last executing test programs:

6.950084249s ago: executing program 3 (id=1671):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0)
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000002c0)={0x0, 0x10, 0x70b6})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x24, &(0x7f0000002880)=0x5, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000040)=0x8, 0x4)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000010000100000000000000000003000092d6c52cebcf0a60000000060a0904000000020000000900020073797a32000000000900010073797a300000000034000480300001800e000100627974656f726465720000001c000280080002400000ec0108000140000000080800044000000002140000001100010000000000000000000000000a0000000000"], 0x88}}, 0x0)
sendmsg$rds(r4, &(0x7f0000001380)={&(0x7f00000000c0)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@cswp={0x58, 0x114, 0x7, {{0x7ff80000, 0x101}, 0x0, 0x0, 0x89, 0x4, 0xeb, 0x10000000008a, 0x22, 0x77}}], 0x58}, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
socket$kcm(0x29, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)

5.877236883s ago: executing program 3 (id=1678):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x24040092})
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x1000001, 0x6100)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x4, 0x48dd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000000000000000000000000000000000000000004000", "2809e8dbe108598948224ad54afac100875397bdb22d0000b420a1a93c9e01177d3d058dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0x2000000000001]}})

5.745911602s ago: executing program 3 (id=1680):
syz_emit_ethernet(0x3e, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000000000000100", [0x0, 0xffffffff9673e35d]}})

5.578141519s ago: executing program 3 (id=1681):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x7b1281, 0x49, 0x12}, 0x18)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x400001, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x80c40, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

4.810385055s ago: executing program 0 (id=1684):
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x44, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008080}, 0x8000)
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, 0x0, 0x0)
bind$can_raw(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x20, 0x14, 0x503, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, r3}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e20, @rand_addr=0x64010101}, 0xb)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'lo\x00', <r8=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipv4_newaddr={0x20, 0x14, 0x503, 0x800000, 0x25dfdbff, {0x2, 0x7, 0x51, 0xff, r8}, [@IFA_LOCAL={0x8, 0x2, @loopback}]}, 0x20}, 0x1, 0x0, 0x0, 0xc090}, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
setsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x6, &(0x7f0000000200)=0x1, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4004001)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x20010, r4, 0xc0c08000)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), r0)
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r11, 0x6, 0x23, &(0x7f0000000000)=""/48, &(0x7f0000000040)=0x30)
sendmsg$TIPC_NL_BEARER_SET(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="0100280000000000000002000000200001800d000100"], 0x34}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x1, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0xf, 0x3}, {0x8, 0xffe0}, {0x0, 0x10}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TARGET={0x8, 0x3, 0x2}]}}]}, 0x3c}}, 0x20004055)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r12 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r12, &(0x7f00000002c0), 0x40000000000009f, 0x0)

4.501202971s ago: executing program 3 (id=1686):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r5 = syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x80081)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r5, 0x40045702, &(0x7f0000000000))
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r5, 0xc0305710, &(0x7f0000000080)={0x1, 0x9, 0x100000000000101, 0x0, 0xe809})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_DYNSET_SREG_KEY={0x8}, @NFTA_DYNSET_FLAGS={0x8}, @NFTA_DYNSET_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x90}}, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x5ac, 0x25b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x24, 0x10, 0x4, [{{0x9, 0x4, 0x0, 0xf, 0x5, 0x3, 0x0, 0x2, 0x95, {0x9, 0x21, 0xfffc, 0x0, 0x1, {0x22, 0x16f}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x1, 0x0, 0xd}}}}}]}}]}}, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02})
readv(r7, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x1c}], 0x4)
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)

4.326087428s ago: executing program 2 (id=1687):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="03000000000000002000128008000100677265001400028008000600ac14142408000700e0"], 0x48}, 0x1, 0x0, 0x0, 0x21000000}, 0x0)

4.25490065s ago: executing program 0 (id=1689):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x38, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x300}, 0x0)

4.166311438s ago: executing program 2 (id=1690):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x7b1281, 0x49, 0x12}, 0x18)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x400001, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x80c40, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)

3.745259292s ago: executing program 0 (id=1691):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = syz_kvm_add_vcpu$x86(0x0, &(0x7f00000001c0)={0x0, &(0x7f00000004c0)=[@rdmsr={0x32, 0x18, {0x9dd}}, @wr_drn={0x6e, 0x20, {0x6, 0x2}}, @wrmsr={0x1e, 0x20, {0x9af, 0xffffffffffff4a16}}, @cpuid={0x14, 0x18, {0x386d, 0x6}}, @code={0xa, 0x54, {"8f4878c1b5e2000000ccf6c9092e660f0119362645d0c80f20c035010000000f22c0440f20c03508000000440f22c0f367470f21c1660f3acf4150002e440f01cb0f08"}}, @cpuid={0x14, 0x18, {0x0, 0x7f}}, @cpuid={0x14, 0x18, {0x9, 0x2}}, @wr_drn={0x6e, 0x20, {0x0, 0x7}}, @wr_crn={0x46, 0x20, {0x3}}, @wr_crn={0x46, 0x20, {0x4, 0x5}}], 0x154})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x9, 0x2, 0x180, 0x100000000004, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x100, 0x101], 0xffff1001, 0x120182})
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000002140)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r5, &(0x7f0000006e80)={0x2020, 0x0, <r6=>0x0, <r7=>0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000004300)={0x50, 0x0, r6, {0x7, 0x29, 0x0, 0x11812410, 0x0, 0x0, 0x81}}, 0x50)
syz_fuse_handle_req(r5, &(0x7f0000000000)="03684a7b99a4fde940f3ec0d105ea2c8267323117153aa4a4f099c3835a607cd5cbd77b83cc33d13bbb6c6bcae59db739af84a4b5d34bffc145f3cc27ed3d4f9d9b3103699a1e1cc4ddfb6c1afd07ddfc18e358cd62649479724ce867fefc0a15041bee9f6084842fb982d5c2cf1488d668b741c64f0a6fd2643e729ac5a56462a6b64d5a0a751fda4fadf63ba0dc2fd14ecbf546918db77095545b41ab170e5d6e8ec8bf9ce9b8d53b832e90c701fe52af7999f8fd509577ead1be27891ada8564167f2c7d2eea1c1c9c65d8e151c58ddee43ec34e74d330ec50cbbb2bb21892c7ca995066e3cbea8a69d94dc6bcef5f3c0ef630e774d092ea58627f3e09c66a9c7d1abcf4f8f8af87f4269df288aca9bbf758275ce9695256e764d185a91a7570fca3aab16c75ecaff6b8dda371c3226d6ec6e55c5c4d8cfc5c33892bacc956a3613bcfa849da1b5e070a7911d7488b3e628d9339718e8b821f1bb5d5c45f0316bb563d0a442801412dfd5a4d61ca657e04d6686f7d5863d57954400aeee8e79be8f3cc4cbb3d4b91269df039c3d3543e500b90a2bdc6eb60cc7afab7b5187d88fbd76e6212ea29e872b73f925287bdc808b4a4f8ec7f8aa08bc90b29e217c3eef69d8deae4141f4f9bd110b7bde9320e7b45f422e9a6111bcaf99c9911e46e219d3bab477926bd5d2e78d4cd0eca133c232b1e863fd7799dbf609f3670b323e5518e8f4bd36e9b3da2c68a28eaec9cac688b4dd0b73adc24a8c7acc264399b7facbc2f43e8e40b6cae9f8e956d1dbfe259f12bae75ad362c354050ffdd6e954f2d7615fafce888bd6f672a81c9fd4318caba765069c0a425e898bf7611b77f0fe61c27d318159dba42f011900246c64557d27b77aef928ab04a147baca37863cf998a2ac30b903c0314449ddb218887c309ec7184c8c733f5d4e7b2d79516e9531c9a5becf8294d6ccd777f285b13160e1c949d3069c6c66c0daa62bac679bc9b69825398d1c290d765e882fa2c8708b20ccec885ab6785dc22696b61c109ff84bc5407932c3e5bf12069a68b8e3333a26d3dd390ef9bc01b86013fbcb5c28a1f4d2b8084f1502fccc4027a124c3629d8f4a8befd14b597cebda5f94f36050a31b95087cbac347788a71a90e87f2187fae600aa42719c05c2859cb30ae0fd58a7bba681f7a6027a00583071def2c9a94456e5d9acb9fd2d11fdea524582489c02377bf7f590948985c769b3822cb6366681d79113c6a6c752f2475caba77b7b2e8f293d7fd9b991f63e254c98dec94f4f3def4fee9cdb56ff3ba7fe6a718cbe9a7f04710e257ea8a49d6605266048fc122d4f3173d4b04b3e282bd3c5198d7fcb72ec38e0b07dd8a541b2807e601e5a0a01f07a281e0e1a261c65977088a54597efd0997c59647aeebb2605a89705eeff3ec780e302e24b23a0cbe4f81367c3f118545f01328d22eb8e802667389143166a9db9477c9b58eb5c76a19b8f8b2692b0d356003f08ae54dfc820d8e357ecbf91fb7e212cbef1262171abaf2f613a5bb59b783cad476fec50d16ca0ac13c08a59a3097e6e3fde700a4b987d10311fc22d4aa210956cd859799f78010e4c0f25b715876aa253df15009490f71be3b0022875161f537c70b14bdb9e2d87a5a11b414a1198533c7de6fc4d22228133bc26b19d9f1e7627b14c72e3c39d3fa2186a42e50a0d1867dc312f94c7209d51475ed4aa80b2ccb0557a40422bf7317de2fdf3296727723a2d23babd5e23f7c3edf4942bb485b95a122e6aba41b8f80f684f84605462448d5a4fd66dfe9bbf80590b9999b4780d4f4f189a20f4400b2975df85b584c8c8f9fa3095f13aede1f52dac98be358b0a0d72bed4df71cd23973e326179580268c4e5d1be4b2ae2e1e2dba913998faa6088af128fc8fd3ae26203a898882b67d86d63f6ee8f8e216337330db6d928facf9d0ca273845ee5b33a0a136aeb48b7c52d3b95fe73efaf06197ec8753ee0349f19db8730917d0f18a2de9602d3b887bc583ff64dfee67e2bdf4d5cc1c341b89acd3dd5176d2c15ec2a77120b8a49591ca438ae36c52845e5dca550e539da9ba2a2eda49be316f3d6d4b7c83666bd4759940347c29dedd273adac722630a940e104316b4806553ded47132be4e31a50600f5a4dd56825b245b7aae853f56f79e0ec31f7b5db945ee3bb92865acb0d8828598e77446ee50ecd8bf5e7ccbd963445a09e3be215709b0b3bff2e9d12e6549924338f236b4ff973682e2e03fbf6b167e3b3a0f8c3f3c1e8d0e21a71937c918cabab50dd74c011a1a5531cfcf88a5df5fa58f17715f7c7b3a64d9dab6f20a596288969191420ed71daccbae7c1ec88bf74811b5e1f4bd306f3d810c4f3600df2903ffdf8db40ac7153fd93327a1065cf2c4590c8ba9f9391eb6aa600cb42aff8793e4721afeb3d470beda45dad9adfc6f4fdb24eafc63792f5015c656ca37cee82b7ee382bda31d786d6e03d4c8611c4ca464e2360ca747815c9eebd38c8fc7d5eea2db96b29d771a96dc5c884029077125bcc31980564555d21ecce5d0388e1bc1e618c7dfb31b02b1a6730db7eda387dd4ceb96f65178bb088e81133e5086f73c458f84139685ef930945a51979faeab539e4964244709dcb8b38f575d3a3ec1328a0df65fb34241db7cb3250b8ae0dbc44670d2b5cc3a1785d8d281c05256ef2beee3b202d8bce053e55ce1fb2bb208e65d488ae24484b00c2e343fc3544ca546406688022db6e29ceca9539ec095a2a2cfc5f516230f75fc961c5de1e8d33222331f57db02cac5f9208029c6114d041bb1cc7f959f77511f5790a564600c018afc253e5ecd5010bd769b45a04296ca09e87fb63bf3d3b51dd8b3f6d4426a03c0944d09dff654c5718ab1fef063caba34029be6811502e8bb785011dd1e34b0c192915adeeb40faad0725a8f9a62acf61b944a271d20567f350cdee22d76e3cc5966ba742d9c43823af19ba74c60da0df0c5f4e7e26af7224147774a1f8ae09f929066e1769ffb3c40ba9fed13d2670b9e865a155426ed5c83648c0ad34e46f5308b455e0835730fe529668b606f3f52b0d04534d0e14bc0ff0f742359550e6980ac9978455adb3de0f292af12a3700453e035a49eafe98fc0d7f26e42a6c41f380448607b7c96291f98fa6bbd7e32c249a49171f8fa81762a490a1ce5c39d66d35c6ed6c0679440c06197c2e24d48e1de81c711164c02820816afb5393d3d6c801c3c062ac46d1494f52c45ca36faf94894eec9d71e1be6c7256f4aee8dc080156b28623c821ef8d1826ebf0a41332620f42589270e142561374c825e828e2bd9ae41fd34959db48319d54ffe7a1b58ae8f7361cbaee8e26e0e7e1b7f125f8cd99788825efd01c38ec987904190a0ad52bc20cd36cc7209f9269ac87b2fa44d2456661d3056d893cf912c69ae6b2b83d0c781a6d6c33df1910867b71257ab74e244e3ebbac07445069418fe2e440a384e16feedf8e3165676e67866430eb6a8a5334620d8c2cda15b0328bb0c50630886353f95241cf4f3b647a4ff812c70e1b074c4befdc70fbfdbf868bcc81652034b5bfa831f1b686724046dcd17ac91ace83711e9ec7465d14c9d508bce93676a58ef7dae37221436865ad34ac2fd691e3b3e12aee6736dbdeec9b1c05fcedf8b9ced547259a1a40471ebe8b4bfda69d2f884da025e2809fb9f159150bbcb331ca3c502012a7fe76b4fc2771976aeb624ad7f2d72c707f5f19d8ded84581ac5afa697ff99d27d88c9588fe769839c9cc9d6786a0f814667527c53b6253b1825bfe17e7d734d96d61da0ae7349d0922774fa9b4baf332a4568e32cafa417ec659c4ad72cd656a1e2c59c8dee38890ed3acd8b4f8657de41f670106c38c38ba1a553f0f589a57c61f5105d70e0c0953459383cb9337ca972cda1d2cd3056eb07f21c1f5b995a04997fecf501bb201c67fd2afe4d44fedea595969b6b3706087b0f59d2ddbb099d60436a94f0ba33282b29f6e914fe92add4b33cf70b680b905cfa2b2ccb00b9967f99806e8d69783fd35a2d7fbb424e9fde2647609aecb0208bc3864bf95f05e50ba12123edaca8de927b338dfcb3cc597947c606c08315061a7fec98c48f480e2febd26fcc8dc12289aeb0adefa2c2be1766a5bc74ef1aab6c2cdbdfbf1810d956bc889c8e614b7b933ff6e336bb208db5b592775fe71c3ebfad5f47e0d074e1c0cb36761481ec677794f23c3698bd35875719f242e3fc939bc3668f9723f31effe189dabdf4ebbed073eab952c88f13059eee22230bc7724d7266b15726a0b0898cdd274e3e56d0a356166b5d16456249e9e92e84e39f61c0ecdf99ec2cd230440c03fd21cf68f27306628d35ea47367775f39d20a07f3959b38d49e3674061fc1018b647047ad39f77027878badd29927c5806f95aebde5f070fed28ed34052550678d3c6b677a3b5a46f76a98264c42206bf62caa95df5437092b68e025ee9ce2ad733b6db3ec97fd33cdc3b2f77ee90dd86d8bd289ae1a437c86f4153ddcff5e846347bfecc1499bb42980e4fa91790faee1b1991dfead5d7c460348631f0469b2b9e8f65207a00985511e0c41f441d9a3154f5a0298c172fd7135d4bf95c11cdf1769db1cc55f392aec309037599327a7c53c10a56d1ace8ad19186a2fc75dfa9d657c114eae99c1c1a6b4a58440718bea82290bd1c2a67048938c381648ea2b2c7110d748c9c8d782f20430b1427b51d7036e55b0997c6f75717db67a82c88d3647ee036b49392f0467d6010b32f9de3e5e79ef082c5bb975d11d2bf76a97f7159c11a7753db8a065d3126ccda9abbebd2c54374e389942c24b27435868fadb45bb060d3c1084b211e2afa8dfaa2d8dab8dc47fe10e6c32afece7c4976176a7c66d704125c0948c238c843b41b0246be1f50f8e07884cfe7ae8885ca06339a339c8d5978b079e0eb78facfa1dc67ca70733dfefc6c868ca149e0661b70e0134870a3107c8c46711fed14f892d6fc66d95306838688f13b19e904416a8d161cc33527878b38ad10b1c08db21457b2075608be7300d39748e4fcebe02b190f3e8ed32a0ef734b11ca43a21f5f809bba795f5aa0ea01050021d0f5213620af5b08fda6421a42b7c82804a20a6ef6d471babf76f46538327f943476d1d109a3f0dc531233d6f93d8dc27f4745735085f92adf63d617b373fba24f289035710e69eb80da12d36e8eaec22620ffaabadfb824bd5fc309a2c74959505856b5b890bba8f22bc571a9d87e93ba3b9aba6dcf26f7076c0c2e271641835ea25fd49d96c69d4fb8bb8731bd2cbc75146aed10d269f9060462339cde8830b535920be3dbf143eace0f1ea9469b95a64fbd7e5057eb880d4422cbf97cfc3f7140251d4923580ca2113f345cf24a66499ceffd2e39dc4fd74cf448638962957b409f0d218c165c13ffe107aa1dd1d9a02092cd46cf2b353dd2d2ca7b8a7ae8eda0ee18bba269bbffed0c7d400497aee4da0896cf6329d76ccea098fbef9075412d1c2a3644cf0f202b884303d204314ae92c56217b2feb5e7c1e15a99fbdd655fb8f6bbc3ab1259bf03b2ee17c5b7e9443695177ec5040eeff3fc36ceafe143393d76a3d735cfe6c9b632e52dbe64dc1265961e8a27ee9f76c0add9e0581e474d7678214f5b64c932903715befc6b766611f1d7e495573b9a3e009cfcb0ffef7ac57c3561badbfa41c119e541180aa2364de61a601699cd1bf3de01d15794b728e1444efd6ffa1e57d95489c8df91fbc057b66dd6d9f3a01b19f36bc99f0b54ed1f9905067dd1608bce47f5ff1981a25184aacd39e331d8ff3dfa7c012d7e667a69249cb4803b23f7eeaab8ed29c69ba3d2a1b88821ffefc5825650c53b6364f38e0a178312f5d29d5375423cceabc8e1c4e51a566ba3f9b176b858c8860440ff8ebdde725640d2dff6b9160bb69f188755b0ff766b410704cda4c33e1ae2c73b5799a00d2f55de73109728b350302b64df2ce3eaf2e0c6561009b60c2701ac493076305e97ed20c3b42f40b2bc7f13bba4ab8181e2085b07930c6f5579205dff696902be824e65ddc774e886e8d261fe74712a31e406b0f7725b4559d7ad0f27a1a870261aa5bb8a720e7c89ba933770d48821416de070df1abcc6eee1147c20bda090d940aeee2bd48c0f3d94675d9b9cf1a62ba50e31a7af0714dd8325d5fb7142e88c4d22ddb8f0278ee6ba88e361524e291b6d000f6523ad4188b021da9ef4a634ed09eb2002b9c726746c9ffc32f261edb448106aa1e2daaed865255fd1d296fedbbb2de3f7c1f15935e52006492b632ad125aa1e000c9d71bdb945792668e16b26122a3fd7cba1a40db8083068c5c48fd2aaa621c87d9f5621bba442fc26839030dbe4e37fda4046d6503bb03e0f928de25d4cd4e2a40ec93c9021dfcbb25f6e2c943cc85eba8123340d6364949581e8c8c2913d59dafe4297672c0b9e7418485f00cbcf672a588904beb3c074bebf339815b91c7c374ceed5a701e1ade8f5d87ca536120116307ac259577a8e12958425317c482d2c7089bf3d83e12318d1526107a050f3c094492de7255b22e18ca2ff261b3ed197f2f8e67b71b1c5a6a04b99158b58e9baad75201aabe13254617d0de0a9073af62491c67fc18d1ccbf7686a85a99b39e9d7d9c85a0777e47c9fd0e10c932c20f13ef287b44b9b706ec818aa0c48a10caac58a9b8355e84bc820698c2501f0c12e1b67df701cfcbe72dc47a2c87d43753ebfdb24cc838507e241d9fcd3d4955a373209ccda903a3ffced05e4232f2cca9bba197fdba8a9357cb1d6da6d9b4095027dc03e17d59ebc2d358e171da0044df102b193c79390ebcb58023b40c621df71e064b0056bfcf1eaee1eca85357cd1ac78feaa54bbbd85596977ba85003ea60d8685f4e3b756e4f81453077396590fa214f672929e81569442023667b798c24e06ee20dbf64cfccb51b2bca4e2a5b0df137bb37ab3e2854dc7e1b879866a72a5809b563596cc9fd3e53abdbccfd5dbc60662252ddc5c290d72230d79b7504b40fdb45ded2f02e926652c1e04ea4c1c488025ad1098adeebe98e385ab1caec4b9eb4d3bbd5ef3ddf1fd0d72784604a989558fd37f6d4fee20609090b3331e254fec98414a2c54589ee01c9429b7cb574b9167efede1d966a227bf2a8e422f38680d77d3c555cf1117e7d7e804ad730c36a78b7846473d6481bd0839bd3e6982ed47246c370a90b76e5b88de202346fb20b8b6b5ecb6a90b8478d17b175a1821df75b48ecc34866fe5c8960bf64d5ff92831bb9357474bec65e0dd1699b0f0340ee5ac5e9e9d3df66edca20201371fc21ad80aacd49c6b0abcfee9c876c15edcfccde823b55b61cb7b254487ef8c8781a22043f4adaf25df34580a6b3904fd014b50c59fa90eff75fa5fd32aaec9aa10df8a2b9b824952e475c964533942bbe30f4167a11fc15d548e0a31f911030569722f0c67e79e90483f6f0bee1c7f80face1a1b0f940c891be688cb16394f6c07fd29b5f248c211d1f76ec1292755d8bd963e191b3a8851472fbbd2cb732f4fd9fef3a8fb29aea097328173fdeaf56fa2279e86fb954306b040c960d0b601b3a741c96cf1f0bd1172f848585cb3b57d7d2e2a84914526f5a6f9895cf5aa4425b4dbf9f59037756a0321bba204a737e36277e86fd268f6047921f4f8fab69dfee137c07874f12f89084e7117e2c9221690a27f880f17d08d56f9dbc96ffef3920b55fb773dde72e1ba35f3e0c9872e339508281426ab04941df4885f7e0293149f1642c2573e2b6594b8fd953ae2468cf917cdaa0692cf461e3628860935def39af78af5e1540147ab1c70c3ab7f7c76abea0d8541feb43e632d7a2cc7bef15a4700304048ecf135968d0a9644ce899aad05b186a2224bab3836248cc6137472203ebceb29b3e87610df12417ee722f309c54b2e65591d8b929440f3ec43ee9ff8f7b7710668e4312610d1591303d5270394da0ab61e4515af5215dc81137f0dc90f951972731f8d98ceb8b4ea38da7d8dc153ccbae5068781eaf9a4a7b11b4319090261b61aa65a8536292eb5392020eb285b2db07f81e7f764d65037050f1e3748593474c6c1dc11cfcb56e1c916157280098a437265e1c682cbfed717e7275bc6c3bb6c6ef7f0f9fdd19ef82ff2c82284c3a061f57b21d3705aff97710108a7d1217a7ea3feda021d20f1fdca94bbef67e0aeaa3db6ccc2d060f7b33707fe19cb2d0232f1239373bb38e666cbbbf3a697c6d0e957ec6730f56034440e789a7a37304d09eb742f21019a77c608cf578162a55d0aea113c051b110b5281ed8b6638d2b31604e965cb019f2f106bc4e96d1313c70612f1ff18afdce7926270dd242c49cc53792f160d1e143e04d7eb3ca40828b153fac466bc53a084281987b47b806a4ef668859eb9035ef68e9c20bd6bb790fdf6f921569b4e97fae5b7edc761b4944c1d6d90f4df40bc3203ed838d4c61cdeb7a9bbb68d59b2cc00125eecaf06b759ac1b9dd68028225d0a60efa499e4436962362727011eef6cc55962dd4ffe2fd3892907e837045883cc9ba8892ab265a31924f3055d4dee68feff05d9f10ebdf1e8c1c1e7001b5b02a7fe26b9c0641e054ae37854187fb1bb6e9fae05b09e85a1e0e14bc801f2d8b9a178a9a72b147e137e0d83192664a88a3aca4fb6a4f0c5787b20c31bc5975dfbc8bcff8987573bd14b1ca434d93452e67ed01c60be99e535bb3f848888d224520b61cfc1de2d6b2ebef9f24674c31aada52784a0b7b60f351653c71d546cf951e6b4a0d917ac6afd0a713f41833f9f74a3a7d3c19b523299666da2b48676ca7aafebadef05b3bbf4b6b62834046f51d3d4582fb4c9de27a3f5e992853368e4f17f9dba27c8c4438307fc7405f53fb27cc81c1521452a1a5edb0cabdf7a73b1cab0675b619fd5a0fadb7147776e74695c042d9d8bfda045bcef7542b42249f34c7590605d0201a762390f2fee5f3cdb488426609c663c9fc4dc2a5277f3f589a14e6dcc202dfcd89bb148a368ff1792d230c19934143d2c260dbdfb334af863b856e415febd22fba01c568d8f48dba6d92f493cd1164a376f006d55db609cc2c9532a9f56da3b06e3db2a05f797eed57892e2fb677541324bcd763cf4669e7a871e322d0cc6e21befe3c767976f058dbe7a059d673c94c7ac5d49178bf19d32907b6fe66a92cc8ea30a858da43f74354390d6e97021da50812c59a78915e5b33221531bfa054c594ce3a2300e5a7d712773181901dfcf6922e980566fa62b1f2b669a27fbecce29e9be6d22058463e350163f33d18ce92a72d1b470857b6a37998aec5672521a8f0d66ab2bd01de516036ec47d1f63b95b437dc6d5a0168189d5a963cb0a80a9a5f20b03515396e3525f0ab13b0c1e5dd051b4c930da6d57ab6f7dd94ab3e689e0355af0b34871296152a76cce170d7b14d471ee4d9daa93de4ed755f30d45344f724288c17e4b22583158f1305ff55fecf7d526e207fa609886e14c9a168bf364b049409f63590f18a5515de8c1fd8c5a9710b6e33d2ecd01466b799f14be787612b8f17df0c05483a16097c0a504880249e28f1e067663c640a550a8c7ad9d090f7b2e902c5c20936869a5f3d3a014817f90babf847b43cf67ec23f120ae4abc63a418d1d99f359fc2c33a5bb34e1f5780576111a88c5ede834bc41e498548ddd128f9e884f4cd3e1bf1aaa1204079ce74e709306f38f2d6859128fc35d3a74c534ff1dccadfc8fe41f1be9510349af8710eb6d2dbc758be12b65622dad1cf48abc2fc409f5ed6a3af8d0b6548643c46dfba9db4e5827475e6e317c9c018a4dd5de391cc9cca85ec527537e26949e5091baca4f0b563d4c3969f15115e5ccdeb9e40788fe12f9d32d9488a70ae53b819726e4483ea6bbcb76f99775ca5e4f93c76edae462c08d596209f985aa55ef5e786701edcee8d831dd6dc0fee9ad01b6bdd63e886a5e55bdc593390c81e18dfd8c685b81306bad6b7a19a86b2bab5cbf4754708422e99f8f2497d798b3db565e709bcbba4c376c1c60b22b994fe8fdcb25215d505511cc1927f6a35344023d5da0a3ac0830e6aa80f5f7f0d94a67c99c6b22717078aecba2a599daa2acc054cda25e3965172e5fef464ec19aa71de5e84b6de30cc673fbab8c441ea37bfb3fc321a504371bc0996702e9be38db762e339ad7ad66dc2caa887e4ab60272d7963f85b14c941d31e545b85c640427302efe7142f0e0897a8c623ce57da213fbc2d1f90677142fd48cafca0b2934e572833ed6473218d0513dd1f6ecc578e5a1109ddae552b3be0cfe7246d7682a59fe9ae783a0f318d1800d5c466c80c5fd3facd0340f455f081068dd2cda5cda744018d902217152b6c05d37c090f8348b0471053152c2a4570fbab3f6dc30c8e49a63b88a00b3aac75180a633692e35ea976821694e133eb8bb4d31237d002fce1dd2ce55528dafcef2f0e00690562d144bb0e19576ce6ab72deac22067d8edac916b1b07e4eb57ff0b885b1b79f37dcf88135eedc17ffd948b61e4df4985033bcf891dd5b1448c8668947a271d93d03ce31216810a6bb45a6c5a12e290d97a60ad4b5c7384cf19421ac1ca64d346b50771e0b50e5caf1d9dfe056e8da247aa502ff04c8e29ca810a1d3ec7a89bc17dba2936f03a80228171f7999b3f2768617970efe57b14011c80666ac4999a568ebef74e2ca14df0ff6f0fcd47c538be96aaca1e65b53b98447101e49672b48167c0afc1afffe669b0f9718bd3305805c292db9738740b362564e4691cbdf061db1ed3f9db1f8bed82939f835d14f46818e3eb4e25f7a8d77d9d0d7913c45d8a81115c1a5e37b1d3bd1b7b5e6afaaefc81d9700bf83506fbf15457bc0f59f7008cc803efdcb6d39e388f6b28e80d47134265cc5438804b12d50e61a489da829dca05792d2ac182ba747331e88a7118f7dd38067f7d38f37be362260effacbc33863bb47aeebbadeae648a1090718266eedd2ed5a2c23f168759198aa92b2ac45c2a68ff212f29260e641a38541b066d39df4e95cd1c8e7e6ffae1b8017e6f629db3910b07496c8a81e4e66ac2321fd9e7ebfecf5bf6e922d7a79fb710a2d42dad1916c9b186c2c50c818fdb1afa19be867d943ee98f732fe3a01364281c0f6d0eb64a278721dc7bff5316256b0f4251abbd9b8ba7c7c12a3bf02a1fbc9ca94b965588fbc82343d07df8e06eaa5ed2137fec129351d80a9048a7d78b31ffaf2e388864a763c4af7aa53000e0bb2eb8ac0e4272cbb79dc6a7d65890f125c523c7cfddacdedbe87938aca915c92c807dab26be7d748827d4e3188676312ef1ac8460b29e8e715f4075e33104ce82e6785aadf17a7cf82d2a705e9f2d0fd25810ba33d76e54b48eda3effc01f37c89db38af81922fadc8c3361fe74ed51eac5e4437108106ffdedb339b406c082d62a8bf718989846d23f966e1ea39103010f767b3a6f0a0a2041b1dafcb787e69ffad75ed2a0081b92a4136ad5ae557c55a4b6219a390103428181ab36f329ad182a92957495c", 0x2000, &(0x7f0000006dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006640)={0x90, 0x0, 0x6, {0x3, 0x0, 0x20, 0xfffffffffffffff9, 0x400, 0xc, {0x1, 0x9, 0x8, 0x1, 0x1, 0x4, 0x8, 0x123, 0xdab5, 0xa000, 0x0, r7, r8, 0x6, 0xffff}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
readlinkat(0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0\x00', &(0x7f00000021c0)=""/122, 0x7a)
close(0x3)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f, 0x0, 0x4, 0x0, 0xd9e})
r9 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r10 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r10)
ptrace$setregs(0xd, r10, 0xfffffffffffffffc, &(0x7f00000003c0))
ptrace$getregset(0x4205, r10, 0x2, &(0x7f0000000080)={0x0})
fcntl$lock(r3, 0x6, &(0x7f00000000c0)={0x2, 0x2, 0x3, 0x793, r10})
socket$inet6(0xa, 0x1, 0x84)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

3.235114655s ago: executing program 4 (id=1692):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x2)
tee(r3, r3, 0x1e0f, 0xa)
name_to_handle_at(r3, 0x0, 0x0, 0x0, 0x1e00)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x95)
syz_io_uring_setup(0x64d5, &(0x7f00000000c0)={0x0, 0x8345, 0x800, 0x2, 0x399, 0x0, r3}, &(0x7f0000000140), &(0x7f0000000180))
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x5, "0000000500000005000000000500"}}}]}, 0x48}}, 0x0)

3.1061778s ago: executing program 4 (id=1693):
r0 = io_uring_setup(0x3eae, &(0x7f00000003c0)={0x0, 0x7c52, 0x1081, 0x7, 0x258})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x1ef6e3}], 0x100000000000011a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x12, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x89, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYBLOB="d1d87a045465d9899f46b5a36cc839e1bdb2199424fd3548ead52d49a77e15e33c3f6ef1ac73eda81c33d8ded8c6004c8bdde4aa73c364045bc0d018659f5d6f2242d49148d094afad2e3ece2fa17e27c8c810c598d6fa048be7f1b0f15d053f5483fb4e8ebec645002b81587849ac6599bf2c16401c2a48", @ANYBLOB="070000000000000000000500000018009abd01801400020073797a5f74756e0000000000000000000c00030500000080040001002eeba4d91f00000000000100016a5bfdc118f6b583eb4ac3f91dab5a68c45443197405e44bfdf69f2a4e5a9536e8d7cea26a20f1"], 0x38}}, 0x44014)

3.028734149s ago: executing program 2 (id=1694):
syz_io_uring_setup(0x43f3, &(0x7f0000000300)={0x0, 0xbba1, 0x10100}, 0x0, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x6, 0x80400)
open$dir(0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x15, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x41000, 0x46, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f00000004c0)=[{0x2, 0x2, 0x7, 0x7}, {0x0, 0x3, 0x5, 0x6}, {0x2, 0x5, 0xf, 0x5}], 0x10, 0x6}, 0x94)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000000040)={0x32b, @tick=0x387, 0xff})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f0000000100), &(0x7f0000000100)=[0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x65})
fcntl$addseals(r3, 0x409, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3400000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000800000140012800b000100627269646765000004000280"], 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000b6f000/0x11000)=nil, 0x11000, 0xc, 0x4010, 0xffffffffffffffff, 0x0)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r6, 0xc020aa08, &(0x7f0000000180)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
syz_clone3(&(0x7f0000000340)={0x20220080, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000001c0)={0x9, <r8=>r2, 'id0\x00'})
connect$unix(r8, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
ioctl$SCSI_IOCTL_GET_PCI(r7, 0x5393, &(0x7f0000000000))

2.891353343s ago: executing program 1 (id=1695):
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x40003, 0x0) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000140)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[<r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x1, 0x1, 0x8})
ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f0000000180)={r1}) (async)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={&(0x7f0000000240)={0x408, r2, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x160, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8001}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_KEY={0x3f, 0x4, {'gcm(aes)\x00', 0x17, "549242e4c5b859b6651d5deea4cf09864c2a6bddafbf5d"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x8}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0xf2, 0x3, "36977659fd764687bdef83d455bb0ae22c2aee83e1bb61ff25803674be3b5495432782e2e421102a5f5868c644989b253fcdb73a35f1bf5be0a8cb17765b1f80cc79c036255e709f6fd9e8b5887699bf8d30522f449d98830cd06d1174ad412f68e40637967139deed892bd36d9c1859f4a915586fcccdf86f6ea103a4818e3a557d5446ca67884b726e4ea22a04c2a7d51e77bad71754ffe529bf3318aae533e949f6004959ade53334cf054b072bcb391ef64f78b405801ad8447278ef865647e76ee3cc0b800932ce48764728d236ebd36916557bc982c0c2ead4020169497dd793540d7fea903ba4d1f08703"}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_BEARER={0x148, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x54}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0xffffffff, @mcast2, 0xd}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010102}}}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x85d, @private2}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x2, @empty, 0x7}}}}, @TIPC_NLA_BEARER_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x92}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xf043}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'syz_tun\x00'}}]}, @TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x790}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}]}, @TIPC_NLA_BEARER={0x1c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x101}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'geneve1\x00'}}]}, @TIPC_NLA_MEDIA={0x70, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x36a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfe5}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK={0x18, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x996}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}]}]}, 0x408}, 0x1, 0x0, 0x0, 0x24004041}, 0x800) (async)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000700)={{0x1, 0x1, 0x18, <r3=>r0, {0x74, 0xb1}}, './file0\x00'})
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000740)={0x8001, 0x3, 0x2, 0x0, 0x3}) (async)
r4 = signalfd(r3, &(0x7f0000000780)={[0x5]}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000007c0)={0x7fff, 0x8a7, 0x8}) (async)
setsockopt$SO_TIMESTAMP(r4, 0x1, 0x3f, &(0x7f0000000800)=0x4, 0x4) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r4, 0xc01064bd, &(0x7f00000008c0)={&(0x7f0000000840)="612e2715cf644918da43a38fbb58542e488528e8f419f0aecfddbb3a1bbdd1ddc16d63073d3a2cf9acfaa3837aac026018d7bad5c14f66e7edf9a76849b2b0a769106250716e100a2c848728c2d1634309c2f44a62526d7cc1ac35d0b646b67cec89786ee33ad15eb27fa3432dfebede0a5c", 0x72})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000000900)={{0x1, 0x1, 0x18, <r5=>r3, {<r6=>0x0, 0xffffffffffffffff}}, './file0\x00'})
r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000980), r3)
sendmsg$SMC_PNETID_DEL(r5, &(0x7f0000000ac0)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000a80)={&(0x7f00000009c0)={0x84, r7, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'hsr0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'batadv_slave_1\x00'}]}, 0x84}, 0x1, 0x0, 0x0, 0x100}, 0x8000) (async)
r8 = openat$nci(0xffffffffffffff9c, &(0x7f0000000b00), 0x2, 0x0)
write$nci(r8, &(0x7f0000000b40)=@NCI_OP_CORE_INIT_RSP_V2={0x0, 0x1, 0x2, 0x1, 0x41, {0x0, 0x1, 0x6, 0x5, 0x5, 0x6, 0xf4, 0x3, 0xeb, "ad3fdb81aed8f61a617140008e79381ad41e6b6e977d44c05b3f715f32d3cb6d7a4094ab6d90128d0b3cb7ca011006f806c8ab8af4fa10b1d1701143dccd3e4d5b7dad95a46914a9ade35cb73ee727ebd858a843ab031aaef955d8868df0f32f92f87ca0524a7b96e4ffc6b0dda180dd22f509e395b4cde93af5fadbce186af375861bf3d099435e3f7b361242ffeaf837b1e980929d2ddf16035ba60f8dd0a7e6ab22ad9429e26cfdd4a35e7a3127f2f09356b9cd9da72d0798dbd4a2fd239dbb1441e5857e0eec384f499067c3eaa703c521a427d5f8de7f6e5d3f2f38715fdd3b944f374f3562a324eb"}}, 0xfc) (async)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000c40)={[0x7fffffffffffffff, 0x4, 0x5, 0x0, 0x7, 0x7, 0x8001, 0x1, 0x4, 0x1000, 0xff, 0x2, 0x5a, 0x0, 0x1, 0x9], 0xddddd000, 0x30a00}) (async)
ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r3, 0x4068aea3, &(0x7f0000000d00)={0xdb, 0x0, 0x1}) (async)
r9 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000d80), 0x14080, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r4, 0x4068aea3, &(0x7f0000000dc0)={0xc0, 0x0, 0x4000})
r10 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000e40), 0x2000, 0x0)
ioctl$KVM_SIGNAL_MSI(r10, 0x4020aea5, &(0x7f0000000e80)={0x5000, 0x4000, 0x8, 0x1})
ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000ec0)={[0x6, 0x5, 0x5, 0x9, 0x5, 0x100000000, 0xc, 0x1, 0x4, 0x1, 0x1c, 0x3, 0x1, 0x6, 0x2, 0x9c6c], 0x5000, 0x1002})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000fc0)={0x1, &(0x7f0000000f80)=[{0x0, 0x5, 0xff, 0x1}]}, 0x10) (async)
ioctl$KVM_SET_TSC_KHZ_cpu(r5, 0xaea2, 0x5) (async)
r11 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000001000)=@bloom_filter={0x1e, 0x8, 0x7, 0x6, 0x2c008, r10, 0x80000000, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x3, 0x5, @value=r4}, 0x50) (async)
read$FUSE(r10, &(0x7f0000001140)={0x2020, 0x0, 0x0, 0x0, 0x0, <r13=>0x0}, 0x2020)
sendmsg$netlink(r11, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003400)=[{&(0x7f0000001080)={0x98, 0x21, 0x300, 0x70bd25, 0x25dfdbfc, "", [@generic="e77be68979ada7f4affdf3dbf745f6b896654f624c7525170bf6ccacab92a0d058beff4aed85cca429889123d8a7a9c78599677f394630cd6ac163ce25a912594accce8c33d3e044f0272b41a9818ad9c67c0027a94f515e3adbef4992847e8bfb389f179fdb2c1fd1210aa778c52ac6aac70f2b64a5754588b0046f408ed0e4b75b9eae09467c"]}, 0x98}, {&(0x7f0000003180)={0x21c, 0x32, 0x400, 0x70bd27, 0x25dfdbfc, "", [@typed={0x8, 0xd4, 0x0, 0x0, @uid=r6}, @typed={0x4a, 0xef, 0x0, 0x0, @binary="8b7bd76aa421ba26f9e80537a5f8228a0f61f110ae3045667026d9fbbb38df1ae160288d6995f2de6b4fefb34281444457a91506e2bb5d50e6d6c8f16d9d5600186b989ef431"}, @nested={0x1b5, 0x31, 0x0, 0x1, [@typed={0x8, 0x44, 0x0, 0x0, @pid=r13}, @generic, @nested={0x4, 0x75}, @typed={0x8, 0xcb, 0x0, 0x0, @u32=0x800}, @generic="7492d44714003188e23c810a0a6463310a682c4e1787c6c480f58c039cccc04f160c134ca4410ad4c2471cd51425aba9917b952b1ab5d9b78c7ecfa8095ce666b5a72dfb3ce8789f692406e9232291ba01b33efedfb6497cf39df312b7dfa31d2b3ee486015450b9aa9d4741d3d87b41", @generic="376532459820ac339f5cfaa295d50b7bf4abe5cd12584c86de523736fb3d160fcaa9d6f9d4a027f76c37c72564b85ffc78e20493a585df61d98f3c2302bc60418099", @typed={0x8, 0xbf, 0x0, 0x0, @ipv4=@loopback}, @generic="e378ac180ddf7f101ac5af10733c128a3a6d5fadff2407b4ec7169d33fcd28b32cea3b9b89b7fe7ff9a2aad2fdef13c77edfe54bb1539fc80682788121c007a48c5ec0df7f72e08bae281c9ff906b6acefbdc7b6224abbbb503a32cdf36e3751f829e111904f81bfd67c10b076424ebdcd2e1ad050c36ec6246683e68581c528af9940d5f02c956f84367cb887c04fa5c067af226678506b8e9967196b06227e8cb09b01d7914cfd5934cc869f5f934d88c67511b6674cb73e5e5bd4c7095e647126db90e9c9eed12b08bb75231a99c095067379d0a3cb7a88fbfd7467effe", @nested={0x4, 0x14d}]}]}, 0x21c}, {&(0x7f00000033c0)={0x24, 0x2c, 0x400, 0x70bd26, 0x25dfdbfc, "", [@typed={0x14, 0xaa, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x24}], 0x3, &(0x7f0000003500)=[@rights={{0x34, 0x1, 0x1, [r9, 0xffffffffffffffff, r12, r5, r12, r0, r9, r3, r8]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r8, r3, 0xffffffffffffffff, r9, r0, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [r0, r5]}}], 0x88, 0x4000}, 0x9)

2.714148828s ago: executing program 2 (id=1696):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000e40)="83556f524e5b4275202de9e9190a4e45413b785e52d04218ff14259285fc60a04bc6b2219b8c6853a6622cf43ff12c6e70030000009d24e78c3e9315e114c8a7316f4fe07425a43afc3f2146fd5b3fa9944ac1fff9e40cb9d497259e2f8443386550fc0255f733c2c4592534f4c24aa04090941068f785925c29c444a6887d4a23cffdd0da78bccb1ee094cc21d79dddfd1ee274ec69d98e4ce1efdf0600000000000000e348b88fd9387473855b1fdcd7493d01f0453924af3a79bc5d40b7e5ab2c6bd87501389f038abd8f0b2c59445502d726c974e0e57eab107a6ad6f2a998529e4bdafb9ed3a4c3482682f5369b1ca77c8d03000000000000000da5b3b17b58909c93344ff6b6908a5de6530ebb79b7096253ed28f981b117f1af480914519ce90117ffc37d83297da593ce451f464a6b272b35442e3bc42881092cc92420590b6230a6af3817a7b4ca4d7a46e0c5d814ee1f6d9a20a255c54b88476ac582e3e4d99ba105b0f4dfb48d666aa23f70fbe69249f33f75fb4e5cbf27f1ecd1f47bfa745d508d3c599de413ab6b7f00ae14e2ed3c83da269536787bf4ff3f0d117b8415df306504b3020bfa61450bd88b8c73362f2ccd2217a49b8948f0ead1cac7c3f8da62ecc2219826bde12cf42eb9f9378909858d000000006316d96e2735850218ae8f25571077a7602a55d51b2582a5d5e322e5816bc464beace66726fa5a8b0b84be74b85dd81115bf7dc16d2a45db14e6b52e05ab8f54b7d775d90db2ea7a63d7a84812ed0456346fcbd1ef7b0f8f3f6833a99270f678ec85e3ce2ce718531e898016f81dec1c2702e7e0b04539cdc298c00cd464ca36342b634a61e2ba4e8c3ede56d78cac00fb4137aaddba05c519713989c60aed06231c821eb247e6d7a55989e4a672b5d24cdc", 0x28d}], 0x1}}], 0x1, 0x60c5895)
r0 = bpf$ITER_CREATE(0x21, &(0x7f00000078c0), 0x8)
socket$netlink(0x10, 0x3, 0x13)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x202, 0x0)
r2 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xeef, 0x72d0, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xfc}}}}}]}}]}}, 0x0)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f00000000c0)={[0x4, 0x0, 0x1ba0a044, 0x7ff, 0x7, 0xfff, 0x2, 0xb9, 0x11, 0x4, 0x6, 0x0, 0x7, 0x2, 0x8, 0x7], 0x8000000, 0x80})
syz_usb_control_io$hid(r2, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x2000000)
r3 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c000090400000207010100090501020002"], 0x0)
syz_usb_control_io$printer(r3, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
pwritev2(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]})
close_range(r5, 0xffffffffffffffff, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@global=@item_012={0x1, 0x1, 0x3, "8d"}, @global=@item_012={0x2, 0x1, 0x4, "b314"}]}}, 0x0}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_GET_MSRS_cpu(r7, 0xc008ae88, &(0x7f0000000380)={0x21, 0x0, [{0x298, 0x0, 0x100}]})

2.251908105s ago: executing program 1 (id=1697):
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x88582)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r2 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x8c082)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001280)={r0, 0x200, {0x2a12, 0x80010000, 0x0, 0x2, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "0000000000000008000000000000b60500874028161db2214e000000000000a1", [0xc00, 0x3]}})

1.669598033s ago: executing program 1 (id=1698):
syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0xbba1, 0x10100}, 0x0, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140), &(0x7f0000000180), 0x0})
add_key$user(0x0, 0x0, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="20714633138bd5a7ed8beb42bc1d657e004b0400fe0000000000007a000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000))

1.53051598s ago: executing program 0 (id=1699):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}], 0x1, 0x40001)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00000000000000000000000001fe00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

1.466209607s ago: executing program 4 (id=1700):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x14902f06}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWFLOWTABLE={0x14, 0x16, 0xa, 0x201, 0x0, 0x0, {0x17, 0x0, 0x2}}], {0x11}}, 0xa4}}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e20, @private=0xa010100}]}, &(0x7f00000002c0)=0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f00000001c0)={0x9, 0x201, 0xf, 0x2e, r4}, &(0x7f0000000200)=0x10)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000000)={r4, 0x4, 0xba}, &(0x7f0000000040)=0x8)

1.362756274s ago: executing program 0 (id=1701):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x7b1281, 0x49, 0x12}, 0x18)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x400001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

1.272102112s ago: executing program 1 (id=1702):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d80000001b00010000000000fdfffffffc000000000000000000000000000000200100000000000000000000000000004e240000000000010000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000ffffffffffffff7ffcffffffffffffff04000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000006fcffff00000000000003000000000000000000000000000c0008"], 0xd8}}, 0x20008004)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'bond0\x00', <r1=>0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r2=>0x0})
sendmsg$inet(r0, &(0x7f0000000540)={&(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x25}}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000300)="804c5f4061e1dadda7d7375606d38e2d036af89f2516af425fae690808d132ccf951b3184df0f21cc3d2822cef82be7a574d4ac8ba78e5d960733da8af1798bc8cdb458bc089399dafcbd7bab57985490ac2eae3739cf4c1cc870df41d6cb4aa8ab3426bec7044a67547f76cc1944ca16e6c9d8b61338424090580a753bd9d05ceb72e6dd1d5e39917bc026c52f03b97f7215ee4565acc2fb26251d3cb5aa4fac3602fff8cea66973d87b5c7700fe3c52063a1953e60ca30c7a7568ff4826d0a54c2dd5e651da22f0d299d592c7765e2a1ac9fc7e9c490304010d1b142491df981843d59b82784f7a0bab6dec5afd8c25396f5f20c", 0xf5}, {&(0x7f0000000140)="55379d5994aacfdb81a0e67a700d0c568e32f103d18a337f", 0x18}, {&(0x7f0000000180)="037924155ce7fdc75b216d584cb02de64e273c5d9517642108c580512d7f174718616211562aaeff2f1333fb212743407b13e5058b24117ba75e835d9f605173d67c183ed58462522b1fc7c6a923e25f2523f3a81e5cfe56051a7ecfbab5def7dc77479b39e3461820c304082ef2", 0x6e}], 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="14000000000000000000000001000000050000000000000098000000000000000000000007000000441c2a116401010100000001ac1414bb0000000aac1e000100000003004418f67000000891000000080000008100000007000003808907c1ac1e0101444ce723ac141433000000037f000001000089af7f0000010000068964010101ffffffffac14141100000003ac141419800000017f000001000000056401010000000008e000000100000e5711000000000000000000000001000000020000000000000011000000000000000000000001000000f0000000000000001100000000000000000000000100000003000000000000001400000000000000000000000200000009000000000000007208a2817f5f7c3c365b577507c376b99f3f9b93eb71228b28c08ccceab4630a6d3d75255df3a99acc61daa14ee5d6df251576a11b27a194f939ff18d825a8a10941bb108e2d89bd73a7d78b85e0c157f29c394281da2df17c2d94f128531ef5eb092ebfd1c04861a21e56aedf6d052c77251fbfca51edc44bbef718dec3427a32b37531a1b53e9a4e9dc3febcbfb4cc8852484f52554c3679c873480d791613ba"], 0x110}, 0x8000)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="400d0000000000003000128008000100687372002400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r1], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)

1.181133742s ago: executing program 3 (id=1703):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
syz_open_procfs(0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000730000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x400, 0x1)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000000)="390000001000111867090707a640400f0021ff3f31000000170a001700000000040037000900030001372564b758b9a64411f6bb744dc48f57", 0x39}], 0x1)

894.633782ms ago: executing program 1 (id=1704):
r0 = syz_open_dev$loop(&(0x7f0000000280), 0xa4f, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffb}, 0x18)
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d9600010000000000000000000000000000000000000000000000000000dabeffff00", "2809e8dbe108598948224ad54afac11d875397bdb22d00009520a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bc0007008019000000000000000000000000af1e4ccfb7b3cad80004010400", [0x1, 0x2000000000001]}})

869.349544ms ago: executing program 0 (id=1705):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0)
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000002c0)={0x0, 0x10, 0x70b6})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x24, &(0x7f0000002880)=0x5, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000040)=0x8, 0x4)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000010000100000000000000000003000092d6c52cebcf0a60000000060a0904000000020000000900020073797a32000000000900010073797a300000000034000480300001800e000100627974656f726465720000001c000280080002400000ec0108000140000000080800044000000002140000001100010000000000000000000000000a0000000000"], 0x88}}, 0x0)
sendmsg$rds(r4, &(0x7f0000001380)={&(0x7f00000000c0)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@cswp={0x58, 0x114, 0x7, {{0x7ff80000, 0x101}, 0x0, 0x0, 0x89, 0x4, 0xeb, 0x10000000008a, 0x22, 0x77}}], 0x58}, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
socket$kcm(0x29, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)

630.181004ms ago: executing program 1 (id=1706):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x378, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010029bd7000fbdbdf25ff010000060000800000000000000001fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004006000000000000000000000000000000000000000000000000000000000000200000000000000fdffffffffffffff000000000000000000000000000000000500000000000000000000000020000000000000000000000000000000000000010002000000000044000500fe800000000000000000000000000044000004d42b0000000a000000e00000010000000000000000000000000000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x0)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r2, &(0x7f0000004d00), 0x7fffffffffffd33, 0x20000890)
syz_usb_connect$cdc_ncm(0x6, 0x8f, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)

450.145475ms ago: executing program 4 (id=1707):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x38, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x38}}, 0x300)

413.243072ms ago: executing program 4 (id=1708):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @remote, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x5dc, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @loopback={0x4000000}, @local, [@srh={0x2b, 0x0, 0x4, 0x0, 0x0, 0x10}]}}}}}}}, 0x0) (fail_nth: 1)

262.176637ms ago: executing program 2 (id=1709):
syz_emit_ethernet(0x3e, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000000000000700", [0x0, 0xffffffff9673e35d]}})

204.03019ms ago: executing program 2 (id=1710):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x7b1281, 0x49, 0x12}, 0x18)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

0s ago: executing program 4 (id=1711):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x101801, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'pimreg\x00', 0x3})
socket$inet6_sctp(0xa, 0x801, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff})
unshare(0x22020600)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r4, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
setsockopt$sock_attach_bpf(r3, 0x1, 0x14, 0x0, 0xfe64)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x40000)
removexattr(0x0, 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x80086601, 0x0)
r5 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000, 0x0)
ioctl$BLKALIGNOFF(r6, 0x127a, &(0x7f0000000140))
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x140, &(0x7f0000000440)=ANY=[@ANYBLOB="5b37182347bc61090000000086dd6dc1242e010a2bfffc010000000000000000000000000000fe8000000000000080000000000000aa0000001167000000000204010208050000000000000000000000000000000001620802e400000000fe880000000000000000000000000101fe800000000000000000000000000024fc020000000000000000000000000000fe8000000000000000000000000000aa1604040209200200fe8000000000000000000000000000aaff020000000000000000000000000001870a040500100500fc01000000000000000000000000000000000000000000000000ffffac1e00010000000000000000000000000000000000000000000000000000000000000001fe8000000000000000000000000000aa77c7f0bdc1c969ba7af286e89dcd2f741e78def4f71823095fae0b579ab109879bb9"], 0x0)
sendmsg$nl_netfilter(r7, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000210a010100a53786"], 0x14}, 0x1, 0x0, 0x0, 0x8841}, 0x40804)

kernel console output (not intermixed with test programs):

 0x3 has invalid maxpacket 57300, setting to 1024
[  345.826084][ T5937] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  345.905980][ T5937] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  345.971799][ T5937] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  345.983199][ T5937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.995102][ T5937] usb 4-1: Product: syz
[  346.012820][ T5937] usb 4-1: Manufacturer: syz
[  346.028931][ T5937] usb 4-1: SerialNumber: syz
[  346.084827][T10422] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  346.092595][T10422] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  346.461504][T10443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1276'.
[  346.502723][   T30] audit: type=1326 audit(1759912228.534:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10441 comm="syz.4.1277" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2188b8eec9 code=0x7ffe0000
[  347.061952][T10447] FAULT_INJECTION: forcing a failure.
[  347.061952][T10447] name failslab, interval 1, probability 0, space 0, times 0
[  347.178584][T10447] CPU: 0 UID: 0 PID: 10447 Comm: syz.0.1279 Not tainted syzkaller #0 PREEMPT(full) 
[  347.178610][T10447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  347.178620][T10447] Call Trace:
[  347.178627][T10447]  <TASK>
[  347.178637][T10447]  dump_stack_lvl+0x189/0x250
[  347.178669][T10447]  ? __pfx____ratelimit+0x10/0x10
[  347.178690][T10447]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.178709][T10447]  ? __pfx__printk+0x10/0x10
[  347.178733][T10447]  ? __pfx___might_resched+0x10/0x10
[  347.178752][T10447]  ? fs_reclaim_acquire+0x7d/0x100
[  347.178782][T10447]  should_fail_ex+0x414/0x560
[  347.178806][T10447]  should_failslab+0xa8/0x100
[  347.178825][T10447]  __kmalloc_cache_noprof+0x6f/0x6f0
[  347.178848][T10447]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  347.178867][T10447]  ? tcf_block_get_ext+0x140/0x17d0
[  347.178891][T10447]  ? qdisc_alloc+0x789/0xaa0
[  347.178904][T10447]  ? qdisc_create+0x12c/0xea0
[  347.178924][T10447]  ? tc_modify_qdisc+0x1538/0x20e0
[  347.178950][T10447]  tcf_block_get_ext+0x140/0x17d0
[  347.178987][T10447]  ? __pfx_prio_init+0x10/0x10
[  347.179009][T10447]  tcf_block_get+0x67/0xa0
[  347.179033][T10447]  ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[  347.179055][T10447]  prio_init+0x36/0x80
[  347.179077][T10447]  qdisc_create+0x7a9/0xea0
[  347.179109][T10447]  tc_modify_qdisc+0x1538/0x20e0
[  347.179148][T10447]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  347.179202][T10447]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  347.179222][T10447]  rtnetlink_rcv_msg+0x77c/0xb70
[  347.179245][T10447]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  347.179260][T10447]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  347.179273][T10447]  ? ref_tracker_free+0x63a/0x7d0
[  347.179293][T10447]  ? __asan_memcpy+0x40/0x70
[  347.179307][T10447]  ? __pfx_ref_tracker_free+0x10/0x10
[  347.179327][T10447]  netlink_rcv_skb+0x208/0x470
[  347.179339][T10447]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  347.179349][T10447]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  347.179365][T10447]  ? netlink_deliver_tap+0x2e/0x1b0
[  347.179379][T10447]  netlink_unicast+0x82c/0x9e0
[  347.179398][T10447]  ? __pfx_netlink_unicast+0x10/0x10
[  347.179412][T10447]  ? netlink_sendmsg+0x642/0xb30
[  347.179420][T10447]  ? skb_put+0x11b/0x210
[  347.179433][T10447]  netlink_sendmsg+0x805/0xb30
[  347.179448][T10447]  ? __pfx_netlink_sendmsg+0x10/0x10
[  347.179459][T10447]  ? aa_sock_msg_perm+0xf1/0x1d0
[  347.179474][T10447]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  347.179484][T10447]  ? __pfx_netlink_sendmsg+0x10/0x10
[  347.179494][T10447]  __sock_sendmsg+0x21c/0x270
[  347.179509][T10447]  ____sys_sendmsg+0x505/0x830
[  347.179523][T10447]  ? __pfx_____sys_sendmsg+0x10/0x10
[  347.179539][T10447]  ? import_iovec+0x74/0xa0
[  347.179551][T10447]  ___sys_sendmsg+0x21f/0x2a0
[  347.179563][T10447]  ? __pfx____sys_sendmsg+0x10/0x10
[  347.179599][T10447]  ? __fget_files+0x2a/0x420
[  347.179608][T10447]  ? __fget_files+0x3a0/0x420
[  347.179622][T10447]  __x64_sys_sendmsg+0x19b/0x260
[  347.179635][T10447]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  347.179651][T10447]  ? __pfx_ksys_write+0x10/0x10
[  347.179666][T10447]  ? do_syscall_64+0xbe/0xfa0
[  347.179679][T10447]  do_syscall_64+0xfa/0xfa0
[  347.179689][T10447]  ? lockdep_hardirqs_on+0x9c/0x150
[  347.179700][T10447]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.179710][T10447]  ? clear_bhb_loop+0x60/0xb0
[  347.179721][T10447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.179731][T10447] RIP: 0033:0x7fd794f8eec9
[  347.179742][T10447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.179750][T10447] RSP: 002b:00007fd795d70038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  347.179762][T10447] RAX: ffffffffffffffda RBX: 00007fd7951e5fa0 RCX: 00007fd794f8eec9
[  347.179769][T10447] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  347.179775][T10447] RBP: 00007fd795d70090 R08: 0000000000000000 R09: 0000000000000000
[  347.179781][T10447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  347.179787][T10447] R13: 00007fd7951e6038 R14: 00007fd7951e5fa0 R15: 00007fd79530fa28
[  347.179803][T10447]  </TASK>
[  348.035341][   T30] audit: type=1326 audit(1759912230.314:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10456 comm="syz.0.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  348.066065][   T30] audit: type=1326 audit(1759912230.314:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10456 comm="syz.0.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  348.089494][T10461] i2c i2c-0: Invalid block write size 255
[  348.098831][   T30] audit: type=1326 audit(1759912230.324:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10456 comm="syz.0.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  348.232803][   T30] audit: type=1326 audit(1759912230.324:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10456 comm="syz.0.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  348.285433][T10467] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  348.309941][   T30] audit: type=1326 audit(1759912230.324:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10456 comm="syz.0.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  348.333918][   T30] audit: type=1326 audit(1759912230.324:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10456 comm="syz.0.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  348.374013][   T30] audit: type=1326 audit(1759912230.334:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10456 comm="syz.0.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  348.398161][   T30] audit: type=1326 audit(1759912230.334:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10456 comm="syz.0.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  348.423092][   T30] audit: type=1326 audit(1759912230.334:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10456 comm="syz.0.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  348.595685][T10478] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1285'.
[  348.624582][T10478] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1285'.
[  348.943126][ T5937] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  348.961439][ T5937] usbtest 4-1:1.0: Linux user mode ISO test driver
[  348.992069][ T5937] usbtest 4-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  349.095440][ T5937] usb 4-1: USB disconnect, device number 66
[  349.430423][T10488] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1288'.
[  349.439929][T10488] netem: unknown loss type 13
[  350.089002][T10504] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1293'.
[  350.248386][T10512] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1295'.
[  350.343468][T10514] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1294'.
[  350.352548][T10514] 0�: renamed from 
71� (while UP)
[  350.624125][T10514] A link change request failed with some changes committed already. Interface 
70� may have been left with an inconsistent configuration, please check.
[  350.658473][ T5937] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  350.808474][ T5937] usb 3-1: Using ep0 maxpacket: 32
[  350.821525][ T5937] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  350.937707][ T5937] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  350.987452][ T5937] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  351.032474][ T5937] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  351.080574][ T5937] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  351.178275][ T5938] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  351.288588][ T7820] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  351.426541][ T5937] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  351.498236][ T5937] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  351.509359][ T5938] usb 5-1: Using ep0 maxpacket: 16
[  351.514969][ T7820] usb 4-1: Using ep0 maxpacket: 8
[  351.557515][ T5938] usb 5-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76
[  351.566959][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.582244][ T7820] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  351.607576][ T5937] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.615960][ T7820] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 61507, setting to 1024
[  351.673709][ T5938] usb 5-1: Product: syz
[  351.677901][ T5938] usb 5-1: Manufacturer: syz
[  351.705064][ T5937] usb 3-1: config 0 descriptor??
[  351.765943][ T5938] usb 5-1: SerialNumber: syz
[  351.878271][ T7820] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  351.888558][ T7820] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  351.923028][ T5938] usb 5-1: config 0 descriptor??
[  352.058353][ T7820] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  352.087998][ T7820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.119178][ T5937] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 60 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  352.135576][ T7820] usb 4-1: Product: syz
[  352.161762][ T7820] usb 4-1: Manufacturer: syz
[  352.166410][ T7820] usb 4-1: SerialNumber: syz
[  352.231070][T10529] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  352.285744][T10529] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  352.320977][    C0] usblp0: nonzero read bulk status received: -71
[  352.331044][ T5937] usb 3-1: USB disconnect, device number 60
[  352.522540][T10515] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1295'.
[  352.545348][T10515] usblp0: removed
[  352.620037][T10548] loop9: detected capacity change from 0 to 7
[  352.642142][T10548] Dev loop9: unable to read RDB block 7
[  352.656164][T10548]  loop9: unable to read partition table
[  352.676039][T10548] loop9: partition table beyond EOD, truncated
[  352.697891][T10548] loop_reread_partitions: partition scan of loop9 (�被x������ ) failed (rc=-5)
[  353.764812][T10551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  353.814579][T10551] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  354.195269][T10551] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  354.215498][ T5938] usb_8dev 5-1:0.0 can0: sending command message failed
[  354.227376][ T7820] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  354.277428][ T5938] usb_8dev 5-1:0.0 can0: can't get firmware version
[  354.294624][ T7820] usbtest 4-1:1.0: Linux user mode ISO test driver
[  354.320826][ T7820] usbtest 4-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  354.379174][ T7820] usb 4-1: USB disconnect, device number 67
[  354.400722][ T5938] usb_8dev 5-1:0.0: probe with driver usb_8dev failed with error -22
[  354.464676][ T5938] usb 5-1: USB disconnect, device number 58
[  354.801990][T10574] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1302'.
[  354.933627][T10578] batadv_slave_0: entered promiscuous mode
[  355.466630][T10589] loop2: detected capacity change from 0 to 7
[  355.477396][T10589] Dev loop2: unable to read RDB block 7
[  355.485611][T10589]  loop2: unable to read partition table
[  355.497284][T10589] loop2: partition table beyond EOD, truncated
[  355.508900][T10589] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  355.678247][ T7405] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  355.809085][ T7405] usb 4-1: device descriptor read/64, error -71
[  355.948286][   T24] usb 2-1: new low-speed USB device number 73 using dummy_hcd
[  356.078323][ T7405] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  356.089623][   T24] usb 2-1: device descriptor read/64, error -71
[  356.228236][ T7405] usb 4-1: device descriptor read/64, error -71
[  356.347265][T10605] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  356.357753][T10605] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  356.388487][ T7405] usb usb4-port1: attempt power cycle
[  356.484601][   T24] usb 2-1: new low-speed USB device number 74 using dummy_hcd
[  356.619169][   T24] usb 2-1: device descriptor read/64, error -71
[  356.648669][ T5913] usb 5-1: new low-speed USB device number 59 using dummy_hcd
[  356.736646][   T24] usb usb2-port1: attempt power cycle
[  356.768769][ T7405] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  356.819680][ T7405] usb 4-1: device descriptor read/8, error -71
[  356.863260][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  356.874522][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  356.884698][ T5913] usb 5-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  356.894980][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.952223][ T5913] usb 5-1: config 0 descriptor??
[  357.058788][ T7405] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  357.082760][ T7405] usb 4-1: device descriptor read/8, error -71
[  357.168312][   T24] usb 2-1: new low-speed USB device number 75 using dummy_hcd
[  357.206074][ T7405] usb usb4-port1: unable to enumerate USB device
[  357.214791][   T24] usb 2-1: device descriptor read/8, error -71
[  357.259143][T10620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  357.281357][T10620] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  357.458393][   T24] usb 2-1: new low-speed USB device number 76 using dummy_hcd
[  357.509751][T10608] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  357.524766][T10608] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  357.550696][   T24] usb 2-1: device descriptor read/8, error -71
[  357.564177][T10608] netlink: 'syz.4.1312': attribute type 21 has an invalid length.
[  357.641686][T10608] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1312'.
[  357.662641][ T5913] glorious 0003:258A:0036.001B: item fetching failed at offset 0/2
[  357.671029][   T24] usb usb2-port1: unable to enumerate USB device
[  357.699750][ T5913] glorious 0003:258A:0036.001B: probe with driver glorious failed with error -22
[  357.903687][ T5913] usb 5-1: USB disconnect, device number 59
[  358.648500][ T7820] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  358.820884][ T7820] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  358.858912][ T7820] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  358.870172][ T7820] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  358.900350][ T7820] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  358.913823][ T7820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  358.923686][ T7820] usb 4-1: Product: syz
[  358.930064][ T7820] usb 4-1: Manufacturer: syz
[  358.936517][ T7820] usb 4-1: SerialNumber: syz
[  359.098208][ T5913] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  359.128432][ T5938] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  359.156323][ T7820] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 72 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  359.248280][ T5913] usb 2-1: Using ep0 maxpacket: 8
[  359.261715][ T5913] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  359.270396][ T5913] usb 2-1: config 0 has no interface number 0
[  359.276722][ T5913] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  359.289701][ T5913] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  359.299492][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.308673][ T5938] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  359.317220][ T5938] usb 3-1: config 220 descriptor has 1 excess byte, ignoring
[  359.319814][ T5913] usb 2-1: config 0 descriptor??
[  359.325207][ T5938] usb 3-1: config 220 has 2 interfaces, different from the descriptor's value: 3
[  359.339379][ T5938] usb 3-1: config 220 has no interface number 1
[  359.345840][ T5938] usb 3-1: config 220 interface 0 has no altsetting 0
[  359.354379][ T5938] usb 3-1: config 220 interface 76 has no altsetting 0
[  359.367921][ T7820] usb 4-1: USB disconnect, device number 72
[  359.376577][ T7820] usblp0: removed
[  359.413220][ T5938] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  359.453692][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.457231][ T5913] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  359.478923][ T5938] usb 3-1: Product: syz
[  359.483308][ T5938] usb 3-1: Manufacturer: syz
[  359.488082][ T5938] usb 3-1: SerialNumber: syz
[  359.604555][T10656] loop6: detected capacity change from 0 to 7
[  359.614511][ T6973] Dev loop6: unable to read RDB block 7
[  359.620808][ T6973]  loop6: unable to read partition table
[  359.626819][ T6973] loop6: partition table beyond EOD, truncated
[  359.635476][T10656] Dev loop6: unable to read RDB block 7
[  359.641733][T10656]  loop6: unable to read partition table
[  359.647729][T10656] loop6: partition table beyond EOD, truncated
[  359.654210][T10656] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  359.749099][T10658] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1321'.
[  360.695641][T10669] macvlan0: entered promiscuous mode
[  360.703413][T10669] batadv0: entered promiscuous mode
[  360.710016][T10669] debugfs: 'hsr0' already exists in 'hsr'
[  360.718338][T10669] Cannot create hsr debugfs directory
[  360.738766][T10669] hsr0: entered allmulticast mode
[  360.760396][T10669] macvlan0: left promiscuous mode
[  360.790972][T10669] batadv0: left promiscuous mode
[  362.141901][T10697] sock: sock_timestamping_bind_phc: sock not bind to device
[  362.180055][ T5938] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  362.207972][ T5938] uvcvideo 3-1:220.0: No valid video chain found.
[  362.714461][ T7820] usb 2-1: USB disconnect, device number 77
[  362.799849][ T5938] usb 3-1: USB disconnect, device number 61
[  362.879303][T10701] loop6: detected capacity change from 0 to 7
[  362.885962][T10703] loop2: detected capacity change from 0 to 7
[  362.912349][ T5847] Dev loop2: unable to read RDB block 7
[  362.918305][T10701] Dev loop6: unable to read RDB block 7
[  362.920896][ T5847]  loop2: AHDI p1 p2 p3
[  362.923900][T10701]  loop6: unable to read partition table
[  362.928047][ T5847] loop2: partition table partially beyond EOD, truncated
[  362.964184][T10701] loop6: partition table beyond EOD, truncated
[  362.980822][ T5847] loop2: p1 start 1668641394 is beyond EOD, truncated
[  362.980849][ T5847] loop2: p2 start 1702059890 is beyond EOD, truncated
[  362.997364][T10703] Dev loop2: unable to read RDB block 7
[  362.997398][T10703]  loop2: AHDI p1 p2 p3
[  362.997426][T10703] loop2: partition table partially beyond EOD, truncated
[  362.997606][T10703] loop2: p1 start 1668641394 is beyond EOD, truncated
[  362.997626][T10703] loop2: p2 start 1702059890 is beyond EOD, truncated
[  362.997947][T10701] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  363.176557][T10713] loop6: detected capacity change from 0 to 7
[  363.212589][T10713] Dev loop6: unable to read RDB block 7
[  363.212633][T10713]  loop6: unable to read partition table
[  363.212831][T10713] loop6: partition table beyond EOD, truncated
[  363.212849][T10713] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  363.408828][T10721] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1336'.
[  363.408953][T10721] 0�: renamed from 
71� (while UP)
[  363.431185][T10721] A link change request failed with some changes committed already. Interface 
70� may have been left with an inconsistent configuration, please check.
[  363.672076][T10727] program syz.0.1342 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  363.870934][T10730] input: syz0 as /devices/virtual/input/input30
[  364.688233][ T5913] usb 4-1: new low-speed USB device number 73 using dummy_hcd
[  364.741853][T10735] loop7: detected capacity change from 0 to 7
[  364.750783][ T5825] Dev loop7: unable to read RDB block 7
[  364.756398][ T5825]  loop7: unable to read partition table
[  364.774551][ T5825] loop7: partition table beyond EOD, truncated
[  364.802410][T10737] 8021q: adding VLAN 0 to HW filter on device bond2
[  364.811147][T10735] Dev loop7: unable to read RDB block 7
[  364.823174][T10737] bond2: (slave macvlan0): Error -22 calling dev_set_mtu
[  364.832765][T10735]  loop7: unable to read partition table
[  364.843443][T10735] loop7: partition table beyond EOD, truncated
[  364.852519][T10735] loop_reread_partitions: partition scan of loop7 (�被x������ ) failed (rc=-5)
[  364.875067][ T5913] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  364.885010][ T5913] usb 4-1: config 0 has no interface number 0
[  364.946754][ T5913] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  365.013618][T10742] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1349'.
[  365.015582][ T5913] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  365.025976][T10744] loop2: detected capacity change from 0 to 7
[  365.044979][ T5913] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  365.045060][T10742] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1349'.
[  365.055487][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.075245][T10742] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1349'.
[  365.085653][ T5825] Dev loop2: unable to read RDB block 7
[  365.094231][ T5913] usb 4-1: config 0 descriptor??
[  365.099896][ T5825]  loop2: AHDI p1 p2 p3
[  365.104092][ T5825] loop2: partition table partially beyond EOD, truncated
[  365.108962][T10742] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1349'.
[  365.112490][T10733] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  365.128883][ T5825] loop2: p1 start 1668641394 is beyond EOD, truncated
[  365.135769][ T5825] loop2: p2 start 1702059890 is beyond EOD, truncated
[  365.143197][T10742] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1349'.
[  365.153965][T10744] Dev loop2: unable to read RDB block 7
[  365.163325][ T5913] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  365.190405][T10744]  loop2: AHDI p1 p2 p3
[  365.194768][T10744] loop2: partition table partially beyond EOD, truncated
[  365.217772][T10744] loop2: p1 start 1668641394 is beyond EOD, truncated
[  365.355966][ T5913] usb 4-1: USB disconnect, device number 73
[  365.438439][T10744] loop2: p2 start 1702059890 is beyond EOD, truncated
[  365.642368][T10756] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes
[  365.691899][T10757] loop6: detected capacity change from 0 to 7
[  365.710364][ T5825] Dev loop6: unable to read RDB block 7
[  365.716415][ T5825]  loop6: unable to read partition table
[  365.723173][ T5825] loop6: partition table beyond EOD, truncated
[  365.732917][T10757] Dev loop6: unable to read RDB block 7
[  365.770730][T10757]  loop6: unable to read partition table
[  365.793519][T10757] loop6: partition table beyond EOD, truncated
[  365.814618][T10757] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  366.480896][T10780] program syz.2.1356 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  366.538914][T10783] loop7: detected capacity change from 0 to 7
[  366.769539][T10783] Dev loop7: unable to read RDB block 7
[  366.775585][T10783]  loop7: unable to read partition table
[  366.791411][T10783] loop7: partition table beyond EOD, truncated
[  366.806003][T10783] loop_reread_partitions: partition scan of loop7 (�被x������ ) failed (rc=-5)
[  367.451181][T10791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  367.558627][T10791] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  367.617469][T10793] loop2: detected capacity change from 0 to 7
[  367.646880][T10793] Dev loop2: unable to read RDB block 7
[  367.665915][T10793]  loop2: AHDI p1 p2 p3
[  367.680685][T10793] loop2: partition table partially beyond EOD, truncated
[  367.709076][T10793] loop2: p1 start 1668641394 is beyond EOD, truncated
[  367.726122][T10793] loop2: p2 start 1702059890 is beyond EOD, truncated
[  368.119648][T10804] loop6: detected capacity change from 0 to 7
[  368.129382][ T5825] Dev loop6: unable to read RDB block 7
[  368.141642][ T5825]  loop6: unable to read partition table
[  368.153617][ T5825] loop6: partition table beyond EOD, truncated
[  368.188455][T10804] Dev loop6: unable to read RDB block 7
[  368.200887][T10804]  loop6: unable to read partition table
[  368.207396][T10804] loop6: partition table beyond EOD, truncated
[  368.225674][T10804] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  368.427218][T10816] loop7: detected capacity change from 0 to 7
[  368.449446][T10816] Dev loop7: unable to read RDB block 7
[  368.471641][T10816]  loop7: unable to read partition table
[  368.481064][T10816] loop7: partition table beyond EOD, truncated
[  368.499337][T10816] loop_reread_partitions: partition scan of loop7 (�被x������ ) failed (rc=-5)
[  368.727925][T10825] loop2: detected capacity change from 0 to 7
[  368.753703][T10825] Dev loop2: unable to read RDB block 7
[  368.793488][T10825]  loop2: AHDI p1 p2 p3
[  368.810291][T10825] loop2: partition table partially beyond EOD, truncated
[  368.834644][T10825] loop2: p1 start 1668641394 is beyond EOD, truncated
[  368.852960][T10825] loop2: p2 start 1702059890 is beyond EOD, truncated
[  368.967327][T10832] program syz.3.1374 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  369.516934][T10844] program syz.2.1377 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  370.034560][T10856] loop6: detected capacity change from 0 to 7
[  370.051365][T10856] Dev loop6: unable to read RDB block 7
[  370.057032][T10856]  loop6: unable to read partition table
[  370.066422][T10856] loop6: partition table beyond EOD, truncated
[  370.095613][T10856] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  370.113863][T10853] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  370.123754][T10853] syzkaller0: entered promiscuous mode
[  370.145896][T10853] syzkaller0: entered allmulticast mode
[  370.258516][T10857] tipc: Resetting bearer <eth:syzkaller0>
[  370.333694][T10857] tipc: Disabling bearer <eth:syzkaller0>
[  370.339994][T10864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.364840][T10864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  370.371910][T10866] loop7: detected capacity change from 0 to 7
[  370.401637][T10866] Dev loop7: unable to read RDB block 7
[  370.422018][T10866]  loop7: unable to read partition table
[  370.427904][T10866] loop7: partition table beyond EOD, truncated
[  370.449505][T10866] loop_reread_partitions: partition scan of loop7 (�被x������ ) failed (rc=-5)
[  370.452355][T10871] loop2: detected capacity change from 0 to 7
[  370.473614][ T5825] Dev loop2: unable to read RDB block 7
[  370.490947][ T5825]  loop2: AHDI p1 p2 p3
[  370.501097][ T5825] loop2: partition table partially beyond EOD, truncated
[  370.528585][ T5825] loop2: p1 start 1668641394 is beyond EOD, truncated
[  370.544346][ T5825] loop2: p2 start 1702059890 is beyond EOD, truncated
[  370.557082][T10871] Dev loop2: unable to read RDB block 7
[  370.565713][T10871]  loop2: AHDI p1 p2 p3
[  370.581937][T10871] loop2: partition table partially beyond EOD, truncated
[  370.590133][T10871] loop2: p1 start 1668641394 is beyond EOD, truncated
[  370.596992][T10871] loop2: p2 start 1702059890 is beyond EOD, truncated
[  370.638229][ T5913] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  370.792515][ T5913] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  370.803680][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.813517][ T5913] usb 2-1: Product: syz
[  370.820657][ T5913] usb 2-1: Manufacturer: syz
[  370.826553][ T5913] usb 2-1: SerialNumber: syz
[  370.841058][ T5913] usb 2-1: config 0 descriptor??
[  370.917542][T10883] FAULT_INJECTION: forcing a failure.
[  370.917542][T10883] name failslab, interval 1, probability 0, space 0, times 0
[  370.930921][T10883] CPU: 1 UID: 0 PID: 10883 Comm: syz.3.1390 Not tainted syzkaller #0 PREEMPT(full) 
[  370.930965][T10883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  370.930989][T10883] Call Trace:
[  370.930997][T10883]  <TASK>
[  370.931006][T10883]  dump_stack_lvl+0x189/0x250
[  370.931040][T10883]  ? __pfx____ratelimit+0x10/0x10
[  370.931062][T10883]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.931081][T10883]  ? __pfx__printk+0x10/0x10
[  370.931102][T10883]  ? __pfx___might_resched+0x10/0x10
[  370.931129][T10883]  should_fail_ex+0x414/0x560
[  370.931155][T10883]  should_failslab+0xa8/0x100
[  370.931174][T10883]  kmem_cache_alloc_node_noprof+0x77/0x710
[  370.931196][T10883]  ? percpu_ref_put+0x1e/0x230
[  370.931215][T10883]  ? zswap_store+0xbc8/0x1f40
[  370.931238][T10883]  zswap_store+0xbc8/0x1f40
[  370.931254][T10883]  ? trace_irq_disable+0x37/0x110
[  370.931273][T10883]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  370.931293][T10883]  ? zswap_store+0x6ff/0x1f40
[  370.931321][T10883]  ? __pfx_zswap_store+0x10/0x10
[  370.931346][T10883]  ? swap_writeout+0x5c8/0xd70
[  370.931365][T10883]  ? kasan_check_range+0x9f/0x2c0
[  370.931388][T10883]  swap_writeout+0x710/0xd70
[  370.931411][T10883]  ? try_to_unmap_flush_dirty+0x75/0x100
[  370.931438][T10883]  shrink_folio_list+0x3011/0x4c70
[  370.931492][T10883]  ? __pfx_shrink_folio_list+0x10/0x10
[  370.931516][T10883]  ? __cgroup_account_cputime+0xe5/0x120
[  370.931592][T10883]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  370.931612][T10883]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  370.931638][T10883]  reclaim_folio_list+0xeb/0x500
[  370.931662][T10883]  ? __pfx___schedule+0x10/0x10
[  370.931694][T10883]  ? __pfx_reclaim_folio_list+0x10/0x10
[  370.931731][T10883]  reclaim_pages+0x454/0x520
[  370.931760][T10883]  ? __pfx_reclaim_pages+0x10/0x10
[  370.931790][T10883]  madvise_cold_or_pageout_pte_range+0x1974/0x1d00
[  370.931841][T10883]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[  370.931878][T10883]  walk_pgd_range+0xfe9/0x1d40
[  370.931939][T10883]  ? __pfx_walk_pgd_range+0x10/0x10
[  370.931956][T10883]  ? register_lock_class+0x51/0x320
[  370.931989][T10883]  __walk_page_range+0x14c/0x710
[  370.932014][T10883]  ? process_measurement+0x3d8/0x1a40
[  370.932044][T10883]  walk_page_range_vma+0x393/0x440
[  370.932060][T10883]  ? mlock_drain_local+0x79/0x490
[  370.932078][T10883]  ? __pfx_walk_page_range_vma+0x10/0x10
[  370.932098][T10883]  ? mlock_drain_local+0x79/0x490
[  370.932119][T10883]  madvise_vma_behavior+0x311f/0x3a10
[  370.932145][T10883]  ? __pfx_process_measurement+0x10/0x10
[  370.932159][T10883]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  370.932193][T10883]  ? __lock_acquire+0xab9/0xd20
[  370.932215][T10883]  ? __lock_acquire+0xab9/0xd20
[  370.932246][T10883]  ? mas_prev_slot+0xb31/0xbb0
[  370.932274][T10883]  ? find_vma_prev+0xe3/0x150
[  370.932290][T10883]  ? __pfx_find_vma_prev+0x10/0x10
[  370.932312][T10883]  ? __might_fault+0xb0/0x130
[  370.932331][T10883]  ? _parse_integer_limit+0x1ae/0x1f0
[  370.932352][T10883]  madvise_walk_vmas+0x51c/0xa30
[  370.932382][T10883]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  370.932405][T10883]  ? blk_start_plug+0x6f/0x1b0
[  370.932426][T10883]  madvise_do_behavior+0x38e/0x550
[  370.932451][T10883]  ? __pfx_madvise_do_behavior+0x10/0x10
[  370.932478][T10883]  ? down_read+0x1ad/0x2e0
[  370.932501][T10883]  do_madvise+0x1bc/0x270
[  370.932522][T10883]  ? __pfx_do_madvise+0x10/0x10
[  370.932558][T10883]  ? ksys_write+0x22a/0x250
[  370.932578][T10883]  ? __pfx_ksys_write+0x10/0x10
[  370.932600][T10883]  __x64_sys_madvise+0xa7/0xc0
[  370.932621][T10883]  do_syscall_64+0xfa/0xfa0
[  370.932635][T10883]  ? lockdep_hardirqs_on+0x9c/0x150
[  370.932650][T10883]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.932664][T10883]  ? clear_bhb_loop+0x60/0xb0
[  370.932680][T10883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.932700][T10883] RIP: 0033:0x7f500118eec9
[  370.932714][T10883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.932726][T10883] RSP: 002b:00007f4fff3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  370.932742][T10883] RAX: ffffffffffffffda RBX: 00007f50013e6180 RCX: 00007f500118eec9
[  370.932751][T10883] RDX: 0000000000000015 RSI: 0000000000800000 RDI: 000020000042f000
[  370.932761][T10883] RBP: 00007f4fff3f6090 R08: 0000000000000000 R09: 0000000000000000
[  370.932770][T10883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.932777][T10883] R13: 00007f50013e6218 R14: 00007f50013e6180 R15: 00007f500150fa28
[  370.932802][T10883]  </TASK>
[  371.375384][ T5938] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  371.558473][ T5938] usb 5-1: Using ep0 maxpacket: 16
[  371.565711][ T5938] usb 5-1: config 149 has an invalid descriptor of length 130, skipping remainder of the config
[  371.668630][ T5938] usb 5-1: config 149 has 0 interfaces, different from the descriptor's value: 1
[  371.822726][ T5913] usb 2-1: Firmware version (0.0) predates our first public release.
[  371.830944][ T5913] usb 2-1: Please update to version 0.2 or newer
[  371.868951][ T5938] usb 5-1: New USB device found, idVendor=0d9f, idProduct=0002, bcdDevice=65.f4
[  371.902979][ T5913] usb 2-1: USB disconnect, device number 78
[  371.919693][T10885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1391'.
[  371.961067][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.988311][T10885] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1391'.
[  372.082416][ T5938] usb 5-1: Product: syz
[  372.086617][ T5938] usb 5-1: Manufacturer: syz
[  372.149327][ T5938] usb 5-1: SerialNumber: syz
[  372.401536][T10873] syzkaller1: entered promiscuous mode
[  372.425300][T10873] syzkaller1: entered allmulticast mode
[  372.464223][T10876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  372.499770][T10876] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  372.508544][T10892] tipc: Started in network mode
[  372.513546][T10892] tipc: Node identity 26f9443fff57, cluster identity 4711
[  372.532466][T10892] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  372.557883][ T5938] usb 5-1: USB disconnect, device number 60
[  372.585032][T10892] syzkaller0: entered promiscuous mode
[  373.183135][T10892] syzkaller0: entered allmulticast mode
[  373.243351][T10892] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1393'.
[  373.333418][T10892] tipc: Resetting bearer <eth:syzkaller0>
[  373.376073][T10889] tipc: Resetting bearer <eth:syzkaller0>
[  373.385201][T10905] loop2: detected capacity change from 0 to 7
[  373.393815][T10905] Dev loop2: unable to read RDB block 7
[  373.394158][T10907] fuse: Bad value for 'fd'
[  373.404372][T10905]  loop2: unable to read partition table
[  373.410786][T10905] loop2: partition table beyond EOD, truncated
[  373.421913][T10905] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  373.431972][T10889] tipc: Disabling bearer <eth:syzkaller0>
[  373.524686][T10907] macvlan0: entered promiscuous mode
[  373.531577][T10907] batadv0: entered promiscuous mode
[  373.539723][T10907] debugfs: 'hsr0' already exists in 'hsr'
[  373.557619][T10907] Cannot create hsr debugfs directory
[  373.562172][T10914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.567674][T10907] hsr0: Slave A (macvlan0) is not up; please bring it up to get a fully working HSR network
[  373.573421][T10914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.593332][T10914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.603431][T10914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.615644][T10907] hsr0: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network
[  373.634887][T10907] hsr0: entered allmulticast mode
[  373.648937][T10907] macvlan0: left promiscuous mode
[  373.657198][T10907] batadv0: left promiscuous mode
[  373.681094][T10914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.692039][T10914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.693350][T10917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.711377][T10917] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.762550][T10921] loop6: detected capacity change from 0 to 7
[  373.771349][ T5825] Dev loop6: unable to read RDB block 7
[  373.777882][ T5825]  loop6: unable to read partition table
[  373.784529][ T5825] loop6: partition table beyond EOD, truncated
[  373.801902][T10921] Dev loop6: unable to read RDB block 7
[  373.813058][T10921]  loop6: unable to read partition table
[  373.822850][T10921] loop6: partition table beyond EOD, truncated
[  373.831190][T10921] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  373.889594][ T5913] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  374.023553][T10928] netlink: 'syz.0.1403': attribute type 10 has an invalid length.
[  374.088320][ T5913] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  374.101496][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  374.157948][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  374.178550][ T5913] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  374.247191][   T24] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  374.284738][T10938] netlink: 184 bytes leftover after parsing attributes in process `syz.4.1406'.
[  374.326133][ T5913] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  374.346025][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.442600][ T5913] usb 3-1: config 0 descriptor??
[  374.521213][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  374.551959][   T24] usb 4-1: config 0 interface 0 altsetting 129 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  374.622270][   T24] usb 4-1: config 0 interface 0 has no altsetting 1
[  374.672984][   T24] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  374.688305][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.715788][   T24] usb 4-1: config 0 descriptor??
[  374.886662][ T5913] plantronics 0003:047F:FFFF.001C: ignoring exceeding usage max
[  374.903638][ T5913] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  374.985421][   T24] usb 4-1: string descriptor 0 read error: -32
[  374.992967][   T24] pwc: Askey VC010 type 2 USB webcam detected.
[  375.150074][T10916] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  375.159183][T10916] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  375.402843][   T24] pwc: recv_control_msg error -71 req 02 val 2700
[  375.419174][   T24] pwc: recv_control_msg error -71 req 02 val 2c00
[  375.467816][   T24] pwc: recv_control_msg error -71 req 04 val 1000
[  375.529985][   T24] pwc: recv_control_msg error -71 req 04 val 1300
[  375.547086][   T24] pwc: recv_control_msg error -71 req 04 val 1400
[  375.566387][   T24] pwc: recv_control_msg error -71 req 02 val 2000
[  375.593687][   T24] pwc: recv_control_msg error -71 req 02 val 2100
[  375.611744][   T24] pwc: recv_control_msg error -71 req 04 val 1500
[  375.630985][   T24] pwc: recv_control_msg error -71 req 02 val 2500
[  375.647945][   T24] pwc: recv_control_msg error -71 req 02 val 2400
[  375.658394][   T24] pwc: recv_control_msg error -71 req 02 val 2600
[  375.666857][   T24] pwc: recv_control_msg error -71 req 02 val 2900
[  375.674088][   T24] pwc: recv_control_msg error -71 req 02 val 2800
[  375.707682][   T24] pwc: recv_control_msg error -71 req 04 val 1100
[  375.723368][   T24] pwc: recv_control_msg error -71 req 04 val 1200
[  375.745013][   T24] pwc: Registered as video103.
[  375.763649][T10951] loop2: detected capacity change from 0 to 7
[  375.787984][   T24] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input31
[  375.790697][T10951] Dev loop2: unable to read RDB block 7
[  375.842538][T10951]  loop2: unable to read partition table
[  375.846995][   T24] usb 4-1: USB disconnect, device number 74
[  375.919521][T10951] loop2: partition table beyond EOD, truncated
[  375.935595][T10951] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  376.119808][T10958] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  376.321864][T10969] loop6: detected capacity change from 0 to 7
[  376.339846][T10969] Dev loop6: unable to read RDB block 7
[  376.355694][T10969]  loop6: unable to read partition table
[  376.361871][T10969] loop6: partition table beyond EOD, truncated
[  376.388781][T10969] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  376.529682][ T5938] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  376.666955][T10984] netlink: 'syz.0.1419': attribute type 10 has an invalid length.
[  376.688424][ T5938] usb 2-1: Using ep0 maxpacket: 16
[  376.695732][ T5938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  376.714684][ T5938] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  376.732727][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.748730][ T5938] usb 2-1: Product: syz
[  376.804945][ T5938] usb 2-1: Manufacturer: syz
[  376.824410][ T5938] usb 2-1: SerialNumber: syz
[  376.834071][ T5938] usb 2-1: config 0 descriptor??
[  376.941691][ T5938] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  376.964587][ T5938] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  377.010016][   T24] usb 3-1: USB disconnect, device number 62
[  377.068829][ T5937] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  377.198736][ T5938] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  377.228280][ T5937] usb 4-1: Using ep0 maxpacket: 8
[  377.252743][ T5937] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  377.270857][ T5938] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  377.282361][ T5937] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 44809, setting to 1024
[  377.284066][T10991] loop6: detected capacity change from 0 to 7
[  377.305327][ T5938] em28xx 2-1:0.0: board has no eeprom
[  377.358763][T10991] Dev loop6: unable to read RDB block 7
[  377.364538][T10991]  loop6: unable to read partition table
[  377.371047][T10991] loop6: partition table beyond EOD, truncated
[  377.378333][T10991] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  377.389409][ T5937] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  377.458384][ T5937] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  377.478703][ T5938] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  377.522320][ T5938] em28xx 2-1:0.0: dvb set to bulk mode.
[  377.528406][ T7820] em28xx 2-1:0.0: Binding DVB extension
[  377.569340][ T5937] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  377.588052][ T5938] usb 2-1: USB disconnect, device number 79
[  377.600594][ T5938] em28xx 2-1:0.0: Disconnecting em28xx
[  377.606285][ T5937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.629745][ T5937] usb 4-1: Product: syz
[  377.650926][ T5937] usb 4-1: Manufacturer: syz
[  377.664629][ T5937] usb 4-1: SerialNumber: syz
[  377.684231][T10985] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  377.732901][T10985] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  377.882865][ T7820] em28xx 2-1:0.0: Registering input extension
[  378.013585][   T24] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  378.014365][ T5938] em28xx 2-1:0.0: Closing input extension
[  378.048961][ T5938] em28xx 2-1:0.0: Freeing device
[  378.267055][   T24] usb 5-1: Using ep0 maxpacket: 32
[  378.278808][T11000] loop9: detected capacity change from 0 to 7
[  378.331801][T11000] Dev loop9: unable to read RDB block 7
[  378.347207][   T24] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  378.347281][T11000]  loop9: unable to read partition table
[  378.401158][T11000] loop9: partition table beyond EOD, truncated
[  378.412854][T11000] loop_reread_partitions: partition scan of loop9 (�被x������ ) failed (rc=-5)
[  378.422108][   T24] usb 5-1: config 0 has no interface number 0
[  378.433610][   T24] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  378.450479][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.462020][   T24] usb 5-1: Product: syz
[  378.469577][   T24] usb 5-1: Manufacturer: syz
[  378.481468][   T24] usb 5-1: SerialNumber: syz
[  378.491033][   T24] usb 5-1: config 0 descriptor??
[  378.514165][   T24] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  378.638813][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  378.646846][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  378.767635][   T24] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  378.944767][   T24] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  379.222547][T11013] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1427'.
[  379.325030][T11014] syz.2.1428 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  379.500700][ T5937] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  379.564974][ T5937] usbtest 4-1:1.0: Linux user mode ISO test driver
[  379.606135][ T5937] usbtest 4-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  379.615022][T11020] loop6: detected capacity change from 0 to 7
[  379.638638][T11020] Dev loop6: unable to read RDB block 7
[  379.644373][T11020]  loop6: unable to read partition table
[  379.654467][ T5937] usb 4-1: USB disconnect, device number 75
[  379.681481][T11020] loop6: partition table beyond EOD, truncated
[  379.739183][T11020] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  380.268447][ T5937] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  380.373883][T11038] netlink: 'syz.1.1434': attribute type 10 has an invalid length.
[  380.430101][ T5937] usb 4-1: device descriptor read/64, error -71
[  380.640890][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  380.642470][ T5938] usb 5-1: USB disconnect, device number 61
[  380.657468][ T5938] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  380.695650][ T5938] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  380.709283][ T5937] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  380.747863][ T5938] quatech2 5-1:0.51: device disconnected
[  380.888451][ T5937] usb 4-1: device descriptor read/64, error -71
[  380.927376][T11044] loop2: detected capacity change from 0 to 7
[  380.937457][T11044] Dev loop2: unable to read RDB block 7
[  380.968882][T11044]  loop2: unable to read partition table
[  380.976889][T11044] loop2: partition table beyond EOD, truncated
[  380.997898][T11044] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  381.049734][ T5937] usb usb4-port1: attempt power cycle
[  381.056317][ T5199] Dev loop2: unable to read RDB block 7
[  381.087261][ T5199]  loop2: unable to read partition table
[  381.116411][ T5199] loop2: partition table beyond EOD, truncated
[  381.438273][ T5937] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  381.459163][ T5937] usb 4-1: device descriptor read/8, error -71
[  381.596480][T11053] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1439'.
[  381.698229][ T5937] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  381.726331][ T5937] usb 4-1: device descriptor read/8, error -71
[  381.849637][ T5937] usb usb4-port1: unable to enumerate USB device
[  381.978897][ T7820] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  381.986660][ T5938] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  382.138492][ T5938] usb 2-1: Using ep0 maxpacket: 8
[  382.143621][ T7820] usb 5-1: Using ep0 maxpacket: 8
[  382.174217][ T7820] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  382.186500][T11061] loop7: detected capacity change from 0 to 7
[  382.205994][ T7820] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 3145, setting to 1024
[  382.225519][T11061] Dev loop7: unable to read RDB block 7
[  382.241774][ T5938] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  382.259429][T11061]  loop7: unable to read partition table
[  382.268651][ T7820] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  382.279467][ T5938] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  382.296833][T11061] loop7: partition table beyond EOD, truncated
[  382.303382][ T7820] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  382.316373][ T5938] usb 2-1: config 1 has no interface number 1
[  382.335977][T11061] loop_reread_partitions: partition scan of loop7 (�被x������ ) failed (rc=-5)
[  382.338350][ T5938] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  382.375610][ T5938] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  382.391015][ T5938] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  382.400380][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.408891][ T5938] usb 2-1: Product: syz
[  382.413090][ T5938] usb 2-1: Manufacturer: syz
[  382.417682][ T5938] usb 2-1: SerialNumber: syz
[  382.436669][ T7820] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  382.446047][ T7820] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.479237][ T7820] usb 5-1: Product: syz
[  382.488279][ T7820] usb 5-1: Manufacturer: syz
[  382.494173][ T7820] usb 5-1: SerialNumber: syz
[  382.535225][T11057] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  382.548614][T11057] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  382.575509][T11065] loop9: detected capacity change from 0 to 7
[  382.600425][T11065] Dev loop9: unable to read RDB block 7
[  382.606120][T11065]  loop9: unable to read partition table
[  382.639348][T11067] loop6: detected capacity change from 0 to 7
[  382.646605][T11065] loop9: partition table beyond EOD, truncated
[  382.653104][T11065] loop_reread_partitions: partition scan of loop9 (�被x������ ) failed (rc=-5)
[  382.653342][ T5938] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  382.670559][T11067] Dev loop6: unable to read RDB block 7
[  382.670605][T11067]  loop6: unable to read partition table
[  382.670792][T11067] loop6: partition table beyond EOD, truncated
[  382.719213][T11067] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  382.732640][ T5938] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  382.750565][ T5938] usb 2-1: 2:1 : unsupported sample bitwidth 0 in 0 bytes
[  382.786417][T11069] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1446'.
[  382.899046][ T5938] usb 2-1: USB disconnect, device number 80
[  383.006987][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  383.117235][T11082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  383.168935][T11082] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  383.288762][T11085] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1447'.
[  383.297727][T11085] 0�: renamed from 
71� (while UP)
[  383.366224][T11085] A link change request failed with some changes committed already. Interface 
70� may have been left with an inconsistent configuration, please check.
[  383.453065][T11087] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1451'.
[  384.022269][T11098] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1454'.
[  384.246483][ T5885] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  384.277487][T11098] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1454'.
[  384.513901][ T5885] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  384.538255][ T5885] usb 2-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  384.547421][ T5885] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  384.556599][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.878444][ T7820] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  385.004340][T11105] loop7: detected capacity change from 0 to 7
[  385.067164][ T7820] usbtest 5-1:1.0: Linux user mode ISO test driver
[  385.074180][ T7820] usbtest 5-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  385.083703][T11105] Dev loop7: unable to read RDB block 7
[  385.110418][ T7820] usb 5-1: USB disconnect, device number 62
[  385.116453][T11105]  loop7: unable to read partition table
[  385.144154][T11105] loop7: partition table beyond EOD, truncated
[  385.390797][T11105] loop_reread_partitions: partition scan of loop7 (�被x������ ) failed (rc=-5)
[  385.704911][T11113] syz.4.1457 (11113): drop_caches: 0
[  385.769240][T11117] netlink: 'syz.2.1459': attribute type 2 has an invalid length.
[  385.780522][T11115] loop9: detected capacity change from 0 to 7
[  385.790751][T11115] Dev loop9: unable to read RDB block 7
[  385.796327][T11115]  loop9: unable to read partition table
[  385.902161][T11115] loop9: partition table beyond EOD, truncated
[  385.921928][T11115] loop_reread_partitions: partition scan of loop9 (�被x������ ) failed (rc=-5)
[  386.478559][ T7820] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[  386.561248][T11140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.572590][T11140] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  386.582601][T11140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.591498][T11140] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  386.601409][T11140] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1466'.
[  386.668307][   T24] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  386.687436][ T7820] usb 4-1: device descriptor read/64, error -71
[  386.736704][ T5885] usb 2-1: USB disconnect, device number 81
[  386.799509][T11148] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1467'.
[  386.808994][T11148] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1467'.
[  386.848305][   T24] usb 3-1: Using ep0 maxpacket: 16
[  386.855073][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  386.866619][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  386.884434][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  386.898326][   T24] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  386.909428][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.925035][   T24] usb 3-1: config 0 descriptor??
[  386.944198][ T7820] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[  387.078408][ T7820] usb 4-1: device descriptor read/64, error -71
[  387.192535][ T7820] usb usb4-port1: attempt power cycle
[  387.390119][   T24] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  387.404068][   T24] microsoft 0003:045E:07DA.001D: ignoring exceeding usage max
[  387.417450][   T24] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  387.481700][   T24] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  387.493908][   T24] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  387.504751][   T24] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  387.524968][T11159] loop6: detected capacity change from 0 to 7
[  387.528262][   T24] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  387.532161][T11159] Dev loop6: unable to read RDB block 7
[  387.544028][T11159]  loop6: unable to read partition table
[  387.548214][   T24] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  387.550233][T11159] loop6: partition table beyond EOD, truncated
[  387.563799][   T24] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  387.632726][   T24] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  387.681648][T11159] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  387.708676][ T7820] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[  387.731298][ T7820] usb 4-1: device descriptor read/8, error -71
[  387.781669][   T24] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  387.790789][   T24] microsoft 0003:045E:07DA.001D: unsupported Resolution Multiplier 0
[  387.801942][   T24] microsoft 0003:045E:07DA.001D: unsupported Resolution Multiplier 0
[  387.821266][   T24] microsoft 0003:045E:07DA.001D: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  387.835442][   T24] microsoft 0003:045E:07DA.001D: no inputs found
[  387.854233][   T24] microsoft 0003:045E:07DA.001D: could not initialize ff, continuing anyway
[  387.911679][T11164] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1471'.
[  387.971360][T11165] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1465'.
[  388.001216][ T7820] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[  388.070478][T11164] bridge_slave_1: left allmulticast mode
[  388.079710][ T7820] usb 4-1: device descriptor read/8, error -71
[  388.097728][T11164] bridge_slave_1: left promiscuous mode
[  388.101321][ T5938] usb 3-1: USB disconnect, device number 63
[  388.119660][T11164] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.187744][T11164] bridge_slave_0: left allmulticast mode
[  388.195203][T11164] bridge_slave_0: left promiscuous mode
[  388.198666][ T7820] usb usb4-port1: unable to enumerate USB device
[  388.203403][T11164] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.407512][T11168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.421132][T11168] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.516925][T11170] loop9: detected capacity change from 0 to 7
[  388.524181][T11170] Dev loop9: unable to read RDB block 7
[  388.530349][T11170]  loop9: unable to read partition table
[  388.536120][T11170] loop9: partition table beyond EOD, truncated
[  388.542436][T11170] loop_reread_partitions: partition scan of loop9 (�被x������ ) failed (rc=-5)
[  388.633664][T11168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.666368][T11168] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.953637][   T24] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  389.112371][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  389.121884][   T24] usb 3-1: config 7 has an invalid interface number: 112 but max is 0
[  389.134006][   T24] usb 3-1: config 7 has no interface number 0
[  389.140523][   T24] usb 3-1: config 7 interface 112 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024
[  389.150964][   T24] usb 3-1: config 7 interface 112 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 1023
[  389.162755][   T24] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=d0.57
[  389.173990][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.186530][   T24] usb 3-1: Product: 﫹䀖搕ꈫꍀ祄ẉ뤍쾶ﳇ䃟ﵚᣦֆ੢읽ꢖᳺ脡㒇䷀쩙
[  389.197926][   T24] usb 3-1: Manufacturer: ࠾
[  389.202601][   T24] usb 3-1: SerialNumber: syz
[  389.210304][T11176] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22
[  389.217568][T11176] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22
[  389.342429][T11194] loop6: detected capacity change from 0 to 7
[  389.350368][T11194] Dev loop6: unable to read RDB block 7
[  389.356715][T11194]  loop6: unable to read partition table
[  389.362796][T11194] loop6: partition table beyond EOD, truncated
[  389.369349][T11194] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  389.436770][T11176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  389.448783][T11176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  389.461034][   T24] pn533_usb 3-1:7.112: NFC: Could not find bulk-in or bulk-out endpoint
[  389.474692][   T24] usb 3-1: USB disconnect, device number 64
[  389.638539][ T5938] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  389.898276][ T5938] usb 4-1: Using ep0 maxpacket: 8
[  389.904643][T11200] loop6: detected capacity change from 0 to 7
[  389.922010][ T5938] usb 4-1: config 162 has an invalid interface number: 46 but max is 1
[  389.938892][T11200] Dev loop6: unable to read RDB block 7
[  389.948837][T11200]  loop6: unable to read partition table
[  389.954609][T11200] loop6: partition table beyond EOD, truncated
[  389.956998][ T5938] usb 4-1: config 162 has no interface number 0
[  390.226902][T11200] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  390.289341][ T5938] usb 4-1: config 162 interface 1 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  390.379100][ T5938] usb 4-1: config 162 interface 46 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  390.428250][ T5938] usb 4-1: config 162 interface 46 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  390.459718][ T5938] usb 4-1: config 162 interface 46 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  390.491765][ T5938] usb 4-1: config 162 interface 46 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  390.550953][ T5938] usb 4-1: config 162 interface 46 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  390.564222][ T5938] usb 4-1: config 162 interface 1 has no altsetting 0
[  390.577762][ T5938] usb 4-1: config 162 interface 46 has no altsetting 0
[  390.636386][ T5938] usb 4-1: New USB device found, idVendor=0bb4, idProduct=0a89, bcdDevice=26.be
[  390.646441][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.657698][ T5938] usb 4-1: Product: syz
[  390.676893][ T5938] usb 4-1: Manufacturer: syz
[  390.682660][ T5938] usb 4-1: SerialNumber: syz
[  390.808239][ T5885] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  390.930098][ T5938] ipaq 4-1:162.46: PocketPC PDA converter detected
[  390.936827][ T5938] usb 4-1: active config #162 != 1 ??
[  390.969558][ T5885] usb 3-1: Using ep0 maxpacket: 16
[  390.985220][ T5938] usb 4-1: USB disconnect, device number 84
[  390.992994][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  391.014636][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  391.025893][ T5885] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  391.039023][ T5885] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  391.048228][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.059472][ T5885] usb 3-1: config 0 descriptor??
[  391.485965][ T5885] microsoft 0003:045E:07DA.001E: ignoring exceeding usage max
[  391.507110][ T5885] microsoft 0003:045E:07DA.001E: unsupported Resolution Multiplier 0
[  391.672396][ T5885] microsoft 0003:045E:07DA.001E: unsupported Resolution Multiplier 0
[  391.700336][ T5885] microsoft 0003:045E:07DA.001E: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  391.775630][ T5885] microsoft 0003:045E:07DA.001E: no inputs found
[  391.896164][T11207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1486'.
[  391.918332][ T5885] microsoft 0003:045E:07DA.001E: could not initialize ff, continuing anyway
[  392.001125][ T5885] usb 3-1: USB disconnect, device number 65
[  392.117513][T11236] fido_id[11236]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  392.209085][T11241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  392.246035][T11241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  392.461603][ T5938] usb 5-1: new low-speed USB device number 63 using dummy_hcd
[  392.598313][ T5938] usb 5-1: device descriptor read/64, error -71
[  393.488527][ T5938] usb 5-1: new low-speed USB device number 64 using dummy_hcd
[  393.628233][ T5938] usb 5-1: device descriptor read/64, error -71
[  393.803758][ T5938] usb usb5-port1: attempt power cycle
[  393.897821][T11262] FAULT_INJECTION: forcing a failure.
[  393.897821][T11262] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  393.933990][T11262] CPU: 0 UID: 0 PID: 11262 Comm: syz.2.1503 Not tainted syzkaller #0 PREEMPT(full) 
[  393.934016][T11262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  393.934026][T11262] Call Trace:
[  393.934042][T11262]  <TASK>
[  393.934050][T11262]  dump_stack_lvl+0x189/0x250
[  393.934072][T11262]  ? __pfx____ratelimit+0x10/0x10
[  393.934093][T11262]  ? __pfx_dump_stack_lvl+0x10/0x10
[  393.934109][T11262]  ? __pfx__printk+0x10/0x10
[  393.934126][T11262]  ? __might_fault+0xb0/0x130
[  393.934159][T11262]  should_fail_ex+0x414/0x560
[  393.934184][T11262]  _copy_from_user+0x2d/0xb0
[  393.934202][T11262]  ___sys_sendmsg+0x158/0x2a0
[  393.934225][T11262]  ? __pfx____sys_sendmsg+0x10/0x10
[  393.934280][T11262]  ? __fget_files+0x2a/0x420
[  393.934296][T11262]  ? __fget_files+0x3a0/0x420
[  393.934322][T11262]  __x64_sys_sendmsg+0x19b/0x260
[  393.934344][T11262]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  393.934371][T11262]  ? __pfx_ksys_write+0x10/0x10
[  393.934397][T11262]  ? do_syscall_64+0xbe/0xfa0
[  393.934422][T11262]  do_syscall_64+0xfa/0xfa0
[  393.934441][T11262]  ? lockdep_hardirqs_on+0x9c/0x150
[  393.934460][T11262]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.934477][T11262]  ? clear_bhb_loop+0x60/0xb0
[  393.934497][T11262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.934513][T11262] RIP: 0033:0x7f53e9f8eec9
[  393.934530][T11262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.934545][T11262] RSP: 002b:00007f53ead67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  393.934563][T11262] RAX: ffffffffffffffda RBX: 00007f53ea1e5fa0 RCX: 00007f53e9f8eec9
[  393.934575][T11262] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  393.934586][T11262] RBP: 00007f53ead67090 R08: 0000000000000000 R09: 0000000000000000
[  393.934596][T11262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.934606][T11262] R13: 00007f53ea1e6038 R14: 00007f53ea1e5fa0 R15: 00007f53ea30fa28
[  393.934637][T11262]  </TASK>
[  394.268249][   T24] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  394.377044][ T5938] usb 5-1: new low-speed USB device number 65 using dummy_hcd
[  394.408675][ T5938] usb 5-1: device descriptor read/8, error -71
[  394.438221][   T24] usb 2-1: Using ep0 maxpacket: 8
[  394.453985][   T24] usb 2-1: config 135 has an invalid interface number: 230 but max is 0
[  394.463354][   T24] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  394.492829][   T24] usb 2-1: config 135 has no interface number 0
[  394.509450][ T5937] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  394.517166][   T24] usb 2-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  394.549762][   T24] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  394.559481][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.567969][   T24] usb 2-1: Product: syz
[  394.574826][   T24] usb 2-1: Manufacturer: syz
[  394.584904][   T24] usb 2-1: SerialNumber: syz
[  394.613856][   T24] uvcvideo 2-1:135.230: Found Unit with invalid ID 0
[  394.621825][   T24] uvcvideo 2-1:135.230: Found UVC 0.00 device syz (18ec:3288)
[  394.642330][ T5937] usb 4-1: device descriptor read/64, error -71
[  394.651172][   T24] uvcvideo 2-1:135.230: No valid video chain found.
[  394.678227][ T5938] usb 5-1: new low-speed USB device number 66 using dummy_hcd
[  394.719071][ T5938] usb 5-1: device descriptor read/8, error -71
[  394.872475][ T5938] usb usb5-port1: unable to enumerate USB device
[  394.886176][T11281] netlink: 'syz.0.1505': attribute type 10 has an invalid length.
[  394.906787][T11282] kvm: MWAIT instruction emulated as NOP!
[  394.925920][ T5938] usb 2-1: USB disconnect, device number 82
[  395.021001][ T5937] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  395.168230][ T5937] usb 4-1: device descriptor read/64, error -71
[  395.277200][T11285] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1507'.
[  395.288481][T11285] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1507'.
[  395.302746][T11285] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1507'.
[  395.319677][ T5937] usb usb4-port1: attempt power cycle
[  395.468654][ T5938] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  395.679947][ T5937] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[  395.699891][ T5938] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  395.709741][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.722688][ T5937] usb 4-1: device descriptor read/8, error -71
[  395.739731][ T5938] usb 3-1: config 0 descriptor??
[  395.815263][ T5938] cp210x 3-1:0.0: cp210x converter detected
[  395.993340][ T5937] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[  396.305608][ T5937] usb 4-1: device descriptor read/8, error -71
[  396.418739][ T5937] usb usb4-port1: unable to enumerate USB device
[  396.428543][ T7820] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  396.578653][ T5899] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  396.625210][ T7820] usb 2-1: Using ep0 maxpacket: 32
[  396.748442][ T5938] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[  396.787888][ T7820] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  396.797273][ T7820] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.805739][ T5899] usb 5-1: device descriptor read/64, error -71
[  396.812659][ T7820] usb 2-1: Product: syz
[  396.818480][ T7820] usb 2-1: Manufacturer: syz
[  396.830312][ T7820] usb 2-1: SerialNumber: syz
[  396.850112][ T7820] usb 2-1: config 0 descriptor??
[  396.869247][ T7820] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  396.992705][ T5938] usb 3-1: cp210x converter now attached to ttyUSB0
[  397.058856][ T5899] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  397.198326][ T5899] usb 5-1: device descriptor read/64, error -71
[  397.206000][T11279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  397.217576][T11279] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  397.234500][T11309] loop6: detected capacity change from 0 to 7
[  397.253533][T11309] Dev loop6: unable to read RDB block 7
[  397.265531][T11309]  loop6: unable to read partition table
[  397.284334][T11309] loop6: partition table beyond EOD, truncated
[  397.304140][T11309] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  397.320132][ T5899] usb usb5-port1: attempt power cycle
[  397.332104][T11283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  397.383057][T11283] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  397.429851][T11283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  397.459562][T11283] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  397.537214][T11311] 8021q: adding VLAN 0 to HW filter on device bond1
[  397.668297][ T5899] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  397.722344][ T5899] usb 5-1: device descriptor read/8, error -71
[  397.957653][T11319] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  397.966840][T11319] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  397.978448][ T5899] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  398.000568][ T5899] usb 5-1: device descriptor read/8, error -71
[  398.108835][ T5899] usb usb5-port1: unable to enumerate USB device
[  398.298713][ T7820] gspca_ov534_9: reg_w failed -110
[  398.588238][ T7820] gspca_ov534_9: Unknown sensor 0000
[  398.588378][ T7820] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[  398.617052][   T24] usb 3-1: USB disconnect, device number 66
[  398.649640][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  398.676976][T11326] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1519'.
[  398.769118][   T24] cp210x 3-1:0.0: device disconnected
[  398.893426][T11326] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  398.910948][T11326] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  398.922861][T11326] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1519'.
[  398.931873][T11326] netlink: 'syz.0.1519': attribute type 5 has an invalid length.
[  398.939681][T11326] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1519'.
[  398.962317][T11326] geneve2: entered promiscuous mode
[  398.967584][T11326] geneve2: entered allmulticast mode
[  398.986819][T11326] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  398.996160][T11326] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  399.040070][ T3535] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  399.068046][ T3535] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  399.081525][ T3535] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  399.103221][ T3535] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  399.121515][ T5885] usb 2-1: USB disconnect, device number 83
[  399.256067][T11335] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1523'.
[  399.576457][T11341] loop6: detected capacity change from 0 to 7
[  399.578256][ T7820] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  399.594550][T11341] Dev loop6: unable to read RDB block 7
[  399.603939][T11341]  loop6: unable to read partition table
[  399.610701][T11341] loop6: partition table beyond EOD, truncated
[  399.618402][ T5885] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  399.637458][T11341] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  399.738399][ T7820] usb 3-1: Using ep0 maxpacket: 32
[  399.745155][ T7820] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  399.754486][ T7820] usb 3-1: config 0 has no interface number 0
[  399.771591][ T7820] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  399.819842][ T5885] usb 2-1: Using ep0 maxpacket: 8
[  399.825469][ T7820] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.834400][ T7820] usb 3-1: Product: syz
[  399.839102][ T5885] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  399.856740][ T5885] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  399.869570][ T7820] usb 3-1: Manufacturer: syz
[  399.871096][ T5885] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  399.874641][ T7820] usb 3-1: SerialNumber: syz
[  399.885223][ T5885] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  399.899298][ T5885] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  399.930910][ T5885] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  399.940514][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.949230][ T7820] usb 3-1: config 0 descriptor??
[  399.967502][ T7820] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  400.108323][   T24] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  400.160585][ T5885] usb 2-1: usb_control_msg returned -32
[  400.168234][ T5885] usbtmc 2-1:16.0: can't read capabilities
[  400.200232][ T5885] usb 2-1: USB disconnect, device number 84
[  400.245403][T11346] netlink: 'syz.2.1524': attribute type 1 has an invalid length.
[  400.258992][   T24] usb 5-1: Using ep0 maxpacket: 8
[  400.272589][T11346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  400.283454][   T24] usb 5-1: config 5 has an invalid descriptor of length 242, skipping remainder of the config
[  400.286892][T11346] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  400.302255][   T24] usb 5-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[  400.321942][   T24] usb 5-1: New USB device found, idVendor=04e6, idProduct=0009, bcdDevice= 2.00
[  400.333122][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.342150][   T24] usb 5-1: Product: syz
[  400.346333][   T24] usb 5-1: Manufacturer: syz
[  400.357528][   T24] usb 5-1: SerialNumber: syz
[  400.543764][T11353] loop7: detected capacity change from 0 to 7
[  400.553226][T11353] Dev loop7: unable to read RDB block 7
[  400.559553][T11353]  loop7: unable to read partition table
[  400.565695][T11353] loop7: partition table beyond EOD, truncated
[  400.572081][T11353] loop_reread_partitions: partition scan of loop7 (�被x������ ) failed (rc=-5)
[  400.654862][T11343] netlink: 'syz.4.1527': attribute type 8 has an invalid length.
[  400.794001][T11358] program syz.1.1531 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  400.811312][   T24] usb 5-1: USB disconnect, device number 71
[  401.361476][T11363] loop9: detected capacity change from 0 to 7
[  401.372694][ T5825] Dev loop9: unable to read RDB block 7
[  401.378705][ T5825]  loop9: unable to read partition table
[  401.386453][ T5825] loop9: partition table beyond EOD, truncated
[  401.398923][T11363] Dev loop9: unable to read RDB block 7
[  401.408582][T11363]  loop9: unable to read partition table
[  401.414546][T11363] loop9: partition table beyond EOD, truncated
[  401.426538][T11363] loop_reread_partitions: partition scan of loop9 (�被x������ ) failed (rc=-5)
[  401.737929][T11365] loop6: detected capacity change from 0 to 7
[  401.785885][T11365] Dev loop6: unable to read RDB block 7
[  401.793281][T11365]  loop6: unable to read partition table
[  401.801234][T11365] loop6: partition table beyond EOD, truncated
[  401.820351][T11365] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  402.659010][ T7820] usb 3-1: qt2_attach - failed to power on unit: -71
[  402.718583][ T7820] quatech2 3-1:0.51: probe with driver quatech2 failed with error -71
[  402.886260][ T7820] usb 3-1: USB disconnect, device number 67
[  403.148229][ T5937] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  403.310858][ T5937] usb 2-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0
[  403.321159][ T5937] usb 2-1: config 0 interface 0 has no altsetting 0
[  403.327754][ T5937] usb 2-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00
[  403.361534][ T5937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.406388][ T5937] usb 2-1: config 0 descriptor??
[  403.458335][ T7820] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  403.614613][ T7820] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  403.649613][ T7820] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.659558][ T7820] usb 3-1: Product: syz
[  403.663765][ T7820] usb 3-1: Manufacturer: syz
[  403.669251][ T7820] usb 3-1: SerialNumber: syz
[  403.671661][T11374] netlink: 'syz.0.1536': attribute type 16 has an invalid length.
[  403.679530][ T7820] r8152-cfgselector 3-1: Unknown version 0x0000
[  403.688514][T11374] netlink: 'syz.0.1536': attribute type 17 has an invalid length.
[  403.697519][ T7820] r8152-cfgselector 3-1: config 0 descriptor??
[  403.754339][T11374] 8021q: adding VLAN 0 to HW filter on device team0
[  403.778649][T11374] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  403.795716][T11397] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1544'.
[  403.876303][ T5937] ryos 0003:1E7D:3138.001F: hidraw0: USB HID v8.80 Device [HID 1e7d:3138] on usb-dummy_hcd.1-1/input0
[  404.028228][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  404.028248][   T30] audit: type=1326 audit(1759912286.294:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11399 comm="syz.4.1545" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2188b8eec9 code=0x0
[  404.141674][ T7820] r8152-cfgselector 3-1: USB disconnect, device number 68
[  404.178974][T11407] tmpfs: Unknown parameter 'mMI����V��MCD'_v��
��Z>iJ6��P3�!����qh/U��}��x�;0
���>�W���[�o2N���|X�����TZaj�X�1X�Z�{(��������Hlə�_��*)a8|�t��}  �Xp��$����R�)���R�V'�9R�d��X�X�i'�ܣ
��j<�}�K����a��� �hm�J�F��}���x���^w'
[  404.772915][ T5938] usb 2-1: USB disconnect, device number 85
[  404.880092][T11426] netlink: 'syz.2.1550': attribute type 10 has an invalid length.
[  405.399097][ T5938] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  405.563795][T11442] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  405.578238][ T5938] usb 2-1: Using ep0 maxpacket: 16
[  405.711321][T11440] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  405.809803][ T5938] usb 2-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  405.847992][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.856215][ T5938] usb 2-1: Product: syz
[  405.866371][ T5938] usb 2-1: Manufacturer: syz
[  405.876517][ T5938] usb 2-1: SerialNumber: syz
[  405.906441][ T5938] usb 2-1: config 0 descriptor??
[  405.930708][ T5938] ums-onetouch 2-1:0.0: USB Mass Storage device detected
[  406.146574][ T5938] usb 2-1: USB disconnect, device number 86
[  406.348233][ T7405] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  406.583533][ T7405] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  406.602613][ T7405] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  406.640068][ T7405] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  406.656412][T11457] netlink: 184 bytes leftover after parsing attributes in process `syz.4.1560'.
[  406.683351][ T7405] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  406.718555][ T7405] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.741820][ T7405] usb 4-1: config 0 descriptor??
[  406.845241][T11463] FAULT_INJECTION: forcing a failure.
[  406.845241][T11463] name failslab, interval 1, probability 0, space 0, times 0
[  407.472587][T11463] CPU: 0 UID: 0 PID: 11463 Comm: syz.2.1561 Not tainted syzkaller #0 PREEMPT(full) 
[  407.472630][T11463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  407.472653][T11463] Call Trace:
[  407.472669][T11463]  <TASK>
[  407.472685][T11463]  dump_stack_lvl+0x189/0x250
[  407.472710][T11463]  ? __pfx____ratelimit+0x10/0x10
[  407.472731][T11463]  ? __pfx_dump_stack_lvl+0x10/0x10
[  407.472749][T11463]  ? __pfx__printk+0x10/0x10
[  407.472774][T11463]  ? __pfx___might_resched+0x10/0x10
[  407.472791][T11463]  ? fs_reclaim_acquire+0x7d/0x100
[  407.472821][T11463]  should_fail_ex+0x414/0x560
[  407.472846][T11463]  should_failslab+0xa8/0x100
[  407.472866][T11463]  __kmalloc_noprof+0xcb/0x7f0
[  407.472887][T11463]  ? tomoyo_encode+0x28b/0x550
[  407.472916][T11463]  tomoyo_encode+0x28b/0x550
[  407.472943][T11463]  tomoyo_realpath_from_path+0x58d/0x5d0
[  407.472975][T11463]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  407.472995][T11463]  tomoyo_path_number_perm+0x1e8/0x5a0
[  407.473016][T11463]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  407.473075][T11463]  ? __fget_files+0x2a/0x420
[  407.473097][T11463]  ? __fget_files+0x3a0/0x420
[  407.473112][T11463]  ? __fget_files+0x2a/0x420
[  407.473132][T11463]  security_file_ioctl+0xcb/0x2d0
[  407.473154][T11463]  __se_sys_ioctl+0x47/0x170
[  407.473178][T11463]  do_syscall_64+0xfa/0xfa0
[  407.473197][T11463]  ? lockdep_hardirqs_on+0x9c/0x150
[  407.473217][T11463]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.473235][T11463]  ? clear_bhb_loop+0x60/0xb0
[  407.473256][T11463]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.473274][T11463] RIP: 0033:0x7f53e9f8eec9
[  407.473291][T11463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.473307][T11463] RSP: 002b:00007f53e81f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  407.473326][T11463] RAX: ffffffffffffffda RBX: 00007f53ea1e6090 RCX: 00007f53e9f8eec9
[  407.473340][T11463] RDX: 0000200000000000 RSI: 0000000000005393 RDI: 0000000000000008
[  407.473352][T11463] RBP: 00007f53e81f6090 R08: 0000000000000000 R09: 0000000000000000
[  407.473367][T11463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.473378][T11463] R13: 00007f53ea1e6128 R14: 00007f53ea1e6090 R15: 00007f53ea30fa28
[  407.473410][T11463]  </TASK>
[  407.473509][T11463] ERROR: Out of memory at tomoyo_realpath_from_path.
[  407.599383][ T5885] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  407.723071][ T7405] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  407.804985][ T7405] usb 4-1: USB disconnect, device number 89
[  408.018234][ T5885] usb 5-1: Using ep0 maxpacket: 32
[  408.029446][ T5885] usb 5-1: unable to get BOS descriptor or descriptor too short
[  408.055901][ T5885] usb 5-1: config 8 has an invalid interface number: 143 but max is 3
[  408.065799][ T5885] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  408.118012][ T5885] usb 5-1: config 8 has 1 interface, different from the descriptor's value: 4
[  408.146457][T11473] fido_id[11473]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  408.183346][ T5885] usb 5-1: config 8 has no interface number 0
[  408.191249][ T5885] usb 5-1: config 8 interface 143 altsetting 193 endpoint 0x4 has invalid maxpacket 1023, setting to 64
[  408.203047][ T5885] usb 5-1: config 8 interface 143 altsetting 193 endpoint 0x9 has invalid wMaxPacketSize 0
[  408.242162][ T5885] usb 5-1: config 8 interface 143 altsetting 193 bulk endpoint 0x9 has invalid maxpacket 0
[  408.252591][ T5885] usb 5-1: config 8 interface 143 altsetting 193 has 2 endpoint descriptors, different from the interface descriptor's value: 4
[  408.280415][ T5885] usb 5-1: config 8 interface 143 has no altsetting 0
[  408.291739][ T5885] usb 5-1: New USB device found, idVendor=1608, idProduct=021d, bcdDevice= 8.a4
[  408.302290][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.312840][ T5885] usb 5-1: Product: syz
[  408.317107][ T5885] usb 5-1: Manufacturer: syz
[  408.323102][ T5885] usb 5-1: SerialNumber: syz
[  408.569659][T11468] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1563'.
[  408.599763][T11468] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1563'.
[  408.603770][T11490] RDS: rds_bind could not find a transport for ae0c:91e3:ccfb:11d2:0:5efe:150.125.240.108, load rds_tcp or rds_rdma?
[  408.666484][T11468] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1563'.
[  408.727383][ T5885] io_ti 5-1:8.143: required endpoints missing
[  408.783703][ T5885] usb 5-1: USB disconnect, device number 72
[  408.835691][T11494] 8021q: adding VLAN 0 to HW filter on device bond2
[  409.103249][T11503] macvlan0: entered promiscuous mode
[  409.112868][T11503] batadv0: entered promiscuous mode
[  409.123893][T11503] debugfs: 'hsr0' already exists in 'hsr'
[  409.158359][T11503] Cannot create hsr debugfs directory
[  409.164169][T11503] hsr0: entered allmulticast mode
[  409.174279][T11503] macvlan0: left promiscuous mode
[  409.181186][T11503] batadv0: left promiscuous mode
[  409.868225][   T24] usb 2-1: new full-speed USB device number 87 using dummy_hcd
[  410.011032][T11527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  410.033798][T11527] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  410.050814][   T24] usb 2-1: config 150 has an invalid interface number: 204 but max is 2
[  410.061036][   T24] usb 2-1: config 150 has 2 interfaces, different from the descriptor's value: 3
[  410.083959][   T24] usb 2-1: config 150 has no interface number 0
[  410.220693][   T24] usb 2-1: too many endpoints for config 150 interface 1 altsetting 240: 255, using maximum allowed: 30
[  410.268936][   T24] usb 2-1: config 150 interface 1 altsetting 240 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  410.350702][   T24] usb 2-1: config 150 interface 204 has no altsetting 0
[  410.357717][   T24] usb 2-1: config 150 interface 1 has no altsetting 0
[  410.397081][   T24] usb 2-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  410.415292][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.424848][   T24] usb 2-1: Product: syz
[  410.429119][   T24] usb 2-1: Manufacturer: syz
[  410.433896][   T24] usb 2-1: SerialNumber: syz
[  410.508822][T11533] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1580'.
[  410.545003][T11533] 1�: renamed from 
70� (while UP)
[  410.556862][T11533] A link change request failed with some changes committed already. Interface 
71� may have been left with an inconsistent configuration, please check.
[  410.678679][   T24] xr_serial 2-1:150.204: skipping garbage
[  410.684575][   T24] xr_serial 2-1:150.204: xr_serial converter detected
[  411.084583][   T24] xr_serial ttyUSB0: Failed to set reg 0x0d: -71
[  411.092953][   T24] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  411.108997][   T24] usb 2-1: USB disconnect, device number 87
[  411.122866][   T24] xr_serial 2-1:150.204: device disconnected
[  411.408250][ T5937] usb 3-1: new low-speed USB device number 69 using dummy_hcd
[  411.558421][ T5937] usb 3-1: Invalid ep0 maxpacket: 64
[  411.688512][ T5937] usb 3-1: new low-speed USB device number 70 using dummy_hcd
[  411.708525][   T24] usb 4-1: new full-speed USB device number 90 using dummy_hcd
[  411.794925][T11574] loop7: detected capacity change from 0 to 7
[  411.805075][ T5825] Dev loop7: unable to read RDB block 7
[  411.811038][ T5825]  loop7: unable to read partition table
[  411.817100][ T5825] loop7: partition table beyond EOD, truncated
[  411.829411][T11574] Dev loop7: unable to read RDB block 7
[  411.835269][T11574]  loop7: unable to read partition table
[  411.848635][ T5937] usb 3-1: Invalid ep0 maxpacket: 64
[  411.854335][T11574] loop7: partition table beyond EOD, truncated
[  411.861829][ T5937] usb usb3-port1: attempt power cycle
[  411.877740][T11574] loop_reread_partitions: partition scan of loop7 (�被x������ ) failed (rc=-5)
[  411.889514][   T24] usb 4-1: not running at top speed; connect to a high speed hub
[  411.931557][   T24] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  411.944087][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  411.964469][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  411.988703][   T24] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 4, skipping
[  412.026489][   T24] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  412.052065][   T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  412.061529][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.085589][   T24] usb 4-1: Product: syz
[  412.090349][   T24] usb 4-1: Manufacturer: syz
[  412.094957][   T24] usb 4-1: SerialNumber: syz
[  412.238509][ T5937] usb 3-1: new low-speed USB device number 71 using dummy_hcd
[  412.259849][ T5937] usb 3-1: Invalid ep0 maxpacket: 64
[  412.308369][ T7820] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[  412.348265][ T5938] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  412.388538][ T5937] usb 3-1: new low-speed USB device number 72 using dummy_hcd
[  412.403327][   T24] usb 4-1: 0:2 : does not exist
[  412.419468][ T5937] usb 3-1: Invalid ep0 maxpacket: 64
[  412.424529][   T24] usb 4-1: USB disconnect, device number 90
[  412.426025][ T5937] usb usb3-port1: unable to enumerate USB device
[  412.482290][ T7820] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  412.505063][ T5938] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  412.517028][ T7820] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  412.545044][ T5938] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  412.567384][ T7820] usb 2-1: config 0 interface 0 has no altsetting 0
[  412.577712][ T5938] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  412.605562][ T7820] usb 2-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[  412.615862][ T5938] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  412.636896][ T7820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.647015][ T5938] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.657628][ T7820] usb 2-1: config 0 descriptor??
[  412.678293][ T5938] usb 5-1: config 0 descriptor??
[  412.761421][T11594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.770552][T11594] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.791995][T11594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.801417][T11594] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.869758][T11580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.878583][T11580] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  413.078874][ T5938] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  413.096838][T11580] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1596'.
[  413.115148][T11580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  413.127361][T11580] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  413.197232][ T7820] hid_parser_main: 12 callbacks suppressed
[  413.197255][ T7820] logitech 0003:046D:C24F.0022: unknown main item tag 0x0
[  413.214269][ T7820] logitech 0003:046D:C24F.0022: unknown main item tag 0x0
[  413.222164][ T7820] logitech 0003:046D:C24F.0022: unknown main item tag 0x0
[  413.230676][ T7820] logitech 0003:046D:C24F.0022: unknown main item tag 0x0
[  413.249116][ T7820] logitech 0003:046D:C24F.0022: hidraw1: USB HID v0.05 Device [HID 046d:c24f] on usb-dummy_hcd.1-1/input0
[  413.262943][ T7820] logitech 0003:046D:C24F.0022: no inputs found
[  413.350661][   T24] usb 5-1: USB disconnect, device number 73
[  413.392717][T11600] FAULT_INJECTION: forcing a failure.
[  413.392717][T11600] name failslab, interval 1, probability 0, space 0, times 0
[  413.409579][T11600] CPU: 0 UID: 0 PID: 11600 Comm: syz.3.1601 Not tainted syzkaller #0 PREEMPT(full) 
[  413.409605][T11600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  413.409616][T11600] Call Trace:
[  413.409624][T11600]  <TASK>
[  413.409633][T11600]  dump_stack_lvl+0x189/0x250
[  413.409656][T11600]  ? __pfx____ratelimit+0x10/0x10
[  413.409678][T11600]  ? __pfx_dump_stack_lvl+0x10/0x10
[  413.409696][T11600]  ? __pfx__printk+0x10/0x10
[  413.409721][T11600]  ? __pfx___might_resched+0x10/0x10
[  413.409745][T11600]  should_fail_ex+0x414/0x560
[  413.409771][T11600]  should_failslab+0xa8/0x100
[  413.409791][T11600]  __kmalloc_noprof+0xcb/0x7f0
[  413.409812][T11600]  ? kfree+0x4d/0x6d0
[  413.409829][T11600]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  413.409859][T11600]  tomoyo_realpath_from_path+0xe3/0x5d0
[  413.409884][T11600]  ? tomoyo_domain+0xd9/0x130
[  413.409912][T11600]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  413.409931][T11600]  tomoyo_path_number_perm+0x1e8/0x5a0
[  413.409955][T11600]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  413.410013][T11600]  ? __fget_files+0x2a/0x420
[  413.410035][T11600]  ? __fget_files+0x3a0/0x420
[  413.410049][T11600]  ? __fget_files+0x2a/0x420
[  413.410070][T11600]  security_file_ioctl+0xcb/0x2d0
[  413.410092][T11600]  __se_sys_ioctl+0x47/0x170
[  413.410115][T11600]  do_syscall_64+0xfa/0xfa0
[  413.410140][T11600]  ? lockdep_hardirqs_on+0x9c/0x150
[  413.410160][T11600]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.410178][T11600]  ? clear_bhb_loop+0x60/0xb0
[  413.410198][T11600]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.410216][T11600] RIP: 0033:0x7f500118eec9
[  413.410232][T11600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  413.410248][T11600] RSP: 002b:00007f5001f5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  413.410267][T11600] RAX: ffffffffffffffda RBX: 00007f50013e5fa0 RCX: 00007f500118eec9
[  413.410280][T11600] RDX: 0000200000000000 RSI: 0000000000005393 RDI: 0000000000000008
[  413.410292][T11600] RBP: 00007f5001f5f090 R08: 0000000000000000 R09: 0000000000000000
[  413.410304][T11600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.410315][T11600] R13: 00007f50013e6038 R14: 00007f50013e5fa0 R15: 00007f500150fa28
[  413.410348][T11600]  </TASK>
[  413.410356][T11600] ERROR: Out of memory at tomoyo_realpath_from_path.
[  414.563412][T11632] vti0: entered promiscuous mode
[  414.568521][T11632] vti0: entered allmulticast mode
[  415.078251][   T24] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  415.093181][ T5885] usb 2-1: USB disconnect, device number 88
[  415.368706][   T24] usb 3-1: Using ep0 maxpacket: 32
[  415.384062][T11638] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.1613'.
[  415.489099][   T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  415.532760][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.549999][   T24] usb 3-1: Product: syz
[  415.554208][   T24] usb 3-1: Manufacturer: syz
[  415.559409][T11647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.570136][T11647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.728807][   T24] usb 3-1: SerialNumber: syz
[  415.819980][T11652] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1617'.
[  416.615826][T11668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  416.641479][T11668] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  417.430869][T11674] netlink: 184 bytes leftover after parsing attributes in process `syz.4.1623'.
[  417.681357][T11678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  417.789326][T11678] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  418.078184][T11688] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1629'.
[  418.088541][T11688] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1629'.
[  418.097424][T11688] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1629'.
[  418.110240][T11688] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1629'.
[  418.166946][T11688] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1629'.
[  418.246235][   T24] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  418.303496][T11690] 8021q: adding VLAN 0 to HW filter on device bond2
[  418.331768][   T24] usb 3-1: USB disconnect, device number 73
[  418.464686][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  418.728301][ T5937] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  418.828213][   T24] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  418.838238][ T7820] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  418.880596][ T5937] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  418.892864][ T5937] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  418.905766][ T5937] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  418.922141][ T5937] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  418.932508][ T5937] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.949594][ T5937] usb 5-1: config 0 descriptor??
[  418.998300][ T7820] usb 4-1: Using ep0 maxpacket: 16
[  418.998364][   T24] usb 3-1: Using ep0 maxpacket: 16
[  419.011301][ T7820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  419.017620][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  419.068214][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  419.077239][ T7820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  419.094462][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  419.100826][ T7820] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  419.131967][   T24] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  419.154056][ T7820] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  419.154330][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.173886][ T7820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.209921][ T7820] usb 4-1: config 0 descriptor??
[  419.238646][   T24] usb 3-1: config 0 descriptor??
[  419.265433][   T30] audit: type=1326 audit(1759912301.544:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11706 comm="syz.0.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  419.290854][T11707] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1636'.
[  419.300164][T11707] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1636'.
[  419.315398][T11707] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1636'.
[  419.328612][   T30] audit: type=1326 audit(1759912301.544:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11706 comm="syz.0.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  419.352063][   T30] audit: type=1326 audit(1759912301.574:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11706 comm="syz.0.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  419.375296][   T30] audit: type=1326 audit(1759912301.574:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11706 comm="syz.0.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  419.411509][   T30] audit: type=1326 audit(1759912301.574:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11706 comm="syz.0.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  419.464996][ T5937] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  419.483607][T11709] netlink: 'syz.0.1637': attribute type 1 has an invalid length.
[  419.508012][   T30] audit: type=1326 audit(1759912301.574:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11706 comm="syz.0.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  419.541178][   T30] audit: type=1326 audit(1759912301.574:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11706 comm="syz.0.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  419.584272][T11709] 8021q: adding VLAN 0 to HW filter on device bond2
[  419.630272][T11712] 8021q: adding VLAN 0 to HW filter on device batadv1
[  419.633449][   T30] audit: type=1326 audit(1759912301.574:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11706 comm="syz.0.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  419.664464][   T30] audit: type=1326 audit(1759912301.594:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11706 comm="syz.0.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  419.687356][   T30] audit: type=1326 audit(1759912301.594:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11706 comm="syz.0.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd794f8eec9 code=0x7ffc0000
[  419.717998][ T5937] usb 5-1: USB disconnect, device number 74
[  419.730570][T11712] bond2: (slave batadv1): making interface the new active one
[  419.732581][ T7820] input: HID 05ac:8241 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:05AC:8241.0025/input/input33
[  419.748444][   T24] input: HID 05ac:8241 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:05AC:8241.0024/input/input34
[  419.790006][T11712] bond2: (slave batadv1): Enslaving as an active interface with an up link
[  419.863943][T11698] FAULT_INJECTION: forcing a failure.
[  419.863943][T11698] name failslab, interval 1, probability 0, space 0, times 0
[  419.887581][T11698] CPU: 0 UID: 0 PID: 11698 Comm: syz.2.1633 Not tainted syzkaller #0 PREEMPT(full) 
[  419.887606][T11698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  419.887617][T11698] Call Trace:
[  419.887625][T11698]  <TASK>
[  419.887633][T11698]  dump_stack_lvl+0x189/0x250
[  419.887658][T11698]  ? __pfx____ratelimit+0x10/0x10
[  419.887678][T11698]  ? __pfx_dump_stack_lvl+0x10/0x10
[  419.887698][T11698]  ? __pfx__printk+0x10/0x10
[  419.887722][T11698]  ? __pfx___might_resched+0x10/0x10
[  419.887747][T11698]  should_fail_ex+0x414/0x560
[  419.887772][T11698]  should_failslab+0xa8/0x100
[  419.887791][T11698]  __kmalloc_noprof+0xcb/0x7f0
[  419.887811][T11698]  ? kfree+0x4d/0x6d0
[  419.887828][T11698]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  419.887858][T11698]  tomoyo_realpath_from_path+0xe3/0x5d0
[  419.887882][T11698]  ? tomoyo_domain+0xd9/0x130
[  419.887909][T11698]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  419.887930][T11698]  tomoyo_path_number_perm+0x1e8/0x5a0
[  419.887952][T11698]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  419.888009][T11698]  ? __fget_files+0x2a/0x420
[  419.888029][T11698]  ? __fget_files+0x3a0/0x420
[  419.888043][T11698]  ? __fget_files+0x2a/0x420
[  419.888061][T11698]  security_file_ioctl+0xcb/0x2d0
[  419.888082][T11698]  __se_sys_ioctl+0x47/0x170
[  419.888106][T11698]  do_syscall_64+0xfa/0xfa0
[  419.888128][T11698]  ? lockdep_hardirqs_on+0x9c/0x150
[  419.888147][T11698]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.888163][T11698]  ? clear_bhb_loop+0x60/0xb0
[  419.888182][T11698]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.888195][T11698] RIP: 0033:0x7f53e9f8eec9
[  419.888227][T11698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.888240][T11698] RSP: 002b:00007f53ead67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  419.888264][T11698] RAX: ffffffffffffffda RBX: 00007f53ea1e5fa0 RCX: 00007f53e9f8eec9
[  419.888275][T11698] RDX: 0000200000000080 RSI: 0000000040284504 RDI: 0000000000000004
[  419.888284][T11698] RBP: 00007f53ead67090 R08: 0000000000000000 R09: 0000000000000000
[  419.888293][T11698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.888301][T11698] R13: 00007f53ea1e6038 R14: 00007f53ea1e5fa0 R15: 00007f53ea30fa28
[  419.888325][T11698]  </TASK>
[  419.893331][   T24] appleir 0003:05AC:8241.0024: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0
[  419.954987][T11717] FAULT_INJECTION: forcing a failure.
[  419.954987][T11717] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  419.987388][T11698] ERROR: Out of memory at tomoyo_realpath_from_path.
[  420.028519][T11717] CPU: 0 UID: 0 PID: 11717 Comm: syz.1.1638 Not tainted syzkaller #0 PREEMPT(full) 
[  420.028546][T11717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  420.028558][T11717] Call Trace:
[  420.028565][T11717]  <TASK>
[  420.028573][T11717]  dump_stack_lvl+0x189/0x250
[  420.028598][T11717]  ? __pfx____ratelimit+0x10/0x10
[  420.028619][T11717]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.028636][T11717]  ? __pfx__printk+0x10/0x10
[  420.028655][T11717]  ? __might_fault+0xb0/0x130
[  420.028688][T11717]  should_fail_ex+0x414/0x560
[  420.028715][T11717]  _copy_from_user+0x2d/0xb0
[  420.028732][T11717]  scsi_ioctl+0x489/0x1fb0
[  420.028756][T11717]  ? __pfx_scsi_ioctl+0x10/0x10
[  420.028807][T11717]  ? __pfx___might_resched+0x10/0x10
[  420.028824][T11717]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.028859][T11717]  ? scsi_block_when_processing_errors+0x390/0x470
[  420.028879][T11717]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  420.028900][T11717]  ? __pfx_scsi_block_when_processing_errors+0x10/0x10
[  420.028939][T11717]  sg_ioctl+0x1886/0x2230
[  420.028971][T11717]  ? __pfx_sg_ioctl+0x10/0x10
[  420.028996][T11717]  ? __fget_files+0x2a/0x420
[  420.029016][T11717]  ? __fget_files+0x3a0/0x420
[  420.029031][T11717]  ? __fget_files+0x2a/0x420
[  420.029050][T11717]  ? bpf_lsm_file_ioctl+0x9/0x20
[  420.029069][T11717]  ? __pfx_sg_ioctl+0x10/0x10
[  420.029090][T11717]  __se_sys_ioctl+0xfc/0x170
[  420.029113][T11717]  do_syscall_64+0xfa/0xfa0
[  420.029132][T11717]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.029151][T11717]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.029169][T11717]  ? clear_bhb_loop+0x60/0xb0
[  420.029190][T11717]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.029207][T11717] RIP: 0033:0x7fbd4738eec9
[  420.029223][T11717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.029238][T11717] RSP: 002b:00007fbd48274038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  420.029258][T11717] RAX: ffffffffffffffda RBX: 00007fbd475e5fa0 RCX: 00007fbd4738eec9
[  420.029272][T11717] RDX: 0000200000000000 RSI: 0000000000005393 RDI: 0000000000000008
[  420.029284][T11717] RBP: 00007fbd48274090 R08: 0000000000000000 R09: 0000000000000000
[  420.029295][T11717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.029306][T11717] R13: 00007fbd475e6038 R14: 00007fbd475e5fa0 R15: 00007fbd4770fa28
[  420.029336][T11717]  </TASK>
[  420.251893][ T7820] appleir 0003:05AC:8241.0025: input,hiddev1,hidraw1: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0
[  420.428245][   T24] usb 3-1: USB disconnect, device number 74
[  420.449040][ T7820] usb 4-1: USB disconnect, device number 91
[  420.643295][T11733] program syz.4.1640 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  420.695592][T11738] netlink: 'syz.1.1641': attribute type 10 has an invalid length.
[  421.250782][T11748] loop7: detected capacity change from 0 to 7
[  421.268775][T11748] Dev loop7: unable to read RDB block 7
[  421.277559][T11748]  loop7: unable to read partition table
[  421.301882][T11748] loop7: partition table beyond EOD, truncated
[  421.313569][T11752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.327645][T11753] macvlan0: entered promiscuous mode
[  421.342592][T11748] loop_reread_partitions: partition scan of loop7 (�被x������ ) failed (rc=-5)
[  421.382540][T11753] batadv0: entered promiscuous mode
[  421.423287][T11753] debugfs: 'hsr0' already exists in 'hsr'
[  421.532027][T11752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.588267][T11753] Cannot create hsr debugfs directory
[  421.593956][T11753] hsr0: entered allmulticast mode
[  421.634163][T11753] macvlan0: left promiscuous mode
[  421.661073][T11753] batadv0: left promiscuous mode
[  421.692380][T11752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.760720][T11752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.933070][T11752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.004010][T11752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.112480][T11752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.201089][T11752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.289195][T11752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.340285][T11752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.396370][T11752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.447634][T11752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  424.934829][T11791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  425.009510][T11791] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  425.294866][T11804] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1661'.
[  425.326833][T11804] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1661'.
[  425.342131][T11807] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1662'.
[  425.352815][T11804] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1661'.
[  425.383515][T11807] bond3: option resend_igmp: invalid value (511)
[  425.392722][T11807] bond3: option resend_igmp: allowed values 0 - 255
[  425.406990][T11807] bond3 (unregistering): Released all slaves
[  425.427472][T11804] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1661'.
[  425.436798][T11804] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1661'.
[  425.682174][T11822] loop7: detected capacity change from 0 to 7
[  425.696533][T11822] Dev loop7: unable to read RDB block 7
[  425.712940][T11822]  loop7: unable to read partition table
[  425.719302][T11822] loop7: partition table beyond EOD, truncated
[  425.725493][T11822] loop_reread_partitions: partition scan of loop7 (�被x������ ) failed (rc=-5)
[  426.438583][ T5938] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  426.598444][ T5938] usb 3-1: Using ep0 maxpacket: 16
[  426.622072][ T5938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  426.635341][ T5938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  426.637997][T11842] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1673'.
[  426.646900][ T5938] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  426.669484][ T5938] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  426.679294][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.691956][ T5938] usb 3-1: config 0 descriptor??
[  427.119609][ T5938] input: HID 05ac:8241 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:05AC:8241.0026/input/input35
[  427.151454][T11859] loop7: detected capacity change from 0 to 7
[  427.159077][T11859] Dev loop7: unable to read RDB block 7
[  427.164697][T11859]  loop7: unable to read partition table
[  427.171660][T11859] loop7: partition table beyond EOD, truncated
[  427.177887][T11859] loop_reread_partitions: partition scan of loop7 (�被x������ ) failed (rc=-5)
[  427.239012][ T5938] appleir 0003:05AC:8241.0026: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0
[  427.306473][T11839] FAULT_INJECTION: forcing a failure.
[  427.306473][T11839] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  427.348662][T11839] CPU: 0 UID: 0 PID: 11839 Comm: syz.2.1672 Not tainted syzkaller #0 PREEMPT(full) 
[  427.348689][T11839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  427.348699][T11839] Call Trace:
[  427.348707][T11839]  <TASK>
[  427.348716][T11839]  dump_stack_lvl+0x189/0x250
[  427.348741][T11839]  ? __pfx____ratelimit+0x10/0x10
[  427.348760][T11839]  ? __pfx_dump_stack_lvl+0x10/0x10
[  427.348779][T11839]  ? __pfx__printk+0x10/0x10
[  427.348797][T11839]  ? __might_fault+0xb0/0x130
[  427.348830][T11839]  should_fail_ex+0x414/0x560
[  427.348855][T11839]  _copy_from_user+0x2d/0xb0
[  427.348869][T11839]  evdev_ioctl_handler+0x613/0x1f10
[  427.348886][T11839]  ? do_vfs_ioctl+0xbe8/0x1430
[  427.348898][T11839]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  427.348911][T11839]  ? __pfx_evdev_ioctl_handler+0x10/0x10
[  427.348944][T11839]  ? __fget_files+0x2a/0x420
[  427.348957][T11839]  ? __fget_files+0x3a0/0x420
[  427.348965][T11839]  ? __fget_files+0x2a/0x420
[  427.348975][T11839]  ? bpf_lsm_file_ioctl+0x9/0x20
[  427.348987][T11839]  ? __pfx_evdev_ioctl+0x10/0x10
[  427.348999][T11839]  __se_sys_ioctl+0xfc/0x170
[  427.349013][T11839]  do_syscall_64+0xfa/0xfa0
[  427.349024][T11839]  ? lockdep_hardirqs_on+0x9c/0x150
[  427.349035][T11839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.349045][T11839]  ? clear_bhb_loop+0x60/0xb0
[  427.349057][T11839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.349067][T11839] RIP: 0033:0x7f53e9f8eec9
[  427.349078][T11839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  427.349086][T11839] RSP: 002b:00007f53ead67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  427.349098][T11839] RAX: ffffffffffffffda RBX: 00007f53ea1e5fa0 RCX: 00007f53e9f8eec9
[  427.349106][T11839] RDX: 0000200000000080 RSI: 0000000040284504 RDI: 0000000000000004
[  427.349112][T11839] RBP: 00007f53ead67090 R08: 0000000000000000 R09: 0000000000000000
[  427.349118][T11839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  427.349125][T11839] R13: 00007f53ea1e6038 R14: 00007f53ea1e5fa0 R15: 00007f53ea30fa28
[  427.349141][T11839]  </TASK>
[  427.352989][ T5938] usb 3-1: USB disconnect, device number 75
[  428.129579][T11876] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1682'.
[  428.141862][T11876] 0�: renamed from 
71� (while UP)
[  428.180725][T11876] A link change request failed with some changes committed already. Interface 
70� may have been left with an inconsistent configuration, please check.
[  428.288949][T11881] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1684'.
[  428.404832][T11881] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1684'.
[  429.198245][ T7820] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  430.998360][ T5885] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  431.347055][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  431.360768][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  431.396224][ T5885] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  431.430271][ T5885] usb 3-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00
[  431.440871][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.464861][ T5885] usb 3-1: config 0 descriptor??
[  431.532219][T11948] loop6: detected capacity change from 0 to 7
[  431.541073][T11948] Dev loop6: unable to read RDB block 7
[  431.546829][T11948]  loop6: unable to read partition table
[  431.552982][T11948] loop6: partition table beyond EOD, truncated
[  431.559345][T11948] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  431.743728][T11953] netlink: 'syz.1.1702': attribute type 8 has an invalid length.
[  431.760690][T11953] __nla_validate_parse: 4 callbacks suppressed
[  431.760707][T11953] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1702'.
[  431.789333][T11953] bond0: entered promiscuous mode
[  431.798539][T11953] bond_slave_0: entered promiscuous mode
[  431.809972][T11953] bond_slave_1: entered promiscuous mode
[  431.816242][T11953] team0: entered promiscuous mode
[  431.824113][T11953] team_slave_0: entered promiscuous mode
[  431.833585][T11953] team_slave_1: entered promiscuous mode
[  431.840426][T11953] dummy0: entered promiscuous mode
[  431.852084][T11953] bond0: left promiscuous mode
[  431.856911][T11953] bond_slave_0: left promiscuous mode
[  431.863144][T11953] bond_slave_1: left promiscuous mode
[  431.869240][T11953] team0: left promiscuous mode
[  431.874195][T11953] team_slave_0: left promiscuous mode
[  431.880032][T11953] team_slave_1: left promiscuous mode
[  431.883818][T11934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.885772][T11953] dummy0: left promiscuous mode
[  431.898239][T11934] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.919095][ T5885] usbhid 3-1:0.0: can't add hid device: -71
[  431.925190][ T5885] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  431.941276][ T5885] usb 3-1: USB disconnect, device number 76
[  432.028011][T11960] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1703'.
[  432.040551][T11960] 0�: renamed from 
71� (while UP)
[  432.114279][T11962] loop9: detected capacity change from 0 to 7
[  432.123581][T11962] Dev loop9: unable to read RDB block 7
[  432.129735][T11962]  loop9: unable to read partition table
[  432.135674][T11960] A link change request failed with some changes committed already. Interface 
70� may have been left with an inconsistent configuration, please check.
[  432.155750][T11962] loop9: partition table beyond EOD, truncated
[  432.164994][T11962] loop_reread_partitions: partition scan of loop9 (�被x������ ) failed (rc=-5)
[  434.546922][   T31] INFO: task kworker/0:6:5929 blocked for more than 143 seconds.
[  434.585187][   T31]       Not tainted syzkaller #0
[  434.599838][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  434.644020][   T31] task:kworker/0:6     state:D stack:20632 pid:5929  tgid:5929  ppid:2      task_flags:0x4208060 flags:0x00080000
[  434.674398][   T31] Workqueue: usb_hub_wq hub_event
[  434.713419][   T31] Call Trace:
[  434.716761][   T31]  <TASK>
[  434.729133][   T31]  __schedule+0x1798/0x4cc0
[  434.743059][   T31]  ? __pfx___schedule+0x10/0x10
[  434.753469][   T31]  ? schedule+0x91/0x360
[  434.764937][   T31]  schedule+0x165/0x360
[  434.779973][   T31]  schedule_preempt_disabled+0x13/0x30
[  434.794915][   T31]  __mutex_lock+0x7e6/0x1350
[  434.809294][   T31]  ? __mutex_lock+0x5bb/0x1350
[  434.817326][   T31]  ? hub_event+0x21e5/0x4a20
[  434.825456][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  434.834185][   T31]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  434.840374][   T31]  hub_event+0x21e5/0x4a20
[  434.845208][   T31]  ? do_raw_spin_lock+0x121/0x290
[  434.850415][   T31]  ? __pfx_hub_event+0x10/0x10
[  434.855363][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  434.861245][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  434.866555][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  434.872519][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  434.883044][   T31]  process_scheduled_works+0xade/0x17b0
[  434.893785][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  434.905112][   T31]  worker_thread+0x8a0/0xda0
[  434.913762][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  434.925482][   T31]  ? __kthread_parkme+0x7b/0x200
[  434.941393][   T31]  kthread+0x70e/0x8a0
[  434.948843][   T31]  ? __pfx_worker_thread+0x10/0x10
[  434.955190][   T31]  ? __pfx_kthread+0x10/0x10
[  434.959937][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  434.966051][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  434.971408][   T31]  ? __pfx_kthread+0x10/0x10
[  434.976336][   T31]  ret_from_fork+0x4bc/0x870
[  434.982108][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  434.988344][   T31]  ? __switch_to_asm+0x39/0x70
[  434.993975][   T31]  ? __switch_to_asm+0x33/0x70
[  434.999018][   T31]  ? __pfx_kthread+0x10/0x10
[  435.003678][   T31]  ret_from_fork_asm+0x1a/0x30
[  435.008832][   T31]  </TASK>
[  435.013485][   T31] 
[  435.013485][   T31] Showing all locks held in the system:
[  435.078336][   T31] 1 lock held by khungtaskd/31:
[  435.083372][   T31]  #0: ffffffff8e13d320 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  435.094328][   T31] 2 locks held by getty/5586:
[  435.099385][   T31]  #0: ffff88802fe010a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  435.109645][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  435.120315][   T31] 1 lock held by syz-executor/5843:
[  435.125639][   T31]  #0: ffff8880b863a058 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  435.136179][   T31] 5 locks held by kworker/1:4/5892:
[  435.141473][   T31]  #0: ffff8881442d0948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  435.153042][   T31]  #1: ffffc90004447ba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  435.165023][   T31]  #2: ffff88814638a198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  435.175166][   T31]  #3: ffff88814638d518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b8/0x4a20
[  435.185193][   T31]  #4: ffff888145bf9968 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e5/0x4a20
[  435.195295][   T31] 5 locks held by kworker/0:6/5929:
[  435.200630][   T31]  #0: ffff8881442d0948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  435.212093][   T31]  #1: ffffc90004e07ba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  435.224407][   T31]  #2: ffff8881463c8198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  435.233492][   T31]  #3: ffff8881463cb518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b8/0x4a20
[  435.243809][   T31]  #4: ffff888145bf9968 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e5/0x4a20
[  435.254097][   T31] 3 locks held by kworker/0:9/5938:
[  435.259481][   T31]  #0: ffff88813ff19948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  435.270787][   T31]  #1: ffffc90004e47ba0 (xfrm_state_gc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  435.281623][   T31]  #2: ffffffff8e142db8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[  435.292590][   T31] 1 lock held by syz.4.1711/11987:
[  435.297695][   T31]  #0: ffffffff8e142c80 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  435.307911][   T31] 
[  435.310791][   T31] =============================================
[  435.310791][   T31] 
[  435.319643][   T31] NMI backtrace for cpu 0
[  435.319661][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  435.319682][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  435.319692][   T31] Call Trace:
[  435.319700][   T31]  <TASK>
[  435.319708][   T31]  dump_stack_lvl+0x189/0x250
[  435.319736][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  435.319755][   T31]  ? __pfx__printk+0x10/0x10
[  435.319791][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  435.319820][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  435.319847][   T31]  ? __pfx__printk+0x10/0x10
[  435.319869][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  435.319898][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  435.319926][   T31]  watchdog+0xf60/0xfa0
[  435.319950][   T31]  ? watchdog+0x1e2/0xfa0
[  435.319974][   T31]  kthread+0x70e/0x8a0
[  435.319999][   T31]  ? __pfx_watchdog+0x10/0x10
[  435.320015][   T31]  ? __pfx_kthread+0x10/0x10
[  435.320039][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  435.320058][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  435.320075][   T31]  ? __pfx_kthread+0x10/0x10
[  435.320098][   T31]  ret_from_fork+0x4bc/0x870
[  435.320119][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  435.320144][   T31]  ? __switch_to_asm+0x39/0x70
[  435.320163][   T31]  ? __switch_to_asm+0x33/0x70
[  435.320180][   T31]  ? __pfx_kthread+0x10/0x10
[  435.320204][   T31]  ret_from_fork_asm+0x1a/0x30
[  435.320239][   T31]  </TASK>
[  435.320247][   T31] Sending NMI from CPU 0 to CPUs 1:
[  435.466940][    C1] NMI backtrace for cpu 1
[  435.466957][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  435.466974][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  435.466984][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  435.467015][    C1] Code: c3 e6 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 f0 1c 00 f3 0f 1e fa fb f4 <e9> 98 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  435.467029][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  435.467044][    C1] RAX: 57eccdb853aa3600 RBX: ffffffff81960ca7 RCX: 57eccdb853aa3600
[  435.467057][    C1] RDX: 0000000000000001 RSI: ffffffff8d7e858c RDI: ffffffff8bc074e0
[  435.467069][    C1] RBP: ffffc90000197f10 R08: ffff8880b8732fdb R09: 1ffff110170e65fb
[  435.467081][    C1] R10: dffffc0000000000 R11: ffffed10170e65fc R12: ffffffff8f9e0f70
[  435.467093][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff1100385ab58
[  435.467104][    C1] FS:  0000000000000000(0000) GS:ffff888125e12000(0000) knlGS:0000000000000000
[  435.467118][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  435.467129][    C1] CR2: 00007f2188db4198 CR3: 000000007d7ba000 CR4: 00000000003526f0
[  435.467143][    C1] Call Trace:
[  435.467152][    C1]  <TASK>
[  435.467159][    C1]  default_idle+0x13/0x20
[  435.467179][    C1]  default_idle_call+0x73/0xb0
[  435.467199][    C1]  do_idle+0x1e7/0x510
[  435.467219][    C1]  ? __pfx_do_idle+0x10/0x10
[  435.467243][    C1]  cpu_startup_entry+0x44/0x60
[  435.467259][    C1]  start_secondary+0x101/0x110
[  435.467281][    C1]  common_startup_64+0x13e/0x147
[  435.467309][    C1]  </TASK>
[  435.476295][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  435.476316][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  435.476337][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  435.476349][   T31] Call Trace:
[  435.476358][   T31]  <TASK>
[  435.476368][   T31]  dump_stack_lvl+0x99/0x250
[  435.476392][   T31]  ? __asan_memcpy+0x40/0x70
[  435.476416][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  435.476434][   T31]  ? __pfx__printk+0x10/0x10
[  435.476465][   T31]  vpanic+0x237/0x6d0
[  435.476489][   T31]  ? __pfx_vpanic+0x10/0x10
[  435.476513][   T31]  ? preempt_schedule_common+0x83/0xd0
[  435.476540][   T31]  panic+0xb9/0xc0
[  435.476562][   T31]  ? __pfx_panic+0x10/0x10
[  435.476586][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  435.476616][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  435.476644][   T31]  watchdog+0xf9f/0xfa0
[  435.476668][   T31]  ? watchdog+0x1e2/0xfa0
[  435.476691][   T31]  kthread+0x70e/0x8a0
[  435.476718][   T31]  ? __pfx_watchdog+0x10/0x10
[  435.476735][   T31]  ? __pfx_kthread+0x10/0x10
[  435.476773][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  435.476792][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  435.476811][   T31]  ? __pfx_kthread+0x10/0x10
[  435.476835][   T31]  ret_from_fork+0x4bc/0x870
[  435.476856][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  435.476881][   T31]  ? __switch_to_asm+0x39/0x70
[  435.476901][   T31]  ? __switch_to_asm+0x33/0x70
[  435.476919][   T31]  ? __pfx_kthread+0x10/0x10
[  435.476943][   T31]  ret_from_fork_asm+0x1a/0x30
[  435.476978][   T31]  </TASK>
[  435.780282][   T31] Kernel Offset: disabled
[  435.784591][   T31] Rebooting in 86400 seconds..