last executing test programs:

7.084037757s ago: executing program 3 (id=1845):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a410100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "ffd7"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000180)='.\x00')
ioctl$KVM_SET_DEBUGREGS(r4, 0x4080aea2, &(0x7f0000000740)={[0x10000, 0xffff1000, 0x3000, 0xeeee2000], 0x4, 0x60})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, &(0x7f0000000000)={0x5, 0x4, 0x2, 0xfe, 0x0, [@mcast1, @private2={0xfc, 0x2, '\x00', 0x1}]}, 0x28)
ioctl$XFS_IOC_PATH_TO_HANDLE(0xffffffffffffffff, 0xc0385869, &(0x7f0000000180)={<r6=>0xffffffffffffffff, &(0x7f0000000200)=':*-\xbd-*](&{!):\x005\xb1d\xd9@|\xa5\x86\x19\x81\x00\x00\x00\x00\x00', 0x151001, &(0x7f00000000c0)={@_ha_fsid={[0x3, 0x1]}, {0x6, 0xb4, 0xa, 0x5}}, 0x2, &(0x7f0000000100)={@_ha_fsid}, &(0x7f0000000140)=0x401})
r7 = socket$netlink(0x10, 0x3, 0x15)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff})
setsockopt$sock_int(r8, 0x1, 0x10, &(0x7f0000000380)=0x3, 0x4)
sendmmsg(r8, &(0x7f0000001c00), 0x400000000000159, 0x40840)
write(r7, &(0x7f00000000c0)="29000000140005b7ff000051915f95eb01010003a606a40e07fff024bb000000000000000040000000", 0x29)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r6, 0x84, 0x20, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x0)
socket(0x1d, 0x2, 0x6)
sendmsg$kcm(r9, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
r10 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_S_FMT(r10, 0xc0d05605, &(0x7f0000000040)={0x4, @meta={0x4531434d, 0x238b11ec, 0xc829, 0xd7db, 0x5a392572}})
r11 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000ec0), 0x22000, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r11, 0x80044dfe, &(0x7f0000000f00))
syz_open_dev$video4linux(&(0x7f0000000200), 0x2, 0x0)

6.655368106s ago: executing program 3 (id=1846):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x14)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_dev$video(&(0x7f0000000000), 0x8, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
recvmmsg(r1, &(0x7f00000061c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x40010102, 0x0)
bind$can_raw(r1, &(0x7f00000001c0)={0x1d, r2}, 0x10)
memfd_create(&(0x7f0000000000)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcdX\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9=\t\xbb\x0e\xbb\xb5\x02\x95u\x94r\xfd\x00\xb9\xf8z\xa0\xe6\xcc\x85QO\x1dD\xd5\xe2\xa56j\\', 0x1)
syz_io_uring_setup(0x19e3, &(0x7f0000000140)={0x0, 0x8050, 0x0, 0x2, 0x201f9, 0x0, r0}, 0x0, 0x0, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r3, 0xfffffffffffffffb, 0x1, 0xfffffffffffffffd})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r5 = dup(r4)
io_setup(0xd, &(0x7f0000000100)=<r6=>0x0)
file_setattr(r0, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)={0x1000, 0x7fffffff, 0x4, 0x5, 0x5}, 0x18, 0x400)
io_submit(r6, 0x1, &(0x7f0000000340)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x8, r4, 0x0, 0x0, 0xc1b8, 0x0, 0x0, r4}])
write$6lowpan_enable(r5, 0x0, 0x0)
io_getevents(r6, 0x0, 0x0, 0x0, 0x0)
writev(r0, &(0x7f0000001600)=[{&(0x7f00000000c0)="e4863074caa96221b57c1750c375cd91f0fb1d0ae3bdc8950485ca7ebc", 0x1d}, {&(0x7f00000001c0)="2f95f2e99b2d91a4f97a96801d08c6827301ad8fa887969718d216bb027f9438f75e36016b166bed2e9d45bf54fd8351910fc8cf74cd4e19cd550b6e39085272209ef9a10cf8603d3cf73f1a4614fd0c2316d2b5c57f763ebd24636f40a0176efa4904afe2daf5cfd170a8157ebb3f80e047edcf27bcda2a22448c680d032371bf6b81b74f65f697a3f60c16dd18dc00c64a828d9a37f7e61cf3a4244cef11f0e636d5f0b3a3c9f168a90e90ce3feaf83c4e6870d92b", 0xb6}, {&(0x7f0000000280)="5c6543593f76eada911c39e80f13c4ba946c3cbb047c5e5cddc9fe338aae109501104fe77e9dd8c104529abbd6ac8b859cef33c9cc1b27b88b788fdb7d8889a20f44bc8438c0805d2cca6fe0b0b04d846d68078967cab0abb1a65b5a05fdef6f5f36e6e5b50b68e4f442daf51e950fbd51ade0cd254ad5c120eebbab22a758003e60f32ebfa3316f1350fd9d6ed48574f6cb14e730e4e6e6cf72", 0x9a}, {&(0x7f0000001700)="b54d9a54d7cf6bb1492a5f122ee56a34f37c13721483dbc0010a62ccfdbf29f7078341079aaf4a491db44383f0238dd990c2abd07aa787d32d6e079f195ab5c8d9419876119563d72bc298fb82b3f917c6ada589c020c464cbc5657a17ac54742c6678b85fc0d9b6cffff71926396c9072929cde9c549c927b0cd18e1481264ae9481aa07d3c3e43af836e7c20fbd1ad7d35fd4abbfc652dd5e748638a7f4e09b04e7870e573a8892a9d538d5e77ada295d3114f74f4acc2869258d1fd6b6a186f651eebbaa31a4ba93822ef1434d6e406ac47", 0xd3}, {&(0x7f0000001680)="188e5ece335ee642c078a636d52fc9aafeec432f5bf294b9650e435cd5178f2369fb51942d8c1d34ba6504d90a3e75aceee61e3e3b7c172359954cf0bb88a987e7137cd9b90dd7e478afc830d4f5d73234bd2b0da2d66c01cb0c4e2a", 0x5c}, {&(0x7f00000004c0)="352186c6efaccd9bafc30c5365f1dbf25d17b63fb3afda454d0d0141255216051538d89058aa60e44fd96bb147336f5683d109f900c1dbd2c60e6a2afa864943fed720cedd7c1837af47e4e94df647bb95d72946aa57c0043b77524664e61ce18c3e26b75a551b4476cef009ba32c9939a28a26f07eb771dbb1d1d533d2217fa19f78701b4b3938267ebbbfe37a3134a2f307692cd3322ad6123740be67a7edc2af98b2776a797a90616eced47bf85f59bae57a3b9d7b6661fd385f8a2196c042cd3c56293771a13fcbad3827036ed97e66b19d4135b2a7caec1f8fcfee56ab388477346fe", 0xe5}, {&(0x7f0000000100)="f68196", 0x3}, {&(0x7f0000000600)="351413d4d3e70ffe16b9aae39a19b16de797f40211885dfc0afb3d4c46ba185654798c7dede574817af5af50ff0ac2140af1d4c5616754e3cb26e493c02c1d7fab94f80864a06910a7fb0af38b436208501c7c27ec6af6e68cd5c0c2e534920c2953f18dcd850572d0182799cc7b33380876278709666651d0ce7d852e0cdb90adfc2cbf5e790250bb1b3281dedd7150a403d2f9773924e8c2336bb73c833634caa8b24f7e73d25647da6a8292798112f46bc716a6e60ecdcb2f60af2e7ef038f6313064c6f6ca76c866b9571b178236e7bef53dbaf3e5695408e6ac9daf825d0447abc9ba7c9db8380b1ca2b7678a194b2f12ccc1a835df0e80d5e2bcd480be63671754d0d273011661499aad5a81d9570bf919811b3be1562e4808b2cd7798b0a8109b39e6b727a609e8807ba1adad10b988d0dac2fd03a4e3f101e52c97e048c556d89e6ba6c96c75aecba73c06d68d837870b82cd03e067f2d3fb0b65004debd1d47333b9524fd8e46b9bb4dcd607500e8d7c3ee0ccc617ce6c2488f88879ef9521ae5211da50580a8c3d23b0d1cb5ff1232d5975192a9657b16d0b8482398d773287d49421ee9840e3d7d4bee602f50f1f64d5693a034c3f2a232d95d6a60ebb283ab7d0f547723ef64eaa6d1369cdc4e11f0051c82d11d82fdcde9088cf11a8889d7e39554713f7f0468bbcdd69b265ea6e3b1049e6dec9e9f09a2228850ee435dfbf11ec8ad42a28344e0498ca5dee5f47ec95d9b78bef8f3a0c4466f211691eeb53073de9b2de5af288552703aca1414c70cac1aba1e23fc7d36752f1d47a61fb646dcd117000e6eafa62493de2e300a60e6dfecc85ce9e55e6b5e3beba0574c58c72ae6f8b062c8586224389cd3c02ed09137a0203adb8c74d4a421da017dd5bd386f86c111cde5cd0ba4927872bfb3813905e8cce91468f0efbbb8b0ae0876d23ea8f98eb459075a32c0984014ff5f93732fcff3aa46f372105818b320debf7b53c863b95b5dbf1d661166e18772bbe912cfe022f4a81e70c5367e32c89cad8bf256d89d039e60db3f3aad8fc314ffc3fccc5888dcf6bc889ef0977e4d76dd19b5084b78d86f30188ab417f31805e94409bfeaf70df1d10134183fbed543abea494025013115130b22fb2e2e16544ce19b9ac7e682d9835eabe357b7e693cf9064c5e425d6c0da63074fc15f301367c7eb26ea52ede3ca43306588faf68200dcd4e7f54e11f7973fe045b546e4bad96893a9801540b91496cffbd5e0ac6ff91588b8dea908bb572e2181b4da62d15798ba3b146ab312b21164ebed57cf4a5e1f2703715d7ab5bba4f6c6483c291fc0a2a27cae78bcf309beab379f565e5c329a28972d5d396301413f71cd189cf8a2ad871f2ae09f1ea64fa5edb05f33a158dc06b7d460cbb87a5a7ee1ec7e45fa7145dd85ff3d191a6f182362d38402ec9148061ab6dc961a740876ff1fe87043c333ad553c0f6b7aa10a76f51402a59bb067545e360de772db77d36bb51c0de733b107cb1143832fe2fd13aeec48b6a02c2f77f00b076686423e2c817e7d168d7781950332d1c375ca7d858fa0b0a28e0e59e6b3d32cf57027aa8dbc0a67e0ea00ca3a6f60b34604975b864f66ccd7d26f09dc7144adfbefe19ae93f369ff5c03605c1a272fccd04398da3519efb8182879d758c53147821c15936f8ca1b88d9ab44fe14cbce476014270231b1e893767888cd89755eda854b6ce2e3d373168d2cc3d1c8b76839c6d7d5e5604bcf9571b5da1c0ee13bae84ebb1f33866221ee72391e2ee84be7433a8691537929a87bcccb0edd614b3962074a2d9bca3e883617f0578d50d60238a8d84608eb240c730be17fc100f986d2a98081cdcd69c756085c23634812bb505e3a1ae519e7db9ba722607df6815e2e40a2137c03eb05cb66328fccf78e8fe220fe12ec300cbf3f3a72c89e07b0a40f48e55319c82b9b58cd21818d0abe11ec7715cc3cc7be0aa8cd54a0a607191c95a0fba57b47d7d2023b40ba4a458c6877e4e8c7d40f71c33c4519bcba6c749bda76840dd65b0cf0ee84a73c35fdf40f84364f2bebef3c09d88b67f2cf462ddc5dfa0f46cb87796a26dde0c314d9fb518ef1b1b68b8c47fe210a2b47cb072c02490f4f957993baea0ed0a70163079944d6096509ce090356d7c064a95534cfe742fd89e305d73bbba475e6f2d9c4ed1a7a0de1fd979120144b6fca89da63347c325cbcdf52ea74e3869dd463726f1aeb713793df6cc3c093ecd3d8b7a0b954ce32f5f61829bd0e3782a0050ac071d812f51fd2e840a45409ceefe6942b2ac0f03722b86e04dac710fb7265482c6f0e684e2fe054b469f285566f427774fde9254f93e44c778e988c7dd3ddd151ca4f4c1ab57236943fc341d4c532bfbafabbe4dcabc7a0efbbe0daaaa45e69efd788bbf8824edcf7e15535d1d423026978cd4b01fedf1afc926d3aa9e52f0ef8ca8a9e25c3b2643d2844f681277bb7e75fb9aa4f989055b9e58ba4019156457eeac3fc55d1e974af695bc31288a7ffd6a45f1b60fbacd4966fb180e18c1055f6122945f8856dbcfe245073232cf2cf8a2fb2956f30dc102acec298e717ace71550f6c0d9bfab02d41fd3cc0ed44f95518629f33a2c46c765cee5bf0615f207affc909808b9974991536579f45dbed27c0bbb4a2a3f3d6ea27f2c9a21cf3773f5012cf9990f68c15938d73a1cece2365915e5d111cea1be121e31589da282b5bf87a9398379aed9665f6a3423a0445bc7e3286d9cccd8fe4a7f459ea817450fb7498a9e15cabeb3e0fc7b20151d7cfc71a08b87f4dde568a5238cae02f365a01d279aa9c217cb1be2aa9d06080e85d51601e7103f21792dac14fa4731d1e1b5fd63b8318f286074552bb8b7e92b4e10b1f376ae62d9efbfcfac5a3a57b9b4edfdcaa3e351a02798b3c2799a0c598edf9c13ee774ff7cc3934778e874113e007997571319720e757ac72cce393026f67ee31534fc0194524968f09d29cb5e5b2aceadaf00caf3614d06925cd8f7acf573c7fd3e39592acad10cd1f09efeb4088a7592625480c3cc4ffc2837809fc4901d7297d6f4645decbabce1c6dd7f140549563f15718a5ae1e71e2b21e2c666a336f1455dc2f7991d8866496ece438bb04cda0061d7d6fa519a29e79047e9ebb702a7839b1c0de28b38ea81d66927a65995b7018c9a7e52299d297a8d30d457ada9df65cda4db664329a8b271ae9d5dfe7af555df1c5a1580d6d7f66df1c74819cb0b95884dd46d940303606536c47853de83aaf6f20b1b6e7a124d22c1e7acc2e66bb15a5d230cb142b210d238f3b68779a16b2144af25c0951797e0fbebccbc767532fc0da3786a13d2816de74f957de42b22da911a99df48df2521c5b44b5cc570c063bfba973cc8481ea17499fc0b56965c5dc69034faac171303226e2aadab859fe9556142c6793c25b6a9fa6d36e52cdea572ef148b2db7f9a2b42279691eabf673b835f7d13ed6791c8242e7e1a200fbc6e95c6c3232bebde8b4a931b270088ea205cbace4798cf28aad3b602a0715761c2c1299f81ec65e23a5384b0beaf41512a98599344b803e036859ffb3a62473fd053ec8fca8204bf5acb2e31a7cac7b2eaceae9fa27ca31e0ee6617438e63b577e4f8c0aba4cab661b70d943f6ee63b2a44d162a5c0b2dc2d52f842ae9460164e7cdad4cbdbec827052205107e797136e135b420082e4bc0afe19072c93b1f84aef93aabdbcce5e00ff9c30a09d1c950908301696d90d82ca9d61032a3870aef57ec1332279efe2bf660c86f5cd947ed05c4353c74124008814616fa4450299b85c64d7bc8da50a5fe7cff0ec19fb61dba707415ef41d54226e127ea338cc5bf63dab9744d7d03251132f375aa8a03e351f14263e3f03ae5ce769b2bb28036be323c997fce1a1c4732971cb7e9d9fec6a808afe53b4008d3ca2b93e94622a09869c0466815376a121cacffd35a4eb8236f59e5c5163f18f1938386230f47c0e5304a73b83230f5b79cad91d1aea11fed184c784f89525a120895d6729f76f73d6a997faffcf3b400d02a9a5eb8ef92eba29e31dfe738e5e310eaf1fcbfd3c772fc929dc18d87852add24633d237283a451f5c27adc11d3494c477f00e2348138815239e91a8273044b14923e996eaca0c188b7376d489c11ab31c94ff9738b6c27f8204e9dfd905fc73e01de51977ffa65cd4ceea8e0f13f2ae7c4dd5173cd5f3f540e6893d193f1ad7b96e4414f82f1ab1d4e85f8cf671a7ea0f3b8df104fd05c5530ed2565207d1cb12175d41c8ecc145658f113807586d6d97a7b0ab7b445e5995162c0aada3415e1b235d3f589dc2bc93d5a557cc922463b1b09f359fb16c9261d18f0f21da43c269ead338831e141eb18bb410169908b42a04242f602e2be41dbfa3bff3484658d468521d0d821d5b42cc46800e3ea866015c4b1001f733f9f1e0c61ebf840be3f1c99b78786b241ab32303e30a584013e98ac135ed9f1f3edf07cb78787eeba258b75ff55f72575a77c95f438455823cf3f7b849ac3847e6ec564f6257fa133b04247b97aaa7c91ec18386ce9be403167a0cb19711c1ef3906928bb9ec0f128fde1deaf2ad45de230cd6c097c0e3dc7cdae3a7b4c2edaedce4f7614e6eb6d8b4710509226fd45a48191b50f656db1b333ab65c60da8048251c211db743663f3d5e83c1ac0c56eb659af40a4a5fd01154ddbf5b299b4eda6d54d7ad75891ea6549b0c584074d4d180b99f1093be7ec2ac752413d6a36641ddb5ae6d56d589c27a7fa9a1c41bcbafb5e27174a34c30eb009768cb7c27941f22c2c31fbc222f0977643700379237ecd2554243b8add8bc434621be1887cc70cb553647123e83231a300374d334be24e6c3d89df1199807490a82afce69361cee5577989a8492572be2df85b27766612a03eacaddc18808c25ad021b80fda70f3fbda5bfe2048b649494d44d9d157e14c61b453a8ee81d48980ed413205365a02c19d7ee7c70595269fc479927ece0539505bcceb0f8969f548709d42d83254dc4d02fa29fb534ffc5120d0d45f80dd1cf307b02cca3615bc8a349bfd81ff4c2c4c243224897aa8cac221d35459b600ae56b364a4e73108b68f28fd5d3e799a248e8bf5639a9049d4c4d266dbc364aca66dc7e774ae43f75a2230541c087a2444cb0f7c22478e8e0624f4a8231ae951b3f8681beb4e4693bb28046da0e9fec94da3e5526592f19b262e1a5a41369cea21570a475eab46384d1e5533d5015fa242a6669891395ff0dcb25ca0bd5186915eba9bf7a7d92df859882def87a9ab60530aca098a61cc6cfa8cf6499a2333f42317febd6657605ca0d30b823179f096c0542c2ccb26da242d41dfe3a1a55d90d2cb20e1033d4941881d580e26cbc6b5f2909fbe23e523c46e19c40848e9a251155fd3d0960dfe69ca0902b8e2964fbae4ae7fc19c3cdcc6f4d974264842602258020cbbf30866f682ae6ad595410792e5a6b701d35abfe579bc984b6c3298c1b440df824c3eb6c3848a2032405c0b8ac8c88a7e2adbee8055dee3dc6173f4dfbf39d659dbf258e26bc67f1e4372f457a58aa5dda50af49a2fc78044e175ba7e83edb37811e3559e104b42f0fda8787aa0d0c4611de76ec1b8f7bf1a4fa1b01585b31b0ae4c1255f88447dd9c75170a85422da571ad7e2a45d91896582be957db5964e82b7631e10b21c4a0ed06693ff4a5a5e10fbe97a7a8ca348dfb7f09ed75a98f11e46642e232fb0f1ae4cd7c14ce54964bb659595", 0x1000}], 0x8)

5.58928614s ago: executing program 3 (id=1849):
socket$xdp(0x2c, 0x3, 0x0)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x900, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
accept4(r1, &(0x7f0000000080)=@pppol2tpv3, &(0x7f0000000100)=0x80, 0x80000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="baf80c66b88c4b3d862e66dc8395dcb2fc0c66b887bb000066ef0f01d80f20c06635000000800f22c00f685b92d8dd660f3881000f01c2ba2100b80008ef1b6c020f30", 0x43}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8, @ANYRES64=r3], 0x0)

4.939349191s ago: executing program 0 (id=1854):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
epoll_create1(0x80000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000700)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x47, 0x5, 0x8, 0x5, 0x0, 0x9, 0x0, 0x57c73f3a, 0xfa11, 0xffffffff}, 0x0)
recvmmsg(r1, &(0x7f0000000a40), 0x3d, 0x22, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b1600000000000000000200000a4000048018000180080001006f7366000c000280080001400000000424000180090001006d617371000000001400028008663f400000001708000140000000100900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x94}, 0x1, 0x0, 0x0, 0x850}, 0x0)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r5, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x4}, 0x20)
r6 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000280)=ANY=[@ANYRES16=0x0, @ANYBLOB], 0x20}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="e03f030041000405d25a806c8cfc600000000a00020005358fc13715070000000000000027000c00ea781329fc4136ea304b25d3d8220b1b65832785d920c52b4bd0d0a452d36bd2ba0397ff578d000000000000000000", 0x57}], 0x1}, 0x0)
connect$l2tp6(r5, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
r7 = epoll_create1(0x0)
r8 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r8, 0xc018aa3f, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000000)={0x30000000})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYRES32=r0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0xc1}, 0x4000044)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000001340)=@raw={'raw\x00', 0x8, 0x3, 0x318, 0xf8, 0xffffffff, 0xffffffff, 0xf8, 0xffffffff, 0x248, 0xffffffff, 0xffffffff, 0x248, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x1, 0x8, 0x3}}}, {{@uncond, 0x0, 0x108, 0x150, 0x0, {}, [@common=@srh={{0x30}, {0xd1, 0x8, 0x8, 0x8, 0xf, 0x4c, 0x400}}, @common=@inet=@l2tp={{0x30}, {0x4, 0x0, 0x3, 0x1, 0x4}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00', {0x200}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x378)
pipe(0x0)

4.000380515s ago: executing program 2 (id=1855):
socket$packet(0x11, 0x2, 0x300)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xfffffffffffffee6}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24040045)
r0 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xce})
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}], 0x1)
io_uring_enter(r0, 0x2219, 0xcf74, 0x16, 0x0, 0x0)

3.755345877s ago: executing program 1 (id=1857):
r0 = syz_open_dev$dri(&(0x7f0000000a40), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000a80)="61f245cafab21e55697298a0ae35e18d14dd4b6592fa14c0489b858840d12654fb8ddbd1563e581b6a29f56e6127a48c40b95af04e135572e6084e5706e88f02b4440c32e93c31603beb0bc2616de2e7f2a3936b7862df4bc4178710a61eb2e0e7b4ac16cde4477d10653b0d6afde80c950848626b7296ec902f7dc875cbb34a73638a2a48eec75667340826ad84022664c0039de213dc5054b5ecc2ea3c385fe8cdeb814e4eb6262fb39fb637c13a6c1b401f1eafc7a09d49980e60e5caca3520ffeeaf9b20a67d680c7ade66ff7398725ab5bfeed67b48888284c03f6c5331b33f5bd12b10f2c9f8a82549939fbf23caba0dfe1cd962f5e97d9a7dbfed7b25dfcd025cafb3c3b34bde13e2cf3684db786b56929bd381fa5e178b268005224cf7d79103524ec32d22509292501062fd2a907f9eb1a564bcb58da00933f9fb49af10ce55617b9edfad6ca5f9060623e0d6fb73aa68c9b5190dc671968ecbf752962f6e3f0ef6b3ff918603cd511ec00dc67ba004c6469380f5c5390226ccd5ebb934a63c103e4fb6b69c42a6e8e8aa434fd0c787de018fc1e25189ba81be91c80d5e3c9d021baa3cb3abaf755b79e41a8604392c68a018e1750ab6d54608969f3c9273b1a08c3b8d7d9b6f03f4bd3a6c64790617d72a891556cba509f21f992c59db9f78853421fb9ec4ddb2fe782f5da26c038626f26d1e4fda289cea520d44630b041e18ea2ecf56852c25f1ddf3bbaed2c17ba898575431134ee7c27fbf8548dfd63364b8beae267085bfa964786745134ae2b64c4a263f885c198952e795c17e04f0d9e4360de13ae3f2481e6d234bb5c54e03d5e0cb27e5b610ea2c0d85d21bc66e5c861f1e8ba66620cb6f590b2fe294013923b7fc9b170f449e7873bb9aa14cf7421e61feaaeb349a2acb5816a51325f45065b035be05f4498e77eb5e875c03b0c41061caadee14eb2764a5846ba0cab400e1676f533abc56930e5acccf331b0611af1e2947b11820d32e142ca885f4df233678ccbcfa63e5cfa708adcfefa34f059f81f14a5ef2538ef446feec5c78828c618576b18b86c7ee37d8182a8dee51d5dd199cd2ee915f5e25be2885822ab3e5b988786764e611f0bb1214bb9d825c9c4e15c061acf2b4e7361831e0fe9fc409e0004631ab31c42bfd962ba7a0e475f3a91643ce65d2efb94976b14fcf7d21c93bd9208b7bb7a3dfc4444cf14d127401c6892ba93ac786476e0885f028ae6141de817d3517cce625eebb50e2c1e5e64ffc50da4d2eaa605501769e4c1a40fd9da7da178b4bf468942514082773698770ef455ea263fefa4fb258c15afb076c7979296f901e84a2b71eb63cb3d9dfd9abb3e1f8f657070d75541c20476f37e14ca43014ef80b33eeca91ace604ec2051d73ec2f69ffa14bcd79ea577e9676825094606343d31874111fbc535d28fa7a9e379d38226001e241d3515e1d63ba56f1eebe8ea788c4d768f4c4fbbaf834ca3f21460613d768dacf2a27778dc2b4598726646b8c06b6e4d38162720c807724f92bdc9f0b0f5d303d5a5a3998aa270a6760c7651df601bc42c78dd9bd53ee960cf80a30a6b7a1a880d37ff31fb2c9bb0c591bba3ef8228a0506f45065c65b131aff8da8eebbd6754b9e5601632da39c329a229062a94833b23c97371d510a19e2d3b5bc516e3d3c8601495fbeecc16c5c50ba6c435974e8275d372add206964f29997b515f63f50121029e61f47db19fc63b07d0f059ca686e80fb6c294667affaea2daff241bdd0945bfbfe28643136bcea9aa345d482fc3b9d872b482463b92b25f0e5157be3fd8b7a328f327ddfa5c05a6f172deb795f19b9f2091386acb060f170540bfa898057c206d81afd85701b8ee030076bc3782d7d8f6673111baf80818aeca7e5944d91a7f4fce840303867ea18d2b92d74c67157284c787fcfde780fc9a53ae5560e101ef125ce707d34f957072958dc9916492e73a90a10f660a221a7c6730ac0ac01e37d54f058b64f41a46be5320800172e2c9fda248a2964548ddf1f53599027c29ede6079a72d454bcf4403808111d00cb4e3aadd060c333e57c64a70bdfbb572fe228538c82ab427416cdcce1dd643ece610ca7042e2a164d3dfdabb966f1a8fc875cd002920321dac62e25f38cb0031e4de6324b0db402b12c4b0e335898e21b7b326ebbeec0b4bc21ef2dd6f9755e8ff35602d30189ae3efe9c487aec2ce90dbbe790c919b77036240786f3fe9441204b81bc43b5f5cbede75702a1c28ab16d2f578dddb3624f596b5b82e2f26b63966ddc78c8ffa13a23b6c4ee2c741820b9738fe881ddeeeba60fa4221885be55a6fdaa0b90b246f5959b844afd6898bc8c0a75fc45fb968d6e8ea6831d15808b23904355c62a8590d1ba51cdb051bd5ccc1b62a8ca520af60daefae7f7f1dcc90a02ab3af5307fcd5fed9af7d9b192f080be6ded768c6d1d4ea0ba5cc996e5c24b8048eeaea09cabcf1c0488a357280395cfc5394ba160c439dda0a7f4ed182d3f33a4addb1c74d7d797179c633013b24c7e0cd2f4b86904bd1d70a4821c7ff619455953d820e1594c7136e66c260c868776129eddedfdec5ebb0da2e5207215f9c47d7bf74319661311232ca1d108da00df2d07ff5720c474981cb54bd185448ae0e3d9d3194614ae67bdb24122cb2207be610456c35ba6e11429a3a6c266b4bfd905c7534de4fe03ac5063cbb08b3a75137e59e3e8b3fee3989bfb0735ea6f948371a60efff49ea51d5825dd61ef9a0b735fc859c9b003325fe6e3a5fdb8d2cf51e2e9a4c73a8af3a702a83d57d3ddb81d5e9342c97f143ed28228c16a1625d8ba4f0ffddc968f37cb07ea09d35703f920cf4e7a1394b7f18e6f2508a4c90acc92710ddce1e7a9a22ad2d540f669411b263b3e20b07131cc17cf20ae8030de00862bdc33b7eb4f8122c47c833e73aed84199e5d584625570193e18c3d165dae7941d17cc07034a2a5c67c708d6c96f9c5595800dfb65f42c413716b952d42727e7117915b359d1f1c0a64f0ee4b4a0bfbc4e9fc794cd02369e9594acb7805a155ec03505df719aa47e5da38fd3ab736fa76acee10abd1b220b32436260f2ab86f7d0c20fd9b3a1e63b9b3dbd91e7579fec104f5a714f4d0a00a03a1848c58508e8ec27c7fa04d3baf64e1258bd1d72465f3a64c793b3e09a97ca1a2efbac7adb6228ef4588be15afc21c80905a26a22f4db7940b9369051dde4e24008a5f7b943d769578ffa46572435c2076c60096252f3b3b5fe6d8f4579d11c9c71cbf7444c661306fa07dd01e670fa8d24071b09d6e74a268a0d43aef3b7f8e126900bf2e21304785712f327275a2e16febd4faaaacce68b92dcc3c27ca035bb4210408a34103719c82d33c8b43dd9a46cc0420a533b906317fb817ef6164286b8ddacee6191027bfa9ed19746c8401bab93d08d028fd9e2203cccf56b22042c402e8a438ed226112fa71d02c4537d4156a3af28ab4ffcf19309d283902f1e70f42d6713782c5e468a086fdb5c8b3e15de36acc4469ec42ea23a1e5e8e399f4d4be71dd4b4c268db2ab91b68ceafb95cbba36228e59bc0cd7f987a2ad4bbd23b67acabb26a0f4c694ff320f2275042c85ef256aeef306cf5e2803d6c55827011e2f98d0e80819e0039a71cc9c59464f209afa7891a359a3f9efb4bba2a18fd013e8664a6bec7e717ffe2f0c06f7268862696cfae0fe6fab5b1a2921c0e29aaa8638f6a18d1cbaaa4aa0d76f66fa9f44511e631f2fde8024210eb39f545a648c1b77ab04a7d110edbd1dce3939b4dee867df3cb3107fffe5ab22fe5e32b38447d32094259cee40c9a5254df72cbd7a29188d7285facd6e2f5c78ee9d11645cf026e99162da9c2d148373018fe8e052ffccc4e3952e86228d7835a3bc9b4a5c6099dd3e802b059ef2225cbe4664458729c78032e184b61a089870c6b3c2bf2e5df6bd65bc195e1ccbe58b9a6dde49897ab59dd269a737f04e37e34d3d10c3b01c744a742d52da1bceca63fcbecc136a80bf3ca1df2f226de073b67a0b646674744acd14d5dab9929f2cb804637ebf211f2b3a8b959723808904e9044deb551b2613c1e501385693e7abff809b641c02107187cf1bd1c9571a9023942f0c78c467611193a7e6900eefc49fded206630336cd8d2849731b73798d9258be75b843f051679e6bd541c78457db5470d3d494f333a81b3ed26b57f9f7726275c12f192f4b1d9615c7fe3e0bb22fb47ae1effea3bd2a0a379593a25f933c8af1f14d08bd8ca692c9af3eaee136664e1829204c171ad6e50fa928a3c1f5ee2c14f984884c2cb0256acfa6172d030940f3f9f99443c730b0f070192d36fb83b3d470cf3098bd8b0f09eb6d1b58efbde00305c3a50e00df17b9963f1c06f26b48e4a166073f3f3119ed2b56af1f8c056c07f65ffc3f2e81efa22f97c66998b35bb2af3ce2d89af5f5b1368ce9148937f826c3ef81a116382bd3f53e26f210aed545f38c1e21400957b824eaa95bb401ef308852c7e5015b89244a403308de785a81739634161e33d79435f18cf378bd9f5eb59b40a55abe627f6944ec239f80fc15526e7f1b2c2949a85b8c15a299cee1c86f61746a4eae3dc5f347225f1965cf09d4457b1a1b692fb108a681607d6276c4a6cf35709dc95aa249ae245a0435c481cbae672037aefc82fee9f249e643e658d173aea1d99e361f383dd674a5f2a6525755eaba2d59928a8d9e2eb1aafd129cb4c2cefd5da0213d900efa938e937a7c4e62243eeb3f5f43be35323f63b0b1ac2a298fcfbf71129da3465e488f52b82ec725bdf2fd943e09004c62abf5332139fb38b797756c5e9de926da21f8d77408ea740cf5ec8a657eae110df0550c6ca2585e0cdd5de1e986da91ca1d112f0d5397fdc612b2163164dedddf60c1e3dcd94195b65f50a9c86fb7b67b91dc7c0b8ab3d1c254663fc09ad5fd2c97221f1c6032557ff0a2fc441b71b3a6a6c52efded4133c8d57ce15523550237e7fef838d66cd77c48a743b2a2cc7c1f0ef3d520eb7ce9c086d73c352fe311337b3558a6985660a19ac852edceed56e3e9bb49b8a788eaa3f9be70b3fd1e764888a35a6c874256f9a8e53790281e30fdc1ed35ef03e9bd805ba3ef6ad07c3eef31fadcaba39c9b793e15d04f096c62f6282e8fc4aa31b275bc7fe5dce144ba736151d046b1285b698422ae84ae222e835e2ea80791082cd1742385764a0b047fcadfd8da7acc8f820dd50444fbbecb18ff5c9df10e08609d4b0f76ce14dc8ab056227e3604b3933df593a1b961fba44678131c958b15246e5054465bfffba1cb05c8d4a3ce7a3473d88c9213b5d8fcef3c46f8650fec5077bffaf9b469051b0e5aa7b55f863f0919ca310505a063890b1560597aac6ca1ed9a7c7ed8e894597098cc9333d687bd8e1b4539bb9f74d034d2fc316ef806d67bcec412fb485a03f87cb89d122809fc55f1a7fb35a74440d661ee736340cdbe70141214e899cf9f907a2463f995d21e2d1d25fe92b47ea198f467bf5e775104bbb0ed11534ef25eabdd6b14e8961ee0534f5ab504151f1b2f1853f7229e07131696deb538114d51df2d5c4145bb53d7292e1544c3075806980d5d595528dcf1ce6d4d35470331f00a7bb00e4a1b38982f5dbd2114715a3bd23fa9dbadfe2970853a89d1abb9ae5d4f3bab355691c3ccbbe4bcb2e44425d6c2c3dc3ddd8d43872a6063f111c1c7e6ed4449b39bbd6df92ed4a0e4808ffad0391f89b509f683061bcbe06369e47d43e9", 0x1000, <r1=>0x0})
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r0, 0xc01064ac, &(0x7f0000000000)={r1, 0x1000, &(0x7f0000002a80)=""/4096})
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f0000000240)={@remote, 0x6, 0x2, 0x3, 0x0, 0x0, 0x2}, 0x20)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
read$FUSE(r5, &(0x7f00000022c0)={0x2020}, 0x2020)
write$FUSE_NOTIFY_RESEND(r5, &(0x7f00000076c0)={0x14}, 0x14)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x71, 0x40000009, r6, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000000800034000000120140000001000010000000000808fb4b9cf372db5"], 0xd0}, 0x1, 0x0, 0x0, 0x200000c0}, 0x20050800)
iopl(0xc0)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$inet_int(r7, 0x0, 0x16, 0x0, &(0x7f00000000c0))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
ioctl$PPPIOCSACTIVE(r9, 0x40107446, &(0x7f0000000280)={0x4, &(0x7f0000000240)=[{0x9, 0xe, 0x1, 0xdaf0}, {0x6a87, 0x8, 0x1, 0x4}, {0x4, 0xf8, 0x1, 0x4}, {0x3, 0xa, 0x7, 0xffffff13}]})
r10 = socket(0xa, 0x3, 0xff)
sendmsg$inet6(r10, &(0x7f0000000000)={&(0x7f0000000140)={0xa, 0xa, 0x4, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1a0000000000000029000000040800002f00000000000000180000000000000300000000000000000800080000000000"], 0x30}, 0x922bac8556bdad8e)
writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x4, 0xc00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100), &(0x7f0000000380), &(0x7f0000000180))

3.570251005s ago: executing program 3 (id=1858):
r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
writev(r0, &(0x7f00000013c0)=[{&(0x7f0000000200)="326e4824a8e71302f1bd264ca38155287bcd6fa5198ec86bbad763f7b44f3fb9739d5f19aa538b69a319a227890c4805ffaebf86e8c821f8634159fba8fc795c44c2c457728d3dcb53e6a130451f4458f4e5c0a886fee3c7a2c1ea2d879c9d2d896634d5a1aa6998c9faa8be3d48b1b9450482ecad7e8eedba9f2eac105a1bbef66bb6a05568476b648635714cb58b5590bb6d9ee006590606ea1cede4d81f6f43c3c7acfef0cd5a6b468867e77758bfaacec741f6eafa7415c59e1628519f6a1398a9089bfd2657a88696e0f314472266dcfbb7809673ff9ac51f1b2b5d496355b104f6a9537516a6b822bf87e1f902eb9c0a9a3548ad1a4ea9a3e91b0b29626b1a4343d82fc351f9049073f2d2051348af2b89bfd4560380576bb7b6d4ef1042af56c9cad2919e60d39c3fe739fbeaf5de201cafbf967879331efd56d76c5f40a102f5637c0ab2e985744eca6bb75d8ee28ad2e836fe130683b4ba48693341a48aa1b60b4ca33656c8cd987bf8becb8228c639ee3895caac085d73ca6cd81716ea665776dd1800f3180b214895cf58f066a17cf43bed034649a30751416fe59f7bcc82d9d707600e3cb1d6d39229a26570d8d76219cb47276884d2c32dd589c4a235d0009935f92d859a815b58175c22eba3bc9eae557ae279e526d30c0ea740a0f34b4187bb1a553654d8461612148bb08f15ac28dddb90c0fc0d4082df85f5d29c56709056cfbb32a030fa7f0c0531bfc793352194998e5f740b16c44fe1fd1131e76477d97226fe02b1ccf2e55c457bc44a5de5feb5bbd091ba4d614d059e632e5d2f209f3bee605eb6845b5b098946c81df37a5fe8361ea0eabff1f4eacbd70732b9fb38f0d02cd0583b9e91ae0e142fba44d3b85d0eb9bf82e8bbb13268e241718c7aa139e44e2fe7801371d7c6d6704e1f97d57c424c13b41dc2f1141ab5bd130a320741e9e879e927959963cb5f245280bc9fa921f86a397271c0b20999457a81ccb19541d026c21b75e61b8d468fe34f8e87ef995c31aadb76170dc8d98cf924e61aba0018eb31dc5f619f63ad3fd4519b8ec104712339b1668555d8535d8e06798348221828e48498428953bc1492406a046c955948c98299e91f9ddbc863915c783c1f243f68205ee7b5bdf8c9b27dd7777437451a2d0e15553b0d4a726e9ed3fca46ede8f199c476439a2a8fe63a5dc3beee5914a79c2aebec623cd89a04cb6cc58ecc79192bdc5043d9af760c60710ffb9473ce4862c2bafd45d64ddfa8cd6711831aaf8a7bbe4a6a71088fef13022f21b6c034c86beec72b279c8cbd3cb294abf01b69bde20d41f80f6a487a64909450dc49da2c2525ad73ded6c162f9e24f3f571ef91e632313c43dbcfd234b217965d9d9f44f12ef38dfc05f49e05c1678f7a07a57d7a40abce07746956803411e96104a41f3d734b45001a302f18ac58fb9dfeb547f7ccda08ebc6b12abfa7d1c0abb0a7eaeb115a21062c898d152c756432f12fdba42199f50b0b41976611e7d65bb6044b13742e052756b1430b3a39f1ccaa8b1e6044212ae1eb9d5f1e967bae8c656aebd09c7ccd590c3eff6ef4fcacf62086c244f8ceb3f086ea61bfc1e0505ab760d3a8560ca6014fcbdec43de18225b849edb0791187f44f22af3be08b8c2de9c365460809ea440b3fe52e11d05ee07bcbb9d1e219f5fcf942e6bf4e2a1181dda2a15bcf14bfeb57fdd741a282f9153995f5de60e409e5521d265b02568201af317179a2e363a4251d415fae54517aaccd86c504a0cb53d27542be9d96e3d1c71b599a3c31bfe9bc317d60b23c53d24a7d8d46d20caf10603e82b0d44b011d9569efba688c8c11850c2bac8b5967027bd7690661f875af4dbb6cdca3b365fd8f23dab61a38a7bde4973abc4c2ca2d773a1362773d6ce69d5958594a6c8faf63dcec5cfc7ca770234482b669719c4d0a48d4f7068de06201620d13fd8f8684150684f44dee1ed50cb4e4df31c3a1d6f7ff7c8f3063ec264f9187d5c9cb455b96ad276fbc6cf4d943ec1904d0edc30fa0b79dd028e6d428ced09a38b0b4cbe4372c6447b7fa0e019ca82e332761a83fe486e345e20d35259e2b7c3df52a13b40521e1c22090fb8664a2f17b331746fb3aca7d82c5d488b742d240e7181a16fbd7df85345b27753441c9e490ee8e856e58862fa7a6f5cb1b58d44d8c76af8491870ed40e0a1aa4a9d7d766e21d4c841730c274f21eba4d068e15840dec422b704a1c0c898f9eef47aa3ecc12d44322e6da30c9d1a62e9401b273b186fce358ea67c92dea973b8d6e89905ad31eda165f9ac85c591a9d0b53db35f08d33758c475788f7961ca8ae532a9a335fdb53c2b59712b0d71ded4edf99263b45fdaf395d374ca0a3d220c6518153d23b7958e8100458833bb1cf0b038319edf26c9bc689565f649797e5bc64ecbec789787b743dec9350b3d49329066042c42a512c6743a5e1c178b6bc7d5a124c07c01c0d4c6f4893fce953490040888fa6af73fbea1587711eee136478d96b412532042e082eb8837c9365fa8734c86025e9739fa69338729bdc98f2e4709b265867b49630d83ad66cba0c5aa909cbaa4d1717856c9f0a57da1f2054f48f58522b7ef32159d63d22885cc39c441c7f0e5aa5ec42804f588fda7d94c21d2fc4da59bcbab2108d8230ad9b1b623c836271cb5827defbffb629b402d1e36e23a49df0c942c9f5a404ce195db59403932ee1580d9b11a3abb7c4be227a98692d291cd1f018c7cca0874aaf27d13f0763bad9ad2ca808f84bfce0b58fa8593f2e5815c0477408d8d0d23b467b257847cdd6f9d2b5190eff89347187ae91f37835cb552205edf2f36f33127101dc92d2bceb9a21c19b6158e31c6003a9565812443c9194779d46fb8add254147c4e78d47ba0579e5e6d0123f4b2cdb249d63fc23ecf6a34d4b2bcf8b2a2bc88de9de1872ac07644d81c85a460a1c988d4b07e11daccd25703e6e80a75987daaff3b90c4751a94943990a2d31b5b266d38438c095d653af392471a0d8c5783771735fed76041266c05c3f53979c564eb7a5b01c045ac953e8a4abf63cb23b2bd2cd2ee9fc39389bdd0b6e3a3fc00157a8ec94dbbdc1faf43c40cdf87ddc71a664411eaa2b90daa3cee371b23479a53546636ead90f405bccbf6ce6893144949c02ca3bd0a6458a303cd00402059c9d15313d3cb72581a49be18dbc4969bf548958be0d3015c06ab2fa517402abbe3c65322a2f46400cdd5ab2a73716d4bafabc578516ba56e2a93f11363c051da31bcd93d815c7a06718ee2515b0e0ed2abd0afc7b67a6c76a110f469b26f657ceb948f4a57382aceb3d7704ade3792d9f705fbc65b4869ad537ca97c188418187865fe047c82778886db4d719128d5c52255ccde0b7d8905fc4d22c8db04e95b6154d06457d078ac6c7a1b669d178e7df9104b024eb9e7ae97e07b7e013b00849c4a4c27b1ae424e64a78f0e65446762586e1b3530a15acc2c90e07ec10d510db6ff4b366e4e7ef5fa975e80f40f3475174040b89fe20012cf6dd4aae2be1ebcc84c1bb38ac761a86511e5cdc2b454fe731786f72766fa53b017e4cfcc877c6b5a17c33df50dfc2e2e06b3f771c7d7755b1ba7823a06af3dbdea7db422cf6e4df12f441eb78fb3bb3e7217f9ec34928d20ace251854f2363e936a7f150e442806a4a72a33fec45c1a8b70ee76d21a287eded71122d1423c4f08562d1a3b15402eda05c43e8af74fb31cb09e067a3513d69b03ad591c43c8d026cb21d83d073f29046e330da2f6a7fa939984e98563f0513ff4ebe8cda8c8000aa0be3c0d311ab16766b42e35c66a4c4181ed9feb894886f3c3df534090feb87b830992ba6fa29c93be25405c687be6b65c5521fa9c2d94528629b13e452816cbaf39dd49b9b9ab3cee600c4944cd966a80280a11f7049d8ab093aad77009a44422d5408027466462c042bc2d538e557ec68a2c83a63fe11ce68e1d810aed6c1fcea35a9b6318caaa17f062fdb0aa4ea89d14c1cb5d3b787b14bf7cbc1f40c5e323f184a1c9e6c6e83c0b61cf7a73dbd974f73b5f78047d90fc6537641484c6cc85c263797dd865e311014168114e1aa9bafd65300fcf3aea328bdbf8e0d9f8f22ee6db0b97d82ea32fdbc320bcabe1be4ce1d2b82a31fd3400ea9bb36961b909da34aae0dc32aa9933995e6b799305780f4da1b63bd18b1124cb68b4cf9ba216d84375e06c10cfe5d40aa87ab9196b6c529d1c2016c1c8f8609fdd19ecc73fb8e3e9066f8f5342e159cca7b8c80bf0b782180a5631984bafed124baac32e4b9e21613cba1a40c9414d2cae8efc57531c34082987f64dcc4616144dd2da15586486b39a029481aed5cf4d7304716996e107dde34ee2b58cceb5a0ef83fedca02cf34c3fa3b62ac03a374d6cf3d6a592e440ff1cc9f0b1183f57af82d175b575592670c0b2252ea5f9c3dbb51626f765320cfddee0f0d389205c35a1ac5bed2cc185fc2a5b15eee22f2c1d03d63394c01a72cdaa24346ae3fdc94730b656fb3e4b3d61f017e030d5a45e34e85f1083ec29f85107c5095b1181ab556aa0a7c89b5ba62a88b6f669ac90d66255600482b853b5dfbdaaf342acd3932d26eb42893f378e2bda235f3fc6372b6d42d3c0e75bd83dcc6e6a60e09236cc41994f80c9159075be263c70e200b1641b4812151070cd8bc14cc503a0348c21a06d3f8db4d2d726c7c2982a92e08b6c5671b54dc0ccb4baa7ad372f28d335fe818bb82d8735461ae5279d088df17a2ec1ea345095472154fd5e36a854b471cee125dcfc7ae9b4b9807f44105513d98114ddd65fcb343be353f466f1064a8c88e15dc003921633d5669842f8ba7ea110bf325156aa96cad646c787978e6af7efa9d92217f978e40bf76e740bfa5320092a16aa2a31d4b34379c0681b5dc0d20a9598fde4d65072eb5bca859e6e3f2282edbd7ceec17256590b5b98863154de1bb15a3639fd75e63990ea548322e6dbaf564de39723488b1961e304555d73c621c621ac347af0360de7ac4b9c0a7ac5d02aac13e2864225dd1774610efbf3247ccdd017aeb727491001a1b8d6d2850897c91b2658f921257442e7d95af28a402b496f5e7d8c79af9ec1173d8a720a2d01a63954c31d3eb75e253b5835533dde8d7a6cad639c33698291b778777195019d7c7022344f971ebde3077691dc9b29edcee6b7ebb730baee7e5589e8a0db1ad9fbe6ce299a731e10b9b57bf7848933410042302ef7d7891715ea7eb157c8a1455b9cb0c7aaddb8e428c15f25233aaacf8bfc8c609f8bfb24032be696c05784aec0abbff449085d70ca3cbb58288e9b582399196a1b83f85283677086686180fb1f888ecafa17e8b4e4b51ebf671faf22df0ca4ded66f86ed0978c4352a01d1fb0a26313021a4e88814adb5a6ad8b261a3bcb54dc7ee1e84f66cd6bcbba8cc986d22dd59a670adc28cdab94fb82a61836beb55eb09830b0504f654718202ab6ad6d1d3045d864b67c0d2b771e1da9d66f9bf5ba1ed9aeb3758562ab3a3504a1fad58d81bed36abe2ace56bb18acfeb7a20bbcfdd60627bde5807b31087168077f5e833378b86cea629cb585b2bcd5da9b65b413555ee08e043856bd08e9ffb8f52c3493c575192b86754c92d266c897836a38982ab15e9739646dd1b538fcbbbeac615b5794db6e4e196a1cede14de0660b80af510b7cdec3090c3576d7c99f5a8a75efc300e6593e1a0bfefff1605029d5419f8842de23e02258c019128728da398936d6b3", 0x1000}, {&(0x7f0000001200)="ad729322f5fd0c6793080b0780939044529a4b24e5d00e13d8b8b9164ed43bf4aafe549c1f98a77be10867d2104e446c13222fb6e25e556f83a24c82f8244a113354baa48ce74b7dce1952aa360f729e2858c88298e27a011caed84060ff8bcae9e770a72e59816fcbed3c39e51d7abfcc872d8d9db49580bd3115f7f82b9cffcd59d62493b29451efbd01c0f2670aac7ada40f7bce9d781d5b9783193163fb43f908b1045c88c3361d9972ff8df9bbd3eedc40468676613f38c6ce8c2cf1c7a41dafeae5061ea8aa5634d13874fcaeca4a252bcc9fb26db4cd9aa4ac52a8d97798404ba000a0b9f9dbba3e79b89fd6f2998bc56c792a5abc585094965fbc2", 0xff}, {&(0x7f0000001300)="7de353bd56b4d7c5ead661afaeb52a940954797aabcc1352fc5410dd035a810ef373b3812831acf122d59a4627be5c1b85bdfd9f94c70370d361eaf902282132e296d69281347c278122f17f125389f889e5a65ee256a40049734f1e97874bdeff750dbefdb5cc708a5622494ef29855b22a33f8e0539ca087a343c146486b6083b0", 0x82}], 0x3)
close(r0)
r1 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYRES64=r0, @ANYRESOCT=r0], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x9, {0x9}}}, 0x0)

3.075836696s ago: executing program 2 (id=1860):
r0 = socket$kcm(0x10, 0x100000000002, 0x4)
r1 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r1, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
r2 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0180000000171300883795c04a31ba377a1b2cc32b38d3740000ffffffffffffffff", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x1000000)

2.931557828s ago: executing program 4 (id=1861):
r0 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev, 0x8000000}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x117, 0x2, '\x00'}], 0x18}, 0x0)
recvmsg(r0, &(0x7f0000001580)={0x0, 0x0, 0x0}, 0x140)

2.785029032s ago: executing program 2 (id=1862):
syz_open_procfs(0x0, &(0x7f0000000000)='net/sctp\x00')
fsopen(&(0x7f0000000580)='overlay\x00', 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)

2.63775052s ago: executing program 4 (id=1863):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x5}, @NFT_OBJECT_TUNNEL=@NFTA_OBJ_TYPE={0x8}}, @NFT_MSG_DELOBJ={0x128, 0x14, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_OBJ_USERDATA={0xfe, 0x8, "d65d3eae0e441bb425bd4b65098bacf567944fa567057bd33ac3429064ad5a0f0ce136baeaf7e8c52746698b1de9b2bc0bb5a7ea79351ad6a4cc35f67558c34ddb490e8cb2359dc88f596c8387c31a55f4ae8de257be71c1cd4aff011be7321e31e732e2c06090f7013dcf4cab2e5236c0e4ae78641c4f40b04145415175f8f083dc2408d529ea190f755b8b4d3ca48b21de380038f4b1f3e3386711044955ea8757133fb65f8edd3e3759fe06e0e6698ab282394961dbffc8cffc3fa40b2335e21f7b471211e0cb2719199b0d4942b4f4890ebf690610e34ce001660f8cde2021cb981ef18bbe613e6c6975a710b7485456dac3220f19a7183e"}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x5}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x18c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000010)

2.51665222s ago: executing program 2 (id=1864):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x6}]}], {0x14}}, 0x50}, 0x1, 0x0, 0x0, 0x40010}, 0x4000004)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r6, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x200000, 0xe, 0x7, 0x7, 0x9, 0x40, 0xffffffff, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040098}, 0x4000)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r8, &(0x7f0000000140)="bad330fbc9b5544972e7a5ea0756", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r7, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14)
r9 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)={0x2, 0x0, @a}, 0x48, 0xfffffffffffffffd)
keyctl$KEYCTL_PKEY_QUERY(0x18, r9, 0x0, &(0x7f0000000100)='\x00', 0x0)
r10 = userfaultfd(0x801)
ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r10, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15)
close(r0)
close(r10)

2.491394116s ago: executing program 0 (id=1865):
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r0, &(0x7f0000000140)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)
connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x2, @rand_addr=0x64010102}}, 0x1e)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newrule={0x24, 0x1a, 0x1, 0x0, 0x0, {0x81}, [@FIB_RULE_POLICY=@FRA_TABLE={0x8, 0xf, 0xfe}]}, 0x24}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sysvipc/sem\x00', 0x0, 0x0)
sendmsg$NFT_MSG_GETCHAIN(r3, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x150, 0x4, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}, @NFTA_CHAIN_HOOK={0x34, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12b7b81d}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_USERDATA={0x33, 0xc, "94afdef58838e11acb7c7eb27b041033c74cbe9d40351ac35499d2891073e5cf5250c00f363add750e1c49650c73b4"}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_CHAIN_COUNTERS={0x58, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xfffffffffffffffd}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x80000001}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xfffffffffffffffb}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_CHAIN_USERDATA={0x53, 0xc, "cd2755567c5cc6627002939ca288ffc842d1002bf2f12a4f210abeaa48a28e22f3c28beb4ba8bf91ea57af0d416c908d2859d3a20af4ade86e7498544996d588b8f1a4a04a2942fa9b4f91fbb237d1"}]}, 0x150}}, 0x40005)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c08f302", @ANYRES16=r4, @ANYBLOB, @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x1)
close(r5)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000940)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0x20335}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bond={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BOND_PEER_NOTIF_DELAY={0x8}, @IFLA_BOND_DOWNDELAY={0x8, 0x5, 0x1ff}, @IFLA_BOND_MIIMON={0x8, 0x3, 0x8}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x50}, 0x40800)
keyctl$chown(0x4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
r7 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r8 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r7, 0x4c00, r8)
ioctl$LOOP_SET_STATUS(r7, 0x4c02, &(0x7f0000000280)={0x0, {}, 0x0, {}, 0x8, 0x0, 0xffffffff, 0x1d, "28f5c9ea1f0197000011ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba99634793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b531e67603c26b0c30", "07a9400978042a8bfe1406584ae7df4af14e1df82d00", [0x7a, 0xd]})
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r10 = dup(r9)
connect$pptp(r3, &(0x7f0000000480)={0x18, 0x2, {0x1, @broadcast}}, 0x1e)
getsockname$packet(r3, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000500)=0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r10, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
write$binfmt_aout(r10, 0x0, 0xffffffdb)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)

2.38757274s ago: executing program 4 (id=1866):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, 0x0, 0x0)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))

2.356151075s ago: executing program 1 (id=1867):
socket(0x2, 0x80805, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = syz_ublk_setup_io_uring(0x24, &(0x7f0000000340)={0x0, 0x0, 0x100, 0x2, 0x1dd}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000300)=<r2=>0x0, &(0x7f00000004c0)=<r3=>0x0)
syz_io_uring_submit(r1, r2, r3, &(0x7f0000000980)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x9})
syz_ublk_add_dev(r0, r1, r2, r3, &(0x7f00000003c0)={0x2e, 0x5, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x4, 0xd74, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x1000000}}}, 0x0)

1.736554354s ago: executing program 2 (id=1868):
socket$xdp(0x2c, 0x3, 0x0)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x900, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
accept4(r1, &(0x7f0000000080)=@pppol2tpv3, &(0x7f0000000100)=0x80, 0x80000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="baf80c66b88c4b3d862e66dc8395dcb2fc0c66b887bb000066ef0f01d80f20c06635000000800f22c00f685b92d8dd660f3881000f01c2ba2100b80008ef1b6c020f30", 0x43}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8, @ANYRES64=r3], 0x0)

1.474150349s ago: executing program 4 (id=1869):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a410100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "ffd7"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000180)='.\x00')
ioctl$KVM_SET_DEBUGREGS(r4, 0x4080aea2, &(0x7f0000000740)={[0x10000, 0xffff1000, 0x3000, 0xeeee2000], 0x4, 0x60})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, &(0x7f0000000000)={0x5, 0x4, 0x2, 0xfe, 0x0, [@mcast1, @private2={0xfc, 0x2, '\x00', 0x1}]}, 0x28)
ioctl$XFS_IOC_PATH_TO_HANDLE(0xffffffffffffffff, 0xc0385869, &(0x7f0000000180)={<r6=>0xffffffffffffffff, &(0x7f0000000200)=':*-\xbd-*](&{!):\x005\xb1d\xd9@|\xa5\x86\x19\x81\x00\x00\x00\x00\x00', 0x151001, &(0x7f00000000c0)={@_ha_fsid={[0x3, 0x1]}, {0x6, 0xb4, 0xa, 0x5}}, 0x2, &(0x7f0000000100)={@_ha_fsid}, &(0x7f0000000140)=0x401})
r7 = socket$netlink(0x10, 0x3, 0x15)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff})
setsockopt$sock_int(r8, 0x1, 0x10, &(0x7f0000000380)=0x3, 0x4)
sendmmsg(r8, &(0x7f0000001c00), 0x400000000000159, 0x40840)
write(r7, &(0x7f00000000c0)="29000000140005b7ff000051915f95eb01010003a606a40e07fff024bb000000000000000040000000", 0x29)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r6, 0x84, 0x20, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x0)
socket(0x1d, 0x2, 0x6)
sendmsg$kcm(r9, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
r10 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_S_FMT(r10, 0xc0d05605, &(0x7f0000000040)={0x4, @meta={0x4531434d, 0x238b11ec, 0xc829, 0xd7db, 0x5a392572}})
r11 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000ec0), 0x22000, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r11, 0x80044dfe, &(0x7f0000000f00))
syz_open_dev$video4linux(&(0x7f0000000200), 0x2, 0x0)

1.26735648s ago: executing program 1 (id=1870):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]})
creat(&(0x7f0000001c40)='./file0\x00', 0x10)
lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000140)={{0xffff1000, 0xeeee8000, 0x4, 0xf6, 0x2, 0xf3, 0xd7, 0x8, 0x7, 0x1, 0x9, 0x5}, {0x50000, 0xc0a0c0f0f5000ded, 0xd, 0x5, 0x3, 0x8, 0x5, 0x0, 0x80, 0xfc, 0xfc, 0x4}, {0x200000, 0x25000, 0xb, 0x6, 0xff, 0x3, 0x0, 0x5, 0xef, 0x27, 0xd5, 0x2}, {0x4000, 0x6000, 0x9, 0x9, 0x8f, 0x4, 0x83, 0xfc, 0xb, 0x1, 0x9, 0x3}, {0xffffffff, 0x0, 0x3, 0x2, 0x6, 0x1, 0x9, 0x2, 0x3, 0x3, 0x0, 0xe4}, {0x200000, 0xffff1000, 0xf, 0x0, 0x6, 0x0, 0xde, 0x9, 0x3, 0x0, 0x4, 0x30}, {0xdddd0000, 0x9000, 0xc, 0x1, 0x8, 0x3, 0x2, 0x6, 0x91, 0x8, 0x9, 0x88}, {0x8000000, 0xeeee0000, 0x10, 0x6, 0xc2, 0x8, 0x6, 0x10, 0x7, 0x3, 0x80, 0x87}, {0x6000, 0x8000}, {0x41000, 0x9}, 0x50000, 0x0, 0x0, 0x400408, 0x6, 0x8000, 0xeeef0000, [0x7, 0x5, 0x5, 0xe]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0xffffc90000000000, 0x1b, 0x0)
add_key$fscrypt_v1(0x0, &(0x7f0000000180)={'fscrypt:', @desc3}, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000000c0)=@x86={0x60, 0x4, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x1, 0x0, 0x0, 0x8, 0x0, 0xff, 0xff, 0x0, '\x00', 0x0, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x8000000, 0x9, 0x10001, 0xfffffffd, 0x0, [{0x2, 0x2, 0x87, '\x00', 0x8}, {0x9, 0x8, 0x2, '\x00', 0xa}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x2, 0xf5, '\x00', 0xf}, {0x9, 0x89, 0xc, '\x00', 0xfb}, {0x0, 0x4, 0x54, '\x00', 0xff}, {0x71, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x4, 0x1, '\x00', 0x8}, {0x7f, 0x5, 0xb, '\x00', 0x8}, {0xd7, 0xd, 0x8, '\x00', 0xa}, {0x0, 0x28, 0x7, '\x00', 0xdc}, {0x40, 0x1, 0x5, '\x00', 0x2}, {0xfe, 0x3, 0x26}, {0xcf, 0xfa, 0xb, '\x00', 0x5}, {0xf, 0x6, 0x5, '\x00', 0x10}, {0x39, 0x2, 0x6, '\x00', 0x8}, {0x9, 0x6, 0x2, '\x00', 0x8}, {0x5, 0x7, 0x5, '\x00', 0xc}, {0x7, 0x1, 0x7}, {0x0, 0x80, 0x1, '\x00', 0x81}, {0x1, 0xc, 0x80, '\x00', 0x7f}, {0x10, 0x3, 0x3, '\x00', 0x10}, {0x1, 0x23, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4, '\x00', 0x8}]}})
ioctl$KVM_GET_SREGS2(r2, 0x8140aecc, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200000)
ioctl$NBD_DISCONNECT(r3, 0xab08)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r5, 0x404c534a, &(0x7f0000000ac0)={0xfffffffd, 0x1d3, 0x4})
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c00000010003b1500"/20, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008001c00c2"], 0x3c}}, 0x0)
timerfd_create(0x1, 0x80800)

1.170014217s ago: executing program 0 (id=1871):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x54, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@dev, 0x1000}, 0x0, 0x1}, [@migrate={0x4}]}, 0x54}}, 0x0)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x0)
ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x1e)
shutdown(r0, 0x1)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0)

1.042146559s ago: executing program 4 (id=1872):
r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000040)) (async)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x84083, 0x0)
ppoll(&(0x7f0000000140)=[{r0, 0x402}, {r1, 0x4048}, {r0, 0xc425}, {r0, 0x2240}, {r0}, {r0, 0x2}, {r0, 0x2000}, {r0, 0x732}, {r0, 0x2000}, {r0}], 0xa, &(0x7f00000001c0)={0x0, 0x989680}, &(0x7f0000000200)={[0x5ce1]}, 0x8) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000240)={0x647, 0x0, 0x0, 0x7}, &(0x7f0000000280)=0x10) (async)
r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000380)={0x990000, 0x100, 0x871a, r3, 0x0, &(0x7f0000000340)={0x99096a, 0x6011, '\x00', @string=&(0x7f0000000300)=0xfc}}) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0xff2, 0x8, 0x80000000, 0x2, 0x97f, 0x80000000, 0x7, 0x80000001, 0x100000000, 0x8, 0x800, 0x7ff, 0x81, 0x8, 0x8, 0x1], 0x9000, 0x110}) (async)
close(r2) (async)
close_range(r4, r2, 0x2)
ioctl$SNDRV_PCM_IOCTL_XRUN(r3, 0x4148, 0x0) (async)
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000480), 0xa40, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r5, 0x8982, &(0x7f00000004c0)={0x1, 'gre0\x00', {}, 0xc}) (async)
r6 = dup(r5)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPATH(r6, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x20, r7, 0x400, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040}, 0x41) (async)
r8 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) (async)
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000680)={'vlan0\x00', 0x401}) (async)
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r5, 0x7af, &(0x7f00000006c0)={@hyper, 0x3})
r9 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), r5)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r9, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x54, r10, 0xc00, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@rts={{}, {0x1}, @broadcast, @broadcast}}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x8848}]}, 0x54}, 0x1, 0x0, 0x0, 0x40814}, 0x4846) (async)
ioctl$VIDIOC_G_PARM(r5, 0xc0cc5615, &(0x7f0000000880)={0xa, @raw_data="b985efb86fabcf60344cdabdf23a3795a87371dd1bf400cdd45de88492691506f0b4808444e6b75c3f24b8f0d6742d35f57ad33161454ed4d111947300f09f37a1da128176207c759ecb74f36e5b50937c89883c7ee9d04c041c54a8b045bb7572dcbd50c8deab4eaba5356f9c98d239c69b76197d4f2c080f10515df75484de4670fb2cc8bd556fbfa68b911658d20a55076e8ffe66ac67f38b9c6636157e7fcbc916437b447fb442de85f3d725354134c27040351f930385497bda379aba413252e7fc04dddae5"}) (async)
unshare(0x280) (async)
ioctl$PPPIOCSACTIVE(r6, 0x40107446, &(0x7f00000009c0)={0x2, &(0x7f0000000980)=[{0x7, 0x43, 0xc, 0x1}, {0x7, 0x8, 0x3, 0x8000}]})
ioctl$KVM_GET_STATS_FD_vm(r3, 0xaece) (async)
ioctl$NILFS_IOCTL_SET_SUINFO(r8, 0x40186e8d, &(0x7f0000000b40)={&(0x7f0000000a00)=[{0x3, 0x1, 0x0, {0x4, 0x7fff}}, {0x2, 0x0, 0x0, {0x5, 0xffff}}, {0x3fb, 0x0, 0x0, {0x8, 0x4, 0x2}}, {0x7f, 0x2, 0x0, {0x0, 0x10, 0x6}}, {0xfffffffffffffff7, 0x2, 0x0, {0x0, 0x8, 0x2}}, {0x5, 0x2, 0x0, {0x3, 0xfffffffa, 0x2}}, {0xffff, 0x1, 0x0, {0xff, 0x400}}, {0xfffffffffffffffd, 0x2, 0x0, {0x7, 0xe}}, {0x3, 0x1, 0x0, {0x8, 0xa838, 0x2}}], 0x9, 0x20, 0x9, 0x2}) (async)
ioctl$DVB_DVR_DMX_SET_BUFFER_SIZE(r5, 0x6f2d, 0x3)

905.04968ms ago: executing program 0 (id=1873):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000240)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20048044}, 0x20008000)

904.732079ms ago: executing program 1 (id=1874):
fsopen(&(0x7f0000000580)='overlay\x00', 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)

903.842698ms ago: executing program 4 (id=1875):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
epoll_create1(0x80000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000700)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x47, 0x5, 0x8, 0x5, 0x0, 0x9, 0x0, 0x57c73f3a, 0xfa11, 0xffffffff}, 0x0)
recvmmsg(r1, &(0x7f0000000a40), 0x3d, 0x22, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b1600000000000000000200000a4000048018000180080001006f7366000c000280080001400000000424000180090001006d617371000000001400028008663f400000001708000140000000100900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x94}, 0x1, 0x0, 0x0, 0x850}, 0x0)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r5, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x4}, 0x20)
r6 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000280)=ANY=[@ANYRES16=0x0, @ANYBLOB], 0x20}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="e03f030041000405d25a806c8cfc600000000a00020005358fc13715070000000000000027000c00ea781329fc4136ea304b25d3d8220b1b65832785d920c52b4bd0d0a452d36bd2ba0397ff578d000000000000000000", 0x57}], 0x1}, 0x0)
connect$l2tp6(r5, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
r7 = epoll_create1(0x0)
r8 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r8, 0xc018aa3f, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000000)={0x30000000})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYRES32=r0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0xc1}, 0x4000044)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000001340)=@raw={'raw\x00', 0x8, 0x3, 0x318, 0xf8, 0xffffffff, 0xffffffff, 0xf8, 0xffffffff, 0x248, 0xffffffff, 0xffffffff, 0x248, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x1, 0x8, 0x3}}}, {{@uncond, 0x0, 0x108, 0x150, 0x0, {}, [@common=@srh={{0x30}, {0xd1, 0x8, 0x8, 0x8, 0xf, 0x4c, 0x400}}, @common=@inet=@l2tp={{0x30}, {0x4, 0x0, 0x3, 0x1, 0x4}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00', {0x200}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x378)
pipe(0x0)

880.91634ms ago: executing program 0 (id=1876):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x5}, @NFT_OBJECT_TUNNEL=@NFTA_OBJ_TYPE={0x8}}, @NFT_MSG_DELOBJ={0x128, 0x14, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_OBJ_USERDATA={0xfe, 0x8, "d65d3eae0e441bb425bd4b65098bacf567944fa567057bd33ac3429064ad5a0f0ce136baeaf7e8c52746698b1de9b2bc0bb5a7ea79351ad6a4cc35f67558c34ddb490e8cb2359dc88f596c8387c31a55f4ae8de257be71c1cd4aff011be7321e31e732e2c06090f7013dcf4cab2e5236c0e4ae78641c4f40b04145415175f8f083dc2408d529ea190f755b8b4d3ca48b21de380038f4b1f3e3386711044955ea8757133fb65f8edd3e3759fe06e0e6698ab282394961dbffc8cffc3fa40b2335e21f7b471211e0cb2719199b0d4942b4f4890ebf690610e34ce001660f8cde2021cb981ef18bbe613e6c6975a710b7485456dac3220f19a7183e"}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x5}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x18c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000010)

801.418895ms ago: executing program 0 (id=1877):
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xfffffffffffffee6}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24040045)
r0 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xce})
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}], 0x1)
io_uring_enter(r0, 0x2219, 0xcf74, 0x16, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x2)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
r2 = open(0x0, 0x60840, 0x0)
ioctl$vim2m_VIDIOC_EXPBUF(r2, 0xc0405610, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
symlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00')
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r1)
socket$igmp6(0xa, 0x3, 0x2)
statx(r2, &(0x7f00000001c0)='./file1\x00', 0x100, 0x10, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fchownat(r2, &(0x7f0000000180)='.\x00', r3, 0xee00, 0x400)

791.325012ms ago: executing program 1 (id=1878):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x6}]}], {0x14}}, 0x50}, 0x1, 0x0, 0x0, 0x40010}, 0x4000004)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r6, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x200000, 0xe, 0x7, 0x7, 0x9, 0x40, 0xffffffff, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040098}, 0x4000)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r8, &(0x7f0000000140)="bad330fbc9b5544972e7a5ea0756", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r7, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14)
r9 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)={0x2, 0x0, @a}, 0x48, 0xfffffffffffffffd)
keyctl$KEYCTL_PKEY_QUERY(0x18, r9, 0x0, &(0x7f0000000100)='\x00', 0x0)
r10 = userfaultfd(0x801)
ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r10, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15)
close(r0)
close(r10)

526.1321ms ago: executing program 1 (id=1879):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, 0x0, 0x0)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))

304.890012ms ago: executing program 3 (id=1880):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a410100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "ffd7"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000180)='.\x00')
ioctl$KVM_SET_DEBUGREGS(r4, 0x4080aea2, &(0x7f0000000740)={[0x10000, 0xffff1000, 0x3000, 0xeeee2000], 0x4, 0x60})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, &(0x7f0000000000)={0x5, 0x4, 0x2, 0xfe, 0x0, [@mcast1, @private2={0xfc, 0x2, '\x00', 0x1}]}, 0x28)
ioctl$XFS_IOC_PATH_TO_HANDLE(0xffffffffffffffff, 0xc0385869, &(0x7f0000000180)={<r6=>0xffffffffffffffff, &(0x7f0000000200)=':*-\xbd-*](&{!):\x005\xb1d\xd9@|\xa5\x86\x19\x81\x00\x00\x00\x00\x00', 0x151001, &(0x7f00000000c0)={@_ha_fsid={[0x3, 0x1]}, {0x6, 0xb4, 0xa, 0x5}}, 0x2, &(0x7f0000000100)={@_ha_fsid}, &(0x7f0000000140)=0x401})
sendmmsg(0xffffffffffffffff, &(0x7f0000001c00), 0x400000000000159, 0x40840)
write(0xffffffffffffffff, &(0x7f00000000c0)="29000000140005b7ff000051915f95eb01010003a606a40e07fff024bb000000000000000040000000", 0x29)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r6, 0x84, 0x20, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1d, 0x2, 0x6)
bind$can_j1939(r7, &(0x7f0000000380)={0x1d, 0x0, 0x801, {0x2, 0x0, 0x2}}, 0x18)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(0xffffffffffffffff, 0x80044dfe, &(0x7f0000000f00))

82.979383ms ago: executing program 2 (id=1881):
syz_emit_ethernet(0x4e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaa"], 0x0)
r0 = socket$inet6(0xa, 0x805, 0x0)
getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec)
r1 = socket(0x10, 0x3, 0x2)
io_setup(0x30, &(0x7f0000000600)=<r2=>0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000}, [@jmp={0x5, 0x1, 0xc}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
io_submit(r2, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x700, 0x0, 0x0, 0x8, 0x0, r1, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x9}])

0s ago: executing program 3 (id=1882):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a410100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "ffd7"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000180)='.\x00')
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000000000)={0x5, 0x4, 0x2, 0xfe, 0x0, [@mcast1, @private2={0xfc, 0x2, '\x00', 0x1}]}, 0x28)
ioctl$XFS_IOC_PATH_TO_HANDLE(0xffffffffffffffff, 0xc0385869, &(0x7f0000000180)={<r5=>0xffffffffffffffff, &(0x7f0000000200)=':*-\xbd-*](&{!):\x005\xb1d\xd9@|\xa5\x86\x19\x81\x00\x00\x00\x00\x00', 0x151001, &(0x7f00000000c0)={@_ha_fsid={[0x3, 0x1]}, {0x6, 0xb4, 0xa, 0x5}}, 0x2, &(0x7f0000000100)={@_ha_fsid}, &(0x7f0000000140)=0x401})
r6 = socket$netlink(0x10, 0x3, 0x15)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
setsockopt$sock_int(r7, 0x1, 0x10, &(0x7f0000000380)=0x3, 0x4)
sendmmsg(r7, &(0x7f0000001c00), 0x400000000000159, 0x40840)
write(r6, &(0x7f00000000c0)="29000000140005b7ff000051915f95eb01010003a606a40e07fff024bb000000000000000040000000", 0x29)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r5, 0x84, 0x20, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
socket(0x1d, 0x2, 0x6)
sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
r9 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f0000000040)={0x4, @meta={0x4531434d, 0x238b11ec, 0xc829, 0xd7db, 0x5a392572}})
r10 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000ec0), 0x22000, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r10, 0x80044dfe, &(0x7f0000000f00))
syz_open_dev$video4linux(&(0x7f0000000200), 0x2, 0x0)

kernel console output (not intermixed with test programs):

 invalid descriptor of length 0, skipping remainder of the config
[  407.183643][   T29] usb 5-1: config index 2 descriptor too short (expected 65016, got 133)
[  407.195976][   T29] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  407.218142][   T29] usb 5-1: config index 3 descriptor too short (expected 65016, got 133)
[  407.235578][   T29] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  407.257308][   T29] usb 5-1: config index 4 descriptor too short (expected 65016, got 133)
[  407.276596][   T29] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  407.294862][   T29] usb 5-1: config index 5 descriptor too short (expected 65016, got 133)
[  407.309894][   T29] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  407.335029][   T29] usb 5-1: config index 6 descriptor too short (expected 65016, got 133)
[  407.349302][   T29] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  407.368221][   T29] usb 5-1: config index 7 descriptor too short (expected 65016, got 133)
[  407.382539][   T29] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  407.402811][   T29] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  407.423660][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.440140][   T29] usb 5-1: Product: syz
[  407.447565][   T29] usb 5-1: Manufacturer: syz
[  407.454857][   T29] usb 5-1: SerialNumber: syz
[  407.486388][   T29] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  407.542382][   T24] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  408.214625][T10415] binder: 10413:10415 ioctl c0306201 200000000640 returned -22
[  408.284352][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1392'.
[  408.290824][T10411] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1389'.
[  408.440667][ T1611] usb 5-1: USB disconnect, device number 44
[  408.859842][   T24] usb 5-1: Service connection timeout for: 256
[  408.877702][   T24] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services
[  408.898519][   T24] ath9k_htc: Failed to initialize the device
[  408.914684][ T1611] usb 5-1: ath9k_htc: USB layer deinitialized
[  409.659106][ T1611] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  409.845331][ T1611] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  409.867871][ T1611] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  409.890227][ T1611] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  409.915259][ T1611] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  409.937279][ T1611] usb 5-1: SerialNumber: syz
[  410.302447][ T1611] usb 5-1: 0:2 : does not exist
[  410.393425][T10446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  410.412940][T10446] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  410.425031][ T1611] usb 5-1: USB disconnect, device number 45
[  410.481968][ T5760] udevd[5760]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  410.526153][T10446] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  410.533110][T10446] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  410.594193][T10446] vhci_hcd vhci_hcd.0: Device attached
[  410.637486][T10446] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1401'.
[  410.711632][T10447] vhci_hcd: connection closed
[  410.722079][ T5993] vhci_hcd vhci_hcd.2: stop threads
[  410.733275][ T5993] vhci_hcd vhci_hcd.2: release socket
[  410.757829][ T5993] vhci_hcd vhci_hcd.2: disconnect device
[  410.809079][    T9] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  410.814002][T10453] program syz.0.1403 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  411.448866][T10458] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1405'.
[  411.529318][T10505] misc userio: No port type given on /dev/userio
[  411.626711][T10508] netlink: 'syz.2.1410': attribute type 1 has an invalid length.
[  411.751236][T10511] fuse: Unknown parameter ''
[  412.152939][T10519] vxcan3: entered promiscuous mode
[  412.207046][T10520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.220678][T10520] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.589378][T10529] fuse: Bad value for 'fd'
[  412.600138][T10529] ALSA: mixer_oss: invalid OSS volume ''
[  412.606116][T10529] ALSA: mixer_oss: invalid OSS volume 'b'
[  412.616779][T10529] ALSA: mixer_oss: invalid OSS volume '�ik���΅/�9�$�g\'�o�Cx��3�'
[  412.628810][T10529] ALSA: mixer_oss: invalid OSS volume 'Eq�Hu����t��Ҷ.Q�#�3�Bכ2�[�'
[  412.643436][T10529] ALSA: mixer_oss: invalid OSS volume '���h��1^�/bF�-�-g�Nx�ߔk�IQ�4'
[  412.647692][T10531] fuse: Bad value for 'fd'
[  412.657334][T10529] ALSA: mixer_oss: invalid OSS volume ''
[  412.665628][T10529] ALSA: mixer_oss: invalid OSS volume '�+t=.S�ҷ�m����;�]��~rѤ1'
[  412.681577][T10529] ALSA: mixer_oss: invalid OSS volume '3v�G�3m���oJ�x1�C��%������H-~'
[  412.696081][T10529] ALSA: mixer_oss: invalid OSS volume 'pQ��B����_�c��9�to1Sv��'
[  412.710603][T10529] ALSA: mixer_oss: invalid OSS volume 'a{[0���'
[  412.722727][T10529] ALSA: mixer_oss: invalid OSS volume '�nE��Q^����LTY�
���NFY�n�'
[  412.737993][T10529] ALSA: mixer_oss: invalid OSS volume '��/[ﺐ�Hq4E;Z��;TFVW0��N
�fFT'
[  412.756126][T10529] ALSA: mixer_oss: invalid OSS volume '���vr�'
[  412.768458][T10529] ALSA: mixer_oss: invalid OSS volume '��'
[  413.155768][T10538] FAULT_INJECTION: forcing a failure.
[  413.155768][T10538] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  413.188789][T10538] CPU: 0 UID: 0 PID: 10538 Comm: syz.2.1419 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  413.188823][T10538] Tainted: [L]=SOFTLOCKUP
[  413.188832][T10538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  413.188847][T10538] Call Trace:
[  413.188856][T10538]  <TASK>
[  413.188865][T10538]  dump_stack_lvl+0xe8/0x150
[  413.188893][T10538]  should_fail_ex+0x412/0x560
[  413.188920][T10538]  _copy_to_user+0x31/0xb0
[  413.188957][T10538]  simple_read_from_buffer+0xe1/0x170
[  413.188989][T10538]  proc_fail_nth_read+0x1bb/0x230
[  413.189019][T10538]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  413.189049][T10538]  ? rw_verify_area+0x2a6/0x4d0
[  413.189077][T10538]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  413.189106][T10538]  vfs_read+0x20c/0xa70
[  413.189144][T10538]  ? __pfx___mutex_lock+0x10/0x10
[  413.189167][T10538]  ? __pfx_vfs_read+0x10/0x10
[  413.189197][T10538]  ? __fget_files+0x2a/0x420
[  413.189225][T10538]  ? __fget_files+0x3a0/0x420
[  413.189248][T10538]  ? __fget_files+0x2a/0x420
[  413.189283][T10538]  ksys_read+0x150/0x270
[  413.189313][T10538]  ? __pfx_ksys_read+0x10/0x10
[  413.189351][T10538]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.189374][T10538]  do_syscall_64+0x174/0x580
[  413.189393][T10538]  ? trace_irq_disable+0x3b/0x140
[  413.189423][T10538]  ? clear_bhb_loop+0x40/0x90
[  413.189448][T10538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.189468][T10538] RIP: 0033:0x7f9fd575d68e
[  413.189486][T10538] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  413.189504][T10538] RSP: 002b:00007f9fd6635fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  413.189525][T10538] RAX: ffffffffffffffda RBX: 00007f9fd66366c0 RCX: 00007f9fd575d68e
[  413.189539][T10538] RDX: 000000000000000f RSI: 00007f9fd66360a0 RDI: 0000000000000008
[  413.189552][T10538] RBP: 00007f9fd6636090 R08: 0000000000000000 R09: 0000000000000000
[  413.189564][T10538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.189576][T10538] R13: 00007f9fd5a16038 R14: 00007f9fd5a15fa0 R15: 00007f9fd5b3fa48
[  413.189609][T10538]  </TASK>
[  413.836048][T10544] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1421'.
[  414.181708][T10554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  414.223710][T10554] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  414.294449][T10558] netlink: 'syz.1.1428': attribute type 10 has an invalid length.
[  414.331107][T10554] input: syz1 as /devices/virtual/input/input31
[  414.709136][T10570] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1432'.
[  415.019054][    T9] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  415.091363][T10582] netlink: 'syz.3.1436': attribute type 4 has an invalid length.
[  415.211214][    T9] usb 5-1: Using ep0 maxpacket: 32
[  415.226279][    T9] usb 5-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  415.236008][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.244967][    T9] usb 5-1: Product: syz
[  415.258809][    T9] usb 5-1: Manufacturer: syz
[  415.265921][    T9] usb 5-1: SerialNumber: syz
[  415.278861][    T9] usb 5-1: config 0 descriptor??
[  415.304479][    T9] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  415.321996][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  415.348788][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  415.362971][    T9] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  415.373497][    T9] usb 5-1: media controller created
[  415.412208][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  415.422742][   T10] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  415.459478][    T9] usb 5-1: selecting invalid altsetting 7
[  415.467013][    T9] cxusb: set interface failed
[  415.475604][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  415.512808][T10573] dvb-usb: bulk message failed: -22 (3/0)
[  415.532098][T10573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.541060][    T9] DVB: Unable to find symbol lgdt330x_attach()
[  415.549917][T10573] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.566807][    T9] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  415.590977][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  415.606533][   T10] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  415.616372][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.630715][   T10] usb 4-1: config 0 descriptor??
[  415.653228][   T10] pwc: Askey VC010 type 2 USB webcam detected.
[  415.739364][    T9] rc_core: IR keymap rc-dvico-portable not found
[  415.759633][    T9] Registered IR keymap rc-empty
[  415.783864][    T9] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0
[  415.796502][T10595] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.813186][    T9] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input32
[  415.825411][T10595] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.842624][    T9] dvb-usb: schedule remote query interval to 100 msecs.
[  415.861743][    T9] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  415.892071][    T9] usb 5-1: USB disconnect, device number 46
[  416.056329][   T10] pwc: recv_control_msg error -32 req 02 val 2b00
[  416.070694][   T10] pwc: recv_control_msg error -32 req 02 val 2700
[  416.077373][    T9] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  416.092178][   T10] pwc: recv_control_msg error -32 req 02 val 2c00
[  416.210219][   T10] pwc: recv_control_msg error -32 req 04 val 1000
[  416.240227][   T10] pwc: recv_control_msg error -32 req 04 val 1300
[  416.262594][   T10] pwc: recv_control_msg error -32 req 04 val 1400
[  416.274743][   T10] pwc: recv_control_msg error -32 req 02 val 2000
[  416.291171][   T10] pwc: recv_control_msg error -32 req 02 val 2100
[  416.311924][T10598] FAULT_INJECTION: forcing a failure.
[  416.311924][T10598] name failslab, interval 1, probability 0, space 0, times 0
[  416.329950][T10565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  416.338437][   T10] pwc: recv_control_msg error -32 req 04 val 1500
[  416.351737][   T10] pwc: recv_control_msg error -32 req 02 val 2500
[  416.360979][T10598] CPU: 1 UID: 0 PID: 10598 Comm: syz.4.1441 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  416.361022][T10598] Tainted: [L]=SOFTLOCKUP
[  416.361030][T10598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  416.361042][T10598] Call Trace:
[  416.361050][T10598]  <TASK>
[  416.361058][T10598]  dump_stack_lvl+0xe8/0x150
[  416.361091][T10598]  should_fail_ex+0x412/0x560
[  416.361112][T10598]  should_failslab+0xa8/0x100
[  416.361128][T10598]  __kmalloc_cache_noprof+0x88/0x660
[  416.361149][T10598]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  416.361230][T10598]  ? sctp_add_bind_addr+0x8c/0x370
[  416.361270][T10598]  sctp_add_bind_addr+0x8c/0x370
[  416.361288][T10598]  sctp_copy_local_addr_list+0x314/0x4f0
[  416.361321][T10598]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  416.361336][T10598]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  416.361353][T10598]  ? sctp_v6_is_any+0x64/0x80
[  416.361369][T10598]  ? sctp_copy_one_addr+0x93/0x360
[  416.361386][T10598]  sctp_bind_addr_copy+0xb3/0x3c0
[  416.361402][T10598]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  416.361443][T10598]  sctp_connect_new_asoc+0x2ff/0x6b0
[  416.361464][T10598]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  416.361487][T10598]  ? __local_bh_enable_ip+0xd0/0x130
[  416.361501][T10598]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  416.361523][T10598]  ? security_sctp_bind_connect+0x7e/0x2c0
[  416.361583][T10598]  sctp_sendmsg+0x1576/0x2c50
[  416.361611][T10598]  ? __pfx_sctp_sendmsg+0x10/0x10
[  416.361631][T10598]  ? aa_sk_perm+0x6d5/0x900
[  416.361651][T10598]  ? __might_fault+0xaf/0x130
[  416.361674][T10598]  ? __pfx_aa_sk_perm+0x10/0x10
[  416.361696][T10598]  ? sock_rps_record_flow+0x19/0x350
[  416.361740][T10598]  ? __pfx_inet_sendmsg+0x10/0x10
[  416.361757][T10598]  ? inet_sendmsg+0x2f4/0x370
[  416.361773][T10598]  ? __pfx_inet_sendmsg+0x10/0x10
[  416.361789][T10598]  __sys_sendto+0x5de/0x710
[  416.361813][T10598]  ? __pfx___sys_sendto+0x10/0x10
[  416.361832][T10598]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  416.361858][T10598]  ? __fget_files+0x3a0/0x420
[  416.361883][T10598]  ? ksys_write+0x242/0x270
[  416.361907][T10598]  ? __pfx_ksys_write+0x10/0x10
[  416.361931][T10598]  __x64_sys_sendto+0xde/0x100
[  416.361953][T10598]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.361969][T10598]  do_syscall_64+0x174/0x580
[  416.361983][T10598]  ? trace_irq_disable+0x3b/0x140
[  416.362004][T10598]  ? clear_bhb_loop+0x40/0x90
[  416.362022][T10598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.362036][T10598] RIP: 0033:0x7f40ef19ce59
[  416.362051][T10598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  416.362063][T10598] RSP: 002b:00007f40f00be028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  416.362079][T10598] RAX: ffffffffffffffda RBX: 00007f40ef415fa0 RCX: 00007f40ef19ce59
[  416.362089][T10598] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000003
[  416.362098][T10598] RBP: 00007f40f00be090 R08: 000020000005ffe4 R09: 000000000000001c
[  416.362108][T10598] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002
[  416.362116][T10598] R13: 00007f40ef416038 R14: 00007f40ef415fa0 R15: 00007f40ef53fa48
[  416.362139][T10598]  </TASK>
[  416.368015][   T10] pwc: recv_control_msg error -32 req 02 val 2400
[  416.533346][T10565] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  417.009205][   T29] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  417.175009][   T29] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  417.196026][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.214968][   T29] usb 5-1: Product: syz
[  417.224759][   T29] usb 5-1: Manufacturer: syz
[  417.230333][   T29] usb 5-1: SerialNumber: syz
[  417.277967][   T29] usb 5-1: config 0 descriptor??
[  417.293612][   T29] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 047
[  417.697429][   T29]  (null): failure reading functionality
[  418.079430][T10613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  418.194218][T10613] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  418.264765][T10616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  418.284052][T10616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  418.312623][T10616] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  418.433013][   T10] pwc: recv_control_msg error -71 req 02 val 2600
[  418.461042][   T10] pwc: recv_control_msg error -71 req 02 val 2900
[  418.485378][   T10] pwc: recv_control_msg error -71 req 02 val 2800
[  418.503766][   T29] i2c i2c-1: failure reading functionality
[  418.523807][   T10] pwc: recv_control_msg error -71 req 04 val 1100
[  418.540163][   T29] i2c i2c-1: connected i2c-tiny-usb device
[  418.559101][   T10] pwc: recv_control_msg error -71 req 04 val 1200
[  418.586538][   T29] usb 5-1: USB disconnect, device number 47
[  418.664442][   T10] pwc: Registered as video103.
[  418.688943][   T10] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input33
[  418.778113][   T10] usb 4-1: USB disconnect, device number 60
[  419.352275][   T10] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  419.372567][T10626] FAULT_INJECTION: forcing a failure.
[  419.372567][T10626] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  419.412907][T10626] CPU: 1 UID: 0 PID: 10626 Comm: syz.2.1450 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  419.412946][T10626] Tainted: [L]=SOFTLOCKUP
[  419.412954][T10626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  419.412966][T10626] Call Trace:
[  419.412974][T10626]  <TASK>
[  419.412983][T10626]  dump_stack_lvl+0xe8/0x150
[  419.413011][T10626]  should_fail_ex+0x412/0x560
[  419.413038][T10626]  _copy_from_iter+0x1d3/0x1670
[  419.413065][T10626]  ? rcu_is_watching+0x15/0xb0
[  419.413095][T10626]  ? __pfx__copy_from_iter+0x10/0x10
[  419.413126][T10626]  ? netlink_sendmsg+0x650/0xb40
[  419.413157][T10626]  ? skb_put+0x11b/0x210
[  419.413191][T10626]  netlink_sendmsg+0x6c0/0xb40
[  419.413231][T10626]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.413265][T10626]  ? aa_sock_msg_perm+0xf1/0x1b0
[  419.413298][T10626]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  419.413329][T10626]  ____sys_sendmsg+0x972/0x9f0
[  419.413349][T10626]  ? __might_fault+0xaf/0x130
[  419.413383][T10626]  ? __pfx_____sys_sendmsg+0x10/0x10
[  419.413412][T10626]  ? import_iovec+0x73/0xa0
[  419.413440][T10626]  ___sys_sendmsg+0x2a5/0x360
[  419.413458][T10626]  ? __lock_acquire+0x6b5/0x2cf0
[  419.413484][T10626]  ? __pfx____sys_sendmsg+0x10/0x10
[  419.413539][T10626]  ? __fget_files+0x2a/0x420
[  419.413562][T10626]  ? __fget_files+0x3a0/0x420
[  419.413598][T10626]  __x64_sys_sendmsg+0x1bd/0x2a0
[  419.413629][T10626]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  419.413659][T10626]  ? __pfx_ksys_write+0x10/0x10
[  419.413696][T10626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.413719][T10626]  do_syscall_64+0x174/0x580
[  419.413739][T10626]  ? trace_irq_disable+0x3b/0x140
[  419.413769][T10626]  ? clear_bhb_loop+0x40/0x90
[  419.413792][T10626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.413812][T10626] RIP: 0033:0x7f9fd579ce59
[  419.413831][T10626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  419.413849][T10626] RSP: 002b:00007f9fd6636028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  419.413869][T10626] RAX: ffffffffffffffda RBX: 00007f9fd5a15fa0 RCX: 00007f9fd579ce59
[  419.413883][T10626] RDX: 0000000000000042 RSI: 0000200000000c80 RDI: 0000000000000003
[  419.413896][T10626] RBP: 00007f9fd6636090 R08: 0000000000000000 R09: 0000000000000000
[  419.413908][T10626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.413920][T10626] R13: 00007f9fd5a16038 R14: 00007f9fd5a15fa0 R15: 00007f9fd5b3fa48
[  419.413950][T10626]  </TASK>
[  419.695408][   T10] usb 4-1: config 1 interface 0 has no altsetting 0
[  419.706157][   T10] usb 4-1: New USB device found, idVendor=05ac, idProduct=0217, bcdDevice= 0.40
[  419.802905][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.842857][   T10] usb 4-1: Product: ၫ絠닻勞吤韴᜗釪꽣頭悿̨࡫Ֆȑ籭鲙Æ䌎컧ɹ᫠簈ᮇ塢粟엺秷늿᥺╏ѕ⎶맞䳾疩↘颇ⶅ팉ꂆ
[  419.916776][   T10] usb 4-1: Manufacturer: ఱ
[  419.930592][   T10] usb 4-1: SerialNumber: њ
[  419.950816][T10635] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1452'.
[  419.960064][T10635] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1452'.
[  420.925785][   T10] usbhid 4-1:1.0: can't add hid device: -71
[  420.947054][   T10] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  420.979876][   T10] usb 4-1: USB disconnect, device number 61
[  421.148112][T10647] xt_hashlimit: size too large, truncated to 1048576
[  421.394469][T10653] FAULT_INJECTION: forcing a failure.
[  421.394469][T10653] name failslab, interval 1, probability 0, space 0, times 0
[  421.407783][T10653] CPU: 0 UID: 0 PID: 10653 Comm: syz.3.1461 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  421.407813][T10653] Tainted: [L]=SOFTLOCKUP
[  421.407820][T10653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  421.407833][T10653] Call Trace:
[  421.407841][T10653]  <TASK>
[  421.407850][T10653]  dump_stack_lvl+0xe8/0x150
[  421.407878][T10653]  should_fail_ex+0x412/0x560
[  421.407914][T10653]  should_failslab+0xa8/0x100
[  421.407934][T10653]  ? skb_clone+0x212/0x3a0
[  421.407954][T10653]  kmem_cache_alloc_noprof+0x87/0x650
[  421.407983][T10653]  ? __netlink_lookup+0xc6/0x8b0
[  421.408008][T10653]  skb_clone+0x212/0x3a0
[  421.408032][T10653]  __netlink_deliver_tap+0x404/0x850
[  421.408074][T10653]  ? netlink_deliver_tap+0x2e/0x1b0
[  421.408106][T10653]  netlink_deliver_tap+0x19c/0x1b0
[  421.408143][T10653]  netlink_unicast+0x730/0x8e0
[  421.408181][T10653]  netlink_sendmsg+0x813/0xb40
[  421.408228][T10653]  ? __pfx_netlink_sendmsg+0x10/0x10
[  421.408268][T10653]  ? aa_sock_msg_perm+0xf1/0x1b0
[  421.408301][T10653]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  421.408333][T10653]  ____sys_sendmsg+0x972/0x9f0
[  421.408353][T10653]  ? __might_fault+0xaf/0x130
[  421.408385][T10653]  ? __pfx_____sys_sendmsg+0x10/0x10
[  421.408415][T10653]  ? import_iovec+0x73/0xa0
[  421.408443][T10653]  ___sys_sendmsg+0x2a5/0x360
[  421.408461][T10653]  ? get_pid_task+0x20/0x1f0
[  421.408492][T10653]  ? __pfx____sys_sendmsg+0x10/0x10
[  421.408536][T10653]  ? sb_end_write+0xe9/0x1c0
[  421.408572][T10653]  ? __pfx_vfs_write+0x10/0x10
[  421.408611][T10653]  __x64_sys_sendmsg+0x1bd/0x2a0
[  421.408635][T10653]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  421.408665][T10653]  ? __pfx_ksys_write+0x10/0x10
[  421.408704][T10653]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.408727][T10653]  do_syscall_64+0x174/0x580
[  421.408748][T10653]  ? trace_irq_disable+0x3b/0x140
[  421.408778][T10653]  ? clear_bhb_loop+0x40/0x90
[  421.408804][T10653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.408826][T10653] RIP: 0033:0x7fe3b6d9ce59
[  421.408849][T10653] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  421.408866][T10653] RSP: 002b:00007fe3b7c0f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  421.408891][T10653] RAX: ffffffffffffffda RBX: 00007fe3b7015fa0 RCX: 00007fe3b6d9ce59
[  421.408905][T10653] RDX: 0000000004000002 RSI: 0000200000000400 RDI: 0000000000000003
[  421.408918][T10653] RBP: 00007fe3b7c0f090 R08: 0000000000000000 R09: 0000000000000000
[  421.408930][T10653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  421.408941][T10653] R13: 00007fe3b7016038 R14: 00007fe3b7015fa0 R15: 00007fe3b713fa48
[  421.408972][T10653]  </TASK>
[  421.907656][T10661] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3089888063 (3089888063 ns) > initial count (2126324423 ns). Using initial count to start timer.
[  422.042665][T10664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.074410][T10664] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.105443][T10664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.126139][T10664] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.429017][   T10] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  422.559363][   T10] usb 4-1: device descriptor read/64, error -71
[  422.819107][   T10] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  422.970667][   T10] usb 4-1: device descriptor read/64, error -71
[  423.033159][T10685] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  423.093476][T10688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  423.102897][   T10] usb usb4-port1: attempt power cycle
[  423.135010][T10685] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  423.149927][T10688] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  423.305637][T10692] input: syz1 as /devices/virtual/input/input34
[  423.449432][   T10] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  423.492551][   T10] usb 4-1: device descriptor read/8, error -71
[  423.749022][   T10] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  423.758799][T10695] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  423.777746][T10695] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  423.802706][   T10] usb 4-1: device descriptor read/8, error -71
[  423.921983][   T10] usb usb4-port1: unable to enumerate USB device
[  424.116693][T10677] syz.4.1473 (10677): drop_caches: 2
[  425.183740][T10707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  425.205657][T10707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  425.710628][ T1611] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  425.902630][ T1611] usb 5-1: Using ep0 maxpacket: 32
[  425.926248][ T1611] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  425.953846][ T1611] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  425.978758][ T1611] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  426.011886][ T1611] usb 5-1: Product: syz
[  426.027384][ T1611] usb 5-1: Manufacturer: syz
[  426.059620][ T1611] usb 5-1: SerialNumber: syz
[  426.103315][ T1611] usb 5-1: config 0 descriptor??
[  426.115221][T10717] raw-gadget.6 gadget.4: fail, usb_ep_enable returned -22
[  426.138457][ T1611] hub 5-1:0.0: bad descriptor, ignoring hub
[  426.164021][ T1611] hub 5-1:0.0: probe with driver hub failed with error -5
[  426.189664][    T9] usb 4-1: new full-speed USB device number 66 using dummy_hcd
[  426.374883][    T9] usb 4-1: not running at top speed; connect to a high speed hub
[  426.401079][    T9] usb 4-1: New USB device found, idVendor=04b4, idProduct=9320, bcdDevice= 0.40
[  426.431109][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.450804][    T9] usb 4-1: Product: syz
[  426.466762][    T9] usb 4-1: Manufacturer: syz
[  426.486078][    T9] usb 4-1: SerialNumber: syz
[  426.914146][T10717] usb 5-1: reset high-speed USB device number 48 using dummy_hcd
[  427.085100][T10730] netlink: 'syz.0.1487': attribute type 15 has an invalid length.
[  427.151645][T10717] usb 5-1: device firmware changed
[  427.211845][   T24] usb 5-1: USB disconnect, device number 48
[  427.475254][   T24] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  427.498478][   T29] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  427.558668][   T29] hid-generic 0000:0000:0000.0021: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  427.669906][   T24] usb 5-1: Using ep0 maxpacket: 32
[  427.685940][   T24] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  427.716913][   T24] usb 5-1: string descriptor 0 read error: -22
[  427.731957][   T24] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  427.763697][   T24] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  427.828420][   T24] usb 5-1: config 0 descriptor??
[  427.853615][T10726] raw-gadget.6 gadget.4: fail, usb_ep_enable returned -22
[  427.879103][   T24] hub 5-1:0.0: bad descriptor, ignoring hub
[  427.894847][   T24] hub 5-1:0.0: probe with driver hub failed with error -5
[  428.108720][T10717] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1483'.
[  428.153746][T10717] ipvlan2: entered allmulticast mode
[  428.466774][T10752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.497306][T10752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.506400][   T29] usb 5-1: USB disconnect, device number 49
[  428.559326][T10754] x_tables: duplicate underflow at hook 1
[  428.609396][T10754] kAFS: unable to lookup cell '�'
[  429.229085][ T5631] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  429.360591][    T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  429.392516][    T9] usb 4-1: MIDIStreaming interface descriptor not found
[  429.439030][ T5631] usb 5-1: Using ep0 maxpacket: 32
[  429.465051][ T5631] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  429.506877][ T5631] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  429.555554][ T5631] usb 5-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00
[  429.609732][ T5631] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.671901][ T5631] usb 5-1: config 0 descriptor??
[  429.681897][    T9] usb 4-1: USB disconnect, device number 66
[  429.763528][T10763] syzkaller0: entered promiscuous mode
[  429.799712][T10763] syzkaller0: entered allmulticast mode
[  429.805588][T10761] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1495'.
[  429.861846][T10761] netlink: 'syz.0.1495': attribute type 10 has an invalid length.
[  430.004286][T10761] 8021q: adding VLAN 0 to HW filter on device bond0
[  430.012958][T10761] team0: Port device bond0 added
[  430.422835][ T5631] zydacron 0003:13EC:0006.0022: hidraw1: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.4-1/input0
[  431.183731][T10780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.209635][T10780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.355251][T10781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.396502][T10781] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.443363][T10781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.474798][T10781] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.553928][T10784] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1502'.
[  431.564395][T10784] netlink: 'syz.0.1502': attribute type 7 has an invalid length.
[  431.592654][T10784] netlink: 'syz.0.1502': attribute type 8 has an invalid length.
[  431.612256][T10784] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1502'.
[  431.668707][T10784] team0: entered promiscuous mode
[  431.679950][T10784] team_slave_0: entered promiscuous mode
[  431.696324][T10784] team_slave_1: entered promiscuous mode
[  431.713576][T10784] bond0: entered promiscuous mode
[  431.733287][T10784] bond_slave_0: entered promiscuous mode
[  431.754166][T10784] bond_slave_1: entered promiscuous mode
[  431.801953][T10784] team0: left promiscuous mode
[  431.807232][T10784] team_slave_0: left promiscuous mode
[  431.816923][T10784] team_slave_1: left promiscuous mode
[  431.825467][T10784] bond0: left promiscuous mode
[  431.833002][T10784] bond_slave_0: left promiscuous mode
[  431.840837][T10784] bond_slave_1: left promiscuous mode
[  432.056070][   T29] usb 5-1: USB disconnect, device number 50
[  432.367205][T10801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  432.381889][T10801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  432.489115][   T29] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  432.629128][   T29] usb 5-1: device descriptor read/64, error -71
[  432.678749][T10806] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1509'.
[  432.870659][   T29] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  433.009085][   T29] usb 5-1: device descriptor read/64, error -71
[  433.119942][   T29] usb usb5-port1: attempt power cycle
[  433.230966][ T5631] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  433.409110][ T5631] usb 4-1: Using ep0 maxpacket: 32
[  433.421283][ T5631] usb 4-1: config index 0 descriptor too short (expected 49444, got 36)
[  433.438973][ T5631] usb 4-1: config 12 has too many interfaces: 127, using maximum allowed: 32
[  433.458970][ T5631] usb 4-1: config 12 contains an unexpected descriptor of type 0x2, skipping
[  433.467822][ T5631] usb 4-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config
[  433.469852][   T29] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  433.479363][ T5631] usb 4-1: config 12 has 0 interfaces, different from the descriptor's value: 127
[  433.507707][ T5631] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  433.517532][ T5631] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.525778][ T5631] usb 4-1: Product: syz
[  433.530439][ T5631] usb 4-1: Manufacturer: syz
[  433.530658][   T29] usb 5-1: device descriptor read/8, error -71
[  433.535394][ T5631] usb 4-1: SerialNumber: syz
[  433.717551][T10821] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1515'.
[  433.764930][ T5364] usb 4-1: USB disconnect, device number 67
[  433.790421][   T29] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  433.815429][T10823] syzkaller0: entered promiscuous mode
[  433.821752][   T29] usb 5-1: device descriptor read/8, error -71
[  433.829055][T10823] syzkaller0: entered allmulticast mode
[  433.858688][T10823] FAULT_INJECTION: forcing a failure.
[  433.858688][T10823] name failslab, interval 1, probability 0, space 0, times 0
[  433.871516][T10823] CPU: 0 UID: 0 PID: 10823 Comm: syz.1.1516 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  433.871555][T10823] Tainted: [L]=SOFTLOCKUP
[  433.871563][T10823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  433.871581][T10823] Call Trace:
[  433.871590][T10823]  <TASK>
[  433.871603][T10823]  dump_stack_lvl+0xe8/0x150
[  433.871637][T10823]  should_fail_ex+0x412/0x560
[  433.871657][T10823]  should_failslab+0xa8/0x100
[  433.871673][T10823]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  433.871694][T10823]  ? __alloc_skb+0x186/0x7d0
[  433.871715][T10823]  ? __alloc_skb+0x1d0/0x7d0
[  433.871733][T10823]  ? __local_bh_enable_ip+0xd0/0x130
[  433.871751][T10823]  __alloc_skb+0x1d0/0x7d0
[  433.871771][T10823]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  433.871801][T10823]  netlink_sendmsg+0x5d4/0xb40
[  433.871831][T10823]  ? __pfx_netlink_sendmsg+0x10/0x10
[  433.871869][T10823]  ? aa_sock_msg_perm+0xf1/0x1b0
[  433.871898][T10823]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  433.871920][T10823]  ____sys_sendmsg+0x972/0x9f0
[  433.871934][T10823]  ? __might_fault+0xaf/0x130
[  433.871958][T10823]  ? __pfx_____sys_sendmsg+0x10/0x10
[  433.871979][T10823]  ? import_iovec+0x73/0xa0
[  433.871999][T10823]  ___sys_sendmsg+0x2a5/0x360
[  433.872013][T10823]  ? __lock_acquire+0x6b5/0x2cf0
[  433.872031][T10823]  ? __pfx____sys_sendmsg+0x10/0x10
[  433.872069][T10823]  ? __fget_files+0x2a/0x420
[  433.872087][T10823]  ? __fget_files+0x3a0/0x420
[  433.872112][T10823]  __x64_sys_sendmsg+0x1bd/0x2a0
[  433.872159][T10823]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  433.872189][T10823]  ? __pfx_ksys_write+0x10/0x10
[  433.872228][T10823]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.872244][T10823]  do_syscall_64+0x174/0x580
[  433.872258][T10823]  ? trace_irq_disable+0x3b/0x140
[  433.872280][T10823]  ? clear_bhb_loop+0x40/0x90
[  433.872297][T10823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.872311][T10823] RIP: 0033:0x7fb913d9ce59
[  433.872325][T10823] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  433.872337][T10823] RSP: 002b:00007fb914cd8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  433.872352][T10823] RAX: ffffffffffffffda RBX: 00007fb914015fa0 RCX: 00007fb913d9ce59
[  433.872362][T10823] RDX: 0000000000040000 RSI: 00002000000002c0 RDI: 000000000000000a
[  433.872371][T10823] RBP: 00007fb914cd8090 R08: 0000000000000000 R09: 0000000000000000
[  433.872380][T10823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  433.872388][T10823] R13: 00007fb914016038 R14: 00007fb914015fa0 R15: 00007fb91413fa48
[  433.872410][T10823]  </TASK>
[  433.930617][   T29] usb usb5-port1: unable to enumerate USB device
[  434.182437][T10825] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  434.201797][T10825] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  434.456387][T10835] vim2m vim2m.0: vidioc_s_fmt queue busy
[  434.628696][T10841] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  434.752955][T10843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  434.779513][T10843] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  435.154771][T10855] xt_hashlimit: size too large, truncated to 1048576
[  435.201238][T10849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  435.225679][T10849] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  435.525868][T10860] syzkaller0: entered promiscuous mode
[  435.537778][T10860] syzkaller0: entered allmulticast mode
[  435.756304][T10867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  435.776549][T10867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  435.818657][T10867] input: syz1 as /devices/virtual/input/input35
[  436.008294][T10870] syzkaller0: entered promiscuous mode
[  436.016964][T10870] syzkaller0: entered allmulticast mode
[  436.529252][ T5697] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  436.538820][T10882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  436.568413][T10882] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  436.601200][T10882] input: syz1 as /devices/virtual/input/input36
[  436.699155][ T5697] usb 5-1: Using ep0 maxpacket: 32
[  436.712019][ T5697] usb 5-1: config 0 has no interfaces?
[  436.719087][ T5631] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  436.732586][ T5697] usb 5-1: New USB device found, idVendor=0458, idProduct=7005, bcdDevice=1a.51
[  436.742304][ T5697] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.750522][ T5697] usb 5-1: Product: syz
[  436.754729][ T5697] usb 5-1: Manufacturer: syz
[  436.759746][ T5697] usb 5-1: SerialNumber: syz
[  436.767540][ T5697] usb 5-1: config 0 descriptor??
[  436.889310][ T5631] usb 4-1: Using ep0 maxpacket: 8
[  436.911306][ T5631] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  436.929248][ T5631] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  436.939384][ T5631] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  436.949627][ T5631] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  436.962836][ T5631] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  436.972018][ T5631] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.985037][ T5697] usb 5-1: USB disconnect, device number 55
[  437.194323][T10880] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1535'.
[  437.232593][ T5631] usb 4-1: GET_CAPABILITIES returned 0
[  437.251855][ T5631] usbtmc 4-1:16.0: can't read capabilities
[  437.437394][T10880] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1535'.
[  437.454392][T10888] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1535'.
[  437.463738][T10880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.472671][T10880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  437.503459][ T5697] usb 4-1: USB disconnect, device number 68
[  437.887776][T10905] misc userio: No port type given on /dev/userio
[  438.009669][T10907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  438.031958][T10907] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  438.077685][T10907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  438.134559][T10907] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  438.628997][ T5631] usb 4-1: new full-speed USB device number 69 using dummy_hcd
[  438.800167][ T5631] usb 4-1: not running at top speed; connect to a high speed hub
[  438.847065][ T5631] usb 4-1: New USB device found, idVendor=04b4, idProduct=9320, bcdDevice= 0.40
[  438.877195][ T5631] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.899806][T10921] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1547'.
[  438.911631][ T5631] usb 4-1: Product: syz
[  438.917522][T10921] unsupported nlmsg_type 40
[  438.933581][ T5631] usb 4-1: Manufacturer: syz
[  438.955472][ T5631] usb 4-1: SerialNumber: syz
[  439.602900][T10934] FAULT_INJECTION: forcing a failure.
[  439.602900][T10934] name failslab, interval 1, probability 0, space 0, times 0
[  439.648035][T10934] CPU: 1 UID: 0 PID: 10934 Comm: syz.2.1551 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  439.648071][T10934] Tainted: [L]=SOFTLOCKUP
[  439.648078][T10934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  439.648090][T10934] Call Trace:
[  439.648097][T10934]  <TASK>
[  439.648106][T10934]  dump_stack_lvl+0xe8/0x150
[  439.648136][T10934]  should_fail_ex+0x412/0x560
[  439.648156][T10934]  should_failslab+0xa8/0x100
[  439.648172][T10934]  __kmalloc_noprof+0xe8/0x760
[  439.648213][T10934]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  439.648325][T10934]  tomoyo_realpath_from_path+0xe3/0x5d0
[  439.648342][T10934]  ? tomoyo_domain+0xd7/0x130
[  439.648374][T10934]  ? tomoyo_path_number_perm+0x219/0x630
[  439.648403][T10934]  tomoyo_path_number_perm+0x246/0x630
[  439.648432][T10934]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  439.648461][T10934]  ? __lock_acquire+0x6b5/0x2cf0
[  439.648488][T10934]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  439.648532][T10934]  ? __fget_files+0x2a/0x420
[  439.648561][T10934]  ? __fget_files+0x2a/0x420
[  439.648583][T10934]  ? __fget_files+0x3a0/0x420
[  439.648614][T10934]  ? __fget_files+0x2a/0x420
[  439.648643][T10934]  security_file_ioctl+0xc3/0x2a0
[  439.648703][T10934]  __se_sys_ioctl+0x47/0x170
[  439.648733][T10934]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.648754][T10934]  do_syscall_64+0x174/0x580
[  439.648775][T10934]  ? trace_irq_disable+0x3b/0x140
[  439.648797][T10934]  ? clear_bhb_loop+0x40/0x90
[  439.648815][T10934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.648846][T10934] RIP: 0033:0x7f9fd579ce59
[  439.648865][T10934] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  439.648882][T10934] RSP: 002b:00007f9fd6636028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  439.648903][T10934] RAX: ffffffffffffffda RBX: 00007f9fd5a15fa0 RCX: 00007f9fd579ce59
[  439.648917][T10934] RDX: 0000000000000001 RSI: 0000000040043d04 RDI: 0000000000000003
[  439.648929][T10934] RBP: 00007f9fd6636090 R08: 0000000000000000 R09: 0000000000000000
[  439.648941][T10934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  439.648953][T10934] R13: 00007f9fd5a16038 R14: 00007f9fd5a15fa0 R15: 00007f9fd5b3fa48
[  439.648996][T10934]  </TASK>
[  439.943000][T10934] ERROR: Out of memory at tomoyo_realpath_from_path.
[  439.973738][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[  439.984980][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[  440.489298][   T29] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  440.652513][   T29] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  440.679472][   T29] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  440.698996][   T29] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  440.733669][   T29] usb 5-1: config 220 has no interface number 2
[  440.757023][   T29] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  440.806760][   T29] usb 5-1: config 220 interface 0 has no altsetting 0
[  440.841678][   T29] usb 5-1: config 220 interface 76 has no altsetting 0
[  440.861708][   T29] usb 5-1: config 220 interface 1 has no altsetting 0
[  440.886504][T10947] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1556'.
[  440.889419][   T29] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  440.939619][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.962507][   T29] usb 5-1: Product: syz
[  440.990684][   T29] usb 5-1: Manufacturer: syz
[  441.003218][   T29] usb 5-1: SerialNumber: syz
[  441.409890][   T29] usb 5-1: selecting invalid altsetting 0
[  441.436505][   T29] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  441.487845][   T29] uvcvideo 5-1:220.0: No valid video chain found.
[  441.516014][ T5714] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  441.561507][ T5714] hid-generic 0000:0000:0000.0023: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  441.565397][   T29] usb 5-1: selecting invalid altsetting 0
[  441.632316][   T29] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[  441.677595][   T29] usb 5-1: USB disconnect, device number 56
[  441.815166][T10957] FAULT_INJECTION: forcing a failure.
[  441.815166][T10957] name failslab, interval 1, probability 0, space 0, times 0
[  441.918551][T10957] CPU: 1 UID: 0 PID: 10957 Comm: syz.2.1558 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  441.918590][T10957] Tainted: [L]=SOFTLOCKUP
[  441.918597][T10957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  441.918609][T10957] Call Trace:
[  441.918617][T10957]  <TASK>
[  441.918625][T10957]  dump_stack_lvl+0xe8/0x150
[  441.918653][T10957]  should_fail_ex+0x412/0x560
[  441.918681][T10957]  should_failslab+0xa8/0x100
[  441.918703][T10957]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  441.918732][T10957]  ? __alloc_skb+0x186/0x7d0
[  441.918759][T10957]  ? __alloc_skb+0x1d0/0x7d0
[  441.918785][T10957]  ? __local_bh_enable_ip+0xd0/0x130
[  441.918811][T10957]  __alloc_skb+0x1d0/0x7d0
[  441.918839][T10957]  ? netlink_ack_tlv_len+0x6c/0x210
[  441.918875][T10957]  netlink_ack+0x146/0xa50
[  441.918910][T10957]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  441.919038][T10957]  ? ref_tracker_free+0x693/0x840
[  441.919066][T10957]  ? __pfx_ref_tracker_free+0x10/0x10
[  441.919086][T10957]  ? __asan_memcpy+0x40/0x70
[  441.919111][T10957]  ? __skb_clone+0x63/0x7a0
[  441.919138][T10957]  netlink_rcv_skb+0x2b6/0x4b0
[  441.919170][T10957]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  441.919200][T10957]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  441.919242][T10957]  ? netlink_deliver_tap+0x2e/0x1b0
[  441.919272][T10957]  ? netlink_deliver_tap+0x2e/0x1b0
[  441.919307][T10957]  netlink_unicast+0x75c/0x8e0
[  441.919346][T10957]  netlink_sendmsg+0x813/0xb40
[  441.919387][T10957]  ? __pfx_netlink_sendmsg+0x10/0x10
[  441.919421][T10957]  ? aa_sock_msg_perm+0xf1/0x1b0
[  441.919453][T10957]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  441.919484][T10957]  ____sys_sendmsg+0x972/0x9f0
[  441.919503][T10957]  ? __might_fault+0xaf/0x130
[  441.919536][T10957]  ? __pfx_____sys_sendmsg+0x10/0x10
[  441.919564][T10957]  ? import_iovec+0x73/0xa0
[  441.919594][T10957]  ___sys_sendmsg+0x2a5/0x360
[  441.919612][T10957]  ? __lock_acquire+0x6b5/0x2cf0
[  441.919639][T10957]  ? __pfx____sys_sendmsg+0x10/0x10
[  441.919694][T10957]  ? __fget_files+0x2a/0x420
[  441.919717][T10957]  ? __fget_files+0x3a0/0x420
[  441.919752][T10957]  __x64_sys_sendmsg+0x1bd/0x2a0
[  441.919775][T10957]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  441.919805][T10957]  ? __pfx_ksys_write+0x10/0x10
[  441.919843][T10957]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.919866][T10957]  do_syscall_64+0x174/0x580
[  441.919886][T10957]  ? clear_bhb_loop+0x40/0x90
[  441.919919][T10957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.919939][T10957] RIP: 0033:0x7f9fd579ce59
[  441.919958][T10957] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  441.919975][T10957] RSP: 002b:00007f9fd6636028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  441.919996][T10957] RAX: ffffffffffffffda RBX: 00007f9fd5a15fa0 RCX: 00007f9fd579ce59
[  441.920011][T10957] RDX: 0000000000000000 RSI: 0000200000004380 RDI: 0000000000000003
[  441.920024][T10957] RBP: 00007f9fd6636090 R08: 0000000000000000 R09: 0000000000000000
[  441.920036][T10957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  441.920047][T10957] R13: 00007f9fd5a16038 R14: 00007f9fd5a15fa0 R15: 00007f9fd5b3fa48
[  441.920079][T10957]  </TASK>
[  442.613679][T10961] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1559'.
[  442.711423][ T5631] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  442.718775][ T5631] usb 4-1: MIDIStreaming interface descriptor not found
[  442.853679][T10964] snd_dummy snd_dummy.0: control 0:0:8:syz0:0 is already present
[  442.999853][ T5631] usb 4-1: USB disconnect, device number 69
[  443.179017][   T29] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  443.266004][T10978] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1563'.
[  443.284595][T10974] netlink: 'syz.3.1563': attribute type 10 has an invalid length.
[  443.301798][T10976] vim2m vim2m.0: vidioc_s_fmt queue busy
[  443.358993][   T29] usb 5-1: Using ep0 maxpacket: 16
[  443.370770][   T29] usb 5-1: config 1 has an invalid interface number: 19 but max is 0
[  443.385481][   T29] usb 5-1: config 1 has no interface number 0
[  443.397799][   T29] usb 5-1: config 1 interface 19 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  443.424857][   T29] usb 5-1: config 1 interface 19 has no altsetting 0
[  443.446971][   T29] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice= 7.c9
[  443.462930][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.479142][   T29] usb 5-1: Product: syz
[  443.486934][   T29] usb 5-1: Manufacturer: syz
[  443.495375][   T29] usb 5-1: SerialNumber: syz
[  443.562532][   T29] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  443.775834][   T64] usb 5-1: Failed to submit usb control message: -71
[  443.783264][   T29] usb 5-1: USB disconnect, device number 57
[  443.807452][   T64] usb 5-1: unable to send the bmi data to the device: -71
[  443.838563][   T64] usb 5-1: unable to get target info from device
[  443.854838][   T64] usb 5-1: could not get target info (-71)
[  443.869602][   T64] usb 5-1: could not probe fw (-71)
[  443.993197][    T9] usb 4-1: new full-speed USB device number 70 using dummy_hcd
[  444.092200][T10991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  444.120289][T10991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  444.154129][T10991] input: syz1 as /devices/virtual/input/input37
[  445.279591][T11009] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1573'.
[  445.293797][T11009] netlink: 'syz.0.1573': attribute type 10 has an invalid length.
[  446.494389][T11034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.512575][T11034] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  446.727738][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  446.748134][    T9] usb 4-1: unable to read config index 0 descriptor/start: -71
[  446.766533][    T9] usb 4-1: can't read configurations, error -71
[  446.800572][T11037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.819548][T11037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  447.808397][T11011] Set syz1 is full, maxelem 65536 reached
[  448.390961][T11058] fuse: Bad value for 'user_id'
[  448.407109][T11058] fuse: Bad value for 'user_id'
[  448.627376][T11064] debugfs: '1��^!' already exists in 'ieee80211'
[  448.688440][T11066] FAULT_INJECTION: forcing a failure.
[  448.688440][T11066] name failslab, interval 1, probability 0, space 0, times 0
[  448.703729][T11066] CPU: 1 UID: 0 PID: 11066 Comm: syz.3.1590 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  448.703764][T11066] Tainted: [L]=SOFTLOCKUP
[  448.703771][T11066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  448.703784][T11066] Call Trace:
[  448.703793][T11066]  <TASK>
[  448.703801][T11066]  dump_stack_lvl+0xe8/0x150
[  448.703830][T11066]  should_fail_ex+0x412/0x560
[  448.703858][T11066]  should_failslab+0xa8/0x100
[  448.703882][T11066]  __kvmalloc_node_noprof+0x178/0x8a0
[  448.703914][T11066]  ? rhashtable_init_noprof+0x52e/0xad0
[  448.703939][T11066]  ? rhashtable_init_noprof+0x12d/0xad0
[  448.703968][T11066]  rhashtable_init_noprof+0x52e/0xad0
[  448.703992][T11066]  ? __init_waitqueue_head+0xa9/0x150
[  448.704026][T11066]  rhltable_init_noprof+0x1e/0x60
[  448.704051][T11066]  sta_info_init+0x54/0x130
[  448.704157][T11066]  ieee80211_alloc_hw_nm+0x83b/0x1fa0
[  448.704181][T11066]  ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10
[  448.704212][T11066]  mac80211_hwsim_new_radio+0x1e8/0x5aa0
[  448.704324][T11066]  ? rcu_is_watching+0x15/0xb0
[  448.704349][T11066]  ? trace_kmalloc+0x2a/0xf0
[  448.704383][T11066]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  448.704412][T11066]  ? kstrndup+0xbf/0x160
[  448.704441][T11066]  hwsim_new_radio_nl+0xf6a/0x1c00
[  448.704496][T11066]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  448.704536][T11066]  ? rcu_is_watching+0x15/0xb0
[  448.704560][T11066]  ? trace_kmalloc+0x2a/0xf0
[  448.704594][T11066]  ? __nla_parse+0x40/0x60
[  448.704624][T11066]  ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0
[  448.704650][T11066]  ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0
[  448.704687][T11066]  genl_family_rcv_msg_doit+0x22a/0x330
[  448.704720][T11066]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  448.704759][T11066]  ? bpf_lsm_capable+0x9/0x20
[  448.704783][T11066]  ? security_capable+0x7e/0x2c0
[  448.704819][T11066]  genl_rcv_msg+0x61c/0x7a0
[  448.704850][T11066]  ? __pfx_genl_rcv_msg+0x10/0x10
[  448.704879][T11066]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  448.704911][T11066]  ? __pfx_ref_tracker_free+0x10/0x10
[  448.704933][T11066]  ? __asan_memcpy+0x40/0x70
[  448.704959][T11066]  ? __skb_clone+0x63/0x7a0
[  448.704992][T11066]  netlink_rcv_skb+0x232/0x4b0
[  448.705024][T11066]  ? __pfx_genl_rcv_msg+0x10/0x10
[  448.705050][T11066]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  448.705095][T11066]  ? down_read+0x270/0x2e0
[  448.705117][T11066]  ? genl_rcv+0xd/0x40
[  448.705141][T11066]  genl_rcv+0x28/0x40
[  448.705163][T11066]  netlink_unicast+0x75c/0x8e0
[  448.705201][T11066]  netlink_sendmsg+0x813/0xb40
[  448.705242][T11066]  ? __pfx_netlink_sendmsg+0x10/0x10
[  448.705276][T11066]  ? aa_sock_msg_perm+0xf1/0x1b0
[  448.705317][T11066]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  448.705349][T11066]  ____sys_sendmsg+0x972/0x9f0
[  448.705368][T11066]  ? __might_fault+0xaf/0x130
[  448.705400][T11066]  ? __pfx_____sys_sendmsg+0x10/0x10
[  448.705429][T11066]  ? import_iovec+0x73/0xa0
[  448.705458][T11066]  ___sys_sendmsg+0x2a5/0x360
[  448.705476][T11066]  ? __lock_acquire+0x6b5/0x2cf0
[  448.705503][T11066]  ? __pfx____sys_sendmsg+0x10/0x10
[  448.705559][T11066]  ? __fget_files+0x2a/0x420
[  448.705585][T11066]  ? __fget_files+0x3a0/0x420
[  448.705620][T11066]  __x64_sys_sendmsg+0x1bd/0x2a0
[  448.705644][T11066]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  448.705673][T11066]  ? __pfx_ksys_write+0x10/0x10
[  448.705711][T11066]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.705733][T11066]  do_syscall_64+0x174/0x580
[  448.705756][T11066]  ? clear_bhb_loop+0x40/0x90
[  448.705781][T11066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.705800][T11066] RIP: 0033:0x7fe3b6d9ce59
[  448.705819][T11066] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  448.705837][T11066] RSP: 002b:00007fe3b7bee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  448.705861][T11066] RAX: ffffffffffffffda RBX: 00007fe3b7016090 RCX: 00007fe3b6d9ce59
[  448.705876][T11066] RDX: 0000000004000010 RSI: 0000200000000100 RDI: 0000000000000003
[  448.705890][T11066] RBP: 00007fe3b7bee090 R08: 0000000000000000 R09: 0000000000000000
[  448.705904][T11066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  448.705916][T11066] R13: 00007fe3b7016128 R14: 00007fe3b7016090 R15: 00007fe3b713fa48
[  448.705950][T11066]  </TASK>
[  449.014866][T11070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  449.037100][T11066] sysfs: cannot create duplicate filename '/class/ieee80211/1��^!'
[  449.049918][T11070] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  449.080564][T11066] CPU: 1 UID: 0 PID: 11066 Comm: syz.3.1590 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  449.080658][T11066] Tainted: [L]=SOFTLOCKUP
[  449.080679][T11066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  449.080718][T11066] Call Trace:
[  449.080739][T11066]  <TASK>
[  449.080761][T11066]  dump_stack_lvl+0xe8/0x150
[  449.080836][T11066]  sysfs_warn_dup+0x8e/0xa0
[  449.080901][T11066]  sysfs_do_create_link_sd+0xc0/0x110
[  449.080980][T11066]  device_add_class_symlinks+0x1cf/0x240
[  449.081141][T11066]  device_add+0x475/0xbb0
[  449.081216][T11066]  wiphy_register+0x1dc5/0x2dc0
[  449.081400][T11066]  ? __pfx_wiphy_register+0x10/0x10
[  449.081469][T11066]  ? __pfx_netdev_run_todo+0x10/0x10
[  449.081562][T11066]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  449.081671][T11066]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  449.081767][T11066]  ieee80211_register_hw+0x3d82/0x4a70
[  449.081874][T11066]  ? ieee80211_register_hw+0x1901/0x4a70
[  449.082007][T11066]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  449.082078][T11066]  ? __asan_memset+0x22/0x50
[  449.082150][T11066]  ? __hrtimer_setup+0x1b7/0x260
[  449.082214][T11066]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  449.082296][T11066]  mac80211_hwsim_new_radio+0x3335/0x5aa0
[  449.082451][T11066]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  449.082524][T11066]  ? kstrndup+0xbf/0x160
[  449.082607][T11066]  hwsim_new_radio_nl+0xf6a/0x1c00
[  449.082770][T11066]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  449.082885][T11066]  ? rcu_is_watching+0x15/0xb0
[  449.082928][T11066]  ? trace_kmalloc+0x2a/0xf0
[  449.083042][T11066]  ? __nla_parse+0x40/0x60
[  449.083116][T11066]  ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0
[  449.083181][T11066]  ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0
[  449.083281][T11066]  genl_family_rcv_msg_doit+0x22a/0x330
[  449.083368][T11066]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  449.083463][T11066]  ? bpf_lsm_capable+0x9/0x20
[  449.083515][T11066]  ? security_capable+0x7e/0x2c0
[  449.083631][T11066]  genl_rcv_msg+0x61c/0x7a0
[  449.083719][T11066]  ? __pfx_genl_rcv_msg+0x10/0x10
[  449.083785][T11066]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  449.083874][T11066]  ? __pfx_ref_tracker_free+0x10/0x10
[  449.083935][T11066]  ? __asan_memcpy+0x40/0x70
[  449.083991][T11066]  ? __skb_clone+0x63/0x7a0
[  449.084071][T11066]  netlink_rcv_skb+0x232/0x4b0
[  449.084174][T11066]  ? __pfx_genl_rcv_msg+0x10/0x10
[  449.084258][T11066]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  449.084391][T11066]  ? down_read+0x270/0x2e0
[  449.084455][T11066]  ? genl_rcv+0xd/0x40
[  449.084525][T11066]  genl_rcv+0x28/0x40
[  449.084579][T11066]  netlink_unicast+0x75c/0x8e0
[  449.084683][T11066]  netlink_sendmsg+0x813/0xb40
[  449.084793][T11066]  ? __pfx_netlink_sendmsg+0x10/0x10
[  449.084886][T11066]  ? aa_sock_msg_perm+0xf1/0x1b0
[  449.084985][T11066]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  449.085087][T11066]  ____sys_sendmsg+0x972/0x9f0
[  449.085139][T11066]  ? __might_fault+0xaf/0x130
[  449.085223][T11066]  ? __pfx_____sys_sendmsg+0x10/0x10
[  449.085312][T11066]  ? import_iovec+0x73/0xa0
[  449.085384][T11066]  ___sys_sendmsg+0x2a5/0x360
[  449.085433][T11066]  ? __lock_acquire+0x6b5/0x2cf0
[  449.085513][T11066]  ? __pfx____sys_sendmsg+0x10/0x10
[  449.085686][T11066]  ? __fget_files+0x2a/0x420
[  449.085755][T11066]  ? __fget_files+0x3a0/0x420
[  449.085849][T11066]  __x64_sys_sendmsg+0x1bd/0x2a0
[  449.085911][T11066]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  449.085992][T11066]  ? __pfx_ksys_write+0x10/0x10
[  449.086088][T11066]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.086141][T11066]  do_syscall_64+0x174/0x580
[  449.086210][T11066]  ? clear_bhb_loop+0x40/0x90
[  449.086281][T11066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.086334][T11066] RIP: 0033:0x7fe3b6d9ce59
[  449.086386][T11066] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  449.086428][T11066] RSP: 002b:00007fe3b7bee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  449.086488][T11066] RAX: ffffffffffffffda RBX: 00007fe3b7016090 RCX: 00007fe3b6d9ce59
[  449.086529][T11066] RDX: 0000000004000010 RSI: 0000200000000100 RDI: 0000000000000003
[  449.086562][T11066] RBP: 00007fe3b7bee090 R08: 0000000000000000 R09: 0000000000000000
[  449.086603][T11066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  449.086628][T11066] R13: 00007fe3b7016128 R14: 00007fe3b7016090 R15: 00007fe3b713fa48
[  449.086718][T11066]  </TASK>
[  449.912244][T11070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  449.921794][T11070] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  450.684498][T11102] fuse: Bad value for 'group_id'
[  450.704056][T11102] fuse: Bad value for 'group_id'
[  451.041732][   T29] usb 4-1: new full-speed USB device number 72 using dummy_hcd
[  451.221266][   T29] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  451.247175][   T29] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  451.283412][   T29] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  451.306403][   T29] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  451.332740][   T29] usb 4-1: Manufacturer: syz
[  451.358100][   T29] usb 4-1: rejected 1 configuration due to insufficient available bus power
[  451.391962][T11089] Set syz1 is full, maxelem 65536 reached
[  451.405805][   T29] usb 4-1: no configuration chosen from 1 choice
[  452.879114][    T9] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  452.923406][T11136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  452.942997][T11136] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  453.081592][    T9] usb 5-1: config 74 has too many interfaces: 69, using maximum allowed: 32
[  453.106478][    T9] usb 5-1: config 74 has an invalid descriptor of length 0, skipping remainder of the config
[  453.123819][    T9] usb 5-1: config 74 has 1 interface, different from the descriptor's value: 69
[  453.134016][    T9] usb 5-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  453.143401][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.544625][T11149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  453.572495][T11149] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  453.707090][ T5697] usb 4-1: USB disconnect, device number 72
[  454.051353][T11155] fuse: Unknown parameter 'grop^id'
[  454.637358][T11162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.661087][T11162] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.860475][T11168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.937563][T11168] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  455.452167][T11174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1628'.
[  455.944802][    T9] usb 5-1: string descriptor 0 read error: -71
[  455.984716][    T9] gspca_main: stv0680-2.14.0 probing 041e:4007
[  456.105492][T11180] FAULT_INJECTION: forcing a failure.
[  456.105492][T11180] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  456.137759][T11180] CPU: 1 UID: 0 PID: 11180 Comm: syz.4.1630 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  456.137793][T11180] Tainted: [L]=SOFTLOCKUP
[  456.137801][T11180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  456.137814][T11180] Call Trace:
[  456.137823][T11180]  <TASK>
[  456.137833][T11180]  dump_stack_lvl+0xe8/0x150
[  456.137862][T11180]  should_fail_ex+0x412/0x560
[  456.137892][T11180]  _copy_to_user+0x31/0xb0
[  456.137921][T11180]  simple_read_from_buffer+0xe1/0x170
[  456.137953][T11180]  proc_fail_nth_read+0x1bb/0x230
[  456.137984][T11180]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  456.138014][T11180]  ? rw_verify_area+0x2a6/0x4d0
[  456.138042][T11180]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  456.138071][T11180]  vfs_read+0x20c/0xa70
[  456.138104][T11180]  ? __pfx___mutex_lock+0x10/0x10
[  456.138129][T11180]  ? __pfx_vfs_read+0x10/0x10
[  456.138160][T11180]  ? __fget_files+0x2a/0x420
[  456.138191][T11180]  ? __fget_files+0x3a0/0x420
[  456.138219][T11180]  ? __fget_files+0x2a/0x420
[  456.138254][T11180]  ksys_read+0x150/0x270
[  456.138286][T11180]  ? __pfx_ksys_read+0x10/0x10
[  456.138324][T11180]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.138347][T11180]  do_syscall_64+0x174/0x580
[  456.138367][T11180]  ? trace_irq_disable+0x3b/0x140
[  456.138398][T11180]  ? clear_bhb_loop+0x40/0x90
[  456.138424][T11180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.138445][T11180] RIP: 0033:0x7f40ef15d68e
[  456.138465][T11180] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  456.138483][T11180] RSP: 002b:00007f40f00bdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  456.138506][T11180] RAX: ffffffffffffffda RBX: 00007f40f00be6c0 RCX: 00007f40ef15d68e
[  456.138521][T11180] RDX: 000000000000000f RSI: 00007f40f00be0a0 RDI: 0000000000000010
[  456.138535][T11180] RBP: 00007f40f00be090 R08: 0000000000000000 R09: 0000000000000000
[  456.138547][T11180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  456.138560][T11180] R13: 00007f40ef416038 R14: 00007f40ef415fa0 R15: 00007f40ef53fa48
[  456.138594][T11180]  </TASK>
[  457.103183][    T9] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -71
[  457.134764][    T9] stv0680 5-1:74.0: STV(e): camera ping failed!!
[  457.173846][    T9] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  457.205074][    T9] stv0680 5-1:74.0: last error: 0,  command = 0x0
[  457.221546][T11201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  457.262069][    T9] usb 5-1: USB disconnect, device number 58
[  457.278116][T11201] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  457.349476][T11201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  457.396267][T11201] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  457.495993][T11204] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  457.515995][T11204] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  458.693742][T11226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  458.746715][T11226] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  459.274888][T11233] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  459.442206][T11243] sysfs: cannot create duplicate filename '/class/ieee80211/1��^!'
[  459.450827][T11243] CPU: 0 UID: 0 PID: 11243 Comm: syz.1.1652 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  459.450870][T11243] Tainted: [L]=SOFTLOCKUP
[  459.450878][T11243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  459.450892][T11243] Call Trace:
[  459.450901][T11243]  <TASK>
[  459.450911][T11243]  dump_stack_lvl+0xe8/0x150
[  459.450943][T11243]  sysfs_warn_dup+0x8e/0xa0
[  459.450970][T11243]  sysfs_do_create_link_sd+0xc0/0x110
[  459.451002][T11243]  device_add_class_symlinks+0x1cf/0x240
[  459.451030][T11243]  device_add+0x475/0xbb0
[  459.451056][T11243]  wiphy_register+0x1dc5/0x2dc0
[  459.451099][T11243]  ? __pfx_wiphy_register+0x10/0x10
[  459.451123][T11243]  ? __pfx_netdev_run_todo+0x10/0x10
[  459.451148][T11243]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  459.451183][T11243]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  459.451211][T11243]  ieee80211_register_hw+0x3d82/0x4a70
[  459.451253][T11243]  ? ieee80211_register_hw+0x1901/0x4a70
[  459.451305][T11243]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  459.451335][T11243]  ? __asan_memset+0x22/0x50
[  459.451364][T11243]  ? __hrtimer_setup+0x1b7/0x260
[  459.451389][T11243]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  459.451422][T11243]  mac80211_hwsim_new_radio+0x3335/0x5aa0
[  459.451484][T11243]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  459.451514][T11243]  ? kstrndup+0xbf/0x160
[  459.451546][T11243]  hwsim_new_radio_nl+0xf6a/0x1c00
[  459.451603][T11243]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  459.451644][T11243]  ? rcu_is_watching+0x15/0xb0
[  459.451671][T11243]  ? trace_kmalloc+0x2a/0xf0
[  459.451706][T11243]  ? __nla_parse+0x40/0x60
[  459.451738][T11243]  ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0
[  459.451765][T11243]  ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0
[  459.451800][T11243]  genl_family_rcv_msg_doit+0x22a/0x330
[  459.451834][T11243]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  459.451885][T11243]  ? bpf_lsm_capable+0x9/0x20
[  459.451906][T11243]  ? security_capable+0x7e/0x2c0
[  459.451942][T11243]  genl_rcv_msg+0x61c/0x7a0
[  459.451975][T11243]  ? __pfx_genl_rcv_msg+0x10/0x10
[  459.452000][T11243]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  459.452032][T11243]  ? __pfx_ref_tracker_free+0x10/0x10
[  459.452054][T11243]  ? __asan_memcpy+0x40/0x70
[  459.452080][T11243]  ? __skb_clone+0x63/0x7a0
[  459.452109][T11243]  netlink_rcv_skb+0x232/0x4b0
[  459.452142][T11243]  ? __pfx_genl_rcv_msg+0x10/0x10
[  459.452170][T11243]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  459.452218][T11243]  ? down_read+0x270/0x2e0
[  459.452241][T11243]  ? genl_rcv+0xd/0x40
[  459.452267][T11243]  genl_rcv+0x28/0x40
[  459.452288][T11243]  netlink_unicast+0x75c/0x8e0
[  459.452329][T11243]  netlink_sendmsg+0x813/0xb40
[  459.452372][T11243]  ? __pfx_netlink_sendmsg+0x10/0x10
[  459.452408][T11243]  ? aa_sock_msg_perm+0xf1/0x1b0
[  459.452443][T11243]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  459.452476][T11243]  ____sys_sendmsg+0x972/0x9f0
[  459.452497][T11243]  ? __might_fault+0xaf/0x130
[  459.452531][T11243]  ? __pfx_____sys_sendmsg+0x10/0x10
[  459.452577][T11243]  ? import_iovec+0x73/0xa0
[  459.452607][T11243]  ___sys_sendmsg+0x2a5/0x360
[  459.452627][T11243]  ? __lock_acquire+0x6b5/0x2cf0
[  459.452656][T11243]  ? __pfx____sys_sendmsg+0x10/0x10
[  459.452685][T11243]  ? futex_wait+0x2a2/0x390
[  459.452743][T11243]  ? __fget_files+0x2a/0x420
[  459.452770][T11243]  ? __fget_files+0x3a0/0x420
[  459.452809][T11243]  __x64_sys_sendmsg+0x1bd/0x2a0
[  459.452827][T11243]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  459.452864][T11243]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.452881][T11243]  do_syscall_64+0x174/0x580
[  459.452897][T11243]  ? trace_irq_disable+0x3b/0x140
[  459.452920][T11243]  ? clear_bhb_loop+0x40/0x90
[  459.452939][T11243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.452955][T11243] RIP: 0033:0x7fb913d9ce59
[  459.452970][T11243] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  459.452983][T11243] RSP: 002b:00007fb914cd8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  459.453000][T11243] RAX: ffffffffffffffda RBX: 00007fb914015fa0 RCX: 00007fb913d9ce59
[  459.453011][T11243] RDX: 0000000004004004 RSI: 0000200000000100 RDI: 0000000000000004
[  459.453021][T11243] RBP: 00007fb913e32d6f R08: 0000000000000000 R09: 0000000000000000
[  459.453030][T11243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  459.453039][T11243] R13: 00007fb914016038 R14: 00007fb914015fa0 R15: 00007fb91413fa48
[  459.453064][T11243]  </TASK>
[  459.914863][T11244] sysfs: cannot create duplicate filename '/class/ieee80211/1��^!'
[  459.922990][T11244] CPU: 0 UID: 0 PID: 11244 Comm: syz.1.1652 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  459.923023][T11244] Tainted: [L]=SOFTLOCKUP
[  459.923032][T11244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  459.923044][T11244] Call Trace:
[  459.923053][T11244]  <TASK>
[  459.923063][T11244]  dump_stack_lvl+0xe8/0x150
[  459.923093][T11244]  sysfs_warn_dup+0x8e/0xa0
[  459.923121][T11244]  sysfs_do_create_link_sd+0xc0/0x110
[  459.923151][T11244]  device_add_class_symlinks+0x1cf/0x240
[  459.923179][T11244]  device_add+0x475/0xbb0
[  459.923205][T11244]  wiphy_register+0x1dc5/0x2dc0
[  459.923246][T11244]  ? __pfx_wiphy_register+0x10/0x10
[  459.923270][T11244]  ? __pfx_netdev_run_todo+0x10/0x10
[  459.923293][T11244]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  459.923329][T11244]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  459.923356][T11244]  ieee80211_register_hw+0x3d82/0x4a70
[  459.923397][T11244]  ? ieee80211_register_hw+0x1901/0x4a70
[  459.923448][T11244]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  459.923478][T11244]  ? __asan_memset+0x22/0x50
[  459.923505][T11244]  ? __hrtimer_setup+0x1b7/0x260
[  459.923530][T11244]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  459.923557][T11244]  mac80211_hwsim_new_radio+0x3335/0x5aa0
[  459.923621][T11244]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  459.923652][T11244]  ? kstrndup+0xbf/0x160
[  459.923683][T11244]  hwsim_new_radio_nl+0xf6a/0x1c00
[  459.923739][T11244]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  459.923780][T11244]  ? rcu_is_watching+0x15/0xb0
[  459.923806][T11244]  ? trace_kmalloc+0x2a/0xf0
[  459.923842][T11244]  ? __nla_parse+0x40/0x60
[  459.923881][T11244]  ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0
[  459.923909][T11244]  ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0
[  459.923943][T11244]  genl_family_rcv_msg_doit+0x22a/0x330
[  459.923976][T11244]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  459.924025][T11244]  ? bpf_lsm_capable+0x9/0x20
[  459.924044][T11244]  ? security_capable+0x7e/0x2c0
[  459.924079][T11244]  genl_rcv_msg+0x61c/0x7a0
[  459.924109][T11244]  ? __pfx_genl_rcv_msg+0x10/0x10
[  459.924132][T11244]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  459.924163][T11244]  ? __pfx_ref_tracker_free+0x10/0x10
[  459.924184][T11244]  ? __asan_memcpy+0x40/0x70
[  459.924225][T11244]  ? __skb_clone+0x63/0x7a0
[  459.924253][T11244]  netlink_rcv_skb+0x232/0x4b0
[  459.924286][T11244]  ? __pfx_genl_rcv_msg+0x10/0x10
[  459.924312][T11244]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  459.924359][T11244]  ? down_read+0x270/0x2e0
[  459.924382][T11244]  ? genl_rcv+0xd/0x40
[  459.924407][T11244]  genl_rcv+0x28/0x40
[  459.924429][T11244]  netlink_unicast+0x75c/0x8e0
[  459.924468][T11244]  netlink_sendmsg+0x813/0xb40
[  459.924509][T11244]  ? __pfx_netlink_sendmsg+0x10/0x10
[  459.924545][T11244]  ? aa_sock_msg_perm+0xf1/0x1b0
[  459.924579][T11244]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  459.924610][T11244]  ____sys_sendmsg+0x972/0x9f0
[  459.924631][T11244]  ? __might_fault+0xaf/0x130
[  459.924665][T11244]  ? __pfx_____sys_sendmsg+0x10/0x10
[  459.924696][T11244]  ? import_iovec+0x73/0xa0
[  459.924733][T11244]  ___sys_sendmsg+0x2a5/0x360
[  459.924753][T11244]  ? __lock_acquire+0x6b5/0x2cf0
[  459.924786][T11244]  ? __pfx____sys_sendmsg+0x10/0x10
[  459.924814][T11244]  ? futex_wait+0x2a2/0x390
[  459.924878][T11244]  ? __fget_files+0x2a/0x420
[  459.924903][T11244]  ? __fget_files+0x3a0/0x420
[  459.924940][T11244]  __x64_sys_sendmsg+0x1bd/0x2a0
[  459.924965][T11244]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  459.924993][T11244]  ? rcu_is_watching+0x15/0xb0
[  459.925028][T11244]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.925050][T11244]  do_syscall_64+0x174/0x580
[  459.925071][T11244]  ? trace_irq_disable+0x3b/0x140
[  459.925101][T11244]  ? clear_bhb_loop+0x40/0x90
[  459.925125][T11244]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.925145][T11244] RIP: 0033:0x7fb913d9ce59
[  459.925166][T11244] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  459.925182][T11244] RSP: 002b:00007fb914cb7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  459.925204][T11244] RAX: ffffffffffffffda RBX: 00007fb914016090 RCX: 00007fb913d9ce59
[  459.925219][T11244] RDX: 0000000004000010 RSI: 0000200000000100 RDI: 0000000000000004
[  459.925233][T11244] RBP: 00007fb913e32d6f R08: 0000000000000000 R09: 0000000000000000
[  459.925246][T11244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  459.925258][T11244] R13: 00007fb914016128 R14: 00007fb914016090 R15: 00007fb91413fa48
[  459.925290][T11244]  </TASK>
[  460.504004][    T9] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  460.538679][T11248] FAULT_INJECTION: forcing a failure.
[  460.538679][T11248] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  460.553578][T11248] CPU: 0 UID: 0 PID: 11248 Comm: syz.2.1653 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  460.553611][T11248] Tainted: [L]=SOFTLOCKUP
[  460.553619][T11248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  460.553632][T11248] Call Trace:
[  460.553641][T11248]  <TASK>
[  460.553650][T11248]  dump_stack_lvl+0xe8/0x150
[  460.553678][T11248]  should_fail_ex+0x412/0x560
[  460.553707][T11248]  _copy_from_iter+0x1d3/0x1670
[  460.553742][T11248]  ? __pfx__copy_from_iter+0x10/0x10
[  460.553764][T11248]  ? trace_kmalloc+0x2a/0xf0
[  460.553796][T11248]  ? __kmalloc_noprof+0x37d/0x760
[  460.553825][T11248]  ? kernfs_fop_write_iter+0x158/0x540
[  460.553845][T11248]  ? __kmalloc_noprof+0x1b8/0x760
[  460.553885][T11248]  kernfs_fop_write_iter+0x19b/0x540
[  460.553915][T11248]  vfs_write+0x61d/0xb90
[  460.553953][T11248]  ? __pfx_vfs_write+0x10/0x10
[  460.553994][T11248]  ? __fget_files+0x2a/0x420
[  460.554028][T11248]  ksys_write+0x150/0x270
[  460.554061][T11248]  ? __pfx_ksys_write+0x10/0x10
[  460.554100][T11248]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.554123][T11248]  do_syscall_64+0x174/0x580
[  460.554148][T11248]  ? trace_irq_disable+0x3b/0x140
[  460.554178][T11248]  ? clear_bhb_loop+0x40/0x90
[  460.554204][T11248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.554225][T11248] RIP: 0033:0x7f9fd579ce59
[  460.554245][T11248] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  460.554261][T11248] RSP: 002b:00007f9fd6636028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  460.554283][T11248] RAX: ffffffffffffffda RBX: 00007f9fd5a15fa0 RCX: 00007f9fd579ce59
[  460.554297][T11248] RDX: 000000000000006a RSI: 00002000000000c0 RDI: 0000000000000005
[  460.554310][T11248] RBP: 00007f9fd6636090 R08: 0000000000000000 R09: 0000000000000000
[  460.554323][T11248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  460.554335][T11248] R13: 00007f9fd5a16038 R14: 00007f9fd5a15fa0 R15: 00007f9fd5b3fa48
[  460.554369][T11248]  </TASK>
[  460.849136][    T9] usb 5-1: Using ep0 maxpacket: 32
[  460.857225][    T9] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  460.873370][    T9] usb 5-1: New USB device found, idVendor=0b05, idProduct=1866, bcdDevice= 0.40
[  460.885662][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.894238][    T9] usb 5-1: Product: syz
[  460.900010][    T9] usb 5-1: Manufacturer: Ć姨쫴瓐掇熟迎⛤ᅒ᜷㧴⣫褶棖⦇㥴嵜Ӭ햲㴚⣕汯芫貝겝躨韶䭞묝青⻧ﬡ险䤞죬糤꣣樏⧟풲簑䡉ⲃ劊퐳칇鿂鷪觖鳱㇠챮ឋ㯲瓓닺Ȋظ긲곙퐗ꠙߏ현㳦䮃馰ǫ憐迆⸲䁇暮滅⫾쁸腻뒰ⓞ⻋
[  460.929142][    T9] usb 5-1: SerialNumber: syz
[  461.372193][ T1611] hid-generic 0000:0000:0000.0024: unknown main item tag 0x0
[  461.430572][ T1611] hid-generic 0000:0000:0000.0024: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  461.989253][   T24] usb 4-1: new full-speed USB device number 73 using dummy_hcd
[  462.190786][   T24] usb 4-1: not running at top speed; connect to a high speed hub
[  462.243488][   T24] usb 4-1: New USB device found, idVendor=04b4, idProduct=9320, bcdDevice= 0.40
[  462.283919][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.316946][   T24] usb 4-1: Product: syz
[  462.346996][   T24] usb 4-1: Manufacturer: syz
[  462.373121][   T24] usb 4-1: SerialNumber: syz
[  462.440789][    T9] usbhid 5-1:1.0: can't add hid device: -71
[  462.466222][    T9] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  462.495359][T11280] CIFS: bad ip= option (.�R�H�e'�ˠ/����1�C��
�~�1W����e�xEA���eSb{~R�)
[  462.558311][    T9] usb 5-1: USB disconnect, device number 59
[  462.580761][T11280] FAULT_INJECTION: forcing a failure.
[  462.580761][T11280] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  462.642890][T11280] CPU: 1 UID: 0 PID: 11280 Comm: syz.2.1664 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  462.642926][T11280] Tainted: [L]=SOFTLOCKUP
[  462.642932][T11280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  462.642944][T11280] Call Trace:
[  462.642951][T11280]  <TASK>
[  462.642958][T11280]  dump_stack_lvl+0xe8/0x150
[  462.642981][T11280]  should_fail_ex+0x412/0x560
[  462.643001][T11280]  _copy_to_user+0x31/0xb0
[  462.643023][T11280]  simple_read_from_buffer+0xe1/0x170
[  462.643046][T11280]  proc_fail_nth_read+0x1bb/0x230
[  462.643068][T11280]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  462.643096][T11280]  ? rw_verify_area+0x2a6/0x4d0
[  462.643117][T11280]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  462.643138][T11280]  vfs_read+0x20c/0xa70
[  462.643163][T11280]  ? __pfx___mutex_lock+0x10/0x10
[  462.643179][T11280]  ? __pfx_vfs_read+0x10/0x10
[  462.643201][T11280]  ? __fget_files+0x2a/0x420
[  462.643223][T11280]  ? __fget_files+0x3a0/0x420
[  462.643240][T11280]  ? __fget_files+0x2a/0x420
[  462.643264][T11280]  ksys_read+0x150/0x270
[  462.643286][T11280]  ? __pfx_ksys_read+0x10/0x10
[  462.643313][T11280]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.643329][T11280]  do_syscall_64+0x174/0x580
[  462.643343][T11280]  ? trace_irq_disable+0x3b/0x140
[  462.643366][T11280]  ? clear_bhb_loop+0x40/0x90
[  462.643384][T11280]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.643398][T11280] RIP: 0033:0x7f9fd575d68e
[  462.643412][T11280] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  462.643425][T11280] RSP: 002b:00007f9fd6635fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  462.643440][T11280] RAX: ffffffffffffffda RBX: 00007f9fd66366c0 RCX: 00007f9fd575d68e
[  462.643451][T11280] RDX: 000000000000000f RSI: 00007f9fd66360a0 RDI: 0000000000000004
[  462.643460][T11280] RBP: 00007f9fd6636090 R08: 0000000000000000 R09: 0000000000000000
[  462.643469][T11280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  462.643478][T11280] R13: 00007f9fd5a16038 R14: 00007f9fd5a15fa0 R15: 00007f9fd5b3fa48
[  462.643501][T11280]  </TASK>
[  463.175926][T11283] FAULT_INJECTION: forcing a failure.
[  463.175926][T11283] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  463.219139][T11283] CPU: 1 UID: 0 PID: 11283 Comm: syz.4.1665 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  463.219168][T11283] Tainted: [L]=SOFTLOCKUP
[  463.219174][T11283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  463.219184][T11283] Call Trace:
[  463.219190][T11283]  <TASK>
[  463.219197][T11283]  dump_stack_lvl+0xe8/0x150
[  463.219218][T11283]  should_fail_ex+0x412/0x560
[  463.219239][T11283]  _copy_from_iter+0x1d3/0x1670
[  463.219255][T11283]  ? sctp_chunkify+0x5a/0x260
[  463.219272][T11283]  ? kmem_cache_alloc_noprof+0x15a/0x650
[  463.219299][T11283]  ? __pfx__copy_from_iter+0x10/0x10
[  463.219315][T11283]  ? __asan_memcpy+0x40/0x70
[  463.219334][T11283]  ? sctp_make_datafrag_empty+0x184/0x240
[  463.219351][T11283]  ? skb_put+0x11b/0x210
[  463.219376][T11283]  sctp_user_addto_chunk+0x87/0x240
[  463.219396][T11283]  sctp_datamsg_from_user+0x748/0xef0
[  463.219433][T11283]  sctp_sendmsg_to_asoc+0x1416/0x1900
[  463.219527][T11283]  ? sctp_transport_put+0xd2/0x150
[  463.219549][T11283]  ? sctp_epaddr_lookup_transport+0x925/0x9d0
[  463.219603][T11283]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  463.219625][T11283]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  463.219644][T11283]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  463.219668][T11283]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  463.219686][T11283]  ? sctp_sendmsg_check_sflags+0x18a/0x330
[  463.219708][T11283]  sctp_sendmsg+0x1b85/0x2c50
[  463.219738][T11283]  ? __pfx_sctp_sendmsg+0x10/0x10
[  463.219758][T11283]  ? aa_sk_perm+0x6d5/0x900
[  463.219778][T11283]  ? __might_fault+0xaf/0x130
[  463.219802][T11283]  ? __pfx_aa_sk_perm+0x10/0x10
[  463.219825][T11283]  ? sock_rps_record_flow+0x19/0x350
[  463.219841][T11283]  ? __pfx_inet_sendmsg+0x10/0x10
[  463.219858][T11283]  ? inet_sendmsg+0x2f4/0x370
[  463.219874][T11283]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  463.219893][T11283]  ? __pfx_inet_sendmsg+0x10/0x10
[  463.219910][T11283]  __sys_sendto+0x5de/0x710
[  463.219934][T11283]  ? __pfx___sys_sendto+0x10/0x10
[  463.219953][T11283]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  463.219980][T11283]  ? __fget_files+0x3a0/0x420
[  463.220006][T11283]  ? ksys_write+0x242/0x270
[  463.220029][T11283]  ? __pfx_ksys_write+0x10/0x10
[  463.220054][T11283]  __x64_sys_sendto+0xde/0x100
[  463.220076][T11283]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.220092][T11283]  do_syscall_64+0x174/0x580
[  463.220107][T11283]  ? trace_irq_disable+0x3b/0x140
[  463.220129][T11283]  ? clear_bhb_loop+0x40/0x90
[  463.220148][T11283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.220165][T11283] RIP: 0033:0x7f40ef19ce59
[  463.220179][T11283] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  463.220193][T11283] RSP: 002b:00007f40f009d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  463.220209][T11283] RAX: ffffffffffffffda RBX: 00007f40ef416090 RCX: 00007f40ef19ce59
[  463.220220][T11283] RDX: 0000000000034000 RSI: 0000200000000300 RDI: 0000000000000003
[  463.220230][T11283] RBP: 00007f40f009d090 R08: 0000200000000380 R09: 0000000000000010
[  463.220240][T11283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  463.220249][T11283] R13: 00007f40ef416128 R14: 00007f40ef416090 R15: 00007f40ef53fa48
[  463.220273][T11283]  </TASK>
[  463.941181][T11291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  463.950723][T11291] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.369125][T11302] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1668'.
[  464.748139][T11312] netlink: 'syz.2.1674': attribute type 12 has an invalid length.
[  464.863543][T11312] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  465.766429][ T1611] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0
[  465.785177][T11326] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.852679][T11326] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.862534][ T1611] hid-generic 0000:0000:0000.0025: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  465.905551][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  465.972444][   T24] usb 4-1: MIDIStreaming interface descriptor not found
[  466.233280][   T24] usb 4-1: USB disconnect, device number 73
[  466.649329][   T24] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  466.850197][   T24] usb 4-1: Using ep0 maxpacket: 32
[  466.855528][T11340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.876893][   T24] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  466.880386][T11340] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  466.913580][   T24] usb 4-1: config 0 has no interface number 0
[  466.920389][   T24] usb 4-1: config 0 interface 12 has no altsetting 0
[  466.940848][   T24] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  466.950342][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.962758][   T24] usb 4-1: Product: syz
[  466.971881][   T24] usb 4-1: Manufacturer: syz
[  466.986657][   T24] usb 4-1: SerialNumber: syz
[  467.019670][   T24] usb 4-1: config 0 descriptor??
[  467.431159][   T24] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  467.459435][   T24] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  467.489262][   T24] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  467.521005][   T24] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  467.619114][   T24] usb 4-1: USB disconnect, device number 74
[  469.603463][T11387] binder_alloc: 11386: binder_alloc_buf size 1024 failed, no address space
[  469.721623][T11387] binder_alloc: allocated: 12288 (num: 2 largest: 12280), free: 0 (num: 0 largest: 0)
[  469.764383][T11392] binder: 11390:11392 ioctl c0306201 200000000640 returned -22
[  469.774769][T11389] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1699'.
[  469.797741][T11392] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1700'.
[  470.910101][T11416] FAULT_INJECTION: forcing a failure.
[  470.910101][T11416] name failslab, interval 1, probability 0, space 0, times 0
[  470.929595][T11416] CPU: 1 UID: 0 PID: 11416 Comm: syz.0.1710 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  470.929628][T11416] Tainted: [L]=SOFTLOCKUP
[  470.929636][T11416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  470.929648][T11416] Call Trace:
[  470.929657][T11416]  <TASK>
[  470.929666][T11416]  dump_stack_lvl+0xe8/0x150
[  470.929695][T11416]  should_fail_ex+0x412/0x560
[  470.929724][T11416]  should_failslab+0xa8/0x100
[  470.929745][T11416]  ? do_getname+0x2e/0x250
[  470.929767][T11416]  kmem_cache_alloc_noprof+0x87/0x650
[  470.929794][T11416]  ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10
[  470.929825][T11416]  ? _raw_spin_unlock_irq+0x2e/0x50
[  470.929861][T11416]  do_getname+0x2e/0x250
[  470.929881][T11416]  ? getname_flags+0x11/0x20
[  470.929905][T11416]  do_sys_openat2+0xca/0x200
[  470.929938][T11416]  ? __pfx_do_sys_openat2+0x10/0x10
[  470.929961][T11416]  ? __task_pid_nr_ns+0x28/0x470
[  470.929983][T11416]  __x64_sys_openat+0x138/0x170
[  470.930003][T11416]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.930019][T11416]  do_syscall_64+0x174/0x580
[  470.930034][T11416]  ? clear_bhb_loop+0x40/0x90
[  470.930052][T11416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.930067][T11416] RIP: 0033:0x7fe01399ce59
[  470.930082][T11416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  470.930094][T11416] RSP: 002b:00007fe0148df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  470.930110][T11416] RAX: ffffffffffffffda RBX: 00007fe013c15fa0 RCX: 00007fe01399ce59
[  470.930120][T11416] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: ffffffffffffff9c
[  470.930130][T11416] RBP: 00007fe0148df090 R08: 0000000000000000 R09: 0000000000000000
[  470.930140][T11416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  470.930149][T11416] R13: 00007fe013c16038 R14: 00007fe013c15fa0 R15: 00007fe013d3fa48
[  470.930171][T11416]  </TASK>
[  471.466599][T11422] binder: 11421:11422 ioctl c0306201 200000000640 returned -22
[  471.531713][T11422] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1712'.
[  471.864830][T11434] FAULT_INJECTION: forcing a failure.
[  471.864830][T11434] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  471.882358][T11426] vim2m vim2m.0: vidioc_s_fmt queue busy
[  471.900894][T11434] CPU: 1 UID: 0 PID: 11434 Comm: syz.1.1715 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  471.900927][T11434] Tainted: [L]=SOFTLOCKUP
[  471.900935][T11434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  471.900948][T11434] Call Trace:
[  471.900957][T11434]  <TASK>
[  471.900965][T11434]  dump_stack_lvl+0xe8/0x150
[  471.900995][T11434]  should_fail_ex+0x412/0x560
[  471.901023][T11434]  prepare_alloc_pages+0x22a/0x650
[  471.901069][T11434]  __alloc_frozen_pages_noprof+0x12f/0x380
[  471.901106][T11434]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  471.901144][T11434]  ? __pfx_policy_nodemask+0x10/0x10
[  471.901169][T11434]  ? __lock_acquire+0x6b5/0x2cf0
[  471.901196][T11434]  alloc_pages_mpol+0x235/0x490
[  471.901223][T11434]  folio_alloc_mpol_noprof+0x39/0x160
[  471.901248][T11434]  vma_alloc_folio_noprof+0xe1/0x1e0
[  471.901274][T11434]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  471.901297][T11434]  ? __pte_offset_map+0x29/0x240
[  471.901324][T11434]  ? __pte_offset_map+0x29/0x240
[  471.901355][T11434]  do_pte_missing+0x159d/0x33f0
[  471.901399][T11434]  ? handle_mm_fault+0xf1/0x3170
[  471.901430][T11434]  handle_mm_fault+0x1bf2/0x3170
[  471.901472][T11434]  ? handle_mm_fault+0xf1/0x3170
[  471.901506][T11434]  ? __pfx_handle_mm_fault+0x10/0x10
[  471.901534][T11434]  ? follow_page_pte+0x6cf/0xe60
[  471.901569][T11434]  ? __pfx_follow_page_pte+0x10/0x10
[  471.901608][T11434]  __get_user_pages+0x167f/0x2730
[  471.901666][T11434]  faultin_page_range+0x240/0x8c0
[  471.901693][T11434]  ? __asan_memset+0x22/0x50
[  471.901720][T11434]  ? blk_start_plug+0x6e/0x1b0
[  471.901835][T11434]  madvise_do_behavior+0x2e5/0x540
[  471.901874][T11434]  ? __pfx_madvise_do_behavior+0x10/0x10
[  471.901916][T11434]  ? down_read+0x270/0x2e0
[  471.901939][T11434]  ? madvise_lock+0x146/0x2e0
[  471.901978][T11434]  do_madvise+0x1fa/0x2e0
[  471.902011][T11434]  ? __pfx_do_madvise+0x10/0x10
[  471.902068][T11434]  ? __pfx_ksys_write+0x10/0x10
[  471.902104][T11434]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.902128][T11434]  __x64_sys_madvise+0xa6/0xc0
[  471.902162][T11434]  do_syscall_64+0x174/0x580
[  471.902183][T11434]  ? trace_irq_disable+0x3b/0x140
[  471.902226][T11434]  ? clear_bhb_loop+0x40/0x90
[  471.902253][T11434]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.902277][T11434] RIP: 0033:0x7fb913d9ce59
[  471.902297][T11434] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  471.902316][T11434] RSP: 002b:00007fb914cd8028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  471.902338][T11434] RAX: ffffffffffffffda RBX: 00007fb914015fa0 RCX: 00007fb913d9ce59
[  471.902353][T11434] RDX: 0000000000000017 RSI: 0000000000c00000 RDI: 0000200000000000
[  471.902367][T11434] RBP: 00007fb914cd8090 R08: 0000000000000000 R09: 0000000000000000
[  471.902380][T11434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  471.902393][T11434] R13: 00007fb914016038 R14: 00007fb914015fa0 R15: 00007fb91413fa48
[  471.902430][T11434]  </TASK>
[  473.159670][   T24] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  473.309551][   T24] usb 5-1: Using ep0 maxpacket: 16
[  473.316539][   T24] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  473.331432][   T24] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  473.343593][   T24] usb 5-1: config 0 interface 0 has no altsetting 0
[  473.351164][   T24] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  473.361364][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.374824][   T24] usb 5-1: config 0 descriptor??
[  473.499800][T11441] Set syz1 is full, maxelem 65536 reached
[  473.795491][T11449] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  473.836497][   T24] nzxt-smart2 0003:1E71:2009.0026: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0
[  473.862921][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  473.862948][   T30] audit: type=1326 audit(1780407500.148:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1728" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01399ce59 code=0x7ffc0000
[  473.897159][   T30] audit: type=1326 audit(1780407500.148:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1728" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01399ce59 code=0x7ffc0000
[  473.959168][   T30] audit: type=1326 audit(1780407500.178:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1728" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fe01399ce59 code=0x7ffc0000
[  473.996255][   T30] audit: type=1326 audit(1780407500.178:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1728" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01399ce59 code=0x7ffc0000
[  474.021166][   T30] audit: type=1326 audit(1780407500.178:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1728" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01399ce59 code=0x7ffc0000
[  474.072650][   T30] audit: type=1326 audit(1780407500.178:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1728" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7fe01399ce59 code=0x7ffc0000
[  474.097198][   T30] audit: type=1326 audit(1780407500.178:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1728" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01399ce59 code=0x7ffc0000
[  474.122088][   T30] audit: type=1326 audit(1780407500.178:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11469 comm="syz.0.1728" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe01399ce59 code=0x7ffc0000
[  474.159912][    T9] usb 5-1: USB disconnect, device number 60
[  474.364256][T11480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  474.377229][T11480] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  474.778398][T11490] netlink: 'syz.0.1735': attribute type 5 has an invalid length.
[  474.806691][T11490] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1735'.
[  474.823841][T11490] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1735'.
[  475.725593][T11506] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  476.453694][T11521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  476.486764][T11521] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  476.495665][    T9] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  476.514096][T11521] binder: 11519:11521 ioctl c0306201 2000000004c0 returned -14
[  476.546792][T11521] binder: 11519:11521 ioctl c0306201 2000000001c0 returned -14
[  476.692566][    T9] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  476.716873][    T9] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  476.749137][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  476.777999][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  476.812950][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  476.846035][    T9] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  476.869387][    T9] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  476.895362][    T9] usb 5-1: Product: syz
[  476.908218][    T9] usb 5-1: Manufacturer: syz
[  476.942848][    T9] cdc_wdm 5-1:1.0: skipping garbage
[  476.958565][    T9] cdc_wdm 5-1:1.0: skipping garbage
[  476.983098][    T9] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  476.999573][    T9] cdc_wdm 5-1:1.0: Unknown control protocol
[  477.201796][T11529] input: syz1 as /devices/virtual/input/input38
[  477.258618][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  477.263529][    T9] usb 5-1: USB disconnect, device number 61
[  477.265279][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  477.277329][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  477.338317][T11534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  477.388260][T11534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  477.987791][T11551] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1755'.
[  478.130605][T11553] FAULT_INJECTION: forcing a failure.
[  478.130605][T11553] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  478.151602][T11553] CPU: 0 UID: 0 PID: 11553 Comm: syz.4.1756 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  478.151638][T11553] Tainted: [L]=SOFTLOCKUP
[  478.151646][T11553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  478.151660][T11553] Call Trace:
[  478.151669][T11553]  <TASK>
[  478.151679][T11553]  dump_stack_lvl+0xe8/0x150
[  478.151708][T11553]  should_fail_ex+0x412/0x560
[  478.151736][T11553]  _copy_to_user+0x31/0xb0
[  478.151765][T11553]  simple_read_from_buffer+0xe1/0x170
[  478.151797][T11553]  proc_fail_nth_read+0x1bb/0x230
[  478.151829][T11553]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  478.151860][T11553]  ? rw_verify_area+0x2a6/0x4d0
[  478.151888][T11553]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  478.151917][T11553]  vfs_read+0x20c/0xa70
[  478.151952][T11553]  ? __pfx___mutex_lock+0x10/0x10
[  478.151977][T11553]  ? __pfx_vfs_read+0x10/0x10
[  478.152008][T11553]  ? __fget_files+0x2a/0x420
[  478.152038][T11553]  ? __fget_files+0x3a0/0x420
[  478.152063][T11553]  ? __fget_files+0x2a/0x420
[  478.152097][T11553]  ksys_read+0x150/0x270
[  478.152129][T11553]  ? __pfx_ksys_read+0x10/0x10
[  478.152167][T11553]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.152191][T11553]  do_syscall_64+0x174/0x580
[  478.152221][T11553]  ? trace_irq_disable+0x3b/0x140
[  478.152252][T11553]  ? clear_bhb_loop+0x40/0x90
[  478.152278][T11553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.152299][T11553] RIP: 0033:0x7f40ef15d68e
[  478.152318][T11553] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  478.152337][T11553] RSP: 002b:00007f40f00bdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  478.152360][T11553] RAX: ffffffffffffffda RBX: 00007f40f00be6c0 RCX: 00007f40ef15d68e
[  478.152375][T11553] RDX: 000000000000000f RSI: 00007f40f00be0a0 RDI: 000000000000000a
[  478.152388][T11553] RBP: 00007f40f00be090 R08: 0000000000000000 R09: 0000000000000000
[  478.152400][T11553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  478.152413][T11553] R13: 00007f40ef416038 R14: 00007f40ef415fa0 R15: 00007f40ef53fa48
[  478.152446][T11553]  </TASK>
[  479.522939][T11572] netlink: 'syz.0.1764': attribute type 1 has an invalid length.
[  479.707156][T11574] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  479.741174][T11574] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  479.791155][T11574] input: syz1 as /devices/virtual/input/input39
[  480.261789][T11584] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1768'.
[  480.452908][T11586] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1769'.
[  480.667319][T11592] bond3: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  480.684494][T11592] bond3: (slave lo): Enslaving as an active interface with an up link
[  480.701951][T11592] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  480.792510][    T9] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  480.928756][T11604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1777'.
[  480.960681][    T9] usb 5-1: device descriptor read/64, error -71
[  481.196167][T11613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.226540][T11613] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  481.239320][    T9] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[  481.301109][T11613] input: syz1 as /devices/virtual/input/input40
[  481.419065][    T9] usb 5-1: device descriptor read/64, error -71
[  481.549466][    T9] usb usb5-port1: attempt power cycle
[  481.931932][    T9] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  482.007635][    T9] usb 5-1: device descriptor read/8, error -71
[  482.291144][    T9] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  482.331614][    T9] usb 5-1: device descriptor read/8, error -71
[  482.466917][    T9] usb usb5-port1: unable to enumerate USB device
[  482.568309][T11631] kvm: pic: non byte write
[  482.582630][T11631] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=33554656 (67109312 ns) > initial count (368 ns). Using initial count to start timer.
[  482.946317][T11642] netlink: 'syz.0.1792': attribute type 1 has an invalid length.
[  483.150381][T11655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  483.205793][T11655] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  483.435448][T11666] FAULT_INJECTION: forcing a failure.
[  483.435448][T11666] name failslab, interval 1, probability 0, space 0, times 0
[  483.460588][T11666] CPU: 1 UID: 0 PID: 11666 Comm: syz.3.1799 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  483.460621][T11666] Tainted: [L]=SOFTLOCKUP
[  483.460629][T11666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  483.460642][T11666] Call Trace:
[  483.460667][T11666]  <TASK>
[  483.460676][T11666]  dump_stack_lvl+0xe8/0x150
[  483.460706][T11666]  should_fail_ex+0x412/0x560
[  483.460742][T11666]  should_failslab+0xa8/0x100
[  483.460765][T11666]  ? skb_clone+0x212/0x3a0
[  483.460787][T11666]  kmem_cache_alloc_noprof+0x87/0x650
[  483.460817][T11666]  ? __netlink_lookup+0xc6/0x8b0
[  483.460843][T11666]  skb_clone+0x212/0x3a0
[  483.460868][T11666]  __netlink_deliver_tap+0x404/0x850
[  483.460919][T11666]  ? netlink_deliver_tap+0x2e/0x1b0
[  483.460957][T11666]  netlink_deliver_tap+0x19c/0x1b0
[  483.460994][T11666]  netlink_unicast+0x730/0x8e0
[  483.461038][T11666]  netlink_sendmsg+0x813/0xb40
[  483.461080][T11666]  ? __pfx_netlink_sendmsg+0x10/0x10
[  483.461115][T11666]  ? aa_sock_msg_perm+0xf1/0x1b0
[  483.461147][T11666]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  483.461178][T11666]  ____sys_sendmsg+0x972/0x9f0
[  483.461199][T11666]  ? __might_fault+0xaf/0x130
[  483.461224][T11666]  ? __pfx_____sys_sendmsg+0x10/0x10
[  483.461247][T11666]  ? import_iovec+0x73/0xa0
[  483.461269][T11666]  ___sys_sendmsg+0x2a5/0x360
[  483.461283][T11666]  ? __lock_acquire+0x6b5/0x2cf0
[  483.461302][T11666]  ? __pfx____sys_sendmsg+0x10/0x10
[  483.461342][T11666]  ? __fget_files+0x2a/0x420
[  483.461360][T11666]  ? __fget_files+0x3a0/0x420
[  483.461385][T11666]  __x64_sys_sendmsg+0x1bd/0x2a0
[  483.461402][T11666]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  483.461424][T11666]  ? __pfx_ksys_write+0x10/0x10
[  483.461451][T11666]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.461467][T11666]  do_syscall_64+0x174/0x580
[  483.461482][T11666]  ? trace_irq_disable+0x3b/0x140
[  483.461504][T11666]  ? clear_bhb_loop+0x40/0x90
[  483.461522][T11666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.461537][T11666] RIP: 0033:0x7fe3b6d9ce59
[  483.461551][T11666] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  483.461563][T11666] RSP: 002b:00007fe3b7c0f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  483.461579][T11666] RAX: ffffffffffffffda RBX: 00007fe3b7015fa0 RCX: 00007fe3b6d9ce59
[  483.461590][T11666] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000003
[  483.461600][T11666] RBP: 00007fe3b7c0f090 R08: 0000000000000000 R09: 0000000000000000
[  483.461608][T11666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  483.461617][T11666] R13: 00007fe3b7016038 R14: 00007fe3b7015fa0 R15: 00007fe3b713fa48
[  483.461640][T11666]  </TASK>
[  484.449073][ T1611] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  484.611137][ T1611] usb 4-1: Using ep0 maxpacket: 16
[  484.622264][ T1611] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  484.622304][ T1611] usb 4-1: config 0 interface 0 has no altsetting 0
[  484.623523][ T1611] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  484.623553][ T1611] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.633295][ T1611] usb 4-1: config 0 descriptor??
[  484.743946][T11681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  484.758309][T11681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  485.113661][ T1611] nzxt-smart2 0003:1E71:2009.0027: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0
[  485.521935][   T24] usb 4-1: USB disconnect, device number 75
[  485.569355][ T1611] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  485.760906][ T1611] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  485.760940][ T1611] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.774701][ T1611] usb 5-1: config 0 descriptor??
[  485.776987][ T1611] cp210x 5-1:0.0: cp210x converter detected
[  486.187018][T11692] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1808'.
[  486.202550][T11692] openvswitch: netlink: Unknown nsh attribute 0
[  486.258244][ T1611] cp210x 5-1:0.0: failed to get vendor val 0x370c size 13: -71
[  486.272872][ T1611] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  486.315431][ T1611] usb 5-1: cp210x converter now attached to ttyUSB0
[  486.339795][T11703] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  486.376519][ T1611] usb 5-1: USB disconnect, device number 66
[  486.393805][T11703] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  486.420848][ T1611] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  486.447939][ T1611] cp210x 5-1:0.0: device disconnected
[  486.489247][    T9] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  486.583038][T11707] FAULT_INJECTION: forcing a failure.
[  486.583038][T11707] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  486.597629][T11707] CPU: 1 UID: 0 PID: 11707 Comm: syz.0.1815 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  486.597654][T11707] Tainted: [L]=SOFTLOCKUP
[  486.597659][T11707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  486.597669][T11707] Call Trace:
[  486.597675][T11707]  <TASK>
[  486.597681][T11707]  dump_stack_lvl+0xe8/0x150
[  486.597702][T11707]  should_fail_ex+0x412/0x560
[  486.597723][T11707]  _copy_from_user+0x2d/0xb0
[  486.597742][T11707]  ___sys_recvmsg+0x175/0x590
[  486.597762][T11707]  ? __pfx____sys_recvmsg+0x10/0x10
[  486.597780][T11707]  ? __fget_files+0x2a/0x420
[  486.597810][T11707]  ? __fget_files+0x3a0/0x420
[  486.597835][T11707]  do_recvmmsg+0x334/0x800
[  486.597855][T11707]  ? __pfx_do_recvmmsg+0x10/0x10
[  486.597879][T11707]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  486.597907][T11707]  __x64_sys_recvmmsg+0x198/0x250
[  486.597925][T11707]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  486.597946][T11707]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.597963][T11707]  do_syscall_64+0x174/0x580
[  486.597985][T11707]  ? trace_irq_disable+0x3b/0x140
[  486.598008][T11707]  ? clear_bhb_loop+0x40/0x90
[  486.598026][T11707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.598041][T11707] RIP: 0033:0x7fe01399ce59
[  486.598056][T11707] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  486.598069][T11707] RSP: 002b:00007fe0148df028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  486.598085][T11707] RAX: ffffffffffffffda RBX: 00007fe013c15fa0 RCX: 00007fe01399ce59
[  486.598096][T11707] RDX: 0000000000000008 RSI: 0000200000000d80 RDI: 0000000000000006
[  486.598106][T11707] RBP: 00007fe0148df090 R08: 0000000000000000 R09: 0000000000000000
[  486.598116][T11707] R10: 0000000000002030 R11: 0000000000000246 R12: 0000000000000001
[  486.598125][T11707] R13: 00007fe013c16038 R14: 00007fe013c15fa0 R15: 00007fe013d3fa48
[  486.598148][T11707]  </TASK>
[  486.819005][    T9] usb 4-1: Using ep0 maxpacket: 16
[  486.826658][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  486.836538][    T9] usb 4-1: config 1 interface 0 has no altsetting 0
[  486.845726][    T9] usb 4-1: New USB device found, idVendor=04cc, idProduct=8116, bcdDevice=e7.53
[  486.868213][T11709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  486.876944][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.886090][    T9] usb 4-1: Product: syz
[  486.891269][T11709] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  486.925281][    T9] usb 4-1: Manufacturer: syz
[  486.936439][    T9] usb 4-1: SerialNumber: syz
[  487.180374][T11701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  487.191485][T11701] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  487.311030][    T9] pwc: Sotec Afina Eye USB webcam detected.
[  487.335566][    T9] pwc: Failed to set LED on/off time (-71)
[  487.365174][    T9] pwc: send_video_command error -71
[  487.371491][    T9] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  487.399635][    T9] Philips webcam 4-1:1.0: probe with driver Philips webcam failed with error -71
[  487.427671][    T9] usb 4-1: USB disconnect, device number 76
[  487.470383][ T1611] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0
[  487.512898][ T1611] hid-generic 0000:0000:0000.0028: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  487.947762][T11731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  487.996431][T11731] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  488.273198][T11739] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1824'.
[  488.402333][T11742] xt_l2tp: invalid flags combination: 4
[  488.922568][T11747] netlink: 'syz.0.1827': attribute type 1 has an invalid length.
[  488.954259][T11747] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1827'.
[  488.989464][T11747] ipvlan2: entered allmulticast mode
[  489.540549][T11752] 8021q: adding VLAN 0 to HW filter on device bond0
[  489.716344][T11752] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  490.565733][T11764] FAULT_INJECTION: forcing a failure.
[  490.565733][T11764] name failslab, interval 1, probability 0, space 0, times 0
[  490.612471][T11764] CPU: 0 UID: 0 PID: 11764 Comm: syz.0.1833 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  490.612506][T11764] Tainted: [L]=SOFTLOCKUP
[  490.612514][T11764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  490.612527][T11764] Call Trace:
[  490.612536][T11764]  <TASK>
[  490.612546][T11764]  dump_stack_lvl+0xe8/0x150
[  490.612575][T11764]  should_fail_ex+0x412/0x560
[  490.612604][T11764]  should_failslab+0xa8/0x100
[  490.612631][T11764]  ? security_file_alloc+0x34/0x310
[  490.612657][T11764]  kmem_cache_alloc_noprof+0x87/0x650
[  490.612685][T11764]  ? rcu_is_watching+0x15/0xb0
[  490.612711][T11764]  ? trace_kmem_cache_alloc+0x29/0xe0
[  490.612742][T11764]  security_file_alloc+0x34/0x310
[  490.612770][T11764]  init_file+0x90/0x2b0
[  490.612798][T11764]  alloc_empty_file+0x74/0x1d0
[  490.612825][T11764]  alloc_file_pseudo+0x155/0x240
[  490.612863][T11764]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  490.612893][T11764]  ? _raw_spin_unlock+0x28/0x50
[  490.612923][T11764]  ? alloc_fd+0x64b/0x6c0
[  490.612952][T11764]  anon_inode_getfile+0xc5/0x1a0
[  490.612988][T11764]  media_request_alloc+0x276/0x5b0
[  490.613130][T11764]  media_device_request_alloc+0x98/0xd0
[  490.613157][T11764]  media_device_ioctl+0x2c1/0x4c0
[  490.613183][T11764]  ? __pfx_media_device_ioctl+0x10/0x10
[  490.613236][T11764]  ? __pfx_media_device_ioctl+0x10/0x10
[  490.613260][T11764]  ? media_ioctl+0xfe/0x120
[  490.613283][T11764]  ? __pfx_media_ioctl+0x10/0x10
[  490.613307][T11764]  __se_sys_ioctl+0xfc/0x170
[  490.613339][T11764]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.613362][T11764]  do_syscall_64+0x174/0x580
[  490.613383][T11764]  ? trace_irq_disable+0x3b/0x140
[  490.613414][T11764]  ? clear_bhb_loop+0x40/0x90
[  490.613440][T11764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.613461][T11764] RIP: 0033:0x7fe01399ce59
[  490.613488][T11764] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  490.613506][T11764] RSP: 002b:00007fe0148df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  490.613528][T11764] RAX: ffffffffffffffda RBX: 00007fe013c15fa0 RCX: 00007fe01399ce59
[  490.613544][T11764] RDX: 0000000000000000 RSI: 0000000080047c05 RDI: 0000000000000003
[  490.613557][T11764] RBP: 00007fe0148df090 R08: 0000000000000000 R09: 0000000000000000
[  490.613568][T11764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  490.613581][T11764] R13: 00007fe013c16038 R14: 00007fe013c15fa0 R15: 00007fe013d3fa48
[  490.613614][T11764]  </TASK>
[  491.156762][T11776] FAULT_INJECTION: forcing a failure.
[  491.156762][T11776] name failslab, interval 1, probability 0, space 0, times 0
[  491.199451][T11776] CPU: 0 UID: 0 PID: 11776 Comm: syz.3.1837 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  491.199486][T11776] Tainted: [L]=SOFTLOCKUP
[  491.199494][T11776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  491.199507][T11776] Call Trace:
[  491.199516][T11776]  <TASK>
[  491.199525][T11776]  dump_stack_lvl+0xe8/0x150
[  491.199558][T11776]  should_fail_ex+0x412/0x560
[  491.199588][T11776]  should_failslab+0xa8/0x100
[  491.199619][T11776]  __kmalloc_noprof+0xe8/0x760
[  491.199649][T11776]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  491.199677][T11776]  tomoyo_realpath_from_path+0xe3/0x5d0
[  491.199700][T11776]  ? tomoyo_domain+0xd7/0x130
[  491.199727][T11776]  ? tomoyo_path_number_perm+0x219/0x630
[  491.199755][T11776]  tomoyo_path_number_perm+0x246/0x630
[  491.199786][T11776]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  491.199814][T11776]  ? __lock_acquire+0x6b5/0x2cf0
[  491.199853][T11776]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  491.199898][T11776]  ? __fget_files+0x2a/0x420
[  491.199927][T11776]  ? __fget_files+0x2a/0x420
[  491.199951][T11776]  ? __fget_files+0x3a0/0x420
[  491.199975][T11776]  ? __fget_files+0x2a/0x420
[  491.200005][T11776]  security_file_ioctl+0xc3/0x2a0
[  491.200034][T11776]  __se_sys_ioctl+0x47/0x170
[  491.200066][T11776]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.200088][T11776]  do_syscall_64+0x174/0x580
[  491.200108][T11776]  ? trace_irq_disable+0x3b/0x140
[  491.200139][T11776]  ? clear_bhb_loop+0x40/0x90
[  491.200165][T11776]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.200186][T11776] RIP: 0033:0x7fe3b6d9ce59
[  491.200207][T11776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  491.200224][T11776] RSP: 002b:00007fe3b7c0f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  491.200246][T11776] RAX: ffffffffffffffda RBX: 00007fe3b7015fa0 RCX: 00007fe3b6d9ce59
[  491.200262][T11776] RDX: 0000200000000140 RSI: 00000000800454d7 RDI: 0000000000000003
[  491.200276][T11776] RBP: 00007fe3b7c0f090 R08: 0000000000000000 R09: 0000000000000000
[  491.200289][T11776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  491.200301][T11776] R13: 00007fe3b7016038 R14: 00007fe3b7015fa0 R15: 00007fe3b713fa48
[  491.200336][T11776]  </TASK>
[  491.206001][T11776] ERROR: Out of memory at tomoyo_realpath_from_path.
[  491.450272][T11778] syzkaller0: entered promiscuous mode
[  491.455956][T11778] syzkaller0: entered allmulticast mode
[  491.516050][T11776] pim6reg0: tun_chr_ioctl cmd 2147767511
[  491.886513][T11783] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1841'.
[  492.242659][T11794] trusted_key: syz.3.1844 sent an empty control message without MSG_MORE.
[  492.275422][T11794] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  493.042433][T11799] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1845'.
[  493.070784][T11799] netlink: 'syz.3.1845': attribute type 10 has an invalid length.
[  494.468202][T11813] syzkaller0: entered promiscuous mode
[  494.485087][T11813] syzkaller0: entered allmulticast mode
[  494.829601][   T24] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  495.013606][T11822] input: syz0 as /devices/virtual/input/input41
[  495.025726][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  495.065626][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  495.086594][   T24] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  495.105630][T11822] fuse: Unknown parameter 'qd'
[  495.115785][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  495.140849][   T24] usb 4-1: SerialNumber: syz
[  495.222169][T11827] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1854'.
[  495.296613][T11827] xt_l2tp: invalid flags combination: 4
[  495.415981][   T24] usb 4-1: 0:2 : does not exist
[  495.566357][   T24] usb 4-1: USB disconnect, device number 77
[  495.673596][ T5760] udevd[5760]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  496.340906][T11832] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1856'.
[  496.372975][T11832] netlink: 'syz.4.1856': attribute type 10 has an invalid length.
[  496.749850][   T24] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  496.919502][   T24] usb 4-1: device descriptor read/64, error -71
[  497.179998][   T24] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  497.352391][   T24] usb 4-1: device descriptor read/64, error -71
[  497.448679][T11835] syz.1.1857 (11835): drop_caches: 2
[  497.483373][   T24] usb usb4-port1: attempt power cycle
[  497.631920][T11852] bond5: down delay (511) is not a multiple of miimon (8), value rounded to 504 ms
[  497.644478][T11852] bond5: entered promiscuous mode
[  497.650108][T11852] bond5: entered allmulticast mode
[  497.655834][T11852] 8021q: adding VLAN 0 to HW filter on device bond5
[  497.685758][T11857] loop7: detected capacity change from 0 to 16384
[  497.703711][T11850] syzkaller0: entered promiscuous mode
[  497.718336][T11850] syzkaller0: entered allmulticast mode
[  497.861818][T11852] loop7: detected capacity change from 16384 to 16383
[  497.878152][   T24] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[  497.910288][   T24] usb 4-1: device descriptor read/8, error -71
[  498.160921][   T24] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[  498.212623][   T24] usb 4-1: device descriptor read/8, error -71
[  498.332696][   T24] usb usb4-port1: unable to enumerate USB device
[  498.389469][T11865] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  498.420868][T11865] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  498.612682][T11867] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1869'.
[  498.640831][T11867] netlink: 'syz.4.1869': attribute type 10 has an invalid length.
[  498.807986][T11870] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1870'.
[  499.166466][T11892] syzkaller0: entered promiscuous mode
[  499.176261][T11892] syzkaller0: entered allmulticast mode
[  499.217643][T11893] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1875'.
[  499.291331][T11893] xt_l2tp: invalid flags combination: 4
[  499.982589][T11901] ==================================================================
[  499.990685][T11901] BUG: KASAN: slab-use-after-free in dvb_device_open+0xc4/0x350
[  499.998415][T11901] Read of size 8 at addr ffff88802b456a18 by task syz.2.1881/11901
[  500.006305][T11901] 
[  500.008635][T11901] CPU: 1 UID: 0 PID: 11901 Comm: syz.2.1881 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  500.008657][T11901] Tainted: [L]=SOFTLOCKUP
[  500.008663][T11901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  500.008673][T11901] Call Trace:
[  500.008681][T11901]  <TASK>
[  500.008688][T11901]  dump_stack_lvl+0xe8/0x150
[  500.008708][T11901]  print_address_description+0x55/0x1e0
[  500.008735][T11901]  ? dvb_device_open+0xc4/0x350
[  500.008757][T11901]  print_report+0x58/0x70
[  500.008770][T11901]  kasan_report+0x117/0x150
[  500.008785][T11901]  ? dvb_device_open+0xc4/0x350
[  500.008813][T11901]  dvb_device_open+0xc4/0x350
[  500.008834][T11901]  ? do_raw_spin_unlock+0xf5/0x210
[  500.008878][T11901]  chrdev_open+0x4cd/0x5e0
[  500.008901][T11901]  ? __pfx_chrdev_open+0x10/0x10
[  500.008927][T11901]  ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[  500.008964][T11901]  ? __pfx_chrdev_open+0x10/0x10
[  500.008978][T11901]  do_dentry_open+0x822/0x13a0
[  500.009000][T11901]  vfs_open+0x3b/0x340
[  500.009016][T11901]  ? path_openat+0x2df0/0x3860
[  500.009038][T11901]  path_openat+0x2e08/0x3860
[  500.009065][T11901]  ? __pfx_stack_trace_save+0x10/0x10
[  500.009089][T11901]  ? stack_depot_save_flags+0x33/0x810
[  500.009109][T11901]  ? __pfx_path_openat+0x10/0x10
[  500.009130][T11901]  ? __x64_sys_openat+0x138/0x170
[  500.009149][T11901]  ? __lock_acquire+0x6b5/0x2cf0
[  500.009169][T11901]  do_file_open+0x23e/0x4a0
[  500.009194][T11901]  ? __pfx_do_file_open+0x10/0x10
[  500.009224][T11901]  ? _raw_spin_unlock+0x28/0x50
[  500.009247][T11901]  ? alloc_fd+0x64b/0x6c0
[  500.009268][T11901]  do_sys_openat2+0x113/0x200
[  500.009287][T11901]  ? __pfx_do_sys_openat2+0x10/0x10
[  500.009305][T11901]  ? exc_page_fault+0x6a/0xc0
[  500.009320][T11901]  ? do_user_addr_fault+0xc6f/0x1340
[  500.009337][T11901]  __x64_sys_openat+0x138/0x170
[  500.009356][T11901]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.009371][T11901]  do_syscall_64+0x174/0x580
[  500.009386][T11901]  ? trace_irq_disable+0x3b/0x140
[  500.009408][T11901]  ? clear_bhb_loop+0x40/0x90
[  500.009424][T11901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.009440][T11901] RIP: 0033:0x7f9fd575d68e
[  500.009454][T11901] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  500.009468][T11901] RSP: 002b:00007f9fd6635b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  500.009484][T11901] RAX: ffffffffffffffda RBX: 00007f9fd66366c0 RCX: 00007f9fd575d68e
[  500.009495][T11901] RDX: 0000000000000002 RSI: 00007f9fd6635c00 RDI: ffffffffffffff9c
[  500.009506][T11901] RBP: 00007f9fd6635c00 R08: 0000000000000000 R09: 0000000000000000
[  500.009516][T11901] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  500.009526][T11901] R13: 00007f9fd5a16038 R14: 00007f9fd5a15fa0 R15: 00007f9fd5b3fa48
[  500.009543][T11901]  </TASK>
[  500.009549][T11901] 
[  500.291138][T11901] Allocated by task 1:
[  500.295229][T11901]  kasan_save_track+0x3e/0x80
[  500.300111][T11901]  __kasan_kmalloc+0x93/0xb0
[  500.304728][T11901]  __kmalloc_cache_noprof+0x31c/0x660
[  500.310121][T11901]  dvb_register_device+0x2fd/0x21e0
[  500.315339][T11901]  dvb_register_frontend+0x61b/0x920
[  500.320702][T11901]  vidtv_bridge_probe+0x9aa/0xf80
[  500.325776][T11901]  platform_probe+0xf9/0x190
[  500.330492][T11901]  really_probe+0x267/0xaf0
[  500.335009][T11901]  __driver_probe_device+0x1ef/0x380
[  500.340308][T11901]  driver_probe_device+0x4f/0x240
[  500.345356][T11901]  __driver_attach+0x34c/0x640
[  500.350129][T11901]  bus_for_each_dev+0x23b/0x2c0
[  500.354994][T11901]  bus_add_driver+0x345/0x670
[  500.359689][T11901]  driver_register+0x23a/0x320
[  500.364474][T11901]  vidtv_bridge_init+0x28/0x50
[  500.369315][T11901]  do_one_initcall+0x250/0x870
[  500.374093][T11901]  do_initcall_level+0x104/0x190
[  500.379105][T11901]  do_initcalls+0x59/0xa0
[  500.383445][T11901]  kernel_init_freeable+0x2a6/0x3e0
[  500.388659][T11901]  kernel_init+0x1d/0x1d0
[  500.393011][T11901]  ret_from_fork+0x514/0xb70
[  500.397613][T11901]  ret_from_fork_asm+0x1a/0x30
[  500.402394][T11901] 
[  500.404728][T11901] Freed by task 11805:
[  500.408807][T11901]  kasan_save_track+0x3e/0x80
[  500.413512][T11901]  kasan_save_free_info+0x46/0x50
[  500.418549][T11901]  __kasan_slab_free+0x5c/0x80
[  500.423334][T11901]  kfree+0x1c5/0x640
[  500.427247][T11901]  dvb_device_open+0x2cd/0x350
[  500.432033][T11901]  chrdev_open+0x4cd/0x5e0
[  500.436460][T11901]  do_dentry_open+0x822/0x13a0
[  500.441240][T11901]  vfs_open+0x3b/0x340
[  500.445321][T11901]  path_openat+0x2e08/0x3860
[  500.449933][T11901]  do_file_open+0x23e/0x4a0
[  500.454456][T11901]  do_sys_openat2+0x113/0x200
[  500.459148][T11901]  __x64_sys_openat+0x138/0x170
[  500.464016][T11901]  do_syscall_64+0x174/0x580
[  500.468614][T11901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.474515][T11901] 
[  500.476851][T11901] The buggy address belongs to the object at ffff88802b456a00
[  500.476851][T11901]  which belongs to the cache kmalloc-256 of size 256
[  500.490919][T11901] The buggy address is located 24 bytes inside of
[  500.490919][T11901]  freed 256-byte region [ffff88802b456a00, ffff88802b456b00)
[  500.504651][T11901] 
[  500.507004][T11901] The buggy address belongs to the physical page:
[  500.513466][T11901] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b456
[  500.522248][T11901] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  500.530762][T11901] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  500.538331][T11901] page_type: f5(slab)
[  500.542325][T11901] raw: 00fff00000000040 ffff88813fe17b40 dead000000000122 0000000000000000
[  500.550921][T11901] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  500.559522][T11901] head: 00fff00000000040 ffff88813fe17b40 dead000000000122 0000000000000000
[  500.568206][T11901] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  500.576897][T11901] head: 00fff00000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[  500.585577][T11901] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  500.594255][T11901] page dumped because: kasan: bad access detected
[  500.600679][T11901] page_owner tracks the page as allocated
[  500.606424][T11901] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 16768970702, free_ts 0
[  500.626151][T11901]  post_alloc_hook+0x22d/0x280
[  500.630940][T11901]  get_page_from_freelist+0x2593/0x2610
[  500.636524][T11901]  __alloc_frozen_pages_noprof+0x18d/0x380
[  500.642377][T11901]  allocate_slab+0x77/0x660
[  500.646902][T11901]  refill_objects+0x339/0x3d0
[  500.651598][T11901]  __pcs_replace_empty_main+0x321/0x720
[  500.657169][T11901]  __kmalloc_cache_noprof+0x392/0x660
[  500.662567][T11901]  bus_add_driver+0x162/0x670
[  500.667265][T11901]  driver_register+0x23a/0x320
[  500.672047][T11901]  usb_register_driver+0x1e4/0x390
[  500.677250][T11901]  do_one_initcall+0x250/0x870
[  500.682026][T11901]  do_initcall_level+0x104/0x190
[  500.686978][T11901]  do_initcalls+0x59/0xa0
[  500.691327][T11901]  kernel_init_freeable+0x2a6/0x3e0
[  500.696544][T11901]  kernel_init+0x1d/0x1d0
[  500.700894][T11901]  ret_from_fork+0x514/0xb70
[  500.705500][T11901] page_owner free stack trace missing
[  500.710874][T11901] 
[  500.713207][T11901] Memory state around the buggy address:
[  500.718849][T11901]  ffff88802b456900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  500.726936][T11901]  ffff88802b456980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  500.735010][T11901] >ffff88802b456a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  500.743082][T11901]                             ^
[  500.747941][T11901]  ffff88802b456a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  500.756010][T11901]  ffff88802b456b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  500.764080][T11901] ==================================================================
[  500.814243][T11901] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  500.821518][T11901] CPU: 0 UID: 0 PID: 11901 Comm: syz.2.1881 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  500.832490][T11901] Tainted: [L]=SOFTLOCKUP
[  500.836822][T11901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  500.846917][T11901] Call Trace:
[  500.850237][T11901]  <TASK>
[  500.853196][T11901]  vpanic+0x56c/0xa60
[  500.857227][T11901]  ? __pfx_vpanic+0x10/0x10
[  500.861761][T11901]  ? __pfx___schedule+0x10/0x10
[  500.866658][T11901]  panic+0xc5/0xd0
[  500.870418][T11901]  ? __pfx_panic+0x10/0x10
[  500.874861][T11901]  ? preempt_schedule_thunk+0x16/0x30
[  500.880256][T11901]  ? dvb_device_open+0xc4/0x350
[  500.885147][T11901]  check_panic_on_warn+0x89/0xb0
[  500.890119][T11901]  ? dvb_device_open+0xc4/0x350
[  500.895016][T11901]  end_report+0x73/0x170
[  500.899320][T11901]  ? dvb_device_open+0xc4/0x350
[  500.904217][T11901]  kasan_report+0x128/0x150
[  500.908765][T11901]  ? dvb_device_open+0xc4/0x350
[  500.913649][T11901]  dvb_device_open+0xc4/0x350
[  500.918338][T11901]  ? do_raw_spin_unlock+0xf5/0x210
[  500.923460][T11901]  chrdev_open+0x4cd/0x5e0
[  500.927883][T11901]  ? __pfx_chrdev_open+0x10/0x10
[  500.932831][T11901]  ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[  500.939205][T11901]  ? __pfx_chrdev_open+0x10/0x10
[  500.944169][T11901]  do_dentry_open+0x822/0x13a0
[  500.948952][T11901]  vfs_open+0x3b/0x340
[  500.953044][T11901]  ? path_openat+0x2df0/0x3860
[  500.957825][T11901]  path_openat+0x2e08/0x3860
[  500.962432][T11901]  ? __pfx_stack_trace_save+0x10/0x10
[  500.967816][T11901]  ? stack_depot_save_flags+0x33/0x810
[  500.973286][T11901]  ? __pfx_path_openat+0x10/0x10
[  500.978234][T11901]  ? __x64_sys_openat+0x138/0x170
[  500.983265][T11901]  ? __lock_acquire+0x6b5/0x2cf0
[  500.988210][T11901]  do_file_open+0x23e/0x4a0
[  500.992732][T11901]  ? __pfx_do_file_open+0x10/0x10
[  500.997799][T11901]  ? _raw_spin_unlock+0x28/0x50
[  501.002668][T11901]  ? alloc_fd+0x64b/0x6c0
[  501.007044][T11901]  do_sys_openat2+0x113/0x200
[  501.011762][T11901]  ? __pfx_do_sys_openat2+0x10/0x10
[  501.016987][T11901]  ? exc_page_fault+0x6a/0xc0
[  501.021689][T11901]  ? do_user_addr_fault+0xc6f/0x1340
[  501.026989][T11901]  __x64_sys_openat+0x138/0x170
[  501.031867][T11901]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.037948][T11901]  do_syscall_64+0x174/0x580
[  501.042557][T11901]  ? trace_irq_disable+0x3b/0x140
[  501.047651][T11901]  ? clear_bhb_loop+0x40/0x90
[  501.052351][T11901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.058262][T11901] RIP: 0033:0x7f9fd575d68e
[  501.062690][T11901] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  501.082316][T11901] RSP: 002b:00007f9fd6635b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  501.090750][T11901] RAX: ffffffffffffffda RBX: 00007f9fd66366c0 RCX: 00007f9fd575d68e
[  501.098736][T11901] RDX: 0000000000000002 RSI: 00007f9fd6635c00 RDI: ffffffffffffff9c
[  501.106725][T11901] RBP: 00007f9fd6635c00 R08: 0000000000000000 R09: 0000000000000000
[  501.114731][T11901] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  501.122725][T11901] R13: 00007f9fd5a16038 R14: 00007f9fd5a15fa0 R15: 00007f9fd5b3fa48
[  501.130723][T11901]  </TASK>
[  501.134371][T11901] Kernel Offset: disabled
[  501.138700][T11901] Rebooting in 86400 seconds..