, 0x0)

3.500861571s ago: executing program 6 (id=7505):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x8, 0xe168, 0x7f, 0x808, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x2, 0xb}, 0x50)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x105200, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
getpid()
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socket$kcm(0x29, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x90)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6005, 0x0, 0x7, 0x300)
pipe(&(0x7f0000000380))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
sched_setattr(0x0, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r2 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x5, 0x6, 0x73}, {@remote, 0x4e22, 0x0, 0xcd}}, 0x44)
sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev}, 0xd1, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

2.90828305s ago: executing program 0 (id=7506):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, 0x0, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0)

2.572226956s ago: executing program 1 (id=7507):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_DEL_MFC(r0, 0x0, 0xcd, &(0x7f0000000080)={@loopback, @remote, 0xffffffffffffffff, "efd56f961991db70f414f2120a928acddc5990865fedaca146b39f77629d3902", 0x8, 0x8, 0x10, 0x5}, 0x3c)
r1 = socket$kcm(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0xc3, 0xa1, 0xd7, 0x8, 0xccd, 0x99, 0x950d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xbc, 0x71, 0xf9}}]}}]}}, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(r2, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000000c0)="9aabdb3d4aa87570fb623d73efc90db2aa3c065f5ba5b67410d065c8263d08c09125f91c3986f14b183e1937e919a0e85f626c8fca107965877adbf22c6f9fbabe76268c7cdff905666fddfab3698da4c3a4d8d6c38eb651f926361d640483228bc06e49c7d578dc719921e6736e4220e7acdec0f262fc18223b73a0b215149cb8f23e52fef7e48429e6a55da89173d59e59c05c300fe11c9f6b2616c3a66c15ea6073", 0xa3}, {&(0x7f0000000200)="d5f2b7421712a81853218ba225ec8d729a05dc446981266be92d352396bf2a4a832a40d26c79a648430f30cc8d00000000000020f761294b8800f82de2a4ba2a565b2387ebf529cf9324c22818386fa9eb60c92fe607ace2bb3a36a689e709bbdf469a3c7ff883847201342f66ecb1374a4b8fd572bb06b8067b4470e15d3c91e721ff8232ec92153f4690008dea251aeb9024eb359c6c93eeb9c0f82ceadd51e30e849495e1bc181fe329be0f7516cfd5984875fbc15ca117fac8b6eca304e0ff5002f194c49e94456070f8685a85bc40f104951f", 0xd5}, {&(0x7f0000000340)="b7a021", 0x3}, {&(0x7f0000000380)="988fa4b36589c6349746c5efcd6f69875985ef25a3a9752b5199ef8dd0412f68c93f465bb18e96e95be1498fb0a1563a63252aa4850078069af6f3bbd98a98b119e3c6f59054120817b27313d1ec905e95cea0d62884e157b55c666ca39283312150237fe4f9904fddb4cd5b68779864143ec2f1ba8d90dbd1efc31f5c4c6ca6f2a60d1b605f1c29850b791cb111fc4f6d9d3e472f7b38658ebb401bc112b8139a", 0xa1}, {&(0x7f0000000440)}], 0x5}, 0x40011)

2.566839941s ago: executing program 6 (id=7508):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
syz_io_uring_setup(0x2f90, &(0x7f0000000180)={0x0, 0x541e, 0x10000, 0x3, 0x3a2}, &(0x7f0000000100), &(0x7f0000000140)) (fail_nth: 10)
futex_waitv(&(0x7f0000000180)=[{0x3, 0x0, 0x82}], 0x1, 0x0, 0x0, 0x0)

2.327582682s ago: executing program 0 (id=7509):
writev(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/uevent_seqnum', 0x149b82, 0xb300bb1401d27a12)
write$cgroup_int(r3, &(0x7f0000000000)=0x800, 0x12)
syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2)
poll(0x0, 0x0, 0x4)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r7, 0x2000)
ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

1.671890433s ago: executing program 6 (id=7510):
pipe(0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(r0, 0xc008561c, &(0x7f0000000040)={0xf0f000, 0x3, @value=0x140000000000})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x4000})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x1, 0x1000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x20, 0x140f, 0x1, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xd, 0x45, 'opa_vnic\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0xc004)
r4 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
mknod$loop(&(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x10, 0x0)
r5 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000a00)=@generic={0xa, "8ab77fa26849ff26650042e2dacd00005efe0000000162e2adacd2737d00ad6f9fa9f3d7145e15dd9d6d2e19c211220940ad5def53b911ba5b9da13641f9826d7012a749f54b901ee80ea6132ca6e88c776553e1833052ca376304313c4b37780136a4b838570400"}, 0x80, 0x0}, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f00000001c0)=[&(0x7f0000000080)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r6, &(0x7f0000000000)="f86c6d1ab173aacb07d865", 0xb}])
write$char_usb(r6, &(0x7f00000006c0)="7b9fb3a9963da8647130a578e2fe89ba029a58ca5d4ac326d29cfa713d4ba99984d2088f4f137b1473593538cdf9e43bebc6e3a5", 0x34)

923.050002ms ago: executing program 1 (id=7511):
socket$inet6(0xa, 0x1, 0x0)
socket$isdn(0x22, 0x3, 0x25)
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000001400), 0x101)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
write$binfmt_misc(r0, &(0x7f0000000380)="c751b5b88abcaf8f615e0ee99ab9119ea35eff49c30ca151b33001ed04ed04c4f8a1bd26a8e1f1a5603fe38e5b0ed624c2505e93ef64e6593de0d9a59f4172598677e9c2a6b8fd8b6d0e36cca5e7e647445b57e8a18c9fff7adad46db1f99ac016", 0x61)

836.181281ms ago: executing program 6 (id=7512):
socket$inet6(0xa, 0x2, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x2f, 0x33, 0xfd, 0x4, 0x49, @dev={0xfe, 0x80, '\x00', 0x44}, @mcast2={0xff, 0x3}, 0x40, 0x7800, 0x0, 0x4}})
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000000)=""/4078, &(0x7f0000001080)=0xfee)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fedbdf250500000008000300f3"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x20}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00', r3}, 0x18)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000000))
madvise(&(0x7f00005fa000/0x4000)=nil, 0x4000, 0x12)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000})
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000001000))

706.982439ms ago: executing program 1 (id=7513):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, 0x0, 0x0)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
sendmmsg$inet6(r0, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="cd", 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e23, 0x6, @rand_addr=' \x01\x00', 0x7}, 0x1c, &(0x7f00000009c0)=[{&(0x7f0000000580)="1491", 0x2}], 0x1}}], 0x2, 0x8001)
getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f00000001c0)={0x0, 0x7, 0x401, 0x6, 0x2, 0x5c53, 0x800, 0x1, {0x0, @in={{0x2, 0x4e22, @private=0xa010100}}, 0x4, 0x52d, 0x7, 0x2, 0x7}}, &(0x7f0000000000)=0xb0)

560.173564ms ago: executing program 1 (id=7514):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f00000001c0)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYRES16=r4, @ANYRES32=r3, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0)
sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="44010000", @ANYRES16=r4, @ANYBLOB="00022bbd7000fbdbdf251200000005007400040000001800118004000600040002000400050004000400040007000600120106000000d400be007c4c658958b66436e46e8c5f4fb927a6592ad4b98d40f75640517a1de06e4d38b5baae179c0518f8b6985b656d2bceeb0a1a19cbe0e6dbc34b8d7e3f2228a198b2d1208042aa849db40445b1332f8f3dacbdc06508095d25a2bca66fbf9f1ea3f7ef974c96fe2d0fbc004951fcd54aaa0620850a0ec851f3372ec4bb08da08777247aa40cfae600de8eccfeaad0a45d5e075bbe1451f6df7f1239dace0408fb561446cc84d118fe748d31dceb79009d728bbfdafd5ea2b24cd1942455cdbac488aba7cfdf35d09599d97b00b935da6a534008100050002007400000005000200800000000500010009000000050001004000000005000200440000000500010000000000"], 0x144}, 0x1, 0x0, 0x0, 0x20000000}, 0x8800)
r5 = syz_open_dev$sg(&(0x7f0000000280), 0x4, 0xe2242)
ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x5393, &(0x7f00000000c0)=ANY=[@ANYRES64=r5])

559.78604ms ago: executing program 3 (id=7515):
socket$inet_sctp(0x2, 0x5, 0x84)
socket$kcm(0xa, 0x0, 0x106)
mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000008)
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r1=>0x0})
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x8010, 0xffffffffffffffff, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x5, 0x3}, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
setsockopt$inet_int(r4, 0x0, 0x1, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x2)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
accept4(r3, &(0x7f0000000380)=@ieee802154, &(0x7f0000000400)=0x80, 0x80000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
socket$rxrpc(0x21, 0x2, 0xa)
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x90, 0x5, 0x9, 0x7f}})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x19, 0xe, &(0x7f0000000940)=ANY=[@ANYRESDEC], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r1, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x10000000}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')

335.661984ms ago: executing program 1 (id=7516):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet(0x10, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x60, 0x2, 0x6, 0x101, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x20004000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)
syz_open_procfs(0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000000c0)={@initdev={0xac, 0x1e, 0x1, 0x0}, @empty, 0x1, 0x6, [@multicast1, @private=0x4, @private=0xa010100, @rand_addr=0x64010100, @rand_addr=0x64010100, @broadcast]}, 0x28)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r5 = syz_open_dev$vim2m(&(0x7f0000000200), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000340)={0x2, @vbi={0x4, 0x5, 0x6, 0x3447504d, [0x8000, 0x8], [0xffffffff, 0x1], 0x13a}})
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r3, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)
r6 = socket(0x11, 0x800000002, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000540)={'wlan0\x00', {0x2, 0x0, @private=0xf30a4000}})

0s ago: executing program 0 (id=7517):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DEAUTHENTICATE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000125bd7000fbdbdf250008000300000000", @ANYRES32=r2, @ANYBLOB="0c009900090000005c0000000a0034000101010101010000"], 0x34}, 0x1, 0x0, 0x0, 0x81}, 0x8048801)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
unshare(0x24060400)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x7, 0x2})
ioctl$UI_SET_RELBIT(r3, 0x40045566, 0xe)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fcdbdf253900000008000300", @ANYRES32=r6, @ANYBLOB="2c005a80280000802400dd00401c56410204271c0a0055302b4c261d000f1b314c270b37442444003c4ecc1eded4c0230d6f8963168763afc9f0b764dd884cc56c2c5ad00e65e384f4c28ea1901103f984c224b134f3cce4ee1d4600161551b9160cc0"], 0x48}, 0x1, 0x0, 0x0, 0x4080}, 0x4000)

kernel console output (not intermixed with test programs):

x10
[ 2013.663075][  T570]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2013.663109][  T570]  ? __fget_files+0x3a0/0x420
[ 2013.663135][  T570]  ? fput+0xa0/0xd0
[ 2013.663158][  T570]  ? ksys_write+0x22a/0x250
[ 2013.663188][  T570]  ? __pfx_ksys_write+0x10/0x10
[ 2013.663218][  T570]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 2013.663248][  T570]  do_syscall_64+0xfa/0xfa0
[ 2013.663276][  T570]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2013.663305][  T570]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2013.663324][  T570]  ? clear_bhb_loop+0x60/0xb0
[ 2013.663349][  T570]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2013.663369][  T570] RIP: 0033:0x7f0bcbd8f749
[ 2013.663387][  T570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2013.663405][  T570] RSP: 002b:00007f0bccc30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2013.663426][  T570] RAX: ffffffffffffffda RBX: 00007f0bcbfe5fa0 RCX: 00007f0bcbd8f749
[ 2013.663442][  T570] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000
[ 2013.663455][  T570] RBP: 00007f0bccc30090 R08: 0000000000000000 R09: 0000000000000000
[ 2013.663467][  T570] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000002
[ 2013.663480][  T570] R13: 00007f0bcbfe6038 R14: 00007f0bcbfe5fa0 R15: 00007f0bcc10fa28
[ 2013.663514][  T570]  </TASK>
[ 2014.054923][  T575] FAULT_INJECTION: forcing a failure.
[ 2014.054923][  T575] name failslab, interval 1, probability 0, space 0, times 0
[ 2014.068750][  T575] CPU: 0 UID: 0 PID: 575 Comm: syz.2.7150 Not tainted syzkaller #0 PREEMPT(full) 
[ 2014.068777][  T575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2014.068790][  T575] Call Trace:
[ 2014.068810][  T575]  <TASK>
[ 2014.068819][  T575]  dump_stack_lvl+0x189/0x250
[ 2014.068852][  T575]  ? __pfx____ratelimit+0x10/0x10
[ 2014.068880][  T575]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2014.068906][  T575]  ? __pfx__printk+0x10/0x10
[ 2014.068933][  T575]  ? __pfx___might_resched+0x10/0x10
[ 2014.068953][  T575]  ? fs_reclaim_acquire+0x7d/0x100
[ 2014.068988][  T575]  should_fail_ex+0x414/0x560
[ 2014.069023][  T575]  should_failslab+0xa8/0x100
[ 2014.069044][  T575]  __kmalloc_node_noprof+0xd2/0x800
[ 2014.069071][  T575]  ? qdisc_alloc+0x97/0xaa0
[ 2014.069095][  T575]  qdisc_alloc+0x97/0xaa0
[ 2014.069123][  T575]  qdisc_create+0x12c/0xea0
[ 2014.069153][  T575]  ? qdisc_lookup+0x36d/0x6d0
[ 2014.069178][  T575]  tc_modify_qdisc+0x1547/0x2020
[ 2014.069218][  T575]  ? __pfx_tc_modify_qdisc+0x10/0x10
[ 2014.069276][  T575]  ? __pfx_tc_modify_qdisc+0x10/0x10
[ 2014.069301][  T575]  rtnetlink_rcv_msg+0x77c/0xb70
[ 2014.069330][  T575]  ? __lock_acquire+0xab9/0xd20
[ 2014.069352][  T575]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 2014.069381][  T575]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2014.069429][  T575]  netlink_rcv_skb+0x208/0x470
[ 2014.069448][  T575]  ? __lock_acquire+0xab9/0xd20
[ 2014.069467][  T575]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2014.069500][  T575]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2014.069532][  T575]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2014.069561][  T575]  netlink_unicast+0x82f/0x9e0
[ 2014.069599][  T575]  ? __pfx_netlink_unicast+0x10/0x10
[ 2014.069630][  T575]  ? netlink_sendmsg+0x642/0xb30
[ 2014.069648][  T575]  ? skb_put+0x11b/0x210
[ 2014.069673][  T575]  netlink_sendmsg+0x805/0xb30
[ 2014.069703][  T575]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2014.069728][  T575]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 2014.069759][  T575]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2014.069779][  T575]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2014.069803][  T575]  __sock_sendmsg+0x21c/0x270
[ 2014.069834][  T575]  ____sys_sendmsg+0x505/0x830
[ 2014.069863][  T575]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2014.069895][  T575]  ? import_iovec+0x74/0xa0
[ 2014.069923][  T575]  ___sys_sendmsg+0x21f/0x2a0
[ 2014.069948][  T575]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2014.070009][  T575]  ? __fget_files+0x2a/0x420
[ 2014.070027][  T575]  ? __fget_files+0x3a0/0x420
[ 2014.070056][  T575]  __x64_sys_sendmsg+0x19b/0x260
[ 2014.070082][  T575]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2014.070115][  T575]  ? __pfx_ksys_write+0x10/0x10
[ 2014.070147][  T575]  ? do_syscall_64+0xbe/0xfa0
[ 2014.070179][  T575]  do_syscall_64+0xfa/0xfa0
[ 2014.070207][  T575]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2014.070234][  T575]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2014.070254][  T575]  ? clear_bhb_loop+0x60/0xb0
[ 2014.070279][  T575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2014.070298][  T575] RIP: 0033:0x7fbc8f58f749
[ 2014.070313][  T575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2014.070329][  T575] RSP: 002b:00007fbc9039f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2014.070350][  T575] RAX: ffffffffffffffda RBX: 00007fbc8f7e5fa0 RCX: 00007fbc8f58f749
[ 2014.070363][  T575] RDX: 0000000000000000 RSI: 00002000000012c0 RDI: 0000000000000004
[ 2014.070375][  T575] RBP: 00007fbc9039f090 R08: 0000000000000000 R09: 0000000000000000
[ 2014.070387][  T575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2014.070399][  T575] R13: 00007fbc8f7e6038 R14: 00007fbc8f7e5fa0 R15: 00007fbc8f90fa28
[ 2014.070433][  T575]  </TASK>
[ 2014.090811][  T567] input: syz1 as /devices/virtual/input/input172
[ 2014.122511][   T30] kauditd_printk_skb: 26 callbacks suppressed
[ 2014.122530][   T30] audit: type=1326 audit(1763870566.807:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=576 comm="syz.3.7151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bcbd8f749 code=0x7ffc0000
[ 2014.472910][   T30] audit: type=1326 audit(1763870566.807:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=576 comm="syz.3.7151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f0bcbd8f749 code=0x7ffc0000
[ 2014.502680][   T30] audit: type=1326 audit(1763870566.807:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=576 comm="syz.3.7151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0bcbd8f749 code=0x7ffc0000
[ 2014.528932][   T30] audit: type=1326 audit(1763870566.807:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=576 comm="syz.3.7151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f0bcbd8f749 code=0x7ffc0000
[ 2014.609260][  T587] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7154'.
[ 2014.618833][  T587] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7154'.
[ 2014.788093][  T595] netlink: 92 bytes leftover after parsing attributes in process `syz.5.7157'.
[ 2015.252126][  T616] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7160'.
[ 2015.486831][  T602] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2015.494350][  T602] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2016.514160][  T602] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2016.538822][  T602] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2016.675431][T14563] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2016.718198][T20824] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2016.756234][T20824] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2016.796257][T20824] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2016.944561][   T30] audit: type=1326 audit(1763870569.647:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=641 comm="\" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0bcbd8f749 code=0x0
[ 2017.246358][T28590] usb 2-1: new full-speed USB device number 47 using dummy_hcd
[ 2017.408387][  T663] tipc: Disabling bearer <eth:vlan0>
[ 2017.467999][T28590] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2017.485775][T28590] usb 2-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice= 1.ff
[ 2017.495247][T28590] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 2017.515623][T28590] usb 2-1: SerialNumber: syz
[ 2017.530466][T28590] usb 2-1: config 0 descriptor??
[ 2017.549300][T28590] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[ 2017.567613][T28590] usb 2-1: Detected SIO
[ 2017.574547][T28590] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 2017.923591][  T685] vim2m vim2m.0: vidioc_s_fmt queue busy
[ 2018.251126][  T678] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2018.492196][T28590] usb 2-1: USB disconnect, device number 47
[ 2018.566467][T28590] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 2018.598049][T28590] ftdi_sio 2-1:0.0: device disconnected
[ 2018.675492][   T30] audit: type=1326 audit(1763870571.377:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=688 comm="syz.1.7174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2018.697681][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2018.711234][   T30] audit: type=1326 audit(1763870571.377:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=688 comm="syz.1.7174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2018.754142][   T30] audit: type=1326 audit(1763870571.387:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=688 comm="syz.1.7174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2018.776448][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2018.796181][   T30] audit: type=1326 audit(1763870571.387:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=688 comm="syz.1.7174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2018.818838][   T30] audit: type=1326 audit(1763870571.387:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=688 comm="syz.1.7174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2018.896201][ T7860] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[ 2019.048520][ T7860] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2019.057867][ T7860] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2019.073065][ T7860] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2019.091517][ T7860] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2019.100700][ T7860] usb 4-1: Manufacturer: syz
[ 2019.115105][ T7860] usb 4-1: config 0 descriptor??
[ 2019.236184][ T7860] rc_core: IR keymap rc-hauppauge not found
[ 2019.242810][  T698] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2019.259236][ T7860] Registered IR keymap rc-empty
[ 2019.260403][ T7860] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 2019.314118][ T7860] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input173
[ 2019.560096][  T691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2019.571355][  T691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2019.721538][T14760] usb 4-1: USB disconnect, device number 107
[ 2020.224015][  T717] loop9: detected capacity change from 0 to 7
[ 2020.230407][T14760] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 2020.246915][  T717] Dev loop9: unable to read RDB block 7
[ 2020.257191][  T717]  loop9: AHDI p2
[ 2020.260979][  T717] loop9: partition table partially beyond EOD, truncated
[ 2020.406163][T14760] usb 6-1: Using ep0 maxpacket: 32
[ 2020.412856][T14760] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[ 2020.421170][T14760] usb 6-1: config 0 has no interface number 0
[ 2020.427991][T14760] usb 6-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2020.437975][T14760] usb 6-1: config 0 interface 89 has no altsetting 0
[ 2020.446908][T14760] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 2020.455969][T14760] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2020.464461][T14760] usb 6-1: Product: syz
[ 2020.468712][T14760] usb 6-1: Manufacturer: syz
[ 2020.473344][T14760] usb 6-1: SerialNumber: syz
[ 2020.480144][T14760] usb 6-1: config 0 descriptor??
[ 2020.487810][T14760] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 2020.497751][T14760] em28xx 6-1:0.89: Video interface 89 found:
[ 2020.556144][T23591] usb 1-1: new low-speed USB device number 31 using dummy_hcd
[ 2020.647881][  T725] xt_addrtype: ipv6 does not support BROADCAST matching
[ 2020.750538][T23591] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2020.761199][T23591] usb 1-1: config 0 has no interfaces?
[ 2020.780827][T23591] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[ 2020.826174][T23591] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2020.869156][T23591] usb 1-1: config 0 descriptor??
[ 2021.102041][  T711] input: syz1 as /devices/virtual/input/input174
[ 2021.180559][T14760] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[ 2021.399445][  T711] loop5: detected capacity change from 0 to 7
[ 2021.477891][  T749] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2021.510381][  T749] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2021.707470][T22857] Dev loop5: unable to read RDB block 7
[ 2021.754912][    C1] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[ 2021.764731][    C1] Buffer I/O error on dev loop5, logical block 0, lost async page write
[ 2021.775623][T22857]  loop5: unable to read partition table
[ 2021.782025][T22857] loop5: partition table beyond EOD, truncated
[ 2022.126106][  T711] Dev loop5: unable to read RDB block 7
[ 2022.138246][  T711]  loop5: unable to read partition table
[ 2022.152133][  T711] loop5: partition table beyond EOD, truncated
[ 2022.167717][  T711] loop_reread_partitions: partition scan of loop5 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 2022.315919][T14760] em28xx 6-1:0.89: failed to get i2c transfer status from bridge register (error=-5)
[ 2022.331572][  T770] input: syz1 as /devices/virtual/input/input175
[ 2022.344208][  T771] FAULT_INJECTION: forcing a failure.
[ 2022.344208][  T771] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2022.358692][T14760] em28xx 6-1:0.89: board has no eeprom
[ 2022.358790][  T771] CPU: 0 UID: 0 PID: 771 Comm: syz.1.7194 Not tainted syzkaller #0 PREEMPT(full) 
[ 2022.358813][  T771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2022.358826][  T771] Call Trace:
[ 2022.358835][  T771]  <TASK>
[ 2022.358843][  T771]  dump_stack_lvl+0x189/0x250
[ 2022.358873][  T771]  ? __pfx____ratelimit+0x10/0x10
[ 2022.358901][  T771]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2022.358927][  T771]  ? __pfx__printk+0x10/0x10
[ 2022.358958][  T771]  should_fail_ex+0x414/0x560
[ 2022.358992][  T771]  _copy_to_user+0x31/0xb0
[ 2022.359026][  T771]  simple_read_from_buffer+0xe1/0x170
[ 2022.359060][  T771]  proc_fail_nth_read+0x1b3/0x220
[ 2022.359089][  T771]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2022.359116][  T771]  ? rw_verify_area+0x2a6/0x4d0
[ 2022.359141][  T771]  ? __lock_acquire+0xab9/0xd20
[ 2022.359158][  T771]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2022.359185][  T771]  vfs_read+0x200/0xa30
[ 2022.359210][  T771]  ? fdget_pos+0x247/0x320
[ 2022.359232][  T771]  ? __pfx___mutex_lock+0x10/0x10
[ 2022.359261][  T771]  ? __pfx_vfs_read+0x10/0x10
[ 2022.359289][  T771]  ? __fget_files+0x2a/0x420
[ 2022.359311][  T771]  ? __fget_files+0x3a0/0x420
[ 2022.359328][  T771]  ? __fget_files+0x2a/0x420
[ 2022.359355][  T771]  ksys_read+0x145/0x250
[ 2022.359384][  T771]  ? __pfx_ksys_read+0x10/0x10
[ 2022.359414][  T771]  ? do_syscall_64+0xbe/0xfa0
[ 2022.359445][  T771]  do_syscall_64+0xfa/0xfa0
[ 2022.359471][  T771]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2022.359498][  T771]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2022.359518][  T771]  ? clear_bhb_loop+0x60/0xb0
[ 2022.359541][  T771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2022.359560][  T771] RIP: 0033:0x7f47c338e15c
[ 2022.359579][  T771] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2022.359596][  T771] RSP: 002b:00007f47c4290030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2022.359617][  T771] RAX: ffffffffffffffda RBX: 00007f47c35e5fa0 RCX: 00007f47c338e15c
[ 2022.359632][  T771] RDX: 000000000000000f RSI: 00007f47c42900a0 RDI: 0000000000000006
[ 2022.359645][  T771] RBP: 00007f47c4290090 R08: 0000000000000000 R09: 0000000000000000
[ 2022.359657][  T771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2022.359669][  T771] R13: 00007f47c35e6038 R14: 00007f47c35e5fa0 R15: 00007f47c370fa28
[ 2022.359700][  T771]  </TASK>
[ 2022.657501][T14760] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[ 2022.669528][  T780] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7196'.
[ 2022.679438][T14760] em28xx 6-1:0.89: analog set to bulk mode.
[ 2022.685965][T23591] em28xx 6-1:0.89: Registering V4L2 extension
[ 2022.703677][T14760] usb 6-1: USB disconnect, device number 6
[ 2022.726370][T14760] em28xx 6-1:0.89: Disconnecting em28xx
[ 2022.762313][T23591] em28xx 6-1:0.89: Config register raw data: 0xffffffed
[ 2022.771326][T23591] em28xx 6-1:0.89: AC97 chip type couldn't be determined
[ 2022.779731][T23591] em28xx 6-1:0.89: No AC97 audio processor
[ 2022.790434][T23591] usb 6-1: Decoder not found
[ 2022.795536][T23591] em28xx 6-1:0.89: failed to create media graph
[ 2022.802314][T23591] em28xx 6-1:0.89: V4L2 device video103 deregistered
[ 2022.814176][T23591] em28xx 6-1:0.89: Registering snapshot button...
[ 2022.827437][T23591] input: em28xx snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.89/input/input176
[ 2022.843645][T23591] em28xx 6-1:0.89: Remote control support is not available for this card.
[ 2022.852555][T14760] em28xx 6-1:0.89: Closing input extension
[ 2022.864302][T14760] em28xx 6-1:0.89: Deregistering snapshot button
[ 2022.892435][T14760] em28xx 6-1:0.89: Freeing device
[ 2023.256212][T23591] usb 4-1: new full-speed USB device number 108 using dummy_hcd
[ 2023.359669][ T7860] usb 1-1: USB disconnect, device number 31
[ 2023.413269][T23591] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 2023.439529][T23591] usb 4-1: config 0 has no interface number 0
[ 2023.447021][  T805] FAULT_INJECTION: forcing a failure.
[ 2023.447021][  T805] name failslab, interval 1, probability 0, space 0, times 0
[ 2023.460489][  T805] CPU: 0 UID: 0 PID: 805 Comm: syz.0.7203 Not tainted syzkaller #0 PREEMPT(full) 
[ 2023.460514][  T805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2023.460526][  T805] Call Trace:
[ 2023.460533][  T805]  <TASK>
[ 2023.460541][  T805]  dump_stack_lvl+0x189/0x250
[ 2023.460572][  T805]  ? __pfx____ratelimit+0x10/0x10
[ 2023.460599][  T805]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2023.460626][  T805]  ? __pfx__printk+0x10/0x10
[ 2023.460648][  T805]  ? __pfx___might_resched+0x10/0x10
[ 2023.460669][  T805]  ? fs_reclaim_acquire+0x7d/0x100
[ 2023.460704][  T805]  should_fail_ex+0x414/0x560
[ 2023.460739][  T805]  should_failslab+0xa8/0x100
[ 2023.460762][  T805]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 2023.460792][  T805]  ? fl_change+0x313/0x3a80
[ 2023.460812][  T805]  ? __nla_parse+0x40/0x60
[ 2023.460838][  T805]  fl_change+0x313/0x3a80
[ 2023.460866][  T805]  ? fl_get+0x9a/0x380
[ 2023.460894][  T805]  ? fl_get+0x9a/0x380
[ 2023.460914][  T805]  ? fl_get+0x9a/0x380
[ 2023.460932][  T805]  ? fl_get+0x9a/0x380
[ 2023.460954][  T805]  ? fl_get+0x2f1/0x380
[ 2023.460980][  T805]  ? __pfx_fl_change+0x10/0x10
[ 2023.461000][  T805]  ? fl_get+0x9a/0x380
[ 2023.461020][  T805]  ? __pfx_fl_get+0x10/0x10
[ 2023.461050][  T805]  tc_new_tfilter+0xdca/0x15b0
[ 2023.461100][  T805]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 2023.461119][  T805]  ? __dev_queue_xmit+0x1d79/0x3b50
[ 2023.461170][  T805]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 2023.461188][  T805]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 2023.461223][  T805]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 2023.461246][  T805]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2023.461273][  T805]  ? ref_tracker_free+0x63a/0x7d0
[ 2023.461293][  T805]  ? __asan_memcpy+0x40/0x70
[ 2023.461318][  T805]  ? __pfx_ref_tracker_free+0x10/0x10
[ 2023.461348][  T805]  netlink_rcv_skb+0x208/0x470
[ 2023.461367][  T805]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2023.461398][  T805]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2023.461430][  T805]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2023.461457][  T805]  netlink_unicast+0x82f/0x9e0
[ 2023.461495][  T805]  ? __pfx_netlink_unicast+0x10/0x10
[ 2023.461526][  T805]  ? netlink_sendmsg+0x642/0xb30
[ 2023.461546][  T805]  ? skb_put+0x11b/0x210
[ 2023.461570][  T805]  netlink_sendmsg+0x805/0xb30
[ 2023.461598][  T805]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2023.461620][  T805]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 2023.461650][  T805]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2023.461668][  T805]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2023.461690][  T805]  __sock_sendmsg+0x21c/0x270
[ 2023.461720][  T805]  ____sys_sendmsg+0x505/0x830
[ 2023.461748][  T805]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2023.461780][  T805]  ? import_iovec+0x74/0xa0
[ 2023.461809][  T805]  ___sys_sendmsg+0x21f/0x2a0
[ 2023.461833][  T805]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2023.461894][  T805]  ? __fget_files+0x2a/0x420
[ 2023.461912][  T805]  ? __fget_files+0x3a0/0x420
[ 2023.461943][  T805]  __x64_sys_sendmsg+0x19b/0x260
[ 2023.461970][  T805]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2023.462011][  T805]  ? __pfx_ksys_write+0x10/0x10
[ 2023.462041][  T805]  ? do_syscall_64+0xbe/0xfa0
[ 2023.462073][  T805]  do_syscall_64+0xfa/0xfa0
[ 2023.462099][  T805]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2023.462126][  T805]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2023.462146][  T805]  ? clear_bhb_loop+0x60/0xb0
[ 2023.462170][  T805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2023.462189][  T805] RIP: 0033:0x7f3df158f749
[ 2023.462206][  T805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2023.462223][  T805] RSP: 002b:00007f3df244e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2023.462243][  T805] RAX: ffffffffffffffda RBX: 00007f3df17e5fa0 RCX: 00007f3df158f749
[ 2023.462258][  T805] RDX: 0000000000044010 RSI: 0000200000000140 RDI: 0000000000000007
[ 2023.462271][  T805] RBP: 00007f3df244e090 R08: 0000000000000000 R09: 0000000000000000
[ 2023.462283][  T805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2023.462295][  T805] R13: 00007f3df17e6038 R14: 00007f3df17e5fa0 R15: 00007f3df190fa28
[ 2023.462328][  T805]  </TASK>
[ 2023.468782][T23591] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 2023.879126][T23591] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2023.891542][T23591] usb 4-1: config 0 descriptor??
[ 2023.902974][T23591] usb 4-1: selecting invalid altsetting 1
[ 2023.916231][T23591] dvb_ttusb_budget: ttusb_init_controller: error
[ 2023.922813][T23591] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 2024.050511][T23591] DVB: Unable to find symbol cx22700_attach()
[ 2024.122681][T23591] DVB: Unable to find symbol tda10046_attach()
[ 2024.133159][T23591] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 2024.153287][  T822] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7206'.
[ 2024.216407][T14760] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 2024.431142][T14760] usb 2-1: Using ep0 maxpacket: 8
[ 2024.446890][T14760] usb 2-1: config 16 has an invalid interface number: 124 but max is 0
[ 2024.455306][T14760] usb 2-1: config 16 has no interface number 0
[ 2024.466589][T14760] usb 2-1: New USB device found, idVendor=0dba, idProduct=5000, bcdDevice= c.1b
[ 2024.527542][T14760] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2024.566234][T23591] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[ 2024.596682][T14760] usb 2-1: MBOX3: Invalid descriptor size=18.
[ 2024.653609][T14760] usb 4-1: USB disconnect, device number 108
[ 2024.764549][T23591] usb 1-1: config 0 has no interfaces?
[ 2024.775599][T23591] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 2024.802664][T23591] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2024.824605][T23591] usb 1-1: Product: syz
[ 2024.830353][T23591] usb 1-1: Manufacturer: syz
[ 2024.835045][T23591] usb 1-1: SerialNumber: syz
[ 2024.842289][T23591] usb 1-1: config 0 descriptor??
[ 2026.939996][ T7860] usb 2-1: USB disconnect, device number 48
[ 2027.130231][T14760] usb 1-1: USB disconnect, device number 32
[ 2027.218532][  T853] netlink: 24 bytes leftover after parsing attributes in process `syz.5.7217'.
[ 2027.369754][  T859] overlayfs: missing 'lowerdir'
[ 2027.391096][  T859] netlink: 'syz.5.7220': attribute type 32 has an invalid length.
[ 2027.786149][T14760] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 2027.968193][T14760] usb 6-1: Using ep0 maxpacket: 16
[ 2027.980022][T14760] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2028.021808][T14760] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2028.039527][T14760] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2028.056314][T14760] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2028.067639][T14760] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2028.083233][T14760] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2028.103234][T14760] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2028.114679][T14760] usb 6-1: Manufacturer: syz
[ 2028.128905][T14760] usb 6-1: config 0 descriptor??
[ 2028.343108][  T859] netlink: 'syz.5.7220': attribute type 10 has an invalid length.
[ 2028.361685][  T859] veth1_macvtap: left promiscuous mode
[ 2028.380494][  T859] team0: Device veth1_macvtap failed to register rx_handler
[ 2028.401910][  T882] kvm: pic: non byte write
[ 2028.487384][T14760] rc_core: IR keymap rc-hauppauge not found
[ 2028.493337][T14760] Registered IR keymap rc-empty
[ 2028.499361][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.527457][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.547923][T14760] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 2028.563742][T14760] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input177
[ 2028.582616][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.606587][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.615151][T23591] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[ 2028.633422][  T891] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2028.655439][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.686263][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.706274][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.726209][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.746377][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.766404][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.775300][T23591] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 2028.788362][T23591] usb 4-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19
[ 2028.797929][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.805222][T23591] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2028.814298][  T893] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7226'.
[ 2028.824806][T23591] usb 4-1: Product: syz
[ 2028.829479][T23591] usb 4-1: Manufacturer: syz
[ 2028.834344][T23591] usb 4-1: SerialNumber: syz
[ 2028.839489][T14760] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2028.851005][T23591] usb 4-1: config 0 descriptor??
[ 2028.859803][T23591] usbtouchscreen 4-1:0.0: probe with driver usbtouchscreen failed with error -32
[ 2028.870469][T14760] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[ 2028.882012][T14760] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2028.894528][T14760] usb 6-1: USB disconnect, device number 7
[ 2028.915736][  T894] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7226'.
[ 2029.489509][  T899] FAULT_INJECTION: forcing a failure.
[ 2029.489509][  T899] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2029.502851][  T899] CPU: 1 UID: 0 PID: 899 Comm: syz.2.7228 Not tainted syzkaller #0 PREEMPT(full) 
[ 2029.502871][  T899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2029.502884][  T899] Call Trace:
[ 2029.502892][  T899]  <TASK>
[ 2029.502901][  T899]  dump_stack_lvl+0x189/0x250
[ 2029.502931][  T899]  ? __pfx____ratelimit+0x10/0x10
[ 2029.502959][  T899]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2029.502973][  T899]  ? __pfx__printk+0x10/0x10
[ 2029.502991][  T899]  should_fail_ex+0x414/0x560
[ 2029.503010][  T899]  _copy_to_user+0x31/0xb0
[ 2029.503025][  T899]  simple_read_from_buffer+0xe1/0x170
[ 2029.503043][  T899]  proc_fail_nth_read+0x1b3/0x220
[ 2029.503059][  T899]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2029.503074][  T899]  ? rw_verify_area+0x2a6/0x4d0
[ 2029.503088][  T899]  ? __lock_acquire+0xab9/0xd20
[ 2029.503098][  T899]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2029.503111][  T899]  vfs_read+0x200/0xa30
[ 2029.503124][  T899]  ? fdget_pos+0x247/0x320
[ 2029.503137][  T899]  ? __pfx___mutex_lock+0x10/0x10
[ 2029.503154][  T899]  ? __pfx_vfs_read+0x10/0x10
[ 2029.503169][  T899]  ? __fget_files+0x2a/0x420
[ 2029.503181][  T899]  ? __fget_files+0x3a0/0x420
[ 2029.503190][  T899]  ? __fget_files+0x2a/0x420
[ 2029.503204][  T899]  ksys_read+0x145/0x250
[ 2029.503220][  T899]  ? __pfx_ksys_read+0x10/0x10
[ 2029.503241][  T899]  ? do_syscall_64+0xbe/0xfa0
[ 2029.503259][  T899]  do_syscall_64+0xfa/0xfa0
[ 2029.503272][  T899]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2029.503287][  T899]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2029.503297][  T899]  ? clear_bhb_loop+0x60/0xb0
[ 2029.503310][  T899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2029.503320][  T899] RIP: 0033:0x7fbc8f58e15c
[ 2029.503331][  T899] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2029.503340][  T899] RSP: 002b:00007fbc9039f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2029.503353][  T899] RAX: ffffffffffffffda RBX: 00007fbc8f7e5fa0 RCX: 00007fbc8f58e15c
[ 2029.503361][  T899] RDX: 000000000000000f RSI: 00007fbc9039f0a0 RDI: 0000000000000004
[ 2029.503372][  T899] RBP: 00007fbc9039f090 R08: 0000000000000000 R09: 0000000000000000
[ 2029.503384][  T899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2029.503403][  T899] R13: 00007fbc8f7e6038 R14: 00007fbc8f7e5fa0 R15: 00007fbc8f90fa28
[ 2029.503434][  T899]  </TASK>
[ 2029.738245][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2029.746356][ T7860] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[ 2029.886304][ T7860] usb 1-1: device descriptor read/64, error -71
[ 2030.126427][ T7860] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[ 2030.266202][ T7860] usb 1-1: device descriptor read/64, error -71
[ 2030.272673][T14760] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 2030.314264][T28590] IPVS: starting estimator thread 0...
[ 2030.391664][ T7860] usb usb1-port1: attempt power cycle
[ 2030.426122][T14760] usb 6-1: Using ep0 maxpacket: 32
[ 2030.446127][  T943] IPVS: using max 29 ests per chain, 69600 per kthread
[ 2030.463532][T14760] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2030.486445][T14760] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2030.519722][T14760] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[ 2030.565103][T14760] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 4
[ 2030.602577][T14760] usb 6-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[ 2030.619362][T14760] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=7
[ 2030.638249][T14760] usb 6-1: Product: syz
[ 2030.659852][T14760] usb 6-1: Manufacturer: syz
[ 2030.684284][T14760] usb 6-1: SerialNumber: syz
[ 2030.703620][T14760] usb 6-1: config 0 descriptor??
[ 2030.729574][T14760] usb 6-1: no audio or video endpoints found
[ 2030.836168][ T7860] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[ 2030.858312][ T7860] usb 1-1: device descriptor read/8, error -71
[ 2031.126296][ T7860] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[ 2031.156850][ T7860] usb 1-1: device descriptor read/8, error -71
[ 2031.196736][  T953] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7238'.
[ 2031.268665][T14760] usb 4-1: USB disconnect, device number 109
[ 2031.284731][ T7860] usb usb1-port1: unable to enumerate USB device
[ 2031.672545][  T960] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7240'.
[ 2032.023781][  T964] netlink: 'syz.3.7242': attribute type 1 has an invalid length.
[ 2032.037828][ T7860] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 2032.220451][ T7860] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 2032.263392][ T7860] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 2032.291171][ T7860] usb 2-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[ 2032.305343][ T7860] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2032.339593][ T7860] usb 2-1: Product: syz
[ 2032.351521][ T7860] usb 2-1: Manufacturer: syz
[ 2032.363692][ T7860] usb 2-1: SerialNumber: syz
[ 2032.375238][ T7860] usb 2-1: config 0 descriptor??
[ 2032.394357][ T7860] powermate 2-1:0.0: probe with driver powermate failed with error -5
[ 2032.620641][ T7860] usb 2-1: USB disconnect, device number 49
[ 2032.862431][  T977] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7247'.
[ 2033.072283][ T7860] usb 6-1: USB disconnect, device number 8
[ 2033.246283][T14760] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[ 2033.294171][  T989] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[ 2033.509810][T14760] usb 4-1: Using ep0 maxpacket: 32
[ 2033.537874][T14760] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2033.549739][T14760] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2033.561341][T14760] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 2033.571073][T14760] usb 4-1: New USB device strings: Mfr=253, Product=0, SerialNumber=0
[ 2033.593674][T14760] usb 4-1: Manufacturer: syz
[ 2033.608824][T14760] usb 4-1: config 0 descriptor??
[ 2033.686732][ T7860] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 2033.725565][  T995] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7252'.
[ 2033.886185][ T7860] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2033.906608][ T7860] usb 6-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[ 2033.926896][ T7860] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2033.940955][ T7860] usb 6-1: config 0 descriptor??
[ 2034.196917][T28590] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[ 2034.408598][T28590] usb 1-1: config 7 descriptor has 1 excess byte, ignoring
[ 2034.526682][T28590] usb 1-1: config 7 has 1 interface, different from the descriptor's value: 2
[ 2034.552974][T28590] usb 1-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 7.84
[ 2034.579078][T28590] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2034.592384][T28590] usb 1-1: Product: syz
[ 2034.597537][T28590] usb 1-1: Manufacturer: syz
[ 2034.602496][T28590] usb 1-1: SerialNumber: syz
[ 2034.635711][T28590] rndis_host 1-1:7.0: skipping garbage
[ 2034.649856][T28590] usb 1-1: bad CDC descriptors
[ 2034.670662][T28590] option 1-1:7.0: GSM modem (1-port) converter detected
[ 2034.782742][ T1010] xt_hashlimit: max too large, truncated to 1048576
[ 2035.228683][T23591] usb 1-1: USB disconnect, device number 37
[ 2035.269314][T23591] option 1-1:7.0: device disconnected
[ 2035.806267][T23591] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[ 2035.956231][T23591] usb 1-1: device descriptor read/64, error -71
[ 2036.069969][T14760] usbhid 4-1:0.0: can't add hid device: -71
[ 2036.099527][T14760] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 2036.130613][T14760] usb 4-1: USB disconnect, device number 110
[ 2036.226285][T23591] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[ 2036.376310][T23591] usb 1-1: device descriptor read/64, error -71
[ 2036.480236][ T7860] usbhid 6-1:0.0: can't add hid device: -71
[ 2036.486438][ T7860] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 2036.519222][T23591] usb usb1-port1: attempt power cycle
[ 2036.529315][ T7860] usb 6-1: USB disconnect, device number 9
[ 2036.886217][T23591] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[ 2036.894001][T14760] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 2036.917039][T23591] usb 1-1: device descriptor read/8, error -71
[ 2037.046137][T14760] usb 2-1: Using ep0 maxpacket: 32
[ 2037.052883][T14760] usb 2-1: config 0 has an invalid interface number: 136 but max is 0
[ 2037.062072][T14760] usb 2-1: config 0 has no interface number 0
[ 2037.068647][T14760] usb 2-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[ 2037.081587][T14760] usb 2-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[ 2037.090885][T14760] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2037.099984][T14760] usb 2-1: Product: syz
[ 2037.104244][T14760] usb 2-1: Manufacturer: syz
[ 2037.109244][T14760] usb 2-1: SerialNumber: syz
[ 2037.121443][T14760] usb 2-1: config 0 descriptor??
[ 2037.127618][ T1055] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 2037.153182][T14760] comedi comedi5: driver 'vmk80xx' has successfully auto-configured 'K8061 (VM140)'.
[ 2037.164265][T23591] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[ 2037.197343][T23591] usb 1-1: device descriptor read/8, error -71
[ 2037.227858][ T1060] netlink: 92 bytes leftover after parsing attributes in process `syz.3.7270'.
[ 2037.292949][ T1067] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7272'.
[ 2037.321848][T23591] usb usb1-port1: unable to enumerate USB device
[ 2037.349841][ T7860] usb 2-1: USB disconnect, device number 50
[ 2037.583757][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 2037.590211][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 2037.647904][ T1077] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7273'.
[ 2038.136194][T23591] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[ 2038.510417][T23591] usb 4-1: config 0 has no interfaces?
[ 2038.527345][T23591] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 2038.657391][T23591] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2038.741281][T23591] usb 4-1: Product: syz
[ 2038.798954][T23591] usb 4-1: Manufacturer: syz
[ 2038.833471][T23591] usb 4-1: SerialNumber: syz
[ 2038.881019][T23591] usb 4-1: config 0 descriptor??
[ 2039.036318][T14760] usb 1-1: new full-speed USB device number 42 using dummy_hcd
[ 2039.066633][ T1101] netlink: 92 bytes leftover after parsing attributes in process `syz.5.7282'.
[ 2039.169651][ T1104] openvswitch: netlink: Missing valid actions attribute.
[ 2039.216361][T14760] usb 1-1: config 0 has an invalid interface number: 20 but max is 0
[ 2039.229912][T14760] usb 1-1: config 0 has no interface number 0
[ 2039.238394][T14760] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[ 2039.258838][ T1104] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2039.259835][T14760] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[ 2039.307429][T14760] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2039.352933][T14760] usb 1-1: Product: syz
[ 2039.371904][T14760] usb 1-1: Manufacturer: syz
[ 2039.385485][T14760] usb 1-1: SerialNumber: syz
[ 2039.401390][T14760] usb 1-1: config 0 descriptor??
[ 2039.408081][ T1091] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2039.420977][T14760] usb-storage 1-1:0.20: USB Mass Storage device detected
[ 2039.442644][T14760] usb-storage 1-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[ 2039.661710][ T1091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2039.671557][ T1091] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2039.781921][T14760] scsi host1: usb-storage 1-1:0.20
[ 2040.628108][   T30] kauditd_printk_skb: 38 callbacks suppressed
[ 2040.628125][   T30] audit: type=1326 audit(1763870593.337:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1124 comm="syz.1.7288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2040.798473][   T30] audit: type=1326 audit(1763870593.337:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1124 comm="syz.1.7288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2040.887667][T14760] usb 4-1: USB disconnect, device number 111
[ 2040.899860][   T30] audit: type=1326 audit(1763870593.367:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1124 comm="syz.1.7288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2040.952891][   T30] audit: type=1326 audit(1763870593.367:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1124 comm="syz.1.7288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2040.984950][   T30] audit: type=1326 audit(1763870593.367:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1124 comm="syz.1.7288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2041.010901][   T30] audit: type=1326 audit(1763870593.397:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1124 comm="syz.1.7288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2041.063287][ T1121] usb 1-1: reset full-speed USB device number 42 using dummy_hcd
[ 2041.091184][   T30] audit: type=1326 audit(1763870593.397:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1124 comm="syz.1.7288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2041.149954][   T30] audit: type=1326 audit(1763870593.397:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1124 comm="syz.1.7288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2041.174371][   T30] audit: type=1326 audit(1763870593.397:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1124 comm="syz.1.7288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2041.197952][   T30] audit: type=1326 audit(1763870593.397:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1124 comm="syz.1.7288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47c338f749 code=0x7ffc0000
[ 2041.305768][ T1140] netlink: 92 bytes leftover after parsing attributes in process `syz.3.7293'.
[ 2041.793646][ T1165] xt_hashlimit: max too large, truncated to 1048576
[ 2042.094578][ T7860] usb 1-1: USB disconnect, device number 42
[ 2042.720014][ T7872] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 2042.827385][ T1187] netlink: 48 bytes leftover after parsing attributes in process `syz.2.7303'.
[ 2042.856985][ T7872] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[ 2042.939365][ T7872] usb 3-1: USB disconnect, device number 105
[ 2044.056450][ T7860] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[ 2044.254179][ T1200] syzkaller0: entered promiscuous mode
[ 2044.261478][ T1200] syzkaller0: entered allmulticast mode
[ 2044.268320][ T7860] usb 1-1: Using ep0 maxpacket: 32
[ 2044.275742][ T7860] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[ 2044.306151][ T7860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2044.338603][ T7860] usb 1-1: config 0 descriptor??
[ 2044.367928][ T7860] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[ 2044.451563][ T1196] netlink: 'syz.1.7305': attribute type 2 has an invalid length.
[ 2044.459945][ T1196] netlink: 119 bytes leftover after parsing attributes in process `syz.1.7305'.
[ 2045.492670][ T1223] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2045.501582][ T1223] team0: left promiscuous mode
[ 2045.506730][ T1223] team_slave_0: left promiscuous mode
[ 2045.511398][ T1226] vim2m vim2m.0: vidioc_s_fmt queue busy
[ 2045.512331][ T1223] team_slave_1: left promiscuous mode
[ 2045.526790][ T1223] 8021q: adding VLAN 0 to HW filter on device team0
[ 2045.684888][ T1223] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2045.979461][ T7861] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 2046.041078][ T7860] gspca_vc032x: reg_w err -71
[ 2046.045808][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.056253][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.084087][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.098075][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.137375][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.154605][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.176319][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.186322][ T7861] usb 6-1: config 1 has an invalid descriptor of length 70, skipping remainder of the config
[ 2046.216282][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.226522][ T7861] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2046.235618][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.261393][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.268292][ T7861] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 2046.297663][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.323507][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.333752][ T7861] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 2046.354082][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.366159][ T7861] usb 6-1: SerialNumber: syz
[ 2046.374377][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.398775][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.413503][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.427061][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.442830][ T7860] gspca_vc032x: I2c Bus Busy Wait a8
[ 2046.476972][ T7860] gspca_vc032x: Unknown sensor...
[ 2046.482153][ T7860] vc032x 1-1:0.0: probe with driver vc032x failed with error -22
[ 2046.518869][ T7860] usb 1-1: USB disconnect, device number 43
[ 2046.536216][T28590] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[ 2046.627946][ T7861] usb 6-1: 0:2 : does not exist
[ 2046.686561][T24403] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 2046.699347][ T7861] usb 6-1: USB disconnect, device number 10
[ 2046.715230][ T1245] IPv6: NLM_F_REPLACE set, but no existing node found!
[ 2046.736203][T28590] usb 4-1: Using ep0 maxpacket: 16
[ 2046.749510][T28590] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2046.791278][T23813] udevd[23813]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2046.808730][T28590] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2046.854473][T28590] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2046.873763][T28590] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2046.889638][T28590] usb 4-1: Product: syz
[ 2046.904101][T24403] usb 2-1: config index 0 descriptor too short (expected 215, got 45)
[ 2046.933062][T28590] usb 4-1: Manufacturer: syz
[ 2046.946939][T28590] usb 4-1: SerialNumber: syz
[ 2046.947270][T24403] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 2046.965174][T24403] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2046.985178][T24403] usb 2-1: Product: syz
[ 2046.989927][T24403] usb 2-1: Manufacturer: syz
[ 2046.994669][T24403] usb 2-1: SerialNumber: syz
[ 2047.179071][ T1256] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2047.189821][ T1256] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2047.206514][T28590] usb 4-1: 0:2 : does not exist
[ 2047.217360][T24403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[ 2047.233293][T24403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[ 2047.267477][T24403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 2047.277818][T28590] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 2047.296604][T24403] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71
[ 2047.307134][ T7872] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[ 2047.324404][T24403] usb 2-1: USB disconnect, device number 51
[ 2047.330722][T28590] usb 4-1: USB disconnect, device number 112
[ 2047.390332][ T1261] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2047.433425][ T1261] FAULT_INJECTION: forcing a failure.
[ 2047.433425][ T1261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2047.448027][ T1261] CPU: 1 UID: 0 PID: 1261 Comm: syz.5.7325 Not tainted syzkaller #0 PREEMPT(full) 
[ 2047.448051][ T1261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2047.448064][ T1261] Call Trace:
[ 2047.448073][ T1261]  <TASK>
[ 2047.448081][ T1261]  dump_stack_lvl+0x189/0x250
[ 2047.448114][ T1261]  ? __pfx____ratelimit+0x10/0x10
[ 2047.448134][ T1261]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2047.448148][ T1261]  ? __pfx__printk+0x10/0x10
[ 2047.448160][ T1261]  ? __might_fault+0xb0/0x130
[ 2047.448180][ T1261]  should_fail_ex+0x414/0x560
[ 2047.448199][ T1261]  _copy_from_user+0x2d/0xb0
[ 2047.448214][ T1261]  __sys_bpf+0x1e3/0x860
[ 2047.448226][ T1261]  ? __pfx___sys_bpf+0x10/0x10
[ 2047.448244][ T1261]  ? ksys_write+0x1e1/0x250
[ 2047.448260][ T1261]  ? __pfx_ksys_write+0x10/0x10
[ 2047.448277][ T1261]  __x64_sys_bpf+0x7c/0x90
[ 2047.448294][ T1261]  do_syscall_64+0xfa/0xfa0
[ 2047.448308][ T1261]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2047.448324][ T1261]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2047.448334][ T1261]  ? clear_bhb_loop+0x60/0xb0
[ 2047.448347][ T1261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2047.448358][ T1261] RIP: 0033:0x7fd094d8f749
[ 2047.448368][ T1261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2047.448379][ T1261] RSP: 002b:00007fd095ba2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2047.448391][ T1261] RAX: ffffffffffffffda RBX: 00007fd094fe6180 RCX: 00007fd094d8f749
[ 2047.448399][ T1261] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 000000000000000f
[ 2047.448406][ T1261] RBP: 00007fd095ba2090 R08: 0000000000000000 R09: 0000000000000000
[ 2047.448413][ T1261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2047.448419][ T1261] R13: 00007fd094fe6218 R14: 00007fd094fe6180 R15: 00007fd09510fa28
[ 2047.448435][ T1261]  </TASK>
[ 2047.644287][ T7872] usb 3-1: config index 0 descriptor too short (expected 215, got 45)
[ 2047.655663][ T7872] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 2047.664851][ T7872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2047.672954][ T7872] usb 3-1: Product: syz
[ 2047.677143][ T7872] usb 3-1: Manufacturer: syz
[ 2047.681771][ T7872] usb 3-1: SerialNumber: syz
[ 2047.796176][T24403] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 2047.984242][T24403] usb 2-1: config index 0 descriptor too short (expected 215, got 45)
[ 2047.995509][T24403] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 2048.005146][T24403] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2048.035535][T24403] usb 2-1: Product: syz
[ 2048.050834][ T7872] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[ 2048.052542][T24403] usb 2-1: Manufacturer: syz
[ 2048.078985][T24403] usb 2-1: SerialNumber: syz
[ 2048.124381][ T7872] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[ 2048.146979][ T7872] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 2048.148534][ T1268] netlink: 76 bytes leftover after parsing attributes in process `syz.3.7328'.
[ 2048.203920][ T7872] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[ 2048.243654][ T7872] usb 3-1: USB disconnect, device number 106
[ 2048.293824][T24403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 2048.347668][T24403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -32
[ 2048.376747][T24403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 2048.390488][T24403] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -32
[ 2048.586225][ T7872] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[ 2048.737766][ T7872] usb 3-1: config index 0 descriptor too short (expected 215, got 45)
[ 2048.750211][ T7872] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 2048.764889][ T7872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2048.774122][ T7872] usb 3-1: Product: syz
[ 2048.781039][ T7872] usb 3-1: Manufacturer: syz
[ 2048.785975][ T7872] usb 3-1: SerialNumber: syz
[ 2048.812726][ T1283] vim2m vim2m.0: vidioc_s_fmt queue busy
[ 2049.176897][T14760] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[ 2049.202152][ T7872] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 2049.216160][ T7872] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 2049.287852][ T1278] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2049.297071][ T1278] team0: left promiscuous mode
[ 2049.301899][ T1278] team_slave_0: left promiscuous mode
[ 2049.308790][ T1278] team_slave_1: left promiscuous mode
[ 2049.315709][ T1278] 8021q: adding VLAN 0 to HW filter on device team0
[ 2049.332519][ T1278] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2049.359250][T14760] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 2049.370255][T14760] usb 1-1: config 16 interface 0 altsetting 75 endpoint 0x7 has an invalid bInterval 0, changing to 7
[ 2049.382748][T14760] usb 1-1: config 16 interface 0 altsetting 75 endpoint 0x7 has invalid wMaxPacketSize 0
[ 2049.394446][T14760] usb 1-1: config 16 interface 0 altsetting 75 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2049.408830][T14760] usb 1-1: config 16 interface 0 has no altsetting 0
[ 2049.415572][T14760] usb 1-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a
[ 2049.425256][T14760] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2049.488220][T23591] usb 2-1: USB disconnect, device number 52
[ 2049.660641][ T1291] FAULT_INJECTION: forcing a failure.
[ 2049.660641][ T1291] name failslab, interval 1, probability 0, space 0, times 0
[ 2049.703026][T14760] usb 1-1: string descriptor 0 read error: -71
[ 2049.709892][ T1291] CPU: 0 UID: 0 PID: 1291 Comm: syz.1.7333 Not tainted syzkaller #0 PREEMPT(full) 
[ 2049.709922][ T1291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2049.709933][ T1291] Call Trace:
[ 2049.709941][ T1291]  <TASK>
[ 2049.709949][ T1291]  dump_stack_lvl+0x189/0x250
[ 2049.709980][ T1291]  ? __pfx____ratelimit+0x10/0x10
[ 2049.710007][ T1291]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2049.710032][ T1291]  ? __pfx__printk+0x10/0x10
[ 2049.710065][ T1291]  should_fail_ex+0x414/0x560
[ 2049.710100][ T1291]  should_failslab+0xa8/0x100
[ 2049.710123][ T1291]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 2049.710150][ T1291]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 2049.710176][ T1291]  ? sctp_add_bind_addr+0x8c/0x370
[ 2049.710201][ T1291]  ? sctp_add_bind_addr+0xb0/0x370
[ 2049.710232][ T1291]  sctp_add_bind_addr+0x8c/0x370
[ 2049.710263][ T1291]  sctp_copy_local_addr_list+0x30b/0x4e0
[ 2049.710293][ T1291]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 2049.710320][ T1291]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 2049.710349][ T1291]  ? sctp_v6_is_any+0x64/0x80
[ 2049.710379][ T1291]  ? sctp_copy_one_addr+0x93/0x360
[ 2049.710409][ T1291]  sctp_bind_addr_copy+0xb3/0x3c0
[ 2049.710438][ T1291]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 2049.710466][ T1291]  sctp_connect_new_asoc+0x2e0/0x690
[ 2049.710491][ T1291]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 2049.710511][ T1291]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 2049.710540][ T1291]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 2049.710561][ T1291]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 2049.710588][ T1291]  sctp_sendmsg+0x155c/0x2810
[ 2049.710619][ T1291]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 2049.710643][ T1291]  ? aa_sk_perm+0x81e/0x950
[ 2049.710675][ T1291]  ? __pfx_aa_sk_perm+0x10/0x10
[ 2049.710710][ T1291]  ? sock_rps_record_flow+0x19/0x410
[ 2049.710733][ T1291]  ? inet_sendmsg+0x2f4/0x370
[ 2049.710753][ T1291]  __sock_sendmsg+0x19c/0x270
[ 2049.710783][ T1291]  __sys_sendto+0x3bd/0x520
[ 2049.710805][ T1291]  ? __pfx___sys_sendto+0x10/0x10
[ 2049.710822][ T1291]  ? __mutex_unlock_slowpath+0x1a1/0x740
[ 2049.710862][ T1291]  ? __fget_files+0x3a0/0x420
[ 2049.710890][ T1291]  ? ksys_write+0x22a/0x250
[ 2049.710920][ T1291]  ? __pfx_ksys_write+0x10/0x10
[ 2049.710950][ T1291]  __x64_sys_sendto+0xde/0x100
[ 2049.710975][ T1291]  do_syscall_64+0xfa/0xfa0
[ 2049.710998][ T1291]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2049.711024][ T1291]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2049.711044][ T1291]  ? clear_bhb_loop+0x60/0xb0
[ 2049.711068][ T1291]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2049.711087][ T1291] RIP: 0033:0x7f47c338f749
[ 2049.711106][ T1291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2049.711124][ T1291] RSP: 002b:00007f47c4290038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 2049.711145][ T1291] RAX: ffffffffffffffda RBX: 00007f47c35e5fa0 RCX: 00007f47c338f749
[ 2049.711159][ T1291] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000004
[ 2049.711173][ T1291] RBP: 00007f47c4290090 R08: 000020000005ffe4 R09: 000000000000001c
[ 2049.711188][ T1291] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002
[ 2049.711200][ T1291] R13: 00007f47c35e6038 R14: 00007f47c35e5fa0 R15: 00007f47c370fa28
[ 2049.711233][ T1291]  </TASK>
[ 2049.731772][T14760] imon:imon_find_endpoints: no valid input (IR) endpoint found
[ 2050.064749][T14760] imon 1-1:16.0: unable to initialize intf0, err -19
[ 2050.076235][T14760] imon:imon_probe: failed to initialize context!
[ 2050.082684][T14760] imon 1-1:16.0: unable to register, err -19
[ 2050.103283][T14760] usb 1-1: USB disconnect, device number 44
[ 2050.165990][ T7872] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -EPIPE
[ 2050.177948][ T7872] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 2050.195553][ T7872] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 2050.229773][ T7872] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -32
[ 2050.936325][T14760] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[ 2051.066246][T14760] usb 1-1: device descriptor read/64, error -71
[ 2051.093870][ T1336] syzkaller0: entered promiscuous mode
[ 2051.100053][ T1336] syzkaller0: entered allmulticast mode
[ 2051.191730][T24403] usb 3-1: USB disconnect, device number 107
[ 2051.245848][ T1338] netlink: 92 bytes leftover after parsing attributes in process `syz.2.7344'.
[ 2051.319959][T14760] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[ 2051.457526][T14760] usb 1-1: device descriptor read/64, error -71
[ 2051.576571][T14760] usb usb1-port1: attempt power cycle
[ 2051.667343][T24403] usb 4-1: new low-speed USB device number 113 using dummy_hcd
[ 2051.846141][ T7872] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 2051.936829][T14760] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[ 2051.967838][T14760] usb 1-1: device descriptor read/8, error -71
[ 2051.996276][ T7872] usb 6-1: Using ep0 maxpacket: 32
[ 2052.007559][ T7872] usb 6-1: config 0 has an invalid interface number: 188 but max is 0
[ 2052.018932][ T7872] usb 6-1: config 0 has no interface number 0
[ 2052.025379][ T7872] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 2052.040640][ T7872] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[ 2052.050958][ T7872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2052.059568][ T7872] usb 6-1: Product: syz
[ 2052.065777][ T7872] usb 6-1: Manufacturer: syz
[ 2052.071858][ T7872] usb 6-1: SerialNumber: syz
[ 2052.082738][ T7872] usb 6-1: config 0 descriptor??
[ 2052.090250][ T1352] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 2052.206194][T14760] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[ 2052.237290][T14760] usb 1-1: device descriptor read/8, error -71
[ 2052.328073][ T1352] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 2052.356988][T14760] usb usb1-port1: unable to enumerate USB device
[ 2052.639697][ T1360] ipt_REJECT: TCP_RESET invalid for non-tcp
[ 2053.364680][ T7872] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 2053.370532][ T1366] fuse: Unknown parameter 'f'
[ 2053.395911][ T7872] asix 6-1:0.188: probe with driver asix failed with error -32
[ 2053.484916][ T1372] fuse: Bad value for 'fd'
[ 2053.786489][ T7872] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 2053.813072][ T1380] netlink: 92 bytes leftover after parsing attributes in process `syz.0.7356'.
[ 2053.948003][ T7872] usb 2-1: config index 0 descriptor too short (expected 215, got 45)
[ 2053.970059][ T7872] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 2053.992934][ T7872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2054.011678][ T7872] usb 2-1: Product: syz
[ 2054.015888][ T7872] usb 2-1: Manufacturer: syz
[ 2054.032155][ T7872] usb 2-1: SerialNumber: syz
[ 2054.183739][ T1386] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2054.347540][T24403] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 2054.387029][ T1387] vim2m vim2m.0: vidioc_s_fmt queue busy
[ 2054.450265][T24403] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2054.459169][ T7872] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[ 2054.512780][T24403] usb 4-1: config 0 descriptor??
[ 2054.541909][ T7872] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[ 2054.561738][T24403] usb 4-1: can't set config #0, error -71
[ 2054.593004][ T7872] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 2054.608334][T24403] usb 4-1: USB disconnect, device number 113
[ 2054.690651][ T7872] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71
[ 2054.723459][ T7860] usb 6-1: USB disconnect, device number 11
[ 2054.803535][ T1393] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7358'.
[ 2054.904294][ T7872] usb 2-1: USB disconnect, device number 53
[ 2055.214631][ T7860] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 2055.406155][ T7872] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 2055.426156][T14760] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[ 2055.449108][ T7860] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2055.490494][ T7860] usb 6-1: config 0 interface 0 has no altsetting 0
[ 2055.523125][ T7860] usb 6-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=b1.f9
[ 2055.544959][ T7860] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2055.572965][ T7860] usb 6-1: Product: syz
[ 2055.580731][ T7860] usb 6-1: Manufacturer: syz
[ 2055.590198][T14760] usb 4-1: config 0 has no interfaces?
[ 2055.592886][ T7860] usb 6-1: SerialNumber: syz
[ 2055.598402][T14760] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 2055.609881][T14760] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2055.619642][ T7872] usb 2-1: config index 0 descriptor too short (expected 215, got 45)
[ 2055.630936][T14760] usb 4-1: Product: syz
[ 2055.635197][T14760] usb 4-1: Manufacturer: syz
[ 2055.640270][T14760] usb 4-1: SerialNumber: syz
[ 2055.647307][ T7872] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 2055.656792][ T7872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2055.665667][T14760] usb 4-1: config 0 descriptor??
[ 2055.671240][ T7872] usb 2-1: Product: syz
[ 2055.677128][ T7872] usb 2-1: Manufacturer: syz
[ 2055.681742][ T7872] usb 2-1: SerialNumber: syz
[ 2055.842915][ T7860] usb 6-1: config 0 descriptor??
[ 2055.939628][ T7860] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[ 2056.035176][ T7860] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2056.075493][ T7860] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[ 2056.111050][ T7860] usb 6-1: media controller created
[ 2056.140317][ T7872] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 2056.168967][ T7872] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 2056.252627][ T1406] netlink: 48 bytes leftover after parsing attributes in process `syz.2.7361'.
[ 2056.259045][ T7860] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2056.560754][ T7860] DVB: Unable to find symbol tda10046_attach()
[ 2056.569221][ T7860] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[ 2056.578385][ T7860] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[ 2056.961133][ T1395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2057.027226][ T1395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2057.041323][ T7872] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -EPIPE
[ 2057.058968][ T7872] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 2057.077593][ T7872] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 2057.095112][ T7872] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -32
[ 2057.498617][ T7872] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[ 2057.668341][ T7872] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 2057.699137][ T7872] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 2057.728124][ T7872] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2057.755436][T24403] usb 4-1: USB disconnect, device number 114
[ 2057.764265][ T7872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2057.824163][ T1415] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22
[ 2057.862224][ T1422] FAULT_INJECTION: forcing a failure.
[ 2057.862224][ T1422] name failslab, interval 1, probability 0, space 0, times 0
[ 2057.869971][ T7872] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 2057.875369][ T1422] CPU: 0 UID: 0 PID: 1422 Comm: syz.3.7365 Not tainted syzkaller #0 PREEMPT(full) 
[ 2057.875395][ T1422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2057.875407][ T1422] Call Trace:
[ 2057.875415][ T1422]  <TASK>
[ 2057.875423][ T1422]  dump_stack_lvl+0x189/0x250
[ 2057.875459][ T1422]  ? __pfx____ratelimit+0x10/0x10
[ 2057.875486][ T1422]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2057.875512][ T1422]  ? __pfx__printk+0x10/0x10
[ 2057.875537][ T1422]  ? __pfx___might_resched+0x10/0x10
[ 2057.875557][ T1422]  ? fs_reclaim_acquire+0x7d/0x100
[ 2057.875592][ T1422]  should_fail_ex+0x414/0x560
[ 2057.875634][ T1422]  should_failslab+0xa8/0x100
[ 2057.875655][ T1422]  __kmalloc_noprof+0xcb/0x7f0
[ 2057.875680][ T1422]  ? tomoyo_encode+0x28b/0x550
[ 2057.875708][ T1422]  ? tomoyo_mount_permission+0x27a/0x970
[ 2057.875748][ T1422]  tomoyo_encode+0x28b/0x550
[ 2057.875779][ T1422]  ? tomoyo_mount_permission+0x27a/0x970
[ 2057.875808][ T1422]  tomoyo_mount_permission+0x331/0x970
[ 2057.875841][ T1422]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[ 2057.875929][ T1422]  security_sb_mount+0xec/0x350
[ 2057.875963][ T1422]  path_mount+0xbc/0xfe0
[ 2057.875990][ T1422]  ? user_path_at+0x44/0x60
[ 2057.876012][ T1422]  ? kmem_cache_free+0x19b/0x690
[ 2057.876049][ T1422]  __se_sys_mount+0x313/0x410
[ 2057.876073][ T1422]  ? __pfx___se_sys_mount+0x10/0x10
[ 2057.876096][ T1422]  ? do_syscall_64+0xbe/0xfa0
[ 2057.876121][ T1422]  ? __x64_sys_mount+0x20/0xc0
[ 2057.876142][ T1422]  do_syscall_64+0xfa/0xfa0
[ 2057.876168][ T1422]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2057.876200][ T1422]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2057.876219][ T1422]  ? clear_bhb_loop+0x60/0xb0
[ 2057.876252][ T1422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2057.876276][ T1422] RIP: 0033:0x7f0bcbd8f749
[ 2057.876294][ T1422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2057.876311][ T1422] RSP: 002b:00007f0bccc30038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2057.876338][ T1422] RAX: ffffffffffffffda RBX: 00007f0bcbfe5fa0 RCX: 00007f0bcbd8f749
[ 2057.876353][ T1422] RDX: 00002000000003c0 RSI: 0000200000000040 RDI: 0000200000002440
[ 2057.876367][ T1422] RBP: 00007f0bccc30090 R08: 0000200000000400 R09: 0000000000000000
[ 2057.876380][ T1422] R10: 000000000200840d R11: 0000000000000246 R12: 0000000000000002
[ 2057.876392][ T1422] R13: 00007f0bcbfe6038 R14: 00007f0bcbfe5fa0 R15: 00007f0bcc10fa28
[ 2057.876424][ T1422]  </TASK>
[ 2058.201462][ T7860] dvb_usb_m920x 6-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[ 2058.207433][T14760] usb 2-1: USB disconnect, device number 54
[ 2058.241178][ T1415] tc_dump_action: action bad kind
[ 2058.254500][ T1426] netlink: 92 bytes leftover after parsing attributes in process `syz.3.7367'.
[ 2058.274031][ T7860] usb 6-1: USB disconnect, device number 12
[ 2058.522609][T14760] usb 1-1: USB disconnect, device number 49
[ 2058.686405][T24403] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 2058.694075][ T7860] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 2058.876390][T24403] usb 2-1: Using ep0 maxpacket: 16
[ 2058.886385][ T7860] usb 6-1: Using ep0 maxpacket: 32
[ 2058.894759][T24403] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2058.935423][ T7860] usb 6-1: config 0 has an invalid interface number: 188 but max is 0
[ 2058.962850][T24403] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[ 2058.972657][ T7860] usb 6-1: config 0 has no interface number 0
[ 2058.979213][ T7860] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 2058.989880][T24403] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2059.002224][T24403] usb 2-1: config 0 descriptor??
[ 2059.013174][ T7860] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[ 2059.038002][ T7860] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2059.052939][ T1440] netlink: 35 bytes leftover after parsing attributes in process `syz.2.7372'.
[ 2059.086312][ T7860] usb 6-1: Product: syz
[ 2059.090870][ T7860] usb 6-1: Manufacturer: syz
[ 2059.095660][ T7860] usb 6-1: SerialNumber: syz
[ 2059.105069][ T7860] usb 6-1: config 0 descriptor??
[ 2059.121249][ T1441] netlink: 76 bytes leftover after parsing attributes in process `syz.2.7372'.
[ 2059.157602][ T1431] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 2059.456903][ T1431] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 2059.485293][T24403] hid-multitouch 0003:1FD2:6007.005D: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0
[ 2060.093238][ T1457] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7378'.
[ 2060.230900][ T7872] usb 2-1: USB disconnect, device number 55
[ 2060.406282][T24403] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[ 2060.543373][ T7860] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 2060.554014][ T7861] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[ 2060.576399][ T1466] ip6t_srh: unknown srh match flags  4000
[ 2060.577823][T24403] usb 3-1: config index 0 descriptor too short (expected 215, got 45)
[ 2060.597998][ T7860] asix 6-1:0.188: probe with driver asix failed with error -32
[ 2060.618173][T24403] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 2060.642055][T24403] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2060.658933][T24403] usb 3-1: Product: syz
[ 2060.663363][T24403] usb 3-1: Manufacturer: syz
[ 2060.672846][T24403] usb 3-1: SerialNumber: syz
[ 2060.708892][ T7861] usb 4-1: config 0 has no interfaces?
[ 2060.719334][ T7861] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 2060.728940][ T7861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2060.738883][ T7861] usb 4-1: Product: syz
[ 2060.743302][ T7861] usb 4-1: Manufacturer: syz
[ 2060.748321][ T7861] usb 4-1: SerialNumber: syz
[ 2060.758033][ T7861] usb 4-1: config 0 descriptor??
[ 2060.889270][T24403] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[ 2060.901973][T24403] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[ 2060.913148][T24403] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 2060.927513][T24403] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[ 2060.945229][T24403] usb 3-1: USB disconnect, device number 108
[ 2061.266224][T24403] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[ 2061.450750][T24403] usb 3-1: config index 0 descriptor too short (expected 215, got 45)
[ 2061.475569][T24403] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 2061.487832][T24403] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2061.495957][T24403] usb 3-1: Product: syz
[ 2061.500732][T24403] usb 3-1: Manufacturer: syz
[ 2061.505444][T24403] usb 3-1: SerialNumber: syz
[ 2061.598722][ T7861] usb 6-1: USB disconnect, device number 13
[ 2061.706895][ T7872] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[ 2061.868254][ T7872] usb 1-1: Using ep0 maxpacket: 32
[ 2061.878782][ T7872] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2061.891310][ T7872] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2061.902681][ T7872] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 2061.912679][ T7872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2061.937432][ T7872] usb 1-1: config 0 descriptor??
[ 2061.943418][T24403] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 2061.985422][T24403] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 2062.380999][ T7872] savu 0003:1E7D:2D5A.005E: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[ 2062.671076][ T1479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2062.699005][ T1479] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2062.761121][ T7861] usb 1-1: USB disconnect, device number 50
[ 2062.848470][T24403] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -EPIPE
[ 2062.879820][T24403] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 2062.901569][T24403] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 2062.918934][T24403] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -32
[ 2063.046469][T24403] usb 4-1: USB disconnect, device number 115
[ 2063.156137][ T7872] usb 2-1: new full-speed USB device number 56 using dummy_hcd
[ 2063.170322][ T1497] FAULT_INJECTION: forcing a failure.
[ 2063.170322][ T1497] name failslab, interval 1, probability 0, space 0, times 0
[ 2063.190346][ T1497] CPU: 1 UID: 0 PID: 1497 Comm: syz.5.7390 Not tainted syzkaller #0 PREEMPT(full) 
[ 2063.190372][ T1497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2063.190383][ T1497] Call Trace:
[ 2063.190391][ T1497]  <TASK>
[ 2063.190400][ T1497]  dump_stack_lvl+0x189/0x250
[ 2063.190431][ T1497]  ? __pfx____ratelimit+0x10/0x10
[ 2063.190458][ T1497]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2063.190482][ T1497]  ? __pfx__printk+0x10/0x10
[ 2063.190507][ T1497]  ? __pfx___might_resched+0x10/0x10
[ 2063.190533][ T1497]  should_fail_ex+0x414/0x560
[ 2063.190568][ T1497]  should_failslab+0xa8/0x100
[ 2063.190589][ T1497]  kmem_cache_alloc_lru_noprof+0x79/0x6d0
[ 2063.190617][ T1497]  ? __d_alloc+0x36/0x7a0
[ 2063.190643][ T1497]  __d_alloc+0x36/0x7a0
[ 2063.190670][ T1497]  d_alloc_parallel+0xe1/0x1610
[ 2063.190708][ T1497]  ? __d_lookup+0x66/0x780
[ 2063.190734][ T1497]  ? __pfx_d_alloc_parallel+0x10/0x10
[ 2063.190772][ T1497]  path_openat+0xa3b/0x3830
[ 2063.190832][ T1497]  ? __pfx_path_openat+0x10/0x10
[ 2063.190875][ T1497]  do_filp_open+0x1fa/0x410
[ 2063.190896][ T1497]  ? __lock_acquire+0xab9/0xd20
[ 2063.190916][ T1497]  ? __pfx_do_filp_open+0x10/0x10
[ 2063.190963][ T1497]  ? _raw_spin_unlock+0x28/0x50
[ 2063.190988][ T1497]  ? alloc_fd+0x64c/0x6c0
[ 2063.191027][ T1497]  do_sys_openat2+0x121/0x1c0
[ 2063.191051][ T1497]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2063.191105][ T1497]  ? ksys_write+0x22a/0x250
[ 2063.191133][ T1497]  ? __pfx_ksys_write+0x10/0x10
[ 2063.191162][ T1497]  __x64_sys_openat+0x138/0x170
[ 2063.191199][ T1497]  do_syscall_64+0xfa/0xfa0
[ 2063.191226][ T1497]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2063.191251][ T1497]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2063.191270][ T1497]  ? clear_bhb_loop+0x60/0xb0
[ 2063.191294][ T1497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2063.191312][ T1497] RIP: 0033:0x7fd094d8f749
[ 2063.191328][ T1497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2063.191345][ T1497] RSP: 002b:00007fd095be4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 2063.191365][ T1497] RAX: ffffffffffffffda RBX: 00007fd094fe5fa0 RCX: 00007fd094d8f749
[ 2063.191378][ T1497] RDX: 0000000000000b00 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 2063.191389][ T1497] RBP: 00007fd095be4090 R08: 0000000000000000 R09: 0000000000000000
[ 2063.191399][ T1497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2063.191408][ T1497] R13: 00007fd094fe6038 R14: 00007fd094fe5fa0 R15: 00007fd09510fa28
[ 2063.191438][ T1497]  </TASK>
[ 2063.206167][ T7861] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[ 2063.317993][ T7872] usb 2-1: device descriptor read/64, error -71
[ 2063.526768][ T7861] usb 1-1: Using ep0 maxpacket: 16
[ 2063.536721][ T7861] usb 1-1: New USB device found, idVendor=0458, idProduct=704a, bcdDevice=3a.55
[ 2063.537161][ T1496] binfmt_misc: register: failed to install interpreter file ./file0
[ 2063.546971][ T7861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2063.563538][ T7861] usb 1-1: Product: syz
[ 2063.569782][ T7861] usb 1-1: Manufacturer: syz
[ 2063.574667][ T7861] usb 1-1: SerialNumber: syz
[ 2063.596901][ T7861] usb 1-1: config 0 descriptor??
[ 2063.612504][ T7861] gspca_main: gspca_sn9c20x-2.14.0 probing 0458:704a
[ 2063.635629][ T1508] FAULT_INJECTION: forcing a failure.
[ 2063.635629][ T1508] name failslab, interval 1, probability 0, space 0, times 0
[ 2063.649461][ T1508] CPU: 1 UID: 0 PID: 1508 Comm: syz.3.7392 Not tainted syzkaller #0 PREEMPT(full) 
[ 2063.649478][ T1508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2063.649485][ T1508] Call Trace:
[ 2063.649492][ T1508]  <TASK>
[ 2063.649497][ T1508]  dump_stack_lvl+0x189/0x250
[ 2063.649528][ T1508]  ? __pfx____ratelimit+0x10/0x10
[ 2063.649557][ T1508]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2063.649584][ T1508]  ? __pfx__printk+0x10/0x10
[ 2063.649608][ T1508]  should_fail_ex+0x414/0x560
[ 2063.649627][ T1508]  should_failslab+0xa8/0x100
[ 2063.649640][ T1508]  __kmalloc_noprof+0xcb/0x7f0
[ 2063.649656][ T1508]  ? nsim_fib_event_nb+0x295/0x1080
[ 2063.649681][ T1508]  ? __lock_acquire+0xab9/0xd20
[ 2063.649706][ T1508]  nsim_fib_event_nb+0x295/0x1080
[ 2063.649744][ T1508]  notifier_call_chain+0x1b6/0x3e0
[ 2063.649761][ T1508]  ? atomic_notifier_call_chain+0x26/0x180
[ 2063.649774][ T1508]  atomic_notifier_call_chain+0xda/0x180
[ 2063.649788][ T1508]  call_fib_notifiers+0x31/0x60
[ 2063.649800][ T1508]  fib6_add_rt2node+0x15fb/0x33a0
[ 2063.649842][ T1508]  ? trace_kmem_cache_alloc+0x1f/0xc0
[ 2063.649874][ T1508]  ? __pfx_fib6_add_rt2node+0x10/0x10
[ 2063.649901][ T1508]  ? fib6_add_1+0x1029/0x1460
[ 2063.649922][ T1508]  fib6_add+0x8da/0x18a0
[ 2063.649941][ T1508]  ? do_raw_spin_lock+0x121/0x290
[ 2063.649954][ T1508]  ? __pfx_fib6_add+0x10/0x10
[ 2063.649987][ T1508]  ? ip6_route_add+0xc9/0x1b0
[ 2063.650019][ T1508]  ip6_route_add+0xde/0x1b0
[ 2063.650049][ T1508]  ipv6_route_ioctl+0x35c/0x480
[ 2063.650067][ T1508]  ? __pfx_ipv6_route_ioctl+0x10/0x10
[ 2063.650104][ T1508]  inet6_ioctl+0x219/0x280
[ 2063.650126][ T1508]  ? __pfx_inet6_ioctl+0x10/0x10
[ 2063.650155][ T1508]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 2063.650184][ T1508]  sock_do_ioctl+0xdc/0x300
[ 2063.650209][ T1508]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 2063.650247][ T1508]  sock_ioctl+0x576/0x790
[ 2063.650271][ T1508]  ? __pfx_sock_ioctl+0x10/0x10
[ 2063.650299][ T1508]  ? __fget_files+0x3a0/0x420
[ 2063.650314][ T1508]  ? __fget_files+0x2a/0x420
[ 2063.650334][ T1508]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 2063.650355][ T1508]  ? __pfx_sock_ioctl+0x10/0x10
[ 2063.650377][ T1508]  __se_sys_ioctl+0xfc/0x170
[ 2063.650401][ T1508]  do_syscall_64+0xfa/0xfa0
[ 2063.650427][ T1508]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2063.650454][ T1508]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2063.650472][ T1508]  ? clear_bhb_loop+0x60/0xb0
[ 2063.650495][ T1508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2063.650513][ T1508] RIP: 0033:0x7f0bcbd8f749
[ 2063.650531][ T1508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2063.650550][ T1508] RSP: 002b:00007f0bccc30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2063.650571][ T1508] RAX: ffffffffffffffda RBX: 00007f0bcbfe5fa0 RCX: 00007f0bcbd8f749
[ 2063.650587][ T1508] RDX: 00002000000001c0 RSI: 000000000000890b RDI: 0000000000000003
[ 2063.650600][ T1508] RBP: 00007f0bccc30090 R08: 0000000000000000 R09: 0000000000000000
[ 2063.650614][ T1508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2063.650627][ T1508] R13: 00007f0bcbfe6038 R14: 00007f0bcbfe5fa0 R15: 00007f0bcc10fa28
[ 2063.650655][ T1508]  </TASK>
[ 2063.973190][ T7872] usb 2-1: new full-speed USB device number 57 using dummy_hcd
[ 2064.010947][ T7860] usb 3-1: USB disconnect, device number 109
[ 2064.116152][ T7872] usb 2-1: device descriptor read/64, error -71
[ 2064.173166][ T7861] gspca_sn9c20x: Write register 1001 failed -71
[ 2064.181688][ T7861] gspca_sn9c20x: Device initialization failed
[ 2064.188869][ T7861] gspca_sn9c20x 1-1:0.0: probe with driver gspca_sn9c20x failed with error -71
[ 2064.206899][ T7861] usb 1-1: USB disconnect, device number 51
[ 2064.226541][ T7872] usb usb2-port1: attempt power cycle
[ 2064.416243][ T7860] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[ 2064.506260][T14760] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 2064.566222][ T7860] usb 3-1: Using ep0 maxpacket: 16
[ 2064.575256][ T7860] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 2064.584466][ T7860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2064.586633][ T7872] usb 2-1: new full-speed USB device number 58 using dummy_hcd
[ 2064.592701][ T7860] usb 3-1: Product: syz
[ 2064.604435][ T7860] usb 3-1: Manufacturer: syz
[ 2064.609134][ T7860] usb 3-1: SerialNumber: syz
[ 2064.618364][ T7872] usb 2-1: device descriptor read/8, error -71
[ 2064.626323][ T7860] r8152-cfgselector 3-1: Unknown version 0x0000
[ 2064.633592][ T7860] r8152-cfgselector 3-1: config 0 descriptor??
[ 2064.676160][T14760] usb 6-1: Using ep0 maxpacket: 8
[ 2064.683100][T14760] usb 6-1: config index 0 descriptor too short (expected 30, got 18)
[ 2064.705936][T14760] usb 6-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 2064.715380][T14760] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2064.725541][T14760] usb 6-1: Product: syz
[ 2064.730969][T14760] usb 6-1: Manufacturer: syz
[ 2064.735699][T14760] usb 6-1: SerialNumber: syz
[ 2064.747110][T14760] usb 6-1: config 0 descriptor??
[ 2064.760661][T14760] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 2064.769353][T14760] usb 6-1: setting power ON
[ 2064.773910][T14760] dvb-usb: bulk message failed: -22 (2/0)
[ 2064.782905][T14760] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2064.792861][T14760] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 2064.801559][T14760] usb 6-1: media controller created
[ 2064.827424][T14760] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2064.853008][T14760] usb 6-1: selecting invalid altsetting 6
[ 2064.877072][ T7872] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[ 2064.886112][T14760] usb 6-1: digital interface selection failed (-22)
[ 2064.906767][T14760] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 2064.927221][T14760] usb 6-1: setting power OFF
[ 2064.931901][T14760] dvb-usb: bulk message failed: -22 (2/0)
[ 2064.938832][ T7872] usb 2-1: device descriptor read/8, error -71
[ 2064.954309][T14760] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 2064.976752][T14760] (NULL device *): no alternate interface
[ 2065.045718][ T1524] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7398'.
[ 2065.080375][ T7872] usb usb2-port1: unable to enumerate USB device
[ 2065.091061][T14760] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 2065.119275][ T1521] syz.0.7397 (1521): drop_caches: 2
[ 2065.131257][T14760] usb 6-1: USB disconnect, device number 14
[ 2065.315641][   T30] kauditd_printk_skb: 61 callbacks suppressed
[ 2065.315661][   T30] audit: type=1804 audit(1763870618.017:1110): pid=1528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.7399" name=6D656D66643A6C32AA2AAAAAAB49F9BF83667CC38615ACBBEDBF25D8EE2917AA0FAA6C5296E621D76B026FFF5345 dev="hugetlbfs" ino=182848 res=1 errno=0
[ 2065.542800][ T1536] FAULT_INJECTION: forcing a failure.
[ 2065.542800][ T1536] name failslab, interval 1, probability 0, space 0, times 0
[ 2065.558793][ T1536] CPU: 0 UID: 0 PID: 1536 Comm: syz.5.7401 Not tainted syzkaller #0 PREEMPT(full) 
[ 2065.558810][ T1536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2065.558817][ T1536] Call Trace:
[ 2065.558823][ T1536]  <TASK>
[ 2065.558829][ T1536]  dump_stack_lvl+0x189/0x250
[ 2065.558849][ T1536]  ? __pfx____ratelimit+0x10/0x10
[ 2065.558864][ T1536]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2065.558878][ T1536]  ? __pfx__printk+0x10/0x10
[ 2065.558891][ T1536]  ? __pfx___might_resched+0x10/0x10
[ 2065.558907][ T1536]  should_fail_ex+0x414/0x560
[ 2065.558929][ T1536]  should_failslab+0xa8/0x100
[ 2065.558946][ T1536]  kmem_cache_alloc_node_noprof+0x77/0x710
[ 2065.558961][ T1536]  ? percpu_ref_put+0x1e/0x230
[ 2065.558973][ T1536]  ? zswap_store+0xbc8/0x1f40
[ 2065.558987][ T1536]  zswap_store+0xbc8/0x1f40
[ 2065.559000][ T1536]  ? zswap_store+0x6ff/0x1f40
[ 2065.559016][ T1536]  ? __pfx_zswap_store+0x10/0x10
[ 2065.559028][ T1536]  ? do_raw_spin_unlock+0x122/0x240
[ 2065.559044][ T1536]  ? _raw_spin_unlock+0x28/0x50
[ 2065.559058][ T1536]  ? swap_entry_swapped+0x139/0x1c0
[ 2065.559073][ T1536]  ? folio_free_swap+0x1ed/0x370
[ 2065.559087][ T1536]  swap_writeout+0x710/0xd70
[ 2065.559104][ T1536]  shrink_folio_list+0x3011/0x4c70
[ 2065.559135][ T1536]  ? __pfx_shrink_folio_list+0x10/0x10
[ 2065.559175][ T1536]  ? css_rstat_updated+0x23a/0x4f0
[ 2065.559197][ T1536]  reclaim_folio_list+0xeb/0x500
[ 2065.559220][ T1536]  ? __pfx_reclaim_folio_list+0x10/0x10
[ 2065.559231][ T1536]  ? lru_gen_update_size+0x818/0xd20
[ 2065.559249][ T1536]  ? __mod_zone_page_state+0xd7/0x140
[ 2065.559265][ T1536]  ? lru_gen_del_folio+0x359/0x540
[ 2065.559282][ T1536]  reclaim_pages+0x454/0x520
[ 2065.559299][ T1536]  ? __pfx_reclaim_pages+0x10/0x10
[ 2065.559313][ T1536]  ? madvise_cold_or_pageout_pte_range+0x194b/0x1d00
[ 2065.559327][ T1536]  madvise_cold_or_pageout_pte_range+0x1974/0x1d00
[ 2065.559350][ T1536]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[ 2065.559368][ T1536]  ? memcg_rstat_updated+0xee/0x220
[ 2065.559382][ T1536]  walk_pgd_range+0xfe9/0x1d40
[ 2065.559415][ T1536]  ? __pfx_walk_pgd_range+0x10/0x10
[ 2065.559426][ T1536]  ? rcu_is_watching+0x15/0xb0
[ 2065.559439][ T1536]  ? lru_add+0xa2f/0xd80
[ 2065.559457][ T1536]  ? lru_add+0x198/0xd80
[ 2065.559480][ T1536]  __walk_page_range+0x14c/0x710
[ 2065.559502][ T1536]  ? __pfx_lru_add+0x10/0x10
[ 2065.559522][ T1536]  ? __pfx_folio_batch_move_lru+0x10/0x10
[ 2065.559544][ T1536]  ? process_measurement+0x3d8/0x1a40
[ 2065.559563][ T1536]  walk_page_range_vma+0x393/0x440
[ 2065.559656][ T1536]  ? mlock_drain_local+0x79/0x490
[ 2065.559679][ T1536]  ? __pfx_walk_page_range_vma+0x10/0x10
[ 2065.559696][ T1536]  ? mlock_drain_local+0x79/0x490
[ 2065.559711][ T1536]  madvise_vma_behavior+0x311f/0x3a10
[ 2065.559733][ T1536]  ? __pfx_process_measurement+0x10/0x10
[ 2065.559749][ T1536]  ? __pfx_madvise_vma_behavior+0x10/0x10
[ 2065.559770][ T1536]  ? __lock_acquire+0xab9/0xd20
[ 2065.559788][ T1536]  ? __lock_acquire+0xab9/0xd20
[ 2065.559812][ T1536]  ? mas_prev_slot+0xb31/0xbb0
[ 2065.559835][ T1536]  ? find_vma_prev+0xe3/0x150
[ 2065.559849][ T1536]  ? __pfx_find_vma_prev+0x10/0x10
[ 2065.559868][ T1536]  ? __might_fault+0xb0/0x130
[ 2065.559883][ T1536]  ? _parse_integer_limit+0x1ae/0x1f0
[ 2065.559898][ T1536]  madvise_walk_vmas+0x51c/0xa30
[ 2065.559918][ T1536]  ? __pfx_madvise_walk_vmas+0x10/0x10
[ 2065.559932][ T1536]  ? blk_start_plug+0x6f/0x1b0
[ 2065.559950][ T1536]  madvise_do_behavior+0x38e/0x550
[ 2065.559970][ T1536]  ? __pfx_madvise_do_behavior+0x10/0x10
[ 2065.559992][ T1536]  ? down_read+0x1ad/0x2e0
[ 2065.560014][ T1536]  do_madvise+0x1bc/0x270
[ 2065.560032][ T1536]  ? __pfx_do_madvise+0x10/0x10
[ 2065.560061][ T1536]  ? ksys_write+0x22a/0x250
[ 2065.560078][ T1536]  ? __pfx_ksys_write+0x10/0x10
[ 2065.560095][ T1536]  __x64_sys_madvise+0xa7/0xc0
[ 2065.560107][ T1536]  do_syscall_64+0xfa/0xfa0
[ 2065.560122][ T1536]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2065.560136][ T1536]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2065.560147][ T1536]  ? clear_bhb_loop+0x60/0xb0
[ 2065.560167][ T1536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2065.560179][ T1536] RIP: 0033:0x7fd094d8f749
[ 2065.560193][ T1536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2065.560203][ T1536] RSP: 002b:00007fd095be4038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[ 2065.560217][ T1536] RAX: ffffffffffffffda RBX: 00007fd094fe5fa0 RCX: 00007fd094d8f749
[ 2065.560225][ T1536] RDX: 0000000000000015 RSI: 0000000000600000 RDI: 0000200000000000
[ 2065.560232][ T1536] RBP: 00007fd095be4090 R08: 0000000000000000 R09: 0000000000000000
[ 2065.560239][ T1536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2065.560246][ T1536] R13: 00007fd094fe6038 R14: 00007fd094fe5fa0 R15: 00007fd09510fa28
[ 2065.560264][ T1536]  </TASK>
[ 2066.826309][T14760] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 2066.830456][ T7860] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[ 2066.996137][T14760] usb 2-1: Using ep0 maxpacket: 16
[ 2066.998193][ T7860] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2067.006805][T14760] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 2067.011870][ T7860] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 2067.019640][T14760] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2067.030794][ T7860] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[ 2067.038423][ T7872] usb 1-1: new full-speed USB device number 52 using dummy_hcd
[ 2067.038941][T14760] usb 2-1: Product: syz
[ 2067.063042][T14760] usb 2-1: Manufacturer: syz
[ 2067.067661][ T7860] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2067.067691][ T7860] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2067.067711][ T7860] usb 6-1: Product: syz
[ 2067.077127][T14760] usb 2-1: SerialNumber: syz
[ 2067.085122][ T7860] usb 6-1: Manufacturer: syz
[ 2067.102834][ T7860] usb 6-1: SerialNumber: syz
[ 2067.107465][T14760] r8152-cfgselector 2-1: Unknown version 0x0000
[ 2067.107490][T14760] r8152-cfgselector 2-1: config 0 descriptor??
[ 2067.207863][ T7872] usb 1-1: config 7 has an invalid interface number: 101 but max is 0
[ 2067.216253][ T7872] usb 1-1: config 7 has no interface number 0
[ 2067.222422][ T7872] usb 1-1: config 7 interface 101 has no altsetting 0
[ 2067.232578][ T7872] usb 1-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b
[ 2067.242019][ T7872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2067.251040][ T7872] usb 1-1: Product: syz
[ 2067.255273][ T7872] usb 1-1: Manufacturer: syz
[ 2067.259964][ T7872] usb 1-1: SerialNumber: syz
[ 2067.328265][ T7860] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[ 2067.336342][ T7860] usb 6-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 2067.344902][ T7860] usb 6-1: found format II with max.bitrate = 128, frame size=0
[ 2067.352753][ T7860] usb 6-1: 2:1: All rates were zero
[ 2067.374748][ T7860] usb 6-1: USB disconnect, device number 15
[ 2067.401286][T23813] udevd[23813]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2067.587575][ T1558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2067.599477][ T1558] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2067.650862][ T1558] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7407'.
[ 2067.899247][ T7860] r8152-cfgselector 3-1: USB disconnect, device number 110
[ 2068.085426][ T1566] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 2068.300332][ T1573] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7412'.
[ 2068.526182][ T7861] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[ 2068.676131][ T7861] usb 4-1: Using ep0 maxpacket: 16
[ 2068.693938][ T7861] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2068.743761][ T7861] usb 4-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00
[ 2068.819201][ T7861] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2068.886436][ T7861] usb 4-1: config 0 descriptor??
[ 2069.353108][ T7861] semitek 0003:1EA7:0907.005F: item fetching failed at offset 0/2
[ 2069.365225][ T7861] semitek 0003:1EA7:0907.005F: probe with driver semitek failed with error -22
[ 2069.622631][T14760] usb 4-1: USB disconnect, device number 116
[ 2069.926475][ T7872] as10x_usb: device has been detected
[ 2069.955904][ T7872] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe)
[ 2069.998392][ T7872] usb 1-1: DVB: registering adapter 10 frontend 0 (Elgato EyeTV DTT Deluxe)...
[ 2070.061167][ T7861] r8152-cfgselector 2-1: USB disconnect, device number 60
[ 2070.064484][ T7872] as10x_usb: error during firmware upload part1
[ 2070.091154][ T7872] Registered device Elgato EyeTV DTT Deluxe
[ 2070.104005][ T7872] usb 1-1: USB disconnect, device number 52
[ 2070.208703][ T7872] Unregistered device Elgato EyeTV DTT Deluxe
[ 2070.213590][ T7872] as10x_usb: device has been disconnected
[ 2070.649773][T28399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2070.667898][T28399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2070.677815][T28399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2070.685881][T28399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2070.700615][T28399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2070.725051][T14760] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 2070.876292][ T7861] usb 2-1: new full-speed USB device number 61 using dummy_hcd
[ 2070.886113][T14760] usb 6-1: Using ep0 maxpacket: 8
[ 2070.908728][T14760] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 2070.926521][T14760] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2070.935523][T14760] usb 6-1: config 1 has no interface number 1
[ 2070.945890][T14760] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2070.963124][T14760] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2070.974006][T14760] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2070.982143][T14760] usb 6-1: Product: syz
[ 2070.986925][T14760] usb 6-1: Manufacturer: syz
[ 2070.991802][T14760] usb 6-1: SerialNumber: syz
[ 2070.998370][ T1605] chnl_net:caif_netlink_parms(): no params data found
[ 2071.038757][ T7861] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[ 2071.064073][ T7861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 2071.083931][ T7861] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[ 2071.103017][ T7861] usb 2-1: New USB device found, idVendor=056a, idProduct=00b3, bcdDevice= 0.00
[ 2071.119555][ T7861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2071.139352][ T7861] usb 2-1: config 0 descriptor??
[ 2071.145616][ T1601] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 2071.227320][T14760] usb 6-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[ 2071.240888][T14760] usb 6-1: 2:1 : sample bitwidth 65 in over sample bytes 0
[ 2071.251249][T14760] usb 6-1: 2:1 : unsupported sample bitwidth 65 in 0 bytes
[ 2071.253502][ T1605] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2071.267022][ T1605] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2071.274342][ T1605] bridge_slave_0: entered allmulticast mode
[ 2071.282956][ T1605] bridge_slave_0: entered promiscuous mode
[ 2071.292615][ T1605] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2071.300506][ T1605] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2071.300706][T14760] usb 6-1: USB disconnect, device number 16
[ 2071.308396][ T1605] bridge_slave_1: entered allmulticast mode
[ 2071.335771][ T1605] bridge_slave_1: entered promiscuous mode
[ 2071.371023][T23813] udevd[23813]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2071.440716][ T1605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2071.460508][ T1605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2071.502041][ T1605] team0: Port device team_slave_0 added
[ 2071.510187][ T1605] team0: Port device team_slave_1 added
[ 2071.545736][ T1605] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2071.553023][ T1605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2071.579452][ T1605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2071.587095][ T7861] hid_parser_main: 5 callbacks suppressed
[ 2071.587119][ T7861] wacom 0003:056A:00B3.0060: unknown main item tag 0x0
[ 2071.600932][ T1605] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2071.609979][ T1605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2071.636673][ T1605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2071.640433][ T7861] wacom 0003:056A:00B3.0060: Unknown device_type for 'HID 056a:00b3'. Assuming pen.
[ 2071.674050][ T7861] wacom 0003:056A:00B3.0060: hidraw0: USB HID v0.00 Device [HID 056a:00b3] on usb-dummy_hcd.1-1/input0
[ 2071.694633][ T7861] input: Wacom Intuos3 12x12 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:00B3.0060/input/input179
[ 2071.778075][ T1605] hsr_slave_0: entered promiscuous mode
[ 2071.792156][ T1605] hsr_slave_1: entered promiscuous mode
[ 2071.810408][ T1605] debugfs: 'hsr0' already exists in 'hsr'
[ 2071.823514][ T1605] Cannot create hsr debugfs directory
[ 2071.873049][ T7861] usb 2-1: USB disconnect, device number 61
[ 2072.279496][ T1605] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2072.291066][ T1605] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2072.303694][ T1605] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2072.315300][ T1605] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2072.431074][ T1605] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2072.460620][ T1605] 8021q: adding VLAN 0 to HW filter on device team0
[ 2072.504118][T20824] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2072.511319][T20824] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2072.612306][T20824] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2072.619530][T20824] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2072.692696][ T1605] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 2072.751970][ T1605] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2072.781315][T28399] Bluetooth: hci0: command tx timeout
[ 2072.992949][ T1605] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2073.128549][ T1605] veth0_vlan: entered promiscuous mode
[ 2073.201552][ T1605] veth1_vlan: entered promiscuous mode
[ 2073.344318][ T1605] veth0_macvtap: entered promiscuous mode
[ 2073.378606][ T1605] veth1_macvtap: entered promiscuous mode
[ 2073.396195][ T7860] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[ 2073.461751][ T1605] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2073.529209][ T1605] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2073.578050][T31502] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2073.587325][T14563] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2073.606479][ T7860] usb 1-1: Using ep0 maxpacket: 16
[ 2073.613368][ T7860] usb 1-1: config 0 has an invalid interface number: 251 but max is 0
[ 2073.622228][ T7860] usb 1-1: config 0 has no interface number 0
[ 2073.636813][ T7860] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 2073.666627][ T7860] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 2073.697835][ T7860] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 2073.708443][ T7860] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2073.726334][ T7860] usb 1-1: Product: syz
[ 2073.736955][T14563] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2073.757611][ T7860] usb 1-1: Manufacturer: syz
[ 2073.786294][ T7860] usb 1-1: SerialNumber: syz
[ 2073.813999][T14563] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2073.820008][ T7860] usb 1-1: config 0 descriptor??
[ 2073.838925][ T1662] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 2073.866934][ T1662] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 2074.038899][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2074.070828][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2074.133972][ T1662] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 2074.152505][ T1662] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 2074.189816][ T1666] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2074.201978][ T1666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2074.410227][ T1672] FAULT_INJECTION: forcing a failure.
[ 2074.410227][ T1672] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2074.424423][ T1672] CPU: 0 UID: 0 PID: 1672 Comm: syz.6.7416 Not tainted syzkaller #0 PREEMPT(full) 
[ 2074.424449][ T1672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2074.424463][ T1672] Call Trace:
[ 2074.424472][ T1672]  <TASK>
[ 2074.424481][ T1672]  dump_stack_lvl+0x189/0x250
[ 2074.424515][ T1672]  ? __pfx____ratelimit+0x10/0x10
[ 2074.424544][ T1672]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2074.424571][ T1672]  ? __pfx__printk+0x10/0x10
[ 2074.424593][ T1672]  ? __might_fault+0xb0/0x130
[ 2074.424632][ T1672]  should_fail_ex+0x414/0x560
[ 2074.424667][ T1672]  _copy_from_user+0x2d/0xb0
[ 2074.424694][ T1672]  autofs_dev_ioctl+0x136/0xb30
[ 2074.424724][ T1672]  ? __fget_files+0x2a/0x420
[ 2074.424744][ T1672]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[ 2074.424767][ T1672]  ? __fget_files+0x3a0/0x420
[ 2074.424785][ T1672]  ? __fget_files+0x2a/0x420
[ 2074.424807][ T1672]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 2074.424830][ T1672]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[ 2074.424853][ T1672]  __se_sys_ioctl+0xfc/0x170
[ 2074.424881][ T1672]  do_syscall_64+0xfa/0xfa0
[ 2074.424909][ T1672]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2074.424937][ T1672]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2074.424958][ T1672]  ? clear_bhb_loop+0x60/0xb0
[ 2074.424982][ T1672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2074.425001][ T1672] RIP: 0033:0x7f647e98f749
[ 2074.425019][ T1672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2074.425038][ T1672] RSP: 002b:00007f647f905038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2074.425059][ T1672] RAX: ffffffffffffffda RBX: 00007f647ebe5fa0 RCX: 00007f647e98f749
[ 2074.425075][ T1672] RDX: 0000200000000200 RSI: 00000000c018937e RDI: 0000000000000003
[ 2074.425088][ T1672] RBP: 00007f647f905090 R08: 0000000000000000 R09: 0000000000000000
[ 2074.425101][ T1672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2074.425113][ T1672] R13: 00007f647ebe6038 R14: 00007f647ebe5fa0 R15: 00007f647ed0fa28
[ 2074.425146][ T1672]  </TASK>
[ 2074.888097][T28399] Bluetooth: hci0: command tx timeout
[ 2075.267664][ T1691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2075.346537][T24403] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 2075.675857][ T1695] fuse: Unknown parameter ''
[ 2075.703466][ T1691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2075.979265][T24403] usb 6-1: config 0 has an invalid interface number: 104 but max is 0
[ 2076.044488][T24403] usb 6-1: config 0 has no interface number 0
[ 2076.158495][T24403] usb 6-1: New USB device found, idVendor=1b93, idProduct=1013, bcdDevice=e0.89
[ 2076.188617][T24403] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2076.225956][T24403] usb 6-1: Product: syz
[ 2076.452433][T24403] usb 6-1: Manufacturer: syz
[ 2076.457583][T24403] usb 6-1: SerialNumber: syz
[ 2076.481524][T24403] usb 6-1: config 0 descriptor??
[ 2076.492102][T24403] cp210x 6-1:0.104: cp210x converter detected
[ 2076.691182][T24403] cp210x 6-1:0.104: failed to get vendor val 0x370b size 1: -71
[ 2076.736864][T24403] cp210x 6-1:0.104: querying part number failed
[ 2076.749139][T24403] usb 6-1: cp210x converter now attached to ttyUSB0
[ 2076.760611][T24403] usb 6-1: USB disconnect, device number 17
[ 2076.936669][T28399] Bluetooth: hci0: command tx timeout
[ 2076.939472][T24403] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 2077.366552][T24403] cp210x 6-1:0.104: device disconnected
[ 2077.468047][ T7860] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 2077.480232][ T7860] asix 1-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[ 2077.556505][ T7860] asix 1-1:0.251: probe with driver asix failed with error -71
[ 2077.647927][ T7860] usb 1-1: USB disconnect, device number 53
[ 2078.098493][ T1709] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.7454'.
[ 2078.147743][ T1709] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7454'.
[ 2078.666184][T14760] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[ 2078.827597][T14760] usb 6-1: config 0 has an invalid interface number: 20 but max is 0
[ 2078.863268][T14760] usb 6-1: config 0 has no interface number 0
[ 2078.882237][T14760] usb 6-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[ 2078.908292][T14760] usb 6-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[ 2078.924442][T14760] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2078.942676][T14760] usb 6-1: Product: syz
[ 2078.951622][T14760] usb 6-1: Manufacturer: syz
[ 2078.961929][T14760] usb 6-1: SerialNumber: syz
[ 2078.981407][T14760] usb 6-1: config 0 descriptor??
[ 2079.016815][T28399] Bluetooth: hci0: command tx timeout
[ 2079.045693][ T1715] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 2079.059998][T14760] usb-storage 6-1:0.20: USB Mass Storage device detected
[ 2079.134546][T14760] usb-storage 6-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[ 2079.288895][ T1715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2079.326590][ T1715] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2079.433064][T14760] scsi host1: usb-storage 6-1:0.20
[ 2079.446296][ T1734] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.7461'.
[ 2079.856530][T24403] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 2079.953249][ T1745] kvm: pic: non byte write
[ 2080.026325][T24403] usb 2-1: Using ep0 maxpacket: 8
[ 2080.033005][T24403] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 2080.045648][T24403] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 2080.058793][T24403] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2080.070083][T24403] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2080.084091][T24403] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 2080.103354][T24403] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2080.379930][T24403] usb 2-1: GET_CAPABILITIES returned 0
[ 2080.385620][T24403] usbtmc 2-1:16.0: can't read capabilities
[ 2080.469673][ T1759] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7468'.
[ 2080.666171][ T1736] usb 6-1: reset full-speed USB device number 18 using dummy_hcd
[ 2081.368170][ T7860] usb 1-1: new low-speed USB device number 54 using dummy_hcd
[ 2081.528157][ T7860] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[ 2081.528394][ T1776] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7474'.
[ 2081.545414][ T7860] usb 1-1: config 0 has no interface number 0
[ 2081.551897][ T7860] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 2081.563837][ T7860] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[ 2081.566202][ T7872] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[ 2081.575328][ T7860] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 2081.592020][ T7860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2081.602469][ T7860] usb 1-1: config 0 descriptor??
[ 2081.608400][ T1769] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[ 2081.619489][ T7860] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1
[ 2081.727928][ T7872] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2081.738010][ T7872] usb 7-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[ 2081.747212][ T7872] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2081.757539][ T7872] usb 7-1: config 0 descriptor??
[ 2081.829559][T24403] usb 6-1: USB disconnect, device number 18
[ 2082.170713][ T7872] hid-led 0003:1294:1320.0061: unknown main item tag 0x0
[ 2082.180029][ T7872] hid-led 0003:1294:1320.0061: hidraw0: USB HID v0.00 Device [HID 1294:1320] on usb-dummy_hcd.6-1/input0
[ 2082.210251][ T7872] hid-led 0003:1294:1320.0061: Riso Kagaku Webmail Notifier initialized
[ 2082.276404][T24403] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 2082.326698][ T7860] usb 2-1: USB disconnect, device number 62
[ 2082.387941][ T7861] usb 7-1: USB disconnect, device number 2
[ 2082.416544][T14563] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38)
[ 2082.435993][T24403] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2082.450248][T24403] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2082.450704][T14563] leds riso_kagaku0:green: Setting an LED's brightness failed (-38)
[ 2082.471275][ T1666] leds riso_kagaku0:red: Setting an LED's brightness failed (-38)
[ 2082.481326][T24403] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 2082.494622][T24403] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 2082.507585][T24403] usb 6-1: SerialNumber: syz
[ 2082.864047][T24403] usb 6-1: 0:2 : does not exist
[ 2082.931123][T24403] usb 6-1: USB disconnect, device number 19
[ 2083.051603][ T1796] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7478'.
[ 2083.128210][T23813] udevd[23813]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2083.507212][ T1803] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 2083.576801][T24403] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[ 2083.696695][ T1804] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2083.738345][T24403] usb 2-1: config 0 has no interfaces?
[ 2083.750752][T24403] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 2083.775659][T24403] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2083.798937][T24403] usb 2-1: Product: syz
[ 2083.807990][T24403] usb 2-1: Manufacturer: syz
[ 2083.817919][T24403] usb 2-1: SerialNumber: syz
[ 2083.840597][T24403] usb 2-1: config 0 descriptor??
[ 2084.346005][ T7861] usb 1-1: USB disconnect, device number 54
[ 2084.526159][T14760] usb 4-1: new full-speed USB device number 117 using dummy_hcd
[ 2084.778290][T14760] usb 4-1: config 0 has an invalid interface number: 20 but max is 0
[ 2084.789843][T14760] usb 4-1: config 0 has no interface number 0
[ 2084.801842][T14760] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[ 2084.880519][T14760] usb 4-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[ 2084.925154][T14760] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2084.990315][T14760] usb 4-1: Product: syz
[ 2085.076123][T14760] usb 4-1: Manufacturer: syz
[ 2085.083317][T14760] usb 4-1: SerialNumber: syz
[ 2085.153113][T14760] usb 4-1: config 0 descriptor??
[ 2085.220725][ T1811] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 2085.251272][T14760] usb-storage 4-1:0.20: USB Mass Storage device detected
[ 2085.302107][T14760] usb-storage 4-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[ 2085.527110][ T1811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2085.550437][ T1811] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2085.800714][T14760] scsi host1: usb-storage 4-1:0.20
[ 2086.482363][T28590] usb 2-1: USB disconnect, device number 63
[ 2086.996193][ T1830] usb 4-1: reset full-speed USB device number 117 using dummy_hcd
[ 2087.248577][ T1855] random: crng reseeded on system resumption
[ 2087.557596][ T1863] tipc: Started in network mode
[ 2087.562729][ T1863] tipc: Node identity 7ec4e57ad92b, cluster identity 4711
[ 2087.580517][ T1863] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2087.607640][ T1863] syzkaller0: entered promiscuous mode
[ 2087.657095][ T1863] syzkaller0: entered allmulticast mode
[ 2087.713156][ T1863] netlink: 268 bytes leftover after parsing attributes in process `syz.3.7496'.
[ 2087.803772][ T1863] unsupported nla_type 65024
[ 2087.811900][ T1866] tipc: Resetting bearer <eth:syzkaller0>
[ 2087.967442][ T1862] tipc: Resetting bearer <eth:syzkaller0>
[ 2088.020278][ T1862] tipc: Disabling bearer <eth:syzkaller0>
[ 2088.087299][T28590] usb 4-1: USB disconnect, device number 117
[ 2089.266163][T14760] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 2089.428540][T14760] usb 6-1: Using ep0 maxpacket: 32
[ 2089.444436][T14760] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[ 2089.472228][T14760] usb 6-1: config 0 has no interface number 0
[ 2089.485330][T14760] usb 6-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2089.500840][T14760] usb 6-1: config 0 interface 89 has no altsetting 0
[ 2089.520981][T14760] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 2089.530958][T14760] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2089.539268][T14760] usb 6-1: Product: syz
[ 2089.543653][T14760] usb 6-1: Manufacturer: syz
[ 2089.549041][T14760] usb 6-1: SerialNumber: syz
[ 2089.560105][T14760] usb 6-1: config 0 descriptor??
[ 2089.570219][T14760] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 2089.581618][T14760] em28xx 6-1:0.89: Video interface 89 found:
[ 2089.966319][T28590] usb 4-1: new full-speed USB device number 118 using dummy_hcd
[ 2090.106272][T28590] usb 4-1: device descriptor read/64, error -71
[ 2090.185065][ T1890] input: syz1 as /devices/virtual/input/input182
[ 2090.241923][T14760] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[ 2090.256238][T24403] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 2090.338196][ T1904] FAULT_INJECTION: forcing a failure.
[ 2090.338196][ T1904] name failslab, interval 1, probability 0, space 0, times 0
[ 2090.350937][T28590] usb 4-1: new full-speed USB device number 119 using dummy_hcd
[ 2090.361655][ T1904] CPU: 1 UID: 0 PID: 1904 Comm: syz.6.7508 Not tainted syzkaller #0 PREEMPT(full) 
[ 2090.361684][ T1904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2090.361698][ T1904] Call Trace:
[ 2090.361706][ T1904]  <TASK>
[ 2090.361716][ T1904]  dump_stack_lvl+0x189/0x250
[ 2090.361747][ T1904]  ? __pfx____ratelimit+0x10/0x10
[ 2090.361772][ T1904]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2090.361798][ T1904]  ? __pfx__printk+0x10/0x10
[ 2090.361825][ T1904]  ? __pfx___might_resched+0x10/0x10
[ 2090.361845][ T1904]  ? fs_reclaim_acquire+0x7d/0x100
[ 2090.361880][ T1904]  should_fail_ex+0x414/0x560
[ 2090.361915][ T1904]  should_failslab+0xa8/0x100
[ 2090.361938][ T1904]  __kvmalloc_node_noprof+0x158/0x910
[ 2090.361968][ T1904]  ? trace_kmalloc+0x1f/0xd0
[ 2090.361994][ T1904]  ? io_alloc_cache_init+0x42/0x140
[ 2090.362024][ T1904]  io_alloc_cache_init+0x42/0x140
[ 2090.362050][ T1904]  io_rsrc_cache_init+0x26/0x50
[ 2090.362074][ T1904]  io_ring_ctx_alloc+0x4d9/0xc10
[ 2090.362112][ T1904]  io_uring_create+0x14a/0xba0
[ 2090.362149][ T1904]  __se_sys_io_uring_setup+0x264/0x270
[ 2090.362178][ T1904]  ? __pfx___se_sys_io_uring_setup+0x10/0x10
[ 2090.362223][ T1904]  ? do_syscall_64+0xbe/0xfa0
[ 2090.362255][ T1904]  do_syscall_64+0xfa/0xfa0
[ 2090.362281][ T1904]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2090.362297][ T1904]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2090.362314][ T1904]  ? clear_bhb_loop+0x60/0xb0
[ 2090.362333][ T1904]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2090.362349][ T1904] RIP: 0033:0x7f647e98f749
[ 2090.362364][ T1904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2090.362379][ T1904] RSP: 002b:00007f647f904fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[ 2090.362397][ T1904] RAX: ffffffffffffffda RBX: 00007f647ebe5fa0 RCX: 00007f647e98f749
[ 2090.362410][ T1904] RDX: 0000200000000140 RSI: 0000200000000180 RDI: 0000000000002f90
[ 2090.362421][ T1904] RBP: 0000200000000180 R08: 0000000000000000 R09: 0000200000000140
[ 2090.362433][ T1904] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2090.362443][ T1904] R13: 0000200000000100 R14: 0000000000002f90 R15: 0000200000000140
[ 2090.362468][ T1904]  </TASK>
[ 2090.416617][T24403] usb 2-1: Using ep0 maxpacket: 8
[ 2090.519933][ T1890] loop5: detected capacity change from 0 to 7
[ 2090.606172][T28590] usb 4-1: device descriptor read/64, error -71
[ 2090.620882][ T1911] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 2090.679747][T24403] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d
[ 2090.716378][T28590] usb usb4-port1: attempt power cycle
[ 2090.727750][T24403] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2090.735911][T24403] usb 2-1: Product: syz
[ 2090.740229][T24403] usb 2-1: Manufacturer: syz
[ 2090.744837][T24403] usb 2-1: SerialNumber: syz
[ 2090.872417][T24403] usb 2-1: config 0 descriptor??
[ 2091.056323][T28590] usb 4-1: new full-speed USB device number 120 using dummy_hcd
[ 2091.086906][T28590] usb 4-1: device descriptor read/8, error -71
[ 2091.149691][T24403] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[ 2091.178192][T24403] dvb_usb_af9015 2-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[ 2091.211400][T22857] Dev loop5: unable to read RDB block 7
[ 2091.236650][T24403] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[ 2091.253458][T24403] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[ 2091.258314][T22857]  loop5: unable to read partition table
[ 2091.303404][T22857] loop5: partition table beyond EOD, truncated
[ 2091.356130][T28590] usb 4-1: new full-speed USB device number 121 using dummy_hcd
[ 2091.395690][T24403] usb 2-1: USB disconnect, device number 64
[ 2091.408729][T28590] usb 4-1: device descriptor read/8, error -71
[ 2091.516870][T28590] usb usb4-port1: unable to enumerate USB device
[ 2091.882213][ T1890] Dev loop5: unable to read RDB block 7
[ 2091.900963][T14760] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 2091.913973][ T1890]  loop5: unable to read partition table
[ 2091.922064][T14760] em28xx 6-1:0.89: board has no eeprom
[ 2091.937431][ T1890] loop5: partition table beyond EOD, truncated
[ 2091.943870][ T1890] loop_reread_partitions: partition scan of loop5 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 2092.006967][T14760] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[ 2092.046161][T14760] em28xx 6-1:0.89: analog set to bulk mode.
[ 2092.082897][T23591] em28xx 6-1:0.89: Registering V4L2 extension
[ 2092.195408][ T7869] usb 6-1: USB disconnect, device number 20
[ 2092.214280][ T7869] em28xx 6-1:0.89: Disconnecting em28xx
[ 2092.298309][T23591] em28xx 6-1:0.89: Config register raw data: 0xffffffed
[ 2092.307534][T23591] em28xx 6-1:0.89: AC97 chip type couldn't be determined
[ 2092.338443][T23591] em28xx 6-1:0.89: No AC97 audio processor
[ 2092.377262][T23591] usb 6-1: Decoder not found
[ 2092.400220][T23591] em28xx 6-1:0.89: failed to create media graph
[ 2092.535045][T23591] em28xx 6-1:0.89: V4L2 device video103 deregistered
[ 2092.679999][T23591] em28xx 6-1:0.89: Registering snapshot button...
[ 2092.685353][ T1944] ==================================================================
[ 2092.694519][ T1944] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xac/0x420
[ 2092.701881][ T1944] Read of size 8 at addr ffff8880698b4740 by task v4l_id/1944
[ 2092.709320][ T1944] 
[ 2092.711628][ T1944] CPU: 0 UID: 0 PID: 1944 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[ 2092.711641][ T1944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2092.711649][ T1944] Call Trace:
[ 2092.711656][ T1944]  <TASK>
[ 2092.711662][ T1944]  dump_stack_lvl+0x189/0x250
[ 2092.711681][ T1944]  ? __virt_addr_valid+0x1c8/0x5c0
[ 2092.711695][ T1944]  ? rcu_is_watching+0x15/0xb0
[ 2092.711707][ T1944]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2092.711720][ T1944]  ? rcu_is_watching+0x15/0xb0
[ 2092.711731][ T1944]  ? lock_release+0x4b/0x3e0
[ 2092.711742][ T1944]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 2092.711756][ T1944]  ? __virt_addr_valid+0x1c8/0x5c0
[ 2092.711769][ T1944]  ? __virt_addr_valid+0x4a5/0x5c0
[ 2092.711783][ T1944]  print_report+0xca/0x240
[ 2092.711796][ T1944]  ? v4l2_fh_open+0xac/0x420
[ 2092.711806][ T1944]  kasan_report+0x118/0x150
[ 2092.711817][ T1944]  ? v4l2_fh_open+0xac/0x420
[ 2092.711828][ T1944]  v4l2_fh_open+0xac/0x420
[ 2092.711839][ T1944]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2092.711856][ T1944]  em28xx_v4l2_open+0x157/0x9a0
[ 2092.711874][ T1944]  v4l2_open+0x1bf/0x3a0
[ 2092.711886][ T1944]  chrdev_open+0x4cc/0x5e0
[ 2092.711897][ T1944]  ? __pfx_chrdev_open+0x10/0x10
[ 2092.711907][ T1944]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 2092.711920][ T1944]  ? __pfx_chrdev_open+0x10/0x10
[ 2092.711929][ T1944]  do_dentry_open+0x953/0x13f0
[ 2092.711943][ T1944]  vfs_open+0x3b/0x340
[ 2092.711953][ T1944]  ? path_openat+0x2ecd/0x3830
[ 2092.711967][ T1944]  path_openat+0x2ee5/0x3830
[ 2092.711987][ T1944]  ? __pfx_path_openat+0x10/0x10
[ 2092.712003][ T1944]  do_filp_open+0x1fa/0x410
[ 2092.712016][ T1944]  ? __lock_acquire+0xab9/0xd20
[ 2092.712026][ T1944]  ? __pfx_do_filp_open+0x10/0x10
[ 2092.712042][ T1944]  ? _raw_spin_unlock+0x28/0x50
[ 2092.712055][ T1944]  ? alloc_fd+0x64c/0x6c0
[ 2092.712072][ T1944]  do_sys_openat2+0x121/0x1c0
[ 2092.712084][ T1944]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2092.712096][ T1944]  ? exc_page_fault+0x82/0x100
[ 2092.712110][ T1944]  ? do_user_addr_fault+0xc85/0x1380
[ 2092.712121][ T1944]  __x64_sys_openat+0x138/0x170
[ 2092.712134][ T1944]  do_syscall_64+0xfa/0xfa0
[ 2092.712149][ T1944]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2092.712163][ T1944]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2092.712173][ T1944]  ? clear_bhb_loop+0x60/0xb0
[ 2092.712184][ T1944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2092.712194][ T1944] RIP: 0033:0x7f65bdaa7407
[ 2092.712206][ T1944] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 2092.712216][ T1944] RSP: 002b:00007ffdb5f1fd00 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 2092.712228][ T1944] RAX: ffffffffffffffda RBX: 00007f65be161880 RCX: 00007f65bdaa7407
[ 2092.712236][ T1944] RDX: 0000000000000000 RSI: 00007ffdb5f20f1b RDI: ffffffffffffff9c
[ 2092.712244][ T1944] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 2092.712250][ T1944] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 2092.712257][ T1944] R13: 00007ffdb5f1ff50 R14: 00007f65be266000 R15: 000055b5b79634d8
[ 2092.712268][ T1944]  </TASK>
[ 2092.712272][ T1944] 
[ 2093.014271][ T1944] Allocated by task 23591:
[ 2093.018678][ T1944]  kasan_save_track+0x3e/0x80
[ 2093.023349][ T1944]  __kasan_kmalloc+0x93/0xb0
[ 2093.027925][ T1944]  __kmalloc_cache_noprof+0x3d5/0x6f0
[ 2093.033285][ T1944]  em28xx_v4l2_init+0x10b/0x2e70
[ 2093.038212][ T1944]  em28xx_init_extension+0x120/0x1c0
[ 2093.043557][ T1944]  process_scheduled_works+0xae1/0x17b0
[ 2093.049097][ T1944]  worker_thread+0x8a0/0xda0
[ 2093.053806][ T1944]  kthread+0x711/0x8a0
[ 2093.057874][ T1944]  ret_from_fork+0x4bc/0x870
[ 2093.062457][ T1944]  ret_from_fork_asm+0x1a/0x30
[ 2093.067206][ T1944] 
[ 2093.069589][ T1944] Freed by task 23591:
[ 2093.073723][ T1944]  kasan_save_track+0x3e/0x80
[ 2093.078440][ T1944]  __kasan_save_free_info+0x46/0x50
[ 2093.083628][ T1944]  __kasan_slab_free+0x5c/0x80
[ 2093.088410][ T1944]  kfree+0x19a/0x6d0
[ 2093.092287][ T1944]  em28xx_v4l2_init+0x1683/0x2e70
[ 2093.097299][ T1944]  em28xx_init_extension+0x120/0x1c0
[ 2093.102574][ T1944]  process_scheduled_works+0xae1/0x17b0
[ 2093.108118][ T1944]  worker_thread+0x8a0/0xda0
[ 2093.112704][ T1944]  kthread+0x711/0x8a0
[ 2093.116764][ T1944]  ret_from_fork+0x4bc/0x870
[ 2093.121338][ T1944]  ret_from_fork_asm+0x1a/0x30
[ 2093.126091][ T1944] 
[ 2093.128416][ T1944] The buggy address belongs to the object at ffff8880698b4000
[ 2093.128416][ T1944]  which belongs to the cache kmalloc-8k of size 8192
[ 2093.142457][ T1944] The buggy address is located 1856 bytes inside of
[ 2093.142457][ T1944]  freed 8192-byte region [ffff8880698b4000, ffff8880698b6000)
[ 2093.156414][ T1944] 
[ 2093.158758][ T1944] The buggy address belongs to the physical page:
[ 2093.165162][ T1944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x698b0
[ 2093.173902][ T1944] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 2093.182379][ T1944] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 2093.190340][ T1944] page_type: f5(slab)
[ 2093.194312][ T1944] raw: 00fff00000000040 ffff88801a027280 0000000000000000 0000000000000001
[ 2093.202875][ T1944] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 2093.211438][ T1944] head: 00fff00000000040 ffff88801a027280 0000000000000000 0000000000000001
[ 2093.220088][ T1944] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 2093.228745][ T1944] head: 00fff00000000003 ffffea0001a62c01 00000000ffffffff 00000000ffffffff
[ 2093.237412][ T1944] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 2093.246072][ T1944] page dumped because: kasan: bad access detected
[ 2093.252487][ T1944] page_owner tracks the page as allocated
[ 2093.258184][ T1944] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 1376, tgid 1367 (syz.2.7354), ts 2053638656706, free_ts 2037463036601
[ 2093.278050][ T1944]  post_alloc_hook+0x234/0x290
[ 2093.282808][ T1944]  get_page_from_freelist+0x2365/0x2440
[ 2093.288336][ T1944]  __alloc_frozen_pages_noprof+0x181/0x370
[ 2093.294126][ T1944]  alloc_pages_mpol+0x232/0x4a0
[ 2093.298959][ T1944]  allocate_slab+0x96/0x350
[ 2093.303465][ T1944]  ___slab_alloc+0xf56/0x1990
[ 2093.308134][ T1944]  __slab_alloc+0x65/0x100
[ 2093.312532][ T1944]  __kvmalloc_node_noprof+0x6ba/0x910
[ 2093.317886][ T1944]  netlink_alloc_large_skb+0x62/0x110
[ 2093.323329][ T1944]  netlink_sendmsg+0x5c6/0xb30
[ 2093.328086][ T1944]  __sock_sendmsg+0x21c/0x270
[ 2093.332749][ T1944]  sock_sendmsg+0x158/0x230
[ 2093.337233][ T1944]  splice_to_socket+0x8f5/0xf00
[ 2093.342070][ T1944]  direct_splice_actor+0x101/0x160
[ 2093.347156][ T1944]  splice_direct_to_actor+0x5a8/0xcc0
[ 2093.352511][ T1944]  do_splice_direct+0x181/0x270
[ 2093.357347][ T1944] page last free pid 5200 tgid 5200 stack trace:
[ 2093.363651][ T1944]  __free_frozen_pages+0xbc4/0xd30
[ 2093.368751][ T1944]  __put_partials+0x146/0x170
[ 2093.373407][ T1944]  put_cpu_partial+0x1f2/0x2e0
[ 2093.378151][ T1944]  __slab_free+0x2b9/0x390
[ 2093.382545][ T1944]  qlist_free_all+0x97/0x140
[ 2093.387119][ T1944]  kasan_quarantine_reduce+0x148/0x160
[ 2093.392559][ T1944]  __kasan_slab_alloc+0x22/0x80
[ 2093.397394][ T1944]  __kmalloc_noprof+0x3c3/0x7f0
[ 2093.402225][ T1944]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2093.407782][ T1944]  tomoyo_path_perm+0x213/0x4b0
[ 2093.412643][ T1944]  security_inode_getattr+0x12f/0x330
[ 2093.417994][ T1944]  __x64_sys_newfstat+0xfc/0x200
[ 2093.422912][ T1944]  do_syscall_64+0xfa/0xfa0
[ 2093.427396][ T1944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2093.433271][ T1944] 
[ 2093.435580][ T1944] Memory state around the buggy address:
[ 2093.441198][ T1944]  ffff8880698b4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2093.449237][ T1944]  ffff8880698b4680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2093.457332][ T1944] >ffff8880698b4700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2093.465370][ T1944]                                            ^
[ 2093.471536][ T1944]  ffff8880698b4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2093.479577][ T1944]  ffff8880698b4800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2093.487622][ T1944] ==================================================================
[ 2093.711668][ T1944] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 2093.718899][ T1944] CPU: 0 UID: 0 PID: 1944 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[ 2093.727831][ T1944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2093.737879][ T1944] Call Trace:
[ 2093.741151][ T1944]  <TASK>
[ 2093.744072][ T1944]  dump_stack_lvl+0x99/0x250
[ 2093.748664][ T1944]  ? __asan_memcpy+0x40/0x70
[ 2093.753253][ T1944]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2093.758485][ T1944]  ? __pfx__printk+0x10/0x10
[ 2093.763075][ T1944]  vpanic+0x237/0x6d0
[ 2093.767059][ T1944]  ? __pfx_vpanic+0x10/0x10
[ 2093.771565][ T1944]  ? preempt_schedule+0xae/0xc0
[ 2093.776412][ T1944]  ? __pfx_preempt_schedule+0x10/0x10
[ 2093.781785][ T1944]  panic+0xb9/0xc0
[ 2093.785508][ T1944]  ? __pfx_panic+0x10/0x10
[ 2093.789925][ T1944]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 2093.795822][ T1944]  ? is_module_address+0x17/0xf0
[ 2093.800762][ T1944]  ? v4l2_fh_open+0xac/0x420
[ 2093.805344][ T1944]  check_panic_on_warn+0x89/0xb0
[ 2093.810290][ T1944]  ? v4l2_fh_open+0xac/0x420
[ 2093.814877][ T1944]  end_report+0x78/0x160
[ 2093.819116][ T1944]  kasan_report+0x129/0x150
[ 2093.823613][ T1944]  ? v4l2_fh_open+0xac/0x420
[ 2093.828209][ T1944]  v4l2_fh_open+0xac/0x420
[ 2093.832620][ T1944]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2093.838603][ T1944]  em28xx_v4l2_open+0x157/0x9a0
[ 2093.843459][ T1944]  v4l2_open+0x1bf/0x3a0
[ 2093.847702][ T1944]  chrdev_open+0x4cc/0x5e0
[ 2093.852115][ T1944]  ? __pfx_chrdev_open+0x10/0x10
[ 2093.857046][ T1944]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 2093.863370][ T1944]  ? __pfx_chrdev_open+0x10/0x10
[ 2093.868306][ T1944]  do_dentry_open+0x953/0x13f0
[ 2093.873071][ T1944]  vfs_open+0x3b/0x340
[ 2093.877133][ T1944]  ? path_openat+0x2ecd/0x3830
[ 2093.881895][ T1944]  path_openat+0x2ee5/0x3830
[ 2093.886496][ T1944]  ? __pfx_path_openat+0x10/0x10
[ 2093.891437][ T1944]  do_filp_open+0x1fa/0x410
[ 2093.895939][ T1944]  ? __lock_acquire+0xab9/0xd20
[ 2093.900786][ T1944]  ? __pfx_do_filp_open+0x10/0x10
[ 2093.905908][ T1944]  ? _raw_spin_unlock+0x28/0x50
[ 2093.910759][ T1944]  ? alloc_fd+0x64c/0x6c0
[ 2093.915106][ T1944]  do_sys_openat2+0x121/0x1c0
[ 2093.919784][ T1944]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2093.924979][ T1944]  ? exc_page_fault+0x82/0x100
[ 2093.929843][ T1944]  ? do_user_addr_fault+0xc85/0x1380
[ 2093.935122][ T1944]  __x64_sys_openat+0x138/0x170
[ 2093.939978][ T1944]  do_syscall_64+0xfa/0xfa0
[ 2093.944485][ T1944]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2093.949682][ T1944]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2093.955745][ T1944]  ? clear_bhb_loop+0x60/0xb0
[ 2093.960420][ T1944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2093.966308][ T1944] RIP: 0033:0x7f65bdaa7407
[ 2093.970716][ T1944] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 2093.990316][ T1944] RSP: 002b:00007ffdb5f1fd00 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 2093.998730][ T1944] RAX: ffffffffffffffda RBX: 00007f65be161880 RCX: 00007f65bdaa7407
[ 2094.006696][ T1944] RDX: 0000000000000000 RSI: 00007ffdb5f20f1b RDI: ffffffffffffff9c
[ 2094.014664][ T1944] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 2094.022628][ T1944] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 2094.030590][ T1944] R13: 00007ffdb5f1ff50 R14: 00007f65be266000 R15: 000055b5b79634d8
[ 2094.038564][ T1944]  </TASK>
[ 2094.041963][ T1944] Kernel Offset: disabled
[ 2094.046274][ T1944] Rebooting in 86400 seconds..