last executing test programs:

13.500459216s ago: executing program 1 (id=632):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x28, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7ff, 0x5d}}}}}, 0x28}}, 0x24044884)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12.397346897s ago: executing program 1 (id=635):
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000800)=[&(0x7f0000000440)={0xf, 0x400000000000, 0x25, 0x8, 0x8, r5, 0x0, 0x0, 0x9, 0x0, 0x2, r5}])
sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000001580)={{{@in6=@private1, @in=@local, 0x0, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0x20, 0x11}, {0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x10, 0x9}, {}, 0x6, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x4d2, 0x33}, 0x0, @in=@private=0xa010100, 0x3506, 0x0, 0x2, 0xb7, 0x2, 0xfffffff9}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x1c)
mmap(&(0x7f0000009000/0x4000)=nil, 0x4000, 0x3000000, 0x32, 0xffffffffffffffff, 0x1a326000)

9.083736063s ago: executing program 3 (id=664):
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000800)=[&(0x7f0000000440)={0xf, 0x400000000000, 0x25, 0x8, 0x8, r5, 0x0, 0x0, 0x9, 0x0, 0x2, r5}])
sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000001580)={{{@in6=@private1, @in=@local, 0x0, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0x20, 0x11}, {0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x10, 0x9}, {}, 0x6, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x4d2, 0x33}, 0x0, @in=@private=0xa010100, 0x3506, 0x0, 0x2, 0xb7, 0x2, 0xfffffff9}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x1c)
mmap(&(0x7f0000009000/0x4000)=nil, 0x4000, 0x3000000, 0x32, 0xffffffffffffffff, 0x1a326000)

7.159365189s ago: executing program 1 (id=657):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xe8001, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0x2})
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb701)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x8000, 0x0, 0x0, 0x0, 0x0, 0xd}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000580)={0xffffffffffffffff, 0x0}, 0x20)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(0x0, 0x0, 0x0, 0x0, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='cubic', 0x6)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x3, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000140)='illinois', 0x8)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00'})
shutdown(r5, 0x2)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f0000000180)=0x70)
write$dsp(r7, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
syz_usb_connect(0x5, 0x3f, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000340)={&(0x7f00000002c0)=@nfc={0x27, 0x0, 0xffffffffffffffff, 0x2}, 0x80, 0x0, 0xffffffffffffff37}, 0x24000845)

5.649092341s ago: executing program 4 (id=663):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x28, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7ff, 0x5d}}}}}, 0x28}}, 0x24044884)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.409070584s ago: executing program 2 (id=667):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000005500)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000005600)={0x0, 0xd00, &(0x7f00000055c0)={&(0x7f0000005540)={0x24, r1, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x800)

5.338415665s ago: executing program 2 (id=668):
r0 = socket$inet6(0xa, 0x5, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="183f0000000000000000000003000000950000000000000095"], &(0x7f00000003c0)='GPL\x00', 0xc, 0xff9, &(0x7f0000001840)=""/4089, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1f}}, @in6={0xa, 0x0, 0x0, @private0}, @in6={0xa, 0x0, 0x0, @private1}, @in6={0xa, 0x0, 0x0, @private1}], 0x64)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9b5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\\\xb0:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1exQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1.E\b1\xcb\xa2\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x7)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x5}, {0xfff1, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=@deltfilter={0x34, 0x2d, 0x1, 0x78bd2f, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x10, 0x3}, {0xf, 0xffff}, {0x4, 0x1}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4c014}, 0x20044000)

5.291087753s ago: executing program 4 (id=669):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newlink={0x58, 0x10, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2b20d, 0x11a20}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x8, 0x16, 0x0, 0x1, [{0x4}]}, @IFLA_TXQLEN={0x8, 0xd, 0xa}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x7945}, @IFLA_BROADCAST={0xa, 0x2, @local}]}, 0x58}, 0x1, 0x0, 0x0, 0x41}, 0x4000)

5.184687513s ago: executing program 2 (id=670):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
getsockopt$bt_hci(r1, 0x0, 0x2, &(0x7f0000000000)=""/44, &(0x7f0000000180)=0x2c)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f0000005340)=[{{&(0x7f0000000500)=@nfc, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000580)=""/38, 0x26}, {&(0x7f0000003900)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/128, 0x80}, {&(0x7f0000000680)=""/47, 0x2f}, {&(0x7f0000000680)}], 0x5, &(0x7f0000005400)=""/266, 0x10a}, 0x9}, {{&(0x7f0000000200)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000001880)=""/4096, 0x1000}], 0x1, &(0x7f0000000440)=""/173, 0xad}, 0xf4}, {{0x0, 0x0, &(0x7f0000004d40)}, 0x2}, {{&(0x7f0000005200)=@generic, 0x80, &(0x7f0000005300)}, 0x2}, {{&(0x7f0000004dc0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f00000050c0)=[{&(0x7f0000004e40)=""/39, 0x27}, {&(0x7f0000004e80)=""/94, 0x5e}, {&(0x7f0000004f00)=""/189, 0xbd}, {&(0x7f0000004fc0)=""/232, 0xe8}], 0x4, &(0x7f0000005100)=""/194, 0xc2}, 0x3}], 0x5, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0xb6, 0x5, 0x10000030, 0x7fff, 0xfffffffc, 0x9, 0x4, 0x7fff, 0x5, 0x200}, 0x0)
mremap(&(0x7f000065a000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000339000/0x3000)=nil)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x13, 0xffffffffffffffff, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000840), 0xffffffffffffffff)
r2 = syz_open_dev$vim2m(&(0x7f0000000300), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000340)={0x1, @pix_mp={0x328, 0x1, 0x32314247, 0x7, 0x7, [{0xd, 0x4}, {0xfffffffe, 0x7}, {0x0, 0x80000000}, {0x8}, {0x1, 0x3}, {0x6, 0x5}, {0xfffffff9, 0x40}, {0x3, 0x2ba}], 0x9, 0x7, 0x1, 0x0, 0x1}})
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000005540)="9c8d614be37cf5eabe4c392db61711432a6263c7c0772eafc7c59ecb7cfaaa3abd7bfcbf0442dbde43db6825473541261d3ef0e91bc117ecefb13434a181e2ebe1bad2d864d6f3532a323f938bbc6dd49d60b4ecaff6c04dd29df6a901417fe7287bde72450b32777f408a9ed1e4e3656261bffc9bd28d844cc822b18aaf7eb5e2637b70d340dbd0290f6be43f451b1187be55a8dbb82965eea343a14c9a61870c69eeaf5be107541708415b711327ef305888a0995debf4c773060b1557f0a67aa54341c018b5fb4e68acf67160c65a4934b0d29c47ca6fdaea6d899628919159114c6e70f8fe7fcabc4b9ad64df54de2bc47469dba8f90af82bc329e80ba0f25e56882457e4140a51b724fa3df1aa25e4a6f2048f51311df254b8541833009c081c1502a4609e130c37b0cc9214c89dfbfcdb64f755c956dfe9e6005993652334b87000abdf98c530044c64c4f58b8ab4779578d9e20332f3cf5cfae98f8c899f6be968f52fef8ccd7f763a71ef2c3a5963ce3b043c92dd3430237db5640ebed667088e3599794cab552256f24e278124207663a7e8cf30c22af7c11d19ca48a7b2d52377d90d686fedb83b79028ad4a1cd2bc869e9738096f3c8ad36ca7e6e0a466b6812a49e7207b61e6367fc9faacc02c6b27c1407331e4e024d50565703e726f481b93dd85e4d0036fbe078e620ff98db23c638fcfef0085bd5c21694d8ac142230907fd6a45f47c2ff39f35a856a2b8e59368f4d3cce396884c4ba38d8a5007709e3d0560d4c2f0faa26503954c06d654916e0db76a6f0309ee6682d004ecf917af7981f66b3574b7515d4d0f2fda117f7477d64603c57161499f1cf4460d935dd48289df7f686aace7c0dc222bfcbd7e0dbd02c6be6ba3745e5159af3ea25640258b210c083b684a6d1d7d5d2add508c4afa458645ffeaf4a6520fc333e51a6b3d2ed2b7264cb53a387fa539043f67dd49f8ca62737da8dcc436785029298e18c8b9161779940e0e6fb7d10948a0a002880fae95b0422cec95b434ac5d2831ffab02916a829cc91f69f116ed2f941b4b0045f9cc282872500a1f8f9acbfda8e89343b8a7d7315bf7d1831099a51361dc80f5fbc5de4c009187e445af4e9ae379fe4863433c79d907e813a5ecc23b23a4b769addf4a424b872333f65da69874464d8feed774b60ada56e3b4658d4c3296d23f0a3079286713370c6c72f4985d57feb6b77c627614154163427b3eb52ddb53e7946805cbedab3017c99ca4ec4ce8c4179e328939776c95aada396f0c58a5b682218e0ba69c6ee3a36fb0a9b2dd5a4a4387988689c63644fe0abb0aad3da7095e6101f41c1b64d330473f30c2d5f62f47f1963a6be04ffbb6f91de7650c3e5b91e6e95a7bcbe964afa3be70b828835b20a3794b02679c11772d47ee648e6c7d38f69e8c3218daf00595a1685ce753c8911b7fcb03ab29e032cddab79eba2f872b7cc21614bc2f637869f13d0cc9e306cadc1c404032361150def1707a050b3a3ebb95271c9daf0d4e84e45f32833e3795ee91b04db2098eb1950657344bb1aadc5fddd7fa7366fbbf313e27d06f3c9ed0aa5025f5575bb26db5c315ad7df0bff38a845ff8fe6161e4f1cccb4626cb185847682af6c6901033ac16a27a40dd56d1cf09a28d4266d3187bdf266823081f37788cc47f5eeecb30b29e8bbb3152d2208a8a5ef8eb0fd660f350c89d0a112a933ee1695ec80224b053723bee41e3b4310eaf02dddf3ea1556638bf3da532ca7d9eef25c3c53907e10ccd9cc144727ea1a6e97836f70eef213b612c09cfcc9a50ef1ceb426d5159963f99e0d039304c92f38ffc73e070605983f60345b783e89d43f55624232be73482b191de0e52f3b5608c5e6d2dc8eb45fd3c19a279b10dcca83e31f13b06a0243bb3797b7e8484306116ba239dbc291e4c6104ff1cdff46284370f33f145e90c59d75288acef319995889c2586de3ff81d035ef8267b392336c6fd3900e77506d1b407eeeade34c53791ab767deac3079153ae17c08d6d44a943bfac689849887d092b58fef5472967f2b42b9395fa38a3a736e8123009899cec01720d2c7218dc3206f5785ef8befb43ad5709f819ed4cf75f88d605fb526398e97a4a75e97b8ed54418e35bb5eb0baa95c131a9dc7692b6807a1b8fb6063a2d723e6d3b0df9dc460e69b1d92bfc51e33807a64181a1d5705cb6c768783d292efaddc3dc265a766a5b10841214cf879e71220e88da8af3f36aba626a72972eab8fc6093f40188ceca1a80ef7ea046b35704acb2c0c36c5a30f60cf47159fb02d1a654d7eeef6f80300bf2fa40b71249a4ccb6354bd53fe97e31b6cb2ba0eb6d5c9cf5b972f1ee98e7e640461baf4b85ee29ae90e35f9eb30e68b2d22742257e8df5d800c9c590ee887fac86b6acd22813e331264587bc7a5d99b959cc5f17a8ce70c864503affbb854b4d9d223930dfce5ffd46e1164e5a7792dc191b63f27253a74e7192cc603ee719f662dd7ca5c06262be01e8d655bb43e682002922d78d029f4affdd98f151d71b2cdedaf409198255e4d439c014aa5e4197adb6c69debb41010acaf1d413115e9d9a7b9a86ed2c0bda1c64318d9236a701434f8fb3beac61375b1569e75790b4af2de00b1880a6e186d5f8607b7ab9f57175a948d9205778de9c24c24cd0a57448901bd9092eada0fbd5add771edfc49b74218424e667abf6ff64a8940059075f26e5f671a9a1442f69746dd2d5a0330f816122d6333ea4f1da18a3270ac64ac640fb153d539110c7d19a92be8bb12e8a4dabdcdef0431b42f78fc71b252192e858bc7365a7a16b16eebc63e20b35ab17a2f12f65a5a0a36e6e64975e218ed96640cf557eed1d29cb75eab21bd1ab206322dd472810e1cb28ec42aa70b6e870d3d5d682cfa202cfbbd89aa357d374b0684e2d6774c2d920b338ac05c7834519a5d77739a68ad8b124bf924b83dcc729935a395cefe1ed6a6565006e0c062d74e8b5df83b9b5d546e93e0378bfb9dd80ad03ee3e74546f3e44ec1e3f23dc28922a64aa0a599bd595e1f1f1dc697bc2c5c3bb108590337298a63d8fc074edc490dceca57e7caecd89dcdf7d0d47d336f4ad85ce0f696c52adb4c35d75f6a19fbac3ff000169999a4351b4aadc0f714bcc47bac24500303547759fc07a024ecbbd11749e62ef18950fc188436506f4935359a3845d5ed3043e60d061ae428ae32bfb5dbea07afb83ca520f41c426113ff79c3878018afd6b1301cc4fa052fa6a2adce9d98a195024c4fc5f31da56eb04722a2da2359a686073882038d5a31358b00df57056a85491391dfa19c244220ae7f5bee2eb2c28ee700fa6525ebbc2c3e12ff637b602a0444028775dd6b3b74a13f6f8df026b36b87481d90bac7a1190f8ad7bdee2478de6b5132925ee43de2a6a29d82b70a8355fe5a69ea10f2d9a81acaf6b64b8e46304304a7c809899a85844b501d5a0aa6764e0ff8e261b82c0de81f78b867f9763ca7b0b0459653d9230e6c22e838da37f01182d1400cf9919d88055496862d7fb0a3504d07d4798e203573132f8c34956c48bff3620e7655ffbf28a3f9a05f7001723a7d53e3473f2bdf2ad5c7094d3b99085a46aa268cefc5bf648875da5652c0e22f49c6efe3c0428e47888c6b87a5c7b77cc8c264cff788decdae6a117ed4bd3875234841ad0d8be60630f24e5fc49080f97829177e3d30b6128b51461c84952a9f5ea686e3056f327040d3d5fc6e46b7d3c7b11de9d9c382de9dd7baea46df6745d2c8c537feec1f946cae353b520ae99edcf2efd7198f7d031a101d1fb70f684a548da24dbe4c42506e8c844aad1dd69a54aea8caec72d40fa84958f668fbe5e2ef306e5d550418b85d5b9fad3f6921f6729338d3156246b5b7c38dd297904f30a1ef06a4b6bef9c3b65df08965a93b0728490f2355d72e033d6a1757216d0a16b7c4368caac549978484f036259addbf7055b24e613bd81e1bd6dda3e6dfce23a4f46b1ea0ab8a3a10adc6dd59a6383c2c516713cf7c13a6916eba5d11f6c3cf01fe12d3192dbd7905f33ffeae17a3457c3e2d695c404a9be21afafd180135a0ed946c78913ca97a990b6af5f336c5476459abb68aa81d010ed9756bffbb967dc6e4568b9921e625b9c13060714e18e9486022f66c8aedffeb7119ba85659cc840781732f7c70fd9f249c3dfae9f0f62af7a785f79fc5f42b3e9ecaf4ef21f5e0f3219e43e8db2439d98700b62f0430272aaf80f76658ef0764c80188babbb5389d07875b5bc05e3386fcd112795ebb81ab1e1df4dd088f07a02ec36b9a8ade3cf32d2aaa8d9227f209875bdce6f7c02f9187c629a93e4c250ec7e6672cd4b8e0407a88b7270a7fb0654b01593f861a063b1edfcbb29b0dfd196db458efcf6854300caf53404f027d51ea24fca5ab6b731107567d2d9556072a653b0ff215221995f866c953b6b2063eb683596215c7c4b14215b3d51a031ef7462bcb6d6650e0d543d6cf819f0a58d7a601a32b7385e3f2bb44e1378ee948fca3f051ea9c43c32890d308253901df239d1de4a055e15f257f75462aeda9b2a39654774d83f6e09355d7ecfac6d9f1589e65bf506c5e70f2c1bf3a7c06c4f1a5783b6ebc93516ca38e1f6fc96f9fa9fab87d222744a974678a7910533bf1ff4558f852090df3f45bdfea02c8f21f77cfe4c99539042019178fcbf1c7ce8cbc8798edeb8b3516c336775d267b24c421ef09abed094c3bd223cdabeeeb9265fbe942647a5e328038f6955a3bab4ed673cc12040efc9041fce52231fcd63082e92ec75c4bcd4716d7b689c202d1c71dae563dc794adde0c3774baee7a76e5a86f6408e4f1565440070b632c207c78bb0deb551bb63ee12915f74680ce90cbf811347d77211f686395c51fece7bd0f1f488cec8ee1dc1ef407a5ff36a70cdee7238ed37eadf80a64ba95ecf88910b2873a7952f597e3920a3c8b4ebe826ecad7c788af4e5168c838ccc66b8b5148de525114bb8f40403b37d76ec2f4e80e996e56cb8650c37bf3d8a105eab9f59150cb269b7343d252ff38fb9bd1d789d8bd1d5e168ad9b8b73ee5233aa5c3b4ccec086633884f0cefcb5c4172b77ec37f5a2c28e9e08256a8ce74d8e9ab2907af39d5ece8ba54edd919b43b47149a27443a4676928f8d9e89cacd452a1fcccf9efe229c608aa433439d66a86f7cb36b312dec2c664c94f46956be4ca20d721574f6960daa65522477705a8b15db3edebb7a65d46bafbe0b85a7356922a6a9c11d934949fb697a1ccc7adb84ad2b9d0a8d131649bdb7ec80f6fe388a001cc88a6dbed515ea023cd0b3bfcf160cbba0dd9313d18e70951e52fe4482df70521e40116923bf7d9a5269d4eeac2b780b4cc2d032274ef5050d69dc93fe507841cb2a11107891e3d96b01295d430e207b20d4d33b036ebceffa916649efcc4173cec240b2ae75ec7c3a3a1515afe7f4f9d04fcb91edadde6ef70ba031380fdf822738330f0416e16712b9ab4242ec6362cb7c33a1391b45d11c5debdd0e100b3127532963b2165b6c14c6a2b9e3e4c4e601949e2bbaba255e662f685a60ad2fcc932e9ff55fcb260229ae30a538d21a5dec5da7dae27f501edfb05707a951207016ea2d81fe31f66faeaa9bc7942a9b64a37ff1908c681147b54753d352821e6f2e6ed19ab17c77754c9a5f0335bd34ee873f60062e392edef3833503c6ca8928dc1d565e11cce39c4b5d44275a8a25f120bf0c098a683ce4bb61d24884713b54f309d1ff7", 0x1000, 0x4008000, &(0x7f0000000100)={0xa, 0x4e24, 0x2, @mcast1, 0x1}, 0x1c)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000640)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000040)={@host})
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000140)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f00000001c0)={{@host, 0x7fffffff}, @local, 0x4, 0x1, 0x2449, 0xfffffffffffffffd, 0x0, 0x1, 0x93f})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r3, 0x7a5, &(0x7f0000000140)={{@host, 0x21}, 0x1})
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/address_bits', 0x0, 0x0)
getdents64(r5, &(0x7f00000028c0)=""/4097, 0x1001)
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYBLOB="797cc228d6c9197c0f479808d20cfc23e52455375d1a70187ecadcd21acd86f701cf849386c2804fdd7c15a9bc118394686ce2e2e0992433b22caa424948bf6975568e8f601e0057612b64006cd29401796b0d7f7c187a4a291ae894a8190332b5b457ce80776b79bdb353880e8adfe8b465a2349a908335", @ANYRES16=r4], 0x48}}, 0x0)
sendmmsg$alg(r6, &(0x7f0000001100)=[{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000880)="3cf06a", 0x3}, {&(0x7f00000008c0)="a847613961324b90beb8f3293dbbd807f68c6ad1f1c43ac51094475376d91161eef67c961144f51f5a4fee2068b90fd492355fb9823410bce95ac25a6956245694443c781fbade32d756570190b0ff78ded8565f865395e1bea18fbe77fb8f44d4ac3604b073a3b0a5866b089339acd93cbda09060fa9a5f5d6309db08e7fcc140a8c273af781eb40a1eea06590479606f7b87ea16bc02e68d2493385a1fb753a149a293c78093076b83a0bdbf0617d764b719de9b8f2adc23d0bc3a783debeda42b999ec249f61fa3f3772c39948a1f9537baa4566ff8b85ab1cf85583afd2306e75254e6bd7989bb4562bb1f1464627dd055a8f048", 0xf6}, {&(0x7f00000009c0)="b74258175d0a3d9679306aa24f99e7e7ec68c9d1e21c77ae3d1f6d949934125e7b6e6ec58d44f3a3a307bd77d49c099659d38e03d3e2628de3dfe891c05a6eb8f7ac9a6185624028e527e2cf11cb824da97c43012e7d6506557129f4835298c9504fa50d00b9cef7d06802482f85b63bc9dea349c626eede744977a805739bdab50b02ef25c2e5b06d5df5d64fb274fa7493e36eb350baeda845dfcbca604fc118599a11fd7d8692cf8e9ce6d7900dae268721c30395670f84be63311d8c72099e80470dc7d35a80711b45c95de4452cdaad733ed955003229384316995446cd3f80d47e4f644c77ae6689a7e902", 0xee}, {&(0x7f0000000ac0)="7e3296e27a9c84c482aace817b20f3298a7e272b5bae5f02e40f3dfd37038317aa26e769ad049533be2420e8c6ccd84117aa13d252228afcafb2bcfdaed46085a4a271bb81d0cb5ea8aabd468d405da7f89ab60b3de40f4e5677211cade89631fd4e41eb5652af264f105565bdad85899ae696842526ac688fd35b40141151bd7a8d61e608af", 0x86}, {&(0x7f0000000b80)="5ac683f5954b821d547c5b2714e45a0a5abb9e25ceebc9d674bbfefa551a0f26df29e60b9bcfbdcffd3a9209e4fe29206499a9fc38a61919ea4b11765c5ee92e14f07bb84eae3ee4fe1c52476a1446886ed7d4cd32f975a71481baa00f1820027b3f64bc42a935b5b55a3b9b95a9f49de7bb344d5e64b745d9d8f7b0d3c8ff987d45a9d08fab7bbed8524d361be52658492a6188e7a494e749853f02bf6579e17f9e", 0xa2}, {&(0x7f0000000c40)="d33f522264d25651302fd1806e17076abf4f6d513e9ef2e75a44a00622b4b609852f0afcdd6fde88b71db38e6736d04885c06218ae1b6dbab564f747bf40389b9fd98a15ac4c28eccbe091f260ee4ca59aee536bc9b2fcd363ccd6", 0x5b}, {&(0x7f0000000cc0)="53738cbf2b401aa5d9ac52631f192f638d8bef1e1020285ebeb5f7c4429c1b150cddc5976337f91e3f223b42f2f5f1f56958454b00d02cb7f8103a6f5215e8ec42c688f5be27eb04e06d2cc7eb77447531f4188ce12ec4434025de5dbd31744a70a8e80577963944a0517c7516d8cbf1d8b7b63d192468aaf5893defd469b21c830f77be5257d7567e42a3569b7e55d5", 0x90}, {&(0x7f0000000d80)="329d81dbe7b5459fa48a8967b7d4918624dcf410589a833181beaadd83ae063581b390fcb9d3897b6872e719c25dd4a93f23eca0a3eb6995c1cd48ef243b9e8f0362a0df570b624c39c88110e357c472103f8a440ac9ccbd9a733444f743bbb249ff717e5951be1f8905b2da26bb24e6b198663e1bd486d0137e92211a64b4f930629cfb9c76a40afb0edd60bca3ea32e8b8c72c6543cd034e3b64b8c8fea20fc3e6a5235070ee498b53485aaea2eee2df32975551de", 0xb6}, {&(0x7f0000000e40)="42ae56fdfd948303821f0df4b43bcfcf21b2fa390b7c7636e05d8aec572580e9b779cf9a185b72be793395339abb61a25540bfd68da774863b53b7718ff4b25e536d13af54292890a99d684db3dc2bd26b8bfa0e2465bc9b30bad42351c98b2813615e35e9ce072d385dafb168b2a433fcfd0e99c5573beb360dcc974e7c7e19502e1b6721c28bef18fce45176b3692d3e13f2c0b4e61a4edcb4ee1573f189a583f2e398cbfb585959c4c946c92f469e1a129d1e5217fb046c6444d5ab81edf10a73c9e1917a735402", 0xc9}], 0x9, &(0x7f0000001140)=ANY=[@ANYBLOB="dc0000001701000002000000cb0000007019a147d724eae4042d3f0cda242dc2bd8a7513300429ab950067e29920f932fb95fba4f1639e7b9ad992f24b3d3ccedb7db337a6543cdc354bfc49522541724eedaf3ea9708953af439dc5e6a0069fefe9511588c5fa9b875608bc49a14fe9c385d28fdb78def2d6f67351d456d5fd54984635282fd3f37556670bb082c96405743c595575dd1fe7b894a148bbe0a31749b0012b023df19ec9f5fe14492f27495a87accfddd1d37ec471a2ff03e427ba0cc7efe7507b9555109eb8c2218c6b5283024b9f769880de46f0001000000017018f0003000000000000001000000017010000040000000000010010000000170100000400000006000000100000001701000003000000010000001000000017010000020000000000000010000000170100000300000001000000f47639ea1f4481cedfdc93a630d9f2e8ac16e77b0c57ec44095dc6d48d57daf2ca3aee759c89171ed9f555f1e10ecaa35e6abab64c3f3a"], 0x13c, 0x20000084}], 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)

5.095874988s ago: executing program 3 (id=671):
syz_emit_ethernet(0xca, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xbc, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010104, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x27, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x26, 0x0, [{0x0, 0xd, "5e000000ff000000000000"}, {0x0, 0x5, "4eb8a6"}, {0x0, 0xe, "9606053d0006ff00800000b6"}]}, @lsrr={0x83, 0x13, 0x0, [@local, @loopback, @local, @multicast2]}, @cipso={0x86, 0x3d, 0x0, [{0x0, 0x7, "4b6cefc500"}, {0x1, 0x12, "8c9300"/16}, {0x0, 0xa, "2189ea43a2149b84"}, {0x0, 0x2}, {0x0, 0x9, "02a20948fd7406"}, {0x0, 0x9, "ccf0294e2a3bdb"}]}, @timestamp={0x44, 0x8, 0x0, 0x0, 0x0, [0x0]}, @lsrr={0x83, 0x7, 0x62, [@rand_addr=0x64010100]}]}}, "a815a23d"}}}}}, 0x0)

4.335471292s ago: executing program 2 (id=672):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xe8001, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0x2})
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb701)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x8000, 0x0, 0x0, 0x0, 0x0, 0xd}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000580)={0xffffffffffffffff, 0x0}, 0x20)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(0x0, 0x0, 0x0, 0x0, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='cubic', 0x6)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x3, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000140)='illinois', 0x8)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x20000001)
shutdown(r5, 0x2)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r8, 0xc0045006, &(0x7f0000000180)=0x70)
write$dsp(r8, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
syz_usb_connect(0x5, 0x3f, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000340)={&(0x7f00000002c0)=@nfc={0x27, 0x0, 0xffffffffffffffff, 0x2}, 0x80, 0x0, 0xffffffffffffff37}, 0x24000845)

4.33501201s ago: executing program 3 (id=673):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4000000)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1}, 0xe)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e21, @local}]}, &(0x7f0000000240)=0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000040)={r3, 0x6, 0x20}, &(0x7f0000000080)=0xc)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40844)
r4 = fsopen(&(0x7f0000000100)='binder\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
fsmount(r4, 0x0, 0x1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8040}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x24000810}, 0x20004090)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setsockopt$MRT_FLUSH(r6, 0x0, 0xd4, &(0x7f0000000000)=0xe, 0x4)
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x2, 0x0, &(0x7f0000000040))
socket$inet(0x2, 0x2, 0x0)
r7 = fsopen(&(0x7f00000029c0)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, 0x0, &(0x7f0000000400)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xda5\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f\xa1\xa8\x0f(\xae\xba\x99U\x9a\xe9\xf3=H\x99\x93j:\xd5\xd1\xf9\xa0\xab\xe1\x06T\xacs\xf0f\x88*\xf9\'\xe5\x8f\xe3\xf0\xa1\x95\xbb\xb4|\x04Hi\xab\xd3\x9d\xa9\xd8\x82\xaf@\xfe\x11\x1b\x98\xb5S\xec\xa0\xa3\xbf\xbc\xb7\xcb\xc23X\xd1h\a1\xccF\x17\x84%\xf8\x17a\xe9\x14\x80r\x1a\xf0.\x12\x19\xbe\xef\x93\xe0\xa72\x01K\x88\r\x0f]LN\xfc\x1db\xa25\r\x1fF\x8d\x87\xc1p\xaep\x13\xc5\xab\xa64\xea\x8b\xb7$%\x96i\x84\xb9\xb5\xf3\x19\xe7\xcf\xab\x19\x8a\xe6\xa3@\x04\x91\xd7p9', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)

4.334697017s ago: executing program 4 (id=674):
write(0xffffffffffffffff, &(0x7f0000000200)="240000001a005f0400f9f407000904018020200000000000008c8f9e", 0x1c)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0000001000ffff2cbd7000f8fbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000002010000340012800b000100697036746e6c0000240002800400130005000900040000001400030000000000000000000000000000000000080004"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x5000000, 0x0, 0x1}, 0x0)

4.334343399s ago: executing program 0 (id=682):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x28, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7ff, 0x5d}}}}}, 0x28}}, 0x24044884)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

4.204861428s ago: executing program 4 (id=675):
r0 = userfaultfd(0x801)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x22, 0x2, 0x24)
close(r3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000080)={0x13c0c899984cef83, 0x0, 0x300, 0x320, 0x0, 0x6, 0x0, 0x1, {0xa, 0xff, 0x1}, {0x8000, 0x4}, {0x200, 0x5, 0x1}, {0x9, 0xd, 0x1}, 0x1, 0x80, 0x6, 0xa8000000, 0x0, 0x8, 0xfffff87e, 0x4, 0xb63, 0x2, 0x7, 0x4, 0x36, 0x3, 0x3, 0xb})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000180)={0x50, 0x0, r5, {0x7, 0x29, 0x0, 0xffffffffc50a1816, 0xfff7, 0x7, 0x0, 0x8001, 0x0, 0x0, 0x8}}, 0x50)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x60800, 0x4b)
syz_fuse_handle_req(r4, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r4, &(0x7f00000067c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b00", 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="780000000000000002000000000000040000000000"], 0x0, 0x0, 0x0, 0x0})
getdents(r6, &(0x7f0000000700)=""/90, 0x20000)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000f, 0x810, r0, 0xc45f3000)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, 0x0})
syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440)
r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_BUF_SET_NAME_A(0xffffffffffffffff, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
close(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0xa, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0x10, 0x5, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x20003, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x4, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x200406, 0x6, 0x454f, 0x6, 0x80005, 0x8, 0x3ff, 0x7f, 0x0, 0x5, 0x0, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf3, 0xe, 0x2bf, 0x6c7, 0x2, 0xfffffffc, 0x5, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x1, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0xfffff575, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x47, 0x6, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3, 0xb, 0x5, 0x2, 0x2, 0x400003, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0x1000, 0x5, 0xb1, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120001, 0x200807ff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x4, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x4184, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0x2620, 0x1, 0x5, 0x1, 0x2000002, 0x14c, 0x60a7, 0x6, 0xa, 0xffffffff, 0x80000000, 0x800, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x0, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c)

3.930862433s ago: executing program 0 (id=676):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
syz_emit_ethernet(0x52, 0x0, 0x0) (async)
mremap(&(0x7f0000041000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00004c3000/0x2000)=nil)
r2 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000140)={'full'}, 0xfffffdef)
ioctl$int_in(r2, 0x5452, &(0x7f0000000240)=0x3) (async)
sendmsg$kcm(r2, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x20000818) (async)
setsockopt$sock_attach_bpf(r2, 0x1, 0x7, &(0x7f0000000340), 0x4) (async)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={<r4=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) (async)
setsockopt$inet6_opts(r3, 0x29, 0x39, &(0x7f0000000000)=@fragment={0x3b, 0x0, 0x1, 0x0, 0x0, 0x6, 0x68}, 0x8) (async)
r5 = socket$netlink(0x10, 0x3, 0x0) (async)
r6 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32, @ANYBLOB], 0x3c}}, 0x0) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000840)={r4, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c)

3.824315594s ago: executing program 1 (id=677):
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000100)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f00000006c0)="ebe3a0e9796cfd1647e299f4e376fdba1282adec00009d205e81f4a7f71c1926aae1efd7e0054a863f3d5c016db55b5bb9fa6935849e6098ed884e7c9c1726b360fbb37b4fe02fbbb09587304839b7664a030d2948756a9c9a16d706b4c4610ee88f9f73d4df3e0f165cfa6d2bcdfa75db4f47", 0x73}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45", 0xc8}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000540)=""/85, 0x55}, {&(0x7f0000000240)=""/75, 0x4b}], 0x2}, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000000))
read$dsp(r2, &(0x7f0000000300)=""/79, 0x4f)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e23, 0x1, @mcast2, 0x5}, 0xfffffffffffffe87)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000300)=@ccm_128={{0x303}, "87d4753c73e0b468", "1de59f6a1bc30c1e00680fe6f6b3cf47", "e2a6d26a", "cacc1947d51d95ad"}, 0x28)
splice(r4, 0x0, r3, 0x0, 0x10000008ebc, 0xe)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r5, 0x0, 0x13, &(0x7f0000000000)=0x800, 0x4)

3.652949205s ago: executing program 1 (id=678):
r0 = userfaultfd(0x801)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x22, 0x2, 0x24)
close(r3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000f, 0x810, r0, 0xc45f3000)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, 0x0})
syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_BUF_SET_NAME_A(0xffffffffffffffff, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
close(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0xa, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0x10, 0x5, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x20003, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x4, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x200406, 0x6, 0x454f, 0x6, 0x80005, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x0, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf3, 0xe, 0x2bf, 0x6c7, 0x2, 0xfffffffc, 0x5, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x1, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0xfffff575, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x47, 0x6, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3, 0xb, 0x5, 0x2, 0x2, 0x400003, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0x1000, 0x5, 0xb1, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x200807ff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x4, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x4184, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0x2620, 0x1, 0x5, 0x1, 0x2000002, 0x14c, 0x60a7, 0x6, 0xa, 0xffffffff, 0x80000000, 0x800, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x0, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

3.436241664s ago: executing program 3 (id=679):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff)
r2 = socket$kcm(0x21, 0x2, 0xa)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000002500)=[{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000d40)="2ecd0a539deb5d718c6f1dd9da4ed5fdc012c45c9ab8ae019a3fe174629ac716721393692aa7337b92bb50331acbc791bd526e7ef2c477d0fb24f6d3632ec0d86e8362e758e40847afce4bb0e8a36aa016126ddd957ab743576d311531fb147c85da96c2bd6ca3bbb3c6871eed3bf0e13a667793e7c03b8fc9bf22fc9cdc26887f896308e897a5321aca5e1b7855f7994156058b75c7054281510ce5f56f0411200d9fb63c3368956a28312df3f007e78506b90d59ede1cf9c3569991e87785b9afaa5365d217b13b393393bde3878b65a47863a84656e2c9d9f46820f507cb4201512145b77c3dfa6063058464efd712b9b9e74b58fee6816e53ff6530eefc3f21d7695c6ab6faf5fdf6ac63213c3e4d9a89d3d9cad6a3645a85f94d1abd8f832d27664f8adf4ca9cfe5e308eb371cb7361ef9fefcac59f3ded2dd959895ce5e66439ebd1e243d5d9106f8c51a622b6300d3de08becd9a4b7bfe22e7d43fddabe7b667e4a73c5474b1350fe038193432463903c1ae43f5dc4f0187126057c9eeb6d1e31b819c1a038f1f0c289b7c7f0e4055c326b06666bb702bcc836da854328ad4ccbb00aa56290390d59949c4b20f65ce44185ca55a9e306a04a1702d93bc4e7b62ce7c3bbd3a86cc685381a0de9890f983b3f97d474ac9f391b856d6f69da7533314bc4fe3d57bac77c9abff8786f38e98792097ee38c20ef72bc78f4b83f226d003ee392346d0e5210a2bbb11cf46f00a22a5d6e120a210716c12e7d2a1a1b0591f01418fd8530708d347148e343183d3be3890e864975b59b1fb797ba116b0507e024a77786168bcf67cadf68c39b899481e2a2393682fa4d64102750833a60dacce95e6514d498bd7c5340beed83d70037f8755f872d88b299cb980557", 0x281}], 0x1, 0x0, 0x0, 0x4000002}], 0x1, 0x5bf2b86607290f3a)
ptrace(0x10, r3)
ptrace$peeksig(0x4212, r3, &(0x7f0000000140)={0x0, 0x0, 0x4e}, &(0x7f0000000fc0))
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
openat$dsp(0xffffff9c, &(0x7f0000000100), 0x80000, 0x0)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x11)
close(0xffffffffffffffff)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x90, 0x0)
socket(0x1e, 0x4, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r6 = gettid()
rt_sigqueueinfo(r6, 0x21, &(0x7f0000001500)={0x0, 0x0, 0x6})
syz_pidfd_open(r6, 0x0)
r7 = fsopen(&(0x7f00000003c0)='bpf\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x24008000}, 0x800)
fsconfig$FSCONFIG_SET_BINARY(r7, 0x2, &(0x7f0000000280)='\xebU\x95\xa4i\xea`\xe0[\x9a\x84\x11\xc9&R:\xe9\xea\xec\xe05@b\x1f\xab\xb7\xe6\xd4\x18\xe7D@\xf5\xb2\xb4\xe8i$\x038\x99\xfb;\xbeR\xbf\xc2\r\x13\xf0\xf0\xec\x94\xad\nA\xee>\xb3i4\\\xc8\xd7 \x8d\xe0D\x953|) \xd8p\x12\x11\x81\x7f\x93\a\xfb!\x83\xc2\xd8\xe4\x98\xae\xb7\f\x0fR\xd3\xad\xa5\xca\xd5\xc2\bv+\x9a\x94\xd0\x05\x8d\xef\x9f94>\xa5?\x9a\x11Et\xef\xea\xe9e\x81\'jB\xca\f\xccz\x15x\x1cn\xe4\xf3\xbd\xb4q{\xb33\xffM\x95Jm\x90\x00\x15\r\xc8R\xb4\xf89>\xb7\x1e\xe3\x99\x99_~\xdb\xdc\xfd\x0f\x8f\xfc\xe4\xa4\xe8\x03K\xea\xb2\x91H|EB\xfd2\x10atXE\xee\xf4\x13c\xb5u\x85w$\xd3}\x19\xe7n\xf9\xe7\x11@\xceB\xd7/\xde\x80F\xe0\xd0dI\xedfq]\xb1\xaa\x9b)\\o\xd1\xdcx\x06\x80\x9f\xb3\xcc\r\b\xcb\xb1\x1c\x03G\xe4\xf0H`\x0e\xe1\xc7\x13\x9e%J\xe6\xe2\xe6\xb4:\xa8\xf51~\xc5\x8a\xfe++s\x0f\xa9\x00\x00A\xb8\xf1\xdb', &(0x7f00000000c0)="8c", 0xff57)
sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="050800000000000000000000f4000000"], 0x18}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='A\x00\x00\b', @ANYRES16=r1, @ANYBLOB="01000000000000000000030000001c0001800c0002800800030000010000090001006574683a00000000"], 0x30}}, 0x0)

2.346051042s ago: executing program 3 (id=680):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x28, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7ff, 0x5d}}}}}, 0x28}}, 0x24044884)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.172991902s ago: executing program 4 (id=681):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
fsopen(&(0x7f0000000400)='ceph\x00', 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
fcntl$setstatus(r0, 0x4, 0x400)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x4000)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="cecd939843d541007222884aab910de619f491eeab9785e088c61613b715eaf060d45ef7d5be437d9cbda44c3de2e26aa969e4", @ANYRES16=r1, @ANYBLOB="050004000000fedbdf250f00000008000300", @ANYRES32=r2, @ANYBLOB="3f000e0080000000080211000001ffffffffffff080211000000000000000000000000000400000000060101010101013c0401073c0271070101000101f0080010000e8005000300d900000004000100080026006c09000008000c006400000008000d0000000000"], 0x84}}, 0x0)

2.007731812s ago: executing program 4 (id=683):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
pipe(0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
rt_sigaction(0x4, &(0x7f00000000c0)={0x0, 0x80000003, 0x0, {[0x2, 0x3f1]}}, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x8, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
ioctl$EVIOCGEFFECTS(r1, 0x80044584, 0x0)
unshare(0x22020600)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x1, @remote}, 0xa}}, 0x26)
sendmmsg$inet(r4, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)}}], 0x1a000, 0x8040)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r5, 0x0)
setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r0, &(0x7f0000000500)="b2", 0x1, 0x40000d0, &(0x7f00000003c0)={0xa, 0x400, 0x6, @private0, 0x8}, 0x1c)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, 0x0, 0x0)

2.006539527s ago: executing program 0 (id=693):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b38, &(0x7f0000000080)={'wlan1\x00', @random="22000a3ec100"})

2.004447709s ago: executing program 1 (id=684):
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000800)=[&(0x7f0000000440)={0xf, 0x400000000000, 0x25, 0x8, 0x8, r5, 0x0, 0x0, 0x9, 0x0, 0x2, r5}])
sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000001580)={{{@in6=@private1, @in=@local, 0x0, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0x20, 0x11}, {0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x10, 0x9}, {}, 0x6, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x4d2, 0x33}, 0x0, @in=@private=0xa010100, 0x3506, 0x0, 0x2, 0xb7, 0x2, 0xfffffff9}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x1c)
mmap(&(0x7f0000009000/0x4000)=nil, 0x4000, 0x3000000, 0x32, 0xffffffffffffffff, 0x1a326000)

1.930525625s ago: executing program 0 (id=685):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000005880), r0)
r1 = socket$alg(0x26, 0x5, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x8, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='ns\x00')
r3 = open_tree(r2, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x824a5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', 0x0, 0x0, 0x0, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x10b, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, 0x0, 0x0)
exit(0x0)
socket$inet6(0x10, 0x80000, 0x3)
sendmsg(r5, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='.\x00', 0x610003, 0x1)
r6 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_restrict_self(r6, 0x3)
landlock_restrict_self(r6, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x26e1, 0x0)
accept4$alg(r1, 0x0, 0x0, 0x80800)
r7 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg(r7, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000001c40)=[{&(0x7f0000000580)="6187558fb3", 0x5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="c599f26acbf5efeccdda010d4e28e7fa6f35fdd93640489e689f168c7d9bd73236f9a09191b4619f91cf3dff1cba66b98083396a5e45ea629956e8cb5de42008a4ea079e7fc1cb5220f066029011daf8d363c5af0ca703b531c929e143c8d2cba1311f015097e6fa502e", 0x6a}, {&(0x7f00000001c0)="dba994a7c935d599ca1145bf4187d4811f36e6ae57ecac0a4bee21", 0x1b}, {&(0x7f00000003c0)="5ef10802b9645000fb20d800c5137c61cb9ea11e0a1888a0d1639496fbddbf7b3d8abbda62d1eca10d07c81af84305f29381859881f21ee36d51ecb42733c188f56a20458fea7187c01fdeec9bcd496377f4d47ab15c5815bfed1de8f02cfb3ceda0752393448e935777c9b5ee4d90902cd669db34049f5d4b6663c638a6323a310f803900fd071f7d317c8f1a5e357faa574f31547cd934ecbbb11fa009d94e54152eaaee58afd98f9e78067f3e6f43558c6ab8a47b9f97a3c2a0ed17634286c04c3a3a273118610a18fb16166e3dd337ca1df898de1ec57513039fd74917c9e85f201c897391897b7e112bea886c027cce00aafee197d26ec46ed098221a0ab1", 0x101}, {&(0x7f0000000340)="bc958990ea043131cdd0b15201b35cabc21ef193a6de699d28cfa542cb037675ecdb1a26ffe2768c63b048", 0x2b}], 0x4}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000540)}, {&(0x7f00000006c0)="7957bb61271ff9f247a65bc1de701cb2c85d3d93562a1e01bc315aca940ec9ea272c860a6b77782aeb22e6a8f64ca3b214a0b5f41167eadfea98a75fd1dc4ba76c79f38f5792c86adb392a3ff2116a981ef408c5c92e6b6168b1a40d3db38e67aa8689e050caa97b866d4e3886f1e08c4d959be48594df83907e75", 0x7b}, {&(0x7f00000000c0)="845869477f1d67911dee28799d1398c621f0610dee3530230514b0d8055597f0b8a812b1bfdbe708e2daec6f49d59a25ca9a3dbb4a9d99528cf14bf6b4890b45d1c75657e492c08773ecf83bd17421eaaae770131984f59541f50bb5d4531f06", 0x60}], 0x3}}], 0x3, 0xc004)
sendmmsg$unix(r7, &(0x7f0000000840)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}], 0x1, 0x0)

1.32791215s ago: executing program 3 (id=686):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000)
futex(&(0x7f0000000200)=0x1, 0x6, 0xf0, &(0x7f0000000240)={0x77359400}, 0x0, 0x1)

967.38526ms ago: executing program 2 (id=687):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x28, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7ff, 0x5d}}}}}, 0x28}}, 0x24044884)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

421.25063ms ago: executing program 2 (id=688):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xe8001, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0x2})
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb701)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x8000, 0x0, 0x0, 0x0, 0x0, 0xd}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000580)={0xffffffffffffffff, 0x0}, 0x20)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(0x0, 0x0, 0x0, 0x0, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='cubic', 0x6)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x3, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000140)='illinois', 0x8)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00'})
shutdown(r5, 0x2)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f0000000180)=0x70)
write$dsp(r7, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
syz_usb_connect(0x5, 0x3f, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000340)={&(0x7f00000002c0)=@nfc={0x27, 0x0, 0xffffffffffffffff, 0x2}, 0x80, 0x0, 0xffffffffffffff37}, 0x24000845)

284.618649ms ago: executing program 0 (id=689):
openat2$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x82000, 0x80, 0xa}, 0x18) (async)
r0 = openat2$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x82000, 0x80, 0xa}, 0x18)
statx(r0, &(0x7f0000000080)='./file0\x00', 0x6000, 0x100, &(0x7f00000000c0)) (async)
statx(r0, &(0x7f0000000080)='./file0\x00', 0x6000, 0x100, &(0x7f00000000c0))
recvmsg$can_bcm(r0, &(0x7f0000000400)={&(0x7f00000001c0)=@vsock, 0x80, &(0x7f0000000340)=[{&(0x7f0000000240)=""/243, 0xf3}], 0x1, &(0x7f0000000380)=""/99, 0x63}, 0x2001)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000440)=@ethtool_sfeatures={0x3b, 0x2, [{0xffff, 0x10000}, {0x7fff, 0x7dc}]}})
syz_open_dev$audion(&(0x7f00000004c0), 0xffff, 0x400300) (async)
r1 = syz_open_dev$audion(&(0x7f00000004c0), 0xffff, 0x400300)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) (async)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000005c0)={'tunl0\x00', &(0x7f0000000580)={'syztnl1\x00', 0x0, 0x40, 0x10, 0x5, 0xca8, {{0x7, 0x4, 0x0, 0x1, 0x1c, 0x65, 0x0, 0xf8, 0x29, 0x0, @empty, @multicast2, {[@end, @ssrr={0x89, 0x7, 0x45, [@empty]}]}}}}}) (async)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000005c0)={'tunl0\x00', &(0x7f0000000580)={'syztnl1\x00', <r3=>0x0, 0x40, 0x10, 0x5, 0xca8, {{0x7, 0x4, 0x0, 0x1, 0x1c, 0x65, 0x0, 0xf8, 0x29, 0x0, @empty, @multicast2, {[@end, @ssrr={0x89, 0x7, 0x45, [@empty]}]}}}}})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x58, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'batadv0\x00', <r5=>0x0})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000800)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0x98, r2, 0x100, 0x70bd29, 0x25dfdbff, {}, [@HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x40001}, 0x830)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000840)={{0x1, 0x1, 0x18, <r6=>r1}, './file0\x00'})
pread64(r0, &(0x7f0000000880)=""/20, 0x14, 0x6) (async)
pread64(r0, &(0x7f0000000880)=""/20, 0x14, 0x6)
lsetxattr$trusted_overlay_redirect(&(0x7f00000008c0)='./file0\x00', &(0x7f0000000900), &(0x7f0000000940)='./file0\x00', 0x8, 0x1)
chmod(&(0x7f0000000980)='./file0\x00', 0x55)
ioctl$FS_IOC_GETVERSION(r1, 0x80047601, &(0x7f00000009c0))
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_open_dev$usbfs(&(0x7f0000000a00), 0x6, 0x105000)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000a80), r6)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000c00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000ac0)={0xc8, r7, 0x200, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x100}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x11, 0x2}}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x200}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'rr\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x73}]}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@private1}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x27}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x20048010}, 0x8000) (async)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000c00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000ac0)={0xc8, r7, 0x200, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x100}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x11, 0x2}}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x200}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'rr\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x73}]}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@private1}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x27}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x20048010}, 0x8000)
openat$iommufd(0xffffff9c, &(0x7f0000000c40), 0x8040, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000c80)='\x00', &(0x7f0000000cc0)='./file0\x00', r6)
syz_open_dev$vcsu(&(0x7f0000000d00), 0x6, 0x80) (async)
r8 = syz_open_dev$vcsu(&(0x7f0000000d00), 0x6, 0x80)
read$usbfs(r8, &(0x7f0000000d40)=""/206, 0xce)
ioctl$IOMMU_VFIO_IOAS$GET(r8, 0x3b88, &(0x7f0000000e40)={0xc})
getsockopt$inet6_mtu(r8, 0x29, 0x17, &(0x7f0000000e80), &(0x7f0000000ec0)=0x4)
openat$vnet(0xffffff9c, &(0x7f0000000f00), 0x2, 0x0)
ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, &(0x7f0000000f40))
r9 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r9, &(0x7f0000000f80)=@pppol2tpv3in6={0x18, 0x1, {0x0, r8, 0x3, 0x4, 0x1, 0x3, {0xa, 0x4e24, 0xffffff2e, @private2, 0x5}}}, 0x3a)
ioctl$sock_inet6_tcp_SIOCINQ(r8, 0x541b, &(0x7f0000000fc0))

0s ago: executing program 0 (id=690):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x23, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

kernel console output (not intermixed with test programs):

710364][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.719832][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  133.736437][ T1579] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  133.747262][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.756491][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[  133.783208][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.792483][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  133.813930][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.823162][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  133.837563][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.846768][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  133.857098][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.866350][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  133.875725][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.880547][ T1579] em28xx 3-1:0.132: analog set to bulk mode.
[  133.885095][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[  133.897352][ T5892] em28xx 3-1:0.132: Registering V4L2 extension
[  133.908412][ T6861] ldm_validate_partition_table(): Disk read failed.
[  133.953221][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.962476][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[  133.971260][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  133.973474][ T5886] usb 3-1: USB disconnect, device number 3
[  133.980587][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  133.996858][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  134.006057][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  134.022249][ T5886] em28xx 3-1:0.132: Disconnecting em28xx
[  134.024205][ T6861] Dev loop5: unable to read RDB block 0
[  134.050705][ T6861]  loop5: unable to read partition table
[  134.065139][ T6861] loop5: partition table beyond EOD, truncated
[  134.075411][ T6861] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  134.489878][ T6878] kvm: user requested TSC rate below hardware speed
[  134.541518][ T5892] em28xx 3-1:0.132: Config register raw data: 0xffffffed
[  134.593125][ T5892] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[  134.628888][ T5892] em28xx 3-1:0.132: No AC97 audio processor
[  134.674364][ T5892] usb 3-1: Decoder not found
[  134.707234][ T5892] em28xx 3-1:0.132: failed to create media graph
[  134.759881][ T5892] em28xx 3-1:0.132: V4L2 device video103 deregistered
[  134.789148][ T5892] em28xx 3-1:0.132: Remote control support is not available for this card.
[  134.821194][ T6891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.256'.
[  134.837376][ T5886] em28xx 3-1:0.132: Closing input extension
[  134.874972][ T6891] FAULT_INJECTION: forcing a failure.
[  134.874972][ T6891] name failslab, interval 1, probability 0, space 0, times 0
[  134.916151][ T5886] em28xx 3-1:0.132: Freeing device
[  134.944460][ T6891] CPU: 0 UID: 0 PID: 6891 Comm: syz.2.256 Not tainted syzkaller #0 PREEMPT(full) 
[  134.944484][ T6891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  134.944494][ T6891] Call Trace:
[  134.944501][ T6891]  <TASK>
[  134.944508][ T6891]  dump_stack_lvl+0x189/0x250
[  134.944551][ T6891]  ? __pfx____ratelimit+0x10/0x10
[  134.944572][ T6891]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.944594][ T6891]  ? __pfx__printk+0x10/0x10
[  134.944615][ T6891]  ? __pfx___might_resched+0x10/0x10
[  134.944634][ T6891]  ? fs_reclaim_acquire+0x7d/0x100
[  134.944664][ T6891]  should_fail_ex+0x414/0x560
[  134.944693][ T6891]  should_failslab+0xa8/0x100
[  134.944712][ T6891]  kmem_cache_alloc_noprof+0x74/0x6e0
[  134.944732][ T6891]  ? security_inode_alloc+0x39/0x330
[  134.944759][ T6891]  security_inode_alloc+0x39/0x330
[  134.944784][ T6891]  inode_init_always_gfp+0x9ed/0xdc0
[  134.944813][ T6891]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  134.944836][ T6891]  alloc_inode+0x82/0x1b0
[  134.944860][ T6891]  new_inode+0x22/0x170
[  134.944881][ T6891]  __debugfs_create_file+0x14d/0x4f0
[  134.944909][ T6891]  debugfs_create_file_full+0x3f/0x60
[  134.944935][ T6891]  ref_tracker_dir_debugfs+0x14e/0x270
[  134.944951][ T6891]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  134.944993][ T6891]  ? trace_kmalloc+0x1f/0xd0
[  134.945010][ T6891]  ? __kvmalloc_node_noprof+0x5ed/0x910
[  134.945037][ T6891]  ? __raw_spin_lock_init+0x45/0x100
[  134.945062][ T6891]  alloc_netdev_mqs+0x272/0x11b0
[  134.945082][ T6891]  ? __pfx_br_dev_setup+0x10/0x10
[  134.945111][ T6891]  rtnl_create_link+0x31f/0xd10
[  134.945138][ T6891]  rtnl_newlink_create+0x25c/0xb00
[  134.945162][ T6891]  ? __lock_acquire+0xab9/0xd20
[  134.945183][ T6891]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  134.945204][ T6891]  ? __pfx___mutex_lock+0x10/0x10
[  134.945237][ T6891]  ? ns_capable+0x8a/0xf0
[  134.945268][ T6891]  rtnl_newlink+0x16e4/0x1c80
[  134.945293][ T6891]  ? netlink_deliver_tap+0x19c/0x1b0
[  134.945323][ T6891]  ? __pfx_rtnl_newlink+0x10/0x10
[  134.945371][ T6891]  ? kasan_quarantine_put+0xdd/0x220
[  134.945393][ T6891]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.945421][ T6891]  ? nlmon_xmit+0xb0/0x100
[  134.945439][ T6891]  ? kmem_cache_free+0x19b/0x690
[  134.945475][ T6891]  ? __local_bh_enable_ip+0x12d/0x1c0
[  134.945493][ T6891]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.945515][ T6891]  ? __local_bh_enable_ip+0x12d/0x1c0
[  134.945533][ T6891]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  134.945554][ T6891]  ? __dev_queue_xmit+0x27b/0x3b50
[  134.945574][ T6891]  ? __dev_queue_xmit+0x27b/0x3b50
[  134.945590][ T6891]  ? __dev_queue_xmit+0x27b/0x3b50
[  134.945610][ T6891]  ? __dev_queue_xmit+0x1d79/0x3b50
[  134.945626][ T6891]  ? kasan_save_track+0x3e/0x80
[  134.945646][ T6891]  ? __kasan_slab_alloc+0x6c/0x80
[  134.945668][ T6891]  ? __lock_acquire+0xab9/0xd20
[  134.945707][ T6891]  ? __pfx_rtnl_newlink+0x10/0x10
[  134.945728][ T6891]  rtnetlink_rcv_msg+0x7cf/0xb70
[  134.945754][ T6891]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  134.945776][ T6891]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  134.945797][ T6891]  ? ref_tracker_free+0x63a/0x7d0
[  134.945814][ T6891]  ? __asan_memcpy+0x40/0x70
[  134.945834][ T6891]  ? __pfx_ref_tracker_free+0x10/0x10
[  134.945848][ T6891]  ? __skb_clone+0x63/0x7a0
[  134.945875][ T6891]  netlink_rcv_skb+0x208/0x470
[  134.945900][ T6891]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  134.945925][ T6891]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  134.945960][ T6891]  ? netlink_deliver_tap+0x2e/0x1b0
[  134.945985][ T6891]  netlink_unicast+0x82f/0x9e0
[  134.946014][ T6891]  ? __pfx_netlink_unicast+0x10/0x10
[  134.946039][ T6891]  ? netlink_sendmsg+0x642/0xb30
[  134.946053][ T6891]  ? skb_put+0x11b/0x210
[  134.946073][ T6891]  netlink_sendmsg+0x805/0xb30
[  134.946100][ T6891]  ? __pfx_netlink_sendmsg+0x10/0x10
[  134.946120][ T6891]  ? __import_iovec+0x5d4/0x7f0
[  134.946138][ T6891]  ? aa_sock_msg_perm+0xf1/0x1d0
[  134.946164][ T6891]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  134.946180][ T6891]  ? __pfx_netlink_sendmsg+0x10/0x10
[  134.946198][ T6891]  __sock_sendmsg+0x21c/0x270
[  134.946224][ T6891]  ____sys_sendmsg+0x505/0x830
[  134.946248][ T6891]  ? __pfx_____sys_sendmsg+0x10/0x10
[  134.946290][ T6891]  ___sys_sendmsg+0x21f/0x2a0
[  134.946311][ T6891]  ? __pfx____sys_sendmsg+0x10/0x10
[  134.946365][ T6891]  ? __fget_files+0x2a/0x420
[  134.946380][ T6891]  ? __fget_files+0x3a0/0x420
[  134.946405][ T6891]  __sys_sendmsg+0x164/0x220
[  134.946424][ T6891]  ? __pfx___sys_sendmsg+0x10/0x10
[  134.946450][ T6891]  ? __pfx_ksys_write+0x10/0x10
[  134.946476][ T6891]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  134.946499][ T6891]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.946522][ T6891]  __do_fast_syscall_32+0xb6/0x2b0
[  134.946546][ T6891]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.946570][ T6891]  do_fast_syscall_32+0x34/0x80
[  134.946593][ T6891]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  134.946612][ T6891] RIP: 0023:0xf700d539
[  134.946627][ T6891] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  134.946639][ T6891] RSP: 002b:00000000f53fd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  134.946658][ T6891] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  134.946670][ T6891] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  134.946680][ T6891] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  134.946690][ T6891] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  134.946699][ T6891] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  134.946729][ T6891]  </TASK>
[  135.536063][ T6891] debugfs: out of free dentries, can not create file 'netdev@ffff8880708f0618'
[  135.820913][ T6899] netlink: 20 bytes leftover after parsing attributes in process `syz.3.258'.
[  136.095607][ T6911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.260'.
[  136.813181][ T6923] input: syz0 as /devices/virtual/input/input7
[  137.258395][ T6925] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.266317][ T6925] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.457470][ T5909] vhci_hcd: vhci_device speed not set
[  137.576099][ T6944] loop5: detected capacity change from 0 to 7
[  137.692889][ T6944] ldm_validate_partition_table(): Disk read failed.
[  137.701731][ T6944] Dev loop5: unable to read RDB block 0
[  137.810233][ T6944]  loop5: unable to read partition table
[  137.816031][ T6945] JFS: charset not found
[  137.820672][ T6944] loop5: partition table beyond EOD, truncated
[  137.827053][ T6944] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  138.139775][ T6958] kvm: user requested TSC rate below hardware speed
[  138.157118][ T5832] Bluetooth: hci4: command 0x0405 tx timeout
[  138.793168][    T9] usb usb36-port1: attempt power cycle
[  139.306921][ T6966] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  139.342979][ T6966] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  139.368183][    T9] usb usb36-port1: unable to enumerate USB device
[  139.787627][ T6966] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  139.796677][ T6966] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  139.897088][ T6987] pim6reg: entered allmulticast mode
[  139.906986][ T6966] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  139.924092][ T6966] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  139.991596][ T6966] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  140.003396][ T6966] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  140.048542][ T7020] netlink: 16 bytes leftover after parsing attributes in process `syz.4.280'.
[  140.084671][ T6966] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  140.097487][ T6966] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  140.378083][ T7033] FAULT_INJECTION: forcing a failure.
[  140.378083][ T7033] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  140.427511][ T7033] CPU: 1 UID: 0 PID: 7033 Comm: syz.1.281 Not tainted syzkaller #0 PREEMPT(full) 
[  140.427537][ T7033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  140.427547][ T7033] Call Trace:
[  140.427554][ T7033]  <TASK>
[  140.427562][ T7033]  dump_stack_lvl+0x189/0x250
[  140.427588][ T7033]  ? __pfx____ratelimit+0x10/0x10
[  140.427609][ T7033]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.427631][ T7033]  ? __pfx__printk+0x10/0x10
[  140.427649][ T7033]  ? __might_fault+0xb0/0x130
[  140.427683][ T7033]  should_fail_ex+0x414/0x560
[  140.427720][ T7033]  _copy_from_user+0x2d/0xb0
[  140.427742][ T7033]  xt_copy_counters+0x197/0x460
[  140.427768][ T7033]  ? __pfx_xt_copy_counters+0x10/0x10
[  140.427794][ T7033]  ? bpf_lsm_capable+0x9/0x20
[  140.427814][ T7033]  ? security_capable+0x7e/0x2e0
[  140.427843][ T7033]  do_ipt_set_ctl+0x178/0xcd0
[  140.427867][ T7033]  ? rcu_is_watching+0x15/0xb0
[  140.427886][ T7033]  ? trace_contention_end+0x39/0x120
[  140.427906][ T7033]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  140.427932][ T7033]  ? nf_setsockopt+0x221/0x290
[  140.427956][ T7033]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  140.427984][ T7033]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  140.428010][ T7033]  ? __pfx___mutex_lock+0x10/0x10
[  140.428037][ T7033]  ? __lock_acquire+0xab9/0xd20
[  140.428061][ T7033]  nf_setsockopt+0x26f/0x290
[  140.428083][ T7033]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  140.428107][ T7033]  smc_setsockopt+0x232/0xab0
[  140.428137][ T7033]  ? __pfx_smc_setsockopt+0x10/0x10
[  140.428156][ T7033]  ? aa_sock_opt_perm+0xff/0x1b0
[  140.428183][ T7033]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  140.428199][ T7033]  ? __pfx_smc_setsockopt+0x10/0x10
[  140.428222][ T7033]  do_sock_setsockopt+0x17c/0x1b0
[  140.428245][ T7033]  __ia32_sys_setsockopt+0x13f/0x1b0
[  140.428269][ T7033]  __do_fast_syscall_32+0xb6/0x2b0
[  140.428293][ T7033]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.428317][ T7033]  do_fast_syscall_32+0x34/0x80
[  140.428338][ T7033]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  140.428359][ T7033] RIP: 0023:0xf70dd539
[  140.428374][ T7033] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  140.428387][ T7033] RSP: 002b:00000000f54cd55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  140.428406][ T7033] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  140.428417][ T7033] RDX: 0000000000000041 RSI: 00000000800000c0 RDI: 0000000000000074
[  140.428428][ T7033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  140.428438][ T7033] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  140.428447][ T7033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  140.428475][ T7033]  </TASK>
[  140.888867][ T7043] kvm: user requested TSC rate below hardware speed
[  141.401505][ T7051] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.422485][ T7051] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.462869][ T7052] UHID_CREATE from different security context by process 204 (syz.1.284), this is not allowed.
[  141.637313][ T7051] bridge1: left promiscuous mode
[  141.645588][ T7058] program syz.2.287 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  142.025927][ T7072] input: syz0 as /devices/virtual/input/input9
[  142.038641][ T5909] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  142.207344][ T5909] usb 3-1: device descriptor read/64, error -71
[  142.328373][ T7080] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  142.436232][ T7080] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  142.452126][ T5909] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  142.501936][ T7080] kvm: requested 39390 ns i8254 timer period limited to 200000 ns
[  142.873476][ T5909] usb 3-1: device descriptor read/64, error -71
[  142.887083][ T7080] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  142.930992][ T7080] kvm: requested 96381 ns i8254 timer period limited to 200000 ns
[  142.970220][ T7080] kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[  142.987440][ T5909] usb usb3-port1: attempt power cycle
[  143.054791][ T7080] kvm: requested 170133 ns i8254 timer period limited to 200000 ns
[  143.076418][ T7080] kvm: requested 2514 ns i8254 timer period limited to 200000 ns
[  143.167017][ T7080] kvm: requested 6704 ns i8254 timer period limited to 200000 ns
[  143.193016][ T7080] kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  143.362993][ T7098] trusted_key: encrypted_key: master key parameter ':õ/ðÑc
user:syz' is invalid
[  143.418359][ T7098] trusted_key: encrypted_key: keylen parameter is missing
[  143.446928][ T5909] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  143.487586][ T5909] usb 3-1: device descriptor read/8, error -71
[  143.594564][ T7106] trusted_key: encrypted_key: keylen parameter is missing
[  143.727886][ T5909] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  143.788370][ T5909] usb 3-1: device descriptor read/8, error -71
[  143.897725][ T5909] usb usb3-port1: unable to enumerate USB device
[  143.919901][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  144.108402][    T9] usb 2-1: Using ep0 maxpacket: 32
[  144.125217][    T9] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  144.147397][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.209536][    T9] usb 2-1: config 0 descriptor??
[  144.422991][    T9] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  144.426724][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  144.428822][    T9] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  144.428888][    T9] usb 2-1: media controller created
[  144.470555][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  144.549872][ T7135] netlink: 8 bytes leftover after parsing attributes in process `syz.4.303'.
[  144.550928][ T7135] netlink: 68 bytes leftover after parsing attributes in process `syz.4.303'.
[  144.745022][    T9] DVB: Unable to find symbol dib7000p_attach()
[  144.745048][    T9] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  144.820077][ T7152] sctp: Trying to GSO but underlying device doesn't support it.
[  144.900720][    T9] rc_core: IR keymap rc-dib0700-rc5 not found
[  144.942372][    T9] Registered IR keymap rc-empty
[  145.017000][    T9] dvb-usb: could not initialize remote control.
[  145.093368][    T9] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  145.143374][    T9] usb 2-1: USB disconnect, device number 5
[  145.352414][    T9] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  145.447126][ T5911] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  145.615495][ T7169] tipc: Failed to obtain node identity
[  145.626936][ T7169] tipc: Enabling of bearer <ib:wg1> rejected, failed to enable media
[  145.669186][ T7171] netlink: 'syz.1.308': attribute type 3 has an invalid length.
[  145.678825][ T7171] netlink: 'syz.1.308': attribute type 3 has an invalid length.
[  145.688911][ T7171] netlink: 'syz.1.308': attribute type 3 has an invalid length.
[  145.696928][ T7171] netlink: 'syz.1.308': attribute type 3 has an invalid length.
[  145.706617][ T7171] netlink: 'syz.1.308': attribute type 3 has an invalid length.
[  145.718066][ T7171] netlink: 'syz.1.308': attribute type 3 has an invalid length.
[  145.746391][ T7171] netlink: 'syz.1.308': attribute type 3 has an invalid length.
[  145.755565][ T7171] netlink: 'syz.1.308': attribute type 3 has an invalid length.
[  145.773280][ T7171] netlink: 'syz.1.308': attribute type 3 has an invalid length.
[  145.816353][ T5911] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  145.836122][ T5911] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  145.869131][ T5911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.890368][ T5911] usb 3-1: config 0 descriptor??
[  145.890860][ T7171] netlink: 'syz.1.308': attribute type 3 has an invalid length.
[  145.932647][ T7176] sctp: [Deprecated]: syz.4.311 (pid 7176) Use of int in max_burst socket option deprecated.
[  145.932647][ T7176] Use struct sctp_assoc_value instead
[  145.987238][    T9] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  145.987284][ T7175] ªªªªªª: renamed from vlan0 (while UP)
[  146.193921][    T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  146.220183][    T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  146.263958][    T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  146.288804][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.613498][    T9] usb 2-1: usb_control_msg returned -32
[  146.619720][    T9] usbtmc 2-1:16.0: can't read capabilities
[  146.687365][ T5911] usbhid 3-1:0.0: can't add hid device: -71
[  146.701554][ T5911] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  146.777778][ T5911] usb 3-1: USB disconnect, device number 8
[  147.326967][ T5886] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  147.510574][ T5886] usb 3-1: device descriptor read/64, error -71
[  147.838586][ T5886] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  148.007089][ T5886] usb 3-1: device descriptor read/64, error -71
[  148.118236][ T5886] usb usb3-port1: attempt power cycle
[  149.294474][ T7236] FAULT_INJECTION: forcing a failure.
[  149.294474][ T7236] name failslab, interval 1, probability 0, space 0, times 0
[  149.343788][ T5886] usb 2-1: USB disconnect, device number 6
[  149.406023][ T7236] CPU: 0 UID: 0 PID: 7236 Comm: syz.3.321 Not tainted syzkaller #0 PREEMPT(full) 
[  149.406047][ T7236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  149.406057][ T7236] Call Trace:
[  149.406062][ T7236]  <TASK>
[  149.406066][ T7236]  dump_stack_lvl+0x189/0x250
[  149.406084][ T7236]  ? __pfx____ratelimit+0x10/0x10
[  149.406097][ T7236]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.406109][ T7236]  ? __pfx__printk+0x10/0x10
[  149.406117][ T7236]  ? netlink_sendmsg+0x805/0xb30
[  149.406128][ T7236]  ? __sys_sendmsg+0x164/0x220
[  149.406138][ T7236]  ? do_fast_syscall_32+0x34/0x80
[  149.406156][ T7236]  should_fail_ex+0x414/0x560
[  149.406173][ T7236]  should_failslab+0xa8/0x100
[  149.406185][ T7236]  kmem_cache_alloc_noprof+0x74/0x6e0
[  149.406198][ T7236]  ? skb_clone+0x212/0x3a0
[  149.406211][ T7236]  skb_clone+0x212/0x3a0
[  149.406223][ T7236]  __netlink_deliver_tap+0x404/0x850
[  149.406239][ T7236]  ? netlink_deliver_tap+0x2e/0x1b0
[  149.406249][ T7236]  netlink_deliver_tap+0x19c/0x1b0
[  149.406259][ T7236]  netlink_sendskb+0x68/0x140
[  149.406273][ T7236]  netlink_unicast+0x397/0x9e0
[  149.406285][ T7236]  ? __asan_memcpy+0x40/0x70
[  149.406301][ T7236]  ? __pfx_netlink_unicast+0x10/0x10
[  149.406319][ T7236]  netlink_rcv_skb+0x28c/0x470
[  149.406332][ T7236]  ? __lock_acquire+0xab9/0xd20
[  149.406342][ T7236]  ? __pfx_genl_rcv_msg+0x10/0x10
[  149.406353][ T7236]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  149.406377][ T7236]  ? down_read+0x1ad/0x2e0
[  149.406392][ T7236]  genl_rcv+0x28/0x40
[  149.406402][ T7236]  netlink_unicast+0x82f/0x9e0
[  149.406419][ T7236]  ? __pfx_netlink_unicast+0x10/0x10
[  149.406433][ T7236]  ? netlink_sendmsg+0x642/0xb30
[  149.406441][ T7236]  ? skb_put+0x11b/0x210
[  149.406451][ T7236]  netlink_sendmsg+0x805/0xb30
[  149.406466][ T7236]  ? __pfx_netlink_sendmsg+0x10/0x10
[  149.406476][ T7236]  ? __import_iovec+0x5d4/0x7f0
[  149.406487][ T7236]  ? aa_sock_msg_perm+0xf1/0x1d0
[  149.406502][ T7236]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  149.406511][ T7236]  ? __pfx_netlink_sendmsg+0x10/0x10
[  149.406521][ T7236]  __sock_sendmsg+0x21c/0x270
[  149.406535][ T7236]  ____sys_sendmsg+0x505/0x830
[  149.406548][ T7236]  ? __pfx_____sys_sendmsg+0x10/0x10
[  149.406567][ T7236]  ___sys_sendmsg+0x21f/0x2a0
[  149.406579][ T7236]  ? __pfx____sys_sendmsg+0x10/0x10
[  149.406608][ T7236]  ? __fget_files+0x2a/0x420
[  149.406617][ T7236]  ? __fget_files+0x3a0/0x420
[  149.406631][ T7236]  __sys_sendmsg+0x164/0x220
[  149.406642][ T7236]  ? __pfx___sys_sendmsg+0x10/0x10
[  149.406663][ T7236]  ? __pfx_ksys_write+0x10/0x10
[  149.406678][ T7236]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  149.406692][ T7236]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.406706][ T7236]  __do_fast_syscall_32+0xb6/0x2b0
[  149.406719][ T7236]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.406733][ T7236]  do_fast_syscall_32+0x34/0x80
[  149.406745][ T7236]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  149.406757][ T7236] RIP: 0023:0xf70cd539
[  149.406767][ T7236] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  149.406774][ T7236] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  149.406786][ T7236] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  149.406792][ T7236] RDX: 0000000000000084 RSI: 0000000000000000 RDI: 0000000000000000
[  149.406798][ T7236] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  149.406803][ T7236] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  149.406808][ T7236] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  149.406836][ T7236]  </TASK>
[  150.148037][ T5886] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  150.307035][ T5886] usb 2-1: Using ep0 maxpacket: 32
[  150.388713][ T5886] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  150.398245][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.427182][ T5886] usb 2-1: Product: syz
[  150.431388][ T5886] usb 2-1: Manufacturer: syz
[  150.436005][ T5886] usb 2-1: SerialNumber: syz
[  150.481333][ T5886] usb 2-1: config 0 descriptor??
[  150.538493][ T5886] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  150.821804][ T7268] input: syz0 as /devices/virtual/input/input11
[  151.862020][ T7279] netlink: 24 bytes leftover after parsing attributes in process `syz.2.335'.
[  152.185979][ T7283] kvm: kvm [7282]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000
[  152.572679][ T7300] netlink: 32 bytes leftover after parsing attributes in process `syz.0.351'.
[  152.710481][ T5886] gspca_ov534_9: reg_w failed -71
[  152.736587][ T7302] binder: binder_mmap: 7301 80000000-80003000 bad vm_flags failed -1
[  152.987067][ T5886] gspca_ov534_9: Unknown sensor 0000
[  152.987145][ T5886] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[  153.031788][ T5886] usb 2-1: USB disconnect, device number 7
[  154.467066][ T5886] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  154.597405][ T5900] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  154.616952][ T5886] usb 3-1: device descriptor read/64, error -71
[  154.617919][ T7335] FAULT_INJECTION: forcing a failure.
[  154.617919][ T7335] name failslab, interval 1, probability 0, space 0, times 0
[  154.663677][ T7335] CPU: 0 UID: 0 PID: 7335 Comm: syz.0.349 Not tainted syzkaller #0 PREEMPT(full) 
[  154.663703][ T7335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  154.663714][ T7335] Call Trace:
[  154.663721][ T7335]  <TASK>
[  154.663728][ T7335]  dump_stack_lvl+0x189/0x250
[  154.663755][ T7335]  ? __pfx____ratelimit+0x10/0x10
[  154.663775][ T7335]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.663795][ T7335]  ? __pfx__printk+0x10/0x10
[  154.663818][ T7335]  ? __pfx___might_resched+0x10/0x10
[  154.663836][ T7335]  ? fs_reclaim_acquire+0x7d/0x100
[  154.663866][ T7335]  should_fail_ex+0x414/0x560
[  154.663895][ T7335]  should_failslab+0xa8/0x100
[  154.663914][ T7335]  __kmalloc_cache_noprof+0x6f/0x6f0
[  154.663936][ T7335]  ? sctp_add_bind_addr+0x8c/0x370
[  154.663955][ T7335]  ? __local_bh_enable_ip+0x12d/0x1c0
[  154.663977][ T7335]  sctp_add_bind_addr+0x8c/0x370
[  154.663994][ T7335]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  154.664013][ T7335]  sctp_bind_addr_dup+0x95/0x100
[  154.664043][ T7335]  sctp_sock_migrate+0x357/0xfe0
[  154.664064][ T7335]  ? sctp_v6_init_sock+0x31/0x70
[  154.664078][ T7335]  ? sctp_v6_create_accept_sk+0x453/0x5d0
[  154.664106][ T7335]  sctp_accept+0x579/0x780
[  154.664136][ T7335]  ? __pfx_sctp_accept+0x10/0x10
[  154.664156][ T7335]  ? aa_sk_perm+0x81e/0x950
[  154.664177][ T7335]  ? __pfx_autoremove_wake_function+0x10/0x10
[  154.664203][ T7335]  ? __pfx_aa_sk_perm+0x10/0x10
[  154.664231][ T7335]  inet_accept+0xb2/0x150
[  154.664259][ T7335]  do_accept+0x48f/0x680
[  154.664288][ T7335]  ? __pfx_do_accept+0x10/0x10
[  154.664334][ T7335]  __sys_accept4+0x11c/0x1c0
[  154.664361][ T7335]  ? __pfx___sys_accept4+0x10/0x10
[  154.664384][ T7335]  ? __pfx_ksys_write+0x10/0x10
[  154.664414][ T7335]  __ia32_sys_accept4+0x9a/0xb0
[  154.664440][ T7335]  __do_fast_syscall_32+0xb6/0x2b0
[  154.664464][ T7335]  ? lockdep_hardirqs_on+0x9c/0x150
[  154.664489][ T7335]  do_fast_syscall_32+0x34/0x80
[  154.664511][ T7335]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  154.664532][ T7335] RIP: 0023:0xf7fb7539
[  154.664548][ T7335] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  154.664561][ T7335] RSP: 002b:00000000f548555c EFLAGS: 00000206 ORIG_RAX: 000000000000016c
[  154.664580][ T7335] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  154.664591][ T7335] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000000
[  154.664601][ T7335] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  154.664609][ T7335] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  154.664619][ T7335] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  154.664646][ T7335]  </TASK>
[  155.311946][ T5900] usb 2-1: config 1 has an invalid interface number: 128 but max is 2
[  155.323292][ T5900] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  155.335448][ T5900] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  155.349604][ T5900] usb 2-1: config 1 has no interface number 0
[  155.357608][ T5900] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  155.367043][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  155.386939][ T5886] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  155.394914][ T5900] usb 2-1: SerialNumber: syz
[  155.436599][ T5900] usb 2-1: 128:2 : does not exist
[  155.591358][ T5886] usb 3-1: device descriptor read/64, error -71
[  155.631162][ T7328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  155.648915][ T7328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.679000][ T5912] usb 2-1: USB disconnect, device number 8
[  155.719883][ T5886] usb usb3-port1: attempt power cycle
[  156.076940][ T5886] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  156.097820][ T5886] usb 3-1: device descriptor read/8, error -71
[  156.177025][ T5911] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  156.332340][ T5911] usb 1-1: config index 0 descriptor too short (expected 45, got 36)
[  156.340657][ T5911] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  156.353542][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  156.366608][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  156.382715][ T5886] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  156.390778][ T5911] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  156.417782][ T5911] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  156.437414][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.445869][ T5886] usb 3-1: device descriptor read/8, error -71
[  156.463356][ T5911] usb 1-1: config 0 descriptor??
[  156.487614][ T7347] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  156.576786][ T5886] usb usb3-port1: unable to enumerate USB device
[  156.645964][ T7360] kvm: kvm [7359]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000
[  157.340522][ T5911] usbhid 1-1:0.0: can't add hid device: -71
[  157.346621][ T5911] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  157.352475][ T7367] validate_nla: 45 callbacks suppressed
[  157.352492][ T7367] netlink: 'syz.3.360': attribute type 1 has an invalid length.
[  157.376960][ T7367] netlink: 'syz.3.360': attribute type 1 has an invalid length.
[  157.386548][ T5911] usb 1-1: USB disconnect, device number 4
[  157.837851][ T5892] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  158.040965][ T5892] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  158.056365][ T5892] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  158.070891][ T5892] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  158.080502][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.105103][ T5892] usb 2-1: config 0 descriptor??
[  158.121956][ T5892] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  158.141502][ T5892] dvb-usb: bulk message failed: -22 (3/0)
[  158.182555][ T5892] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  158.203783][ T5892] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  158.229638][ T5892] usb 2-1: media controller created
[  158.276110][ T5892] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  158.343341][ T5892] dvb-usb: bulk message failed: -22 (6/0)
[  158.367024][ T5892] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  158.421321][ T5892] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input12
[  158.456262][ T5892] dvb-usb: schedule remote query interval to 150 msecs.
[  158.463376][ T5892] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  158.608239][ T5892] usb 2-1: USB disconnect, device number 9
[  158.791086][ T5892] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  158.937242][ T5912] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  159.841896][ T5912] usb 5-1: Using ep0 maxpacket: 32
[  159.881996][ T5912] usb 5-1: config 0 has an invalid interface number: 19 but max is 0
[  159.893912][ T5912] usb 5-1: config 0 has an invalid descriptor of length 134, skipping remainder of the config
[  159.942513][ T5912] usb 5-1: config 0 has no interface number 0
[  159.966961][ T5900] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  159.982546][ T5912] usb 5-1: config 0 interface 19 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  160.028835][ T5912] usb 5-1: New USB device found, idVendor=04a4, idProduct=0014, bcdDevice=c9.57
[  160.068416][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.091690][ T5912] usb 5-1: Product: syz
[  160.104664][ T5912] usb 5-1: Manufacturer: syz
[  160.108291][ T5900] usb 4-1: device descriptor read/64, error -71
[  160.120137][ T5912] usb 5-1: SerialNumber: syz
[  160.217442][ T5912] usb 5-1: config 0 descriptor??
[  160.426932][ T5900] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  160.431411][ T7391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  160.447380][ T7391] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  160.477976][ T7413] kvm: kvm [7412]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000
[  160.567066][ T5912] usb 5-1: USB disconnect, device number 9
[  160.596897][ T5900] usb 4-1: device descriptor read/64, error -71
[  160.707506][ T5900] usb usb4-port1: attempt power cycle
[  161.476931][ T5900] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  161.508995][ T5900] usb 4-1: device descriptor read/8, error -71
[  161.767945][ T5900] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  161.807671][ T5900] usb 4-1: device descriptor read/8, error -71
[  161.833892][ T5886] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  161.917221][ T5900] usb usb4-port1: unable to enumerate USB device
[  161.979036][ T5886] usb 5-1: device descriptor read/64, error -71
[  162.227199][ T5886] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  162.357040][ T5886] usb 5-1: device descriptor read/64, error -71
[  162.467219][ T5886] usb usb5-port1: attempt power cycle
[  162.846931][ T5886] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  162.867688][ T5886] usb 5-1: device descriptor read/8, error -71
[  163.020484][ T7445] netlink: 4 bytes leftover after parsing attributes in process `syz.3.378'.
[  163.119615][ T5886] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  163.158548][ T7447] kvm: kvm [7446]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000
[  163.188481][ T5886] usb 5-1: device descriptor read/8, error -71
[  163.299638][ T5886] usb usb5-port1: unable to enumerate USB device
[  163.446961][ T5892] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  163.607617][ T5892] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  163.616691][ T5892] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  163.638926][ T5892] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  163.666965][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0
[  163.675204][ T5892] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  163.685182][ T5892] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  163.696154][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0
[  163.704264][ T5892] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  163.713430][ T5892] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  163.724378][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0
[  163.732418][ T5892] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  163.746948][ T5892] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  163.764711][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0
[  163.793354][ T5892] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  163.806928][ T5892] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  163.833029][ T7463] netlink: 'syz.2.382': attribute type 3 has an invalid length.
[  163.841234][ T7463] netlink: 'syz.2.382': attribute type 3 has an invalid length.
[  163.849153][ T7463] netlink: 'syz.2.382': attribute type 3 has an invalid length.
[  163.860218][ T7463] netlink: 'syz.2.382': attribute type 3 has an invalid length.
[  163.868383][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0
[  163.877747][ T7463] netlink: 'syz.2.382': attribute type 3 has an invalid length.
[  163.886967][ T5892] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  163.896090][ T5892] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  163.935181][ T7463] netlink: 'syz.2.382': attribute type 3 has an invalid length.
[  163.945363][ T7463] netlink: 'syz.2.382': attribute type 3 has an invalid length.
[  163.956983][ T7463] netlink: 'syz.2.382': attribute type 3 has an invalid length.
[  163.976944][ T7463] netlink: 'syz.2.382': attribute type 3 has an invalid length.
[  163.984718][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0
[  163.993797][ T7463] netlink: 'syz.2.382': attribute type 3 has an invalid length.
[  164.003479][ T5892] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  164.030010][ T5892] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  164.071586][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0
[  164.082905][ T5892] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  164.092238][ T5892] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  164.123679][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0
[  164.146138][ T5892] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  164.155606][ T5892] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  164.166058][ T5892] usb 4-1: Product: syz
[  164.174038][ T5892] usb 4-1: Manufacturer: syz
[  164.180229][ T5892] usb 4-1: SerialNumber: syz
[  164.186972][ T5909] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  164.214860][ T5892] usb 4-1: config 0 descriptor??
[  164.243494][ T5892] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  164.374254][ T5909] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  164.385813][ T5909] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  164.410471][ T5909] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  164.420245][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.836653][ T5909] usb 3-1: usb_control_msg returned -32
[  164.842491][ T5909] usbtmc 3-1:16.0: can't read capabilities
[  164.913495][ T7474] kvm: kvm [7472]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000
[  165.586417][ T5929] usb 4-1: USB disconnect, device number 10
[  165.652361][ T5929] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  166.105538][ T7482] netlink: 4 bytes leftover after parsing attributes in process `syz.3.385'.
[  166.776915][ T5892] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  167.543357][ T5892] usb 2-1: device descriptor read/64, error -71
[  167.793597][ T5929] usb 3-1: USB disconnect, device number 16
[  167.807903][ T5892] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  167.956942][ T5892] usb 2-1: device descriptor read/64, error -71
[  168.069079][ T5892] usb usb2-port1: attempt power cycle
[  168.437623][ T5892] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  168.600530][ T5892] usb 2-1: device descriptor read/8, error -71
[  168.890853][ T5892] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  169.083952][ T5892] usb 2-1: device descriptor read/8, error -71
[  169.209484][ T5892] usb usb2-port1: unable to enumerate USB device
[  169.412938][ T7528] kvm: kvm [7527]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000
[  169.423083][ T7538] FAULT_INJECTION: forcing a failure.
[  169.423083][ T7538] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  169.600898][ T7538] CPU: 1 UID: 0 PID: 7538 Comm: syz.0.400 Not tainted syzkaller #0 PREEMPT(full) 
[  169.600924][ T7538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  169.600935][ T7538] Call Trace:
[  169.600942][ T7538]  <TASK>
[  169.600950][ T7538]  dump_stack_lvl+0x189/0x250
[  169.600978][ T7538]  ? __pfx____ratelimit+0x10/0x10
[  169.601000][ T7538]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.601022][ T7538]  ? __pfx__printk+0x10/0x10
[  169.601052][ T7538]  should_fail_ex+0x414/0x560
[  169.601082][ T7538]  _copy_to_user+0x31/0xb0
[  169.601105][ T7538]  simple_read_from_buffer+0xe1/0x170
[  169.601134][ T7538]  proc_fail_nth_read+0x1b3/0x220
[  169.601158][ T7538]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  169.601175][ T7538]  ? rw_verify_area+0x2a6/0x4d0
[  169.601187][ T7538]  ? __lock_acquire+0xab9/0xd20
[  169.601196][ T7538]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  169.601213][ T7538]  vfs_read+0x200/0xa30
[  169.601234][ T7538]  ? fdget_pos+0x247/0x320
[  169.601254][ T7538]  ? __pfx___mutex_lock+0x10/0x10
[  169.601277][ T7538]  ? __pfx_vfs_read+0x10/0x10
[  169.601301][ T7538]  ? __fget_files+0x2a/0x420
[  169.601328][ T7538]  ? __fget_files+0x3a0/0x420
[  169.601343][ T7538]  ? __fget_files+0x2a/0x420
[  169.601372][ T7538]  ksys_read+0x145/0x250
[  169.601397][ T7538]  ? __pfx_ksys_read+0x10/0x10
[  169.601422][ T7538]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  169.601446][ T7538]  ? lockdep_hardirqs_on+0x9c/0x150
[  169.601471][ T7538]  __do_fast_syscall_32+0xb6/0x2b0
[  169.601487][ T7538]  ? lockdep_hardirqs_on+0x9c/0x150
[  169.601501][ T7538]  do_fast_syscall_32+0x34/0x80
[  169.601514][ T7538]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  169.601526][ T7538] RIP: 0023:0xf7fb7539
[  169.601541][ T7538] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  169.601554][ T7538] RSP: 002b:00000000f54a6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  169.601573][ T7538] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54a6620
[  169.601585][ T7538] RDX: 000000000000000f RSI: 00000000f7445ff4 RDI: 0000000000000000
[  169.601596][ T7538] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  169.601606][ T7538] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  169.601617][ T7538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  169.601645][ T7538]  </TASK>
[  171.562886][ T7564] FAULT_INJECTION: forcing a failure.
[  171.562886][ T7564] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  171.591860][ T7564] CPU: 1 UID: 0 PID: 7564 Comm: syz.0.407 Not tainted syzkaller #0 PREEMPT(full) 
[  171.591883][ T7564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  171.591893][ T7564] Call Trace:
[  171.591900][ T7564]  <TASK>
[  171.591908][ T7564]  dump_stack_lvl+0x189/0x250
[  171.591933][ T7564]  ? __pfx____ratelimit+0x10/0x10
[  171.591954][ T7564]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.591976][ T7564]  ? __pfx__printk+0x10/0x10
[  171.591997][ T7564]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  171.592024][ T7564]  should_fail_ex+0x414/0x560
[  171.592054][ T7564]  _copy_from_user+0x2d/0xb0
[  171.592075][ T7564]  sg_io+0x29f/0x8a0
[  171.592105][ T7564]  scsi_ioctl+0x1399/0x1fb0
[  171.592132][ T7564]  ? __pfx_scsi_ioctl+0x10/0x10
[  171.592187][ T7564]  ? __pfx___might_resched+0x10/0x10
[  171.592212][ T7564]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  171.592241][ T7564]  ? scsi_block_when_processing_errors+0x390/0x470
[  171.592268][ T7564]  ? __pfx_scsi_block_when_processing_errors+0x10/0x10
[  171.592311][ T7564]  sg_ioctl+0x1886/0x2230
[  171.592337][ T7564]  ? __pfx_sg_ioctl+0x10/0x10
[  171.592357][ T7564]  ? __fget_files+0x2a/0x420
[  171.592378][ T7564]  ? __fget_files+0x3a0/0x420
[  171.592393][ T7564]  ? __fget_files+0x2a/0x420
[  171.592417][ T7564]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  171.592440][ T7564]  __ia32_compat_sys_ioctl+0x543/0x840
[  171.592465][ T7564]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  171.592486][ T7564]  ? __fget_files+0x3a0/0x420
[  171.592509][ T7564]  ? fput+0xa0/0xd0
[  171.592528][ T7564]  ? ksys_write+0x22a/0x250
[  171.592549][ T7564]  ? exc_page_fault+0x82/0x100
[  171.592571][ T7564]  ? __pfx_ksys_write+0x10/0x10
[  171.592596][ T7564]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  171.592618][ T7564]  ? lockdep_hardirqs_on+0x9c/0x150
[  171.592642][ T7564]  __do_fast_syscall_32+0xb6/0x2b0
[  171.592664][ T7564]  ? lockdep_hardirqs_on+0x9c/0x150
[  171.592688][ T7564]  do_fast_syscall_32+0x34/0x80
[  171.592709][ T7564]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  171.592728][ T7564] RIP: 0023:0xf7fb7539
[  171.592746][ T7564] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  171.592760][ T7564] RSP: 002b:00000000f54a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  171.592779][ T7564] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000005393
[  171.592791][ T7564] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  171.592802][ T7564] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  171.592812][ T7564] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  171.592822][ T7564] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  171.592850][ T7564]  </TASK>
[  172.380422][ T7534] syz.2.399 (7534): drop_caches: 2
[  172.601300][ T7582] FAULT_INJECTION: forcing a failure.
[  172.601300][ T7582] name failslab, interval 1, probability 0, space 0, times 0
[  172.630576][ T7582] CPU: 0 UID: 0 PID: 7582 Comm: syz.3.413 Not tainted syzkaller #0 PREEMPT(full) 
[  172.630599][ T7582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  172.630608][ T7582] Call Trace:
[  172.630616][ T7582]  <TASK>
[  172.630623][ T7582]  dump_stack_lvl+0x189/0x250
[  172.630648][ T7582]  ? __pfx____ratelimit+0x10/0x10
[  172.630667][ T7582]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.630686][ T7582]  ? __pfx__printk+0x10/0x10
[  172.630708][ T7582]  ? __pfx___might_resched+0x10/0x10
[  172.630729][ T7582]  should_fail_ex+0x414/0x560
[  172.630758][ T7582]  should_failslab+0xa8/0x100
[  172.630778][ T7582]  kmem_cache_alloc_node_noprof+0x77/0x710
[  172.630801][ T7582]  ? __alloc_skb+0x112/0x2d0
[  172.630823][ T7582]  __alloc_skb+0x112/0x2d0
[  172.630843][ T7582]  netlink_ack+0x146/0xa50
[  172.630865][ T7582]  ? __pfx_genl_rcv_msg+0x10/0x10
[  172.630884][ T7582]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  172.630902][ T7582]  ? __pfx_nl80211_post_doit+0x10/0x10
[  172.630922][ T7582]  ? __asan_memcpy+0x40/0x70
[  172.630943][ T7582]  ? __pfx_ref_tracker_free+0x10/0x10
[  172.630968][ T7582]  netlink_rcv_skb+0x28c/0x470
[  172.630990][ T7582]  ? __lock_acquire+0xab9/0xd20
[  172.631008][ T7582]  ? __pfx_genl_rcv_msg+0x10/0x10
[  172.631030][ T7582]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  172.631074][ T7582]  ? down_read+0x1ad/0x2e0
[  172.631100][ T7582]  genl_rcv+0x28/0x40
[  172.631119][ T7582]  netlink_unicast+0x82f/0x9e0
[  172.631151][ T7582]  ? __pfx_netlink_unicast+0x10/0x10
[  172.631176][ T7582]  ? netlink_sendmsg+0x642/0xb30
[  172.631190][ T7582]  ? skb_put+0x11b/0x210
[  172.631211][ T7582]  netlink_sendmsg+0x805/0xb30
[  172.631238][ T7582]  ? __pfx_netlink_sendmsg+0x10/0x10
[  172.631258][ T7582]  ? __import_iovec+0x5d4/0x7f0
[  172.631277][ T7582]  ? aa_sock_msg_perm+0xf1/0x1d0
[  172.631301][ T7582]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  172.631317][ T7582]  ? __pfx_netlink_sendmsg+0x10/0x10
[  172.631342][ T7582]  __sock_sendmsg+0x21c/0x270
[  172.631367][ T7582]  ____sys_sendmsg+0x505/0x830
[  172.631392][ T7582]  ? __pfx_____sys_sendmsg+0x10/0x10
[  172.631428][ T7582]  ___sys_sendmsg+0x21f/0x2a0
[  172.631449][ T7582]  ? __pfx____sys_sendmsg+0x10/0x10
[  172.631505][ T7582]  ? __fget_files+0x2a/0x420
[  172.631520][ T7582]  ? __fget_files+0x3a0/0x420
[  172.631548][ T7582]  __sys_sendmsg+0x164/0x220
[  172.631568][ T7582]  ? __pfx___sys_sendmsg+0x10/0x10
[  172.631596][ T7582]  ? __pfx_ksys_write+0x10/0x10
[  172.631623][ T7582]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  172.631647][ T7582]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.631672][ T7582]  __do_fast_syscall_32+0xb6/0x2b0
[  172.631695][ T7582]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.631722][ T7582]  do_fast_syscall_32+0x34/0x80
[  172.631744][ T7582]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  172.631764][ T7582] RIP: 0023:0xf70cd539
[  172.631780][ T7582] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  172.631794][ T7582] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  172.631813][ T7582] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000480
[  172.631826][ T7582] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 0000000000000000
[  172.631836][ T7582] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  172.631846][ T7582] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  172.631857][ T7582] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  172.631886][ T7582]  </TASK>
[  173.036667][ T7583] kvm: kvm [7581]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000
[  173.082743][ T7595] syzkaller0: entered promiscuous mode
[  173.091220][ T7595] syzkaller0: entered allmulticast mode
[  173.663730][ T7606] validate_nla: 45 callbacks suppressed
[  173.664257][ T7606] netlink: 'syz.0.421': attribute type 50 has an invalid length.
[  173.684038][ T7606] netlink: 24 bytes leftover after parsing attributes in process `syz.0.421'.
[  173.787805][ T7610] capability: warning: `syz.1.423' uses deprecated v2 capabilities in a way that may be insecure
[  174.007214][ T7618] FAULT_INJECTION: forcing a failure.
[  174.007214][ T7618] name failslab, interval 1, probability 0, space 0, times 0
[  174.021435][ T7618] CPU: 1 UID: 0 PID: 7618 Comm: syz.2.425 Not tainted syzkaller #0 PREEMPT(full) 
[  174.021458][ T7618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  174.021468][ T7618] Call Trace:
[  174.021476][ T7618]  <TASK>
[  174.021483][ T7618]  dump_stack_lvl+0x189/0x250
[  174.021511][ T7618]  ? __pfx____ratelimit+0x10/0x10
[  174.021533][ T7618]  ? __pfx_dump_stack_lvl+0x10/0x10
[  174.021555][ T7618]  ? __pfx__printk+0x10/0x10
[  174.021577][ T7618]  ? __pfx___might_resched+0x10/0x10
[  174.021596][ T7618]  ? fs_reclaim_acquire+0x7d/0x100
[  174.021626][ T7618]  should_fail_ex+0x414/0x560
[  174.021656][ T7618]  should_failslab+0xa8/0x100
[  174.021676][ T7618]  __kmalloc_cache_noprof+0x6f/0x6f0
[  174.021698][ T7618]  ? fuse_create_open+0x1dc/0xc80
[  174.021726][ T7618]  fuse_create_open+0x1dc/0xc80
[  174.021752][ T7618]  ? do_raw_spin_unlock+0x122/0x240
[  174.021778][ T7618]  ? __pfx_fuse_create_open+0x10/0x10
[  174.021798][ T7618]  ? fuse_change_entry_timeout+0x2d2/0x430
[  174.021835][ T7618]  ? fuse_lookup+0x553/0x640
[  174.021879][ T7618]  ? __pfx_tomoyo_path_mknod+0x10/0x10
[  174.021896][ T7618]  ? from_kgid+0x1b0/0x650
[  174.021916][ T7618]  fuse_atomic_open+0x252/0x670
[  174.021941][ T7618]  ? __pfx_fuse_atomic_open+0x10/0x10
[  174.021960][ T7618]  path_openat+0xf66/0x3830
[  174.022015][ T7618]  ? __pfx_path_openat+0x10/0x10
[  174.022056][ T7618]  do_filp_open+0x1fa/0x410
[  174.022076][ T7618]  ? __lock_acquire+0xab9/0xd20
[  174.022099][ T7618]  ? __pfx_do_filp_open+0x10/0x10
[  174.022178][ T7618]  ? _raw_spin_unlock+0x28/0x50
[  174.022198][ T7618]  ? alloc_fd+0x64c/0x6c0
[  174.022234][ T7618]  do_sys_openat2+0x121/0x1c0
[  174.022258][ T7618]  ? __pfx_do_sys_openat2+0x10/0x10
[  174.022278][ T7618]  ? ksys_write+0x22a/0x250
[  174.022298][ T7618]  ? exc_page_fault+0x82/0x100
[  174.022321][ T7618]  ? __pfx_ksys_write+0x10/0x10
[  174.022349][ T7618]  __ia32_sys_creat+0x8f/0xc0
[  174.022373][ T7618]  __do_fast_syscall_32+0xb6/0x2b0
[  174.022397][ T7618]  ? lockdep_hardirqs_on+0x9c/0x150
[  174.022423][ T7618]  do_fast_syscall_32+0x34/0x80
[  174.022447][ T7618]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  174.022467][ T7618] RIP: 0023:0xf700d539
[  174.022482][ T7618] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  174.022496][ T7618] RSP: 002b:00000000f53dc55c EFLAGS: 00000206 ORIG_RAX: 0000000000000008
[  174.022515][ T7618] RAX: ffffffffffffffda RBX: 0000000080000080 RCX: 0000000000000001
[  174.022527][ T7618] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  174.022537][ T7618] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  174.022547][ T7618] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  174.022557][ T7618] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  174.022586][ T7618]  </TASK>
[  175.029799][ T7637] loop2: detected capacity change from 0 to 7
[  175.147152][ T7637] Dev loop2: unable to read RDB block 7
[  175.218429][ T7637]  loop2: unable to read partition table
[  175.239720][ T7638] netlink: 12 bytes leftover after parsing attributes in process `syz.1.426'.
[  175.258398][ T7637] loop2: partition table beyond EOD, truncated
[  175.264927][ T7637] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  176.466922][    T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  176.640594][    T9] usb 5-1: Using ep0 maxpacket: 16
[  176.648232][    T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  176.662828][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  176.696220][    T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  176.707043][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.719877][    T9] usb 5-1: Product: syz
[  176.731036][    T9] usb 5-1: Manufacturer: syz
[  176.742999][    T9] usb 5-1: SerialNumber: syz
[  176.824140][    T9] usb 5-1: config 0 descriptor??
[  176.834180][    T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  176.844014][    T9] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  177.447788][ T5912] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  177.457301][    T9] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  177.464277][    T9] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[  177.627305][ T5912] usb 4-1: Using ep0 maxpacket: 8
[  177.648662][ T5912] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  177.670550][ T5912] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  177.682269][    T9] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[  177.684616][ T5912] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  177.707908][    T9] em28xx 5-1:0.0: No AC97 audio processor
[  177.773167][ T7690] netlink: 12 bytes leftover after parsing attributes in process `syz.1.448'.
[  177.906311][ T5912] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  177.920452][ T7689] create_pit_timer: 12 callbacks suppressed
[  177.920469][ T7689] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  177.934541][ T5912] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  177.989081][ T7693] netlink: 40 bytes leftover after parsing attributes in process `syz.0.450'.
[  178.002496][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.006971][ T7693] netlink: 40 bytes leftover after parsing attributes in process `syz.0.450'.
[  178.054579][ T7697] netlink: 'syz.0.450': attribute type 10 has an invalid length.
[  178.112978][ T7693] A link change request failed with some changes committed already. Interface ip6gre0 may have been left with an inconsistent configuration, please check.
[  178.289952][ T5912] usb 4-1: GET_CAPABILITIES returned 0
[  178.298551][ T5912] usbtmc 4-1:16.0: can't read capabilities
[  179.123355][ T7707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  179.148938][ T7707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  179.183901][ T7709] FAULT_INJECTION: forcing a failure.
[  179.183901][ T7709] name failslab, interval 1, probability 0, space 0, times 0
[  179.198814][ T7709] CPU: 1 UID: 0 PID: 7709 Comm: syz.0.453 Not tainted syzkaller #0 PREEMPT(full) 
[  179.198837][ T7709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  179.198847][ T7709] Call Trace:
[  179.198854][ T7709]  <TASK>
[  179.198860][ T7709]  dump_stack_lvl+0x189/0x250
[  179.198886][ T7709]  ? __pfx____ratelimit+0x10/0x10
[  179.198906][ T7709]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.198925][ T7709]  ? __pfx__printk+0x10/0x10
[  179.198941][ T7709]  ? __pfx___might_resched+0x10/0x10
[  179.198955][ T7709]  ? fs_reclaim_acquire+0x7d/0x100
[  179.198979][ T7709]  should_fail_ex+0x414/0x560
[  179.199002][ T7709]  should_failslab+0xa8/0x100
[  179.199016][ T7709]  __kmalloc_cache_noprof+0x6f/0x6f0
[  179.199033][ T7709]  ? netlink_lookup+0x30/0x200
[  179.199051][ T7709]  ? genl_start+0x1c9/0x6c0
[  179.199070][ T7709]  genl_start+0x1c9/0x6c0
[  179.199084][ T7709]  ? netlink_lookup+0x30/0x200
[  179.199106][ T7709]  __netlink_dump_start+0x469/0x7e0
[  179.199131][ T7709]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  179.199150][ T7709]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  179.199172][ T7709]  ? __pfx_genl_start+0x10/0x10
[  179.199185][ T7709]  ? __pfx_genl_dumpit+0x10/0x10
[  179.199198][ T7709]  ? __pfx_genl_done+0x10/0x10
[  179.199215][ T7709]  ? bpf_lsm_capable+0x9/0x20
[  179.199231][ T7709]  ? security_capable+0x7e/0x2e0
[  179.199253][ T7709]  genl_rcv_msg+0x5da/0x790
[  179.199273][ T7709]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.199288][ T7709]  ? __pfx_batadv_mcast_flags_dump+0x10/0x10
[  179.199304][ T7709]  ? __asan_memcpy+0x40/0x70
[  179.199319][ T7709]  ? __pfx_ref_tracker_free+0x10/0x10
[  179.199338][ T7709]  netlink_rcv_skb+0x208/0x470
[  179.199355][ T7709]  ? __lock_acquire+0xab9/0xd20
[  179.199369][ T7709]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.199385][ T7709]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  179.199417][ T7709]  ? down_read+0x1ad/0x2e0
[  179.199438][ T7709]  genl_rcv+0x28/0x40
[  179.199451][ T7709]  netlink_unicast+0x82f/0x9e0
[  179.199475][ T7709]  ? __pfx_netlink_unicast+0x10/0x10
[  179.199494][ T7709]  ? netlink_sendmsg+0x642/0xb30
[  179.199504][ T7709]  ? skb_put+0x11b/0x210
[  179.199520][ T7709]  netlink_sendmsg+0x805/0xb30
[  179.199540][ T7709]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.199554][ T7709]  ? __import_iovec+0x5d4/0x7f0
[  179.199569][ T7709]  ? aa_sock_msg_perm+0xf1/0x1d0
[  179.199589][ T7709]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  179.199601][ T7709]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.199615][ T7709]  __sock_sendmsg+0x21c/0x270
[  179.199640][ T7709]  ____sys_sendmsg+0x505/0x830
[  179.199659][ T7709]  ? __pfx_____sys_sendmsg+0x10/0x10
[  179.199686][ T7709]  ___sys_sendmsg+0x21f/0x2a0
[  179.199701][ T7709]  ? __pfx____sys_sendmsg+0x10/0x10
[  179.199742][ T7709]  ? __fget_files+0x2a/0x420
[  179.199754][ T7709]  ? __fget_files+0x3a0/0x420
[  179.199777][ T7709]  __sys_sendmsg+0x164/0x220
[  179.199793][ T7709]  ? __pfx___sys_sendmsg+0x10/0x10
[  179.199813][ T7709]  ? __pfx_ksys_write+0x10/0x10
[  179.199833][ T7709]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  179.199852][ T7709]  ? lockdep_hardirqs_on+0x9c/0x150
[  179.199871][ T7709]  __do_fast_syscall_32+0xb6/0x2b0
[  179.199890][ T7709]  ? lockdep_hardirqs_on+0x9c/0x150
[  179.199909][ T7709]  do_fast_syscall_32+0x34/0x80
[  179.199926][ T7709]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  179.199942][ T7709] RIP: 0023:0xf7fb7539
[  179.199953][ T7709] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  179.199965][ T7709] RSP: 002b:00000000f54a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  179.199980][ T7709] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  179.199989][ T7709] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  179.199996][ T7709] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  179.200003][ T7709] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  179.200011][ T7709] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  179.200032][ T7709]  </TASK>
[  179.662153][ T5892] usb 5-1: USB disconnect, device number 14
[  179.679322][ T5892] em28xx 5-1:0.0: Disconnecting em28xx
[  179.743125][ T5892] em28xx 5-1:0.0: Freeing device
[  180.055198][ T5892] usb 4-1: USB disconnect, device number 11
[  182.727823][ T7764] FAULT_INJECTION: forcing a failure.
[  182.727823][ T7764] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.772710][ T7764] CPU: 1 UID: 0 PID: 7764 Comm: syz.1.469 Not tainted syzkaller #0 PREEMPT(full) 
[  182.772726][ T7764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  182.772736][ T7764] Call Trace:
[  182.772740][ T7764]  <TASK>
[  182.772749][ T7764]  dump_stack_lvl+0x189/0x250
[  182.772774][ T7764]  ? __pfx____ratelimit+0x10/0x10
[  182.772787][ T7764]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.772799][ T7764]  ? __pfx__printk+0x10/0x10
[  182.772816][ T7764]  should_fail_ex+0x414/0x560
[  182.772833][ T7764]  _copy_to_user+0x31/0xb0
[  182.772846][ T7764]  ? __pfx_virtio_read+0x10/0x10
[  182.772856][ T7764]  rng_dev_read+0x3f2/0x770
[  182.772868][ T7764]  ? __pfx_rng_dev_read+0x10/0x10
[  182.772875][ T7764]  ? common_file_perm+0x1b5/0x230
[  182.772892][ T7764]  ? bpf_lsm_file_permission+0x9/0x20
[  182.772902][ T7764]  ? security_file_permission+0x75/0x290
[  182.772915][ T7764]  ? rw_verify_area+0x2a6/0x4d0
[  182.772927][ T7764]  ? __lock_acquire+0xab9/0xd20
[  182.772936][ T7764]  ? __pfx_rng_dev_read+0x10/0x10
[  182.772945][ T7764]  vfs_read+0x200/0xa30
[  182.772963][ T7764]  ? __pfx_vfs_read+0x10/0x10
[  182.772977][ T7764]  ? __fget_files+0x2a/0x420
[  182.772988][ T7764]  ? __fget_files+0x2a/0x420
[  182.772996][ T7764]  ? __fget_files+0x3a0/0x420
[  182.773004][ T7764]  ? __fget_files+0x2a/0x420
[  182.773017][ T7764]  ksys_read+0x145/0x250
[  182.773028][ T7764]  ? exc_page_fault+0x82/0x100
[  182.773042][ T7764]  ? __pfx_ksys_read+0x10/0x10
[  182.773055][ T7764]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  182.773068][ T7764]  ? lockdep_hardirqs_on+0x9c/0x150
[  182.773082][ T7764]  __do_fast_syscall_32+0xb6/0x2b0
[  182.773095][ T7764]  ? lockdep_hardirqs_on+0x9c/0x150
[  182.773109][ T7764]  do_fast_syscall_32+0x34/0x80
[  182.773121][ T7764]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  182.773133][ T7764] RIP: 0023:0xf70dd539
[  182.773148][ T7764] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  182.773156][ T7764] RSP: 002b:00000000f54cd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  182.773172][ T7764] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002980
[  182.773179][ T7764] RDX: 00000000ffffff36 RSI: 0000000000000000 RDI: 0000000000000000
[  182.773185][ T7764] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  182.773190][ T7764] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  182.773196][ T7764] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  182.773211][ T7764]  </TASK>
[  183.413924][ T7777] FAULT_INJECTION: forcing a failure.
[  183.413924][ T7777] name failslab, interval 1, probability 0, space 0, times 0
[  183.428145][ T7777] CPU: 1 UID: 0 PID: 7777 Comm: syz.4.474 Not tainted syzkaller #0 PREEMPT(full) 
[  183.428168][ T7777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  183.428178][ T7777] Call Trace:
[  183.428185][ T7777]  <TASK>
[  183.428192][ T7777]  dump_stack_lvl+0x189/0x250
[  183.428217][ T7777]  ? __pfx____ratelimit+0x10/0x10
[  183.428246][ T7777]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.428266][ T7777]  ? __pfx__printk+0x10/0x10
[  183.428289][ T7777]  ? __pfx___might_resched+0x10/0x10
[  183.428312][ T7777]  should_fail_ex+0x414/0x560
[  183.428340][ T7777]  should_failslab+0xa8/0x100
[  183.428359][ T7777]  __kmalloc_noprof+0xcb/0x7f0
[  183.428381][ T7777]  ? tcf_em_tree_validate+0x1bf/0x1190
[  183.428402][ T7777]  ? tcf_em_tree_validate+0x16f/0x1190
[  183.428434][ T7777]  tcf_em_tree_validate+0x1bf/0x1190
[  183.428476][ T7777]  ? __pfx_tcf_em_tree_validate+0x10/0x10
[  183.428503][ T7777]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[  183.428524][ T7777]  ? __nla_parse+0x40/0x60
[  183.428545][ T7777]  flow_change+0x464/0x1a50
[  183.428569][ T7777]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  183.428599][ T7777]  ? __pfx_flow_change+0x10/0x10
[  183.428644][ T7777]  tc_new_tfilter+0xdca/0x15b0
[  183.428690][ T7777]  ? __pfx_tc_new_tfilter+0x10/0x10
[  183.428705][ T7777]  ? __dev_queue_xmit+0x1d79/0x3b50
[  183.428752][ T7777]  ? __pfx_tc_new_tfilter+0x10/0x10
[  183.428767][ T7777]  rtnetlink_rcv_msg+0x7cf/0xb70
[  183.428795][ T7777]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  183.428818][ T7777]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  183.428838][ T7777]  ? ref_tracker_free+0x63a/0x7d0
[  183.428854][ T7777]  ? __asan_memcpy+0x40/0x70
[  183.428874][ T7777]  ? __pfx_ref_tracker_free+0x10/0x10
[  183.428889][ T7777]  ? __skb_clone+0x63/0x7a0
[  183.428917][ T7777]  netlink_rcv_skb+0x208/0x470
[  183.428941][ T7777]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  183.428964][ T7777]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  183.428998][ T7777]  ? netlink_deliver_tap+0x2e/0x1b0
[  183.429019][ T7777]  netlink_unicast+0x82f/0x9e0
[  183.429052][ T7777]  ? __pfx_netlink_unicast+0x10/0x10
[  183.429077][ T7777]  ? netlink_sendmsg+0x642/0xb30
[  183.429092][ T7777]  ? skb_put+0x11b/0x210
[  183.429110][ T7777]  netlink_sendmsg+0x805/0xb30
[  183.429135][ T7777]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.429154][ T7777]  ? __import_iovec+0x5d4/0x7f0
[  183.429171][ T7777]  ? aa_sock_msg_perm+0xf1/0x1d0
[  183.429196][ T7777]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  183.429210][ T7777]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.429226][ T7777]  __sock_sendmsg+0x21c/0x270
[  183.429249][ T7777]  ____sys_sendmsg+0x505/0x830
[  183.429272][ T7777]  ? __pfx_____sys_sendmsg+0x10/0x10
[  183.429309][ T7777]  ___sys_sendmsg+0x21f/0x2a0
[  183.429330][ T7777]  ? __pfx____sys_sendmsg+0x10/0x10
[  183.429383][ T7777]  ? __fget_files+0x2a/0x420
[  183.429397][ T7777]  ? __fget_files+0x3a0/0x420
[  183.429432][ T7777]  __sys_sendmsg+0x164/0x220
[  183.429452][ T7777]  ? __pfx___sys_sendmsg+0x10/0x10
[  183.429480][ T7777]  ? __pfx_ksys_write+0x10/0x10
[  183.429506][ T7777]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  183.429530][ T7777]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.429554][ T7777]  __do_fast_syscall_32+0xb6/0x2b0
[  183.429578][ T7777]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.429604][ T7777]  do_fast_syscall_32+0x34/0x80
[  183.429626][ T7777]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  183.429645][ T7777] RIP: 0023:0xf7fe2539
[  183.429660][ T7777] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  183.429675][ T7777] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  183.429693][ T7777] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000140
[  183.429705][ T7777] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  183.429715][ T7777] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  183.429724][ T7777] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  183.429734][ T7777] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  183.429762][ T7777]  </TASK>
[  184.195573][ T7782] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  184.320406][ T7786] netlink: 1276 bytes leftover after parsing attributes in process `syz.1.475'.
[  184.588058][ T7794] af_packet: tpacket_rcv: packet too big, clamped from 64862 to 3942. macoff=106
[  185.157073][ T5886] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  185.317000][ T5886] usb 3-1: Using ep0 maxpacket: 16
[  185.336140][ T5886] usb 3-1: config 0 has no interfaces?
[  185.344760][ T5886] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  185.355508][ T5886] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  185.364282][ T5886] usb 3-1: Manufacturer: syz
[  185.389690][ T5886] usb 3-1: config 0 descriptor??
[  185.713715][ T7807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.481'.
[  185.895650][ T7808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.047587][ T7802] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  186.216302][ T7808] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  187.893980][ T5886] usb 3-1: USB disconnect, device number 17
[  189.937324][ T7848] netlink: 12 bytes leftover after parsing attributes in process `syz.4.491'.
[  190.649450][ T7860] syzkaller0: entered promiscuous mode
[  190.656586][ T7860] syzkaller0: entered allmulticast mode
[  191.037607][ T5900] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  191.202690][ T5900] usb 4-1: Using ep0 maxpacket: 8
[  191.209652][ T5900] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  191.295675][ T5900] usb 4-1: config 0 has no interface number 0
[  191.319516][ T5900] usb 4-1: config 0 interface 1 has no altsetting 0
[  191.349484][ T5900] usb 4-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f
[  191.360069][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.369163][ T5900] usb 4-1: Product: syz
[  191.373521][ T5900] usb 4-1: Manufacturer: syz
[  191.391755][ T5900] usb 4-1: SerialNumber: syz
[  191.414101][ T5900] usb 4-1: config 0 descriptor??
[  191.547582][    T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  191.630063][ T5900] i2c-cp2615 4-1:0.1: probe with driver i2c-cp2615 failed with error -22
[  191.801663][    T9] usb 3-1: config 0 has an invalid interface number: 177 but max is 0
[  191.810042][ T5929] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  191.818208][ T5900] IPVS: starting estimator thread 0...
[  191.844296][    T9] usb 3-1: config 0 has no interface number 0
[  191.905133][ T5900] usb 4-1: USB disconnect, device number 12
[  191.914989][    T9] usb 3-1: config 0 interface 177 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  191.936297][    T9] usb 3-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=9f.2b
[  191.974128][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.979402][ T7888] IPVS: using max 50 ests per chain, 120000 per kthread
[  192.006945][ T5929] usb 2-1: Using ep0 maxpacket: 16
[  192.014895][ T5929] usb 2-1: config 0 has no interfaces?
[  192.024240][ T5929] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  192.034572][ T5929] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  192.044733][    T9] usb 3-1: config 0 descriptor??
[  192.053387][    T9] HFC-S_USB 3-1:0.177: probe with driver HFC-S_USB failed with error -5
[  192.285565][ T5929] usb 2-1: Manufacturer: syz
[  192.289344][ T7876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.355423][ T7876] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.356025][ T5929] usb 2-1: config 0 descriptor??
[  192.547124][ T5900] usb 3-1: USB disconnect, device number 18
[  192.925750][ T7894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.499'.
[  193.006693][ T7885] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.013980][ T7885] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.021584][ T7885] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.028832][ T7885] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.104518][ T7898] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  193.113379][ T7898] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  193.217192][ T7885] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  194.348310][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.356786][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  194.446496][ T5929] usb 2-1: USB disconnect, device number 14
[  194.625440][ T7927] netlink: 12 bytes leftover after parsing attributes in process `syz.3.509'.
[  195.012410][   T30] audit: type=1326 audit(1762144961.857:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz.0.510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7539 code=0x7ffc0000
[  195.066786][   T30] audit: type=1326 audit(1762144961.857:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz.0.510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=310 compat=1 ip=0xf7fb7539 code=0x7ffc0000
[  195.148231][   T30] audit: type=1326 audit(1762144961.857:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz.0.510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7539 code=0x7ffc0000
[  195.225629][   T30] audit: type=1326 audit(1762144961.857:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz.0.510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7fb7539 code=0x7ffc0000
[  195.319842][   T30] audit: type=1326 audit(1762144961.857:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz.0.510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7539 code=0x7ffc0000
[  195.388390][ T5886] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  195.465652][   T30] audit: type=1326 audit(1762144961.857:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz.0.510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=367 compat=1 ip=0xf7fb7539 code=0x7ffc0000
[  195.527006][   T30] audit: type=1326 audit(1762144961.857:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz.0.510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7539 code=0x7ffc0000
[  195.582229][   T30] audit: type=1326 audit(1762144961.857:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz.0.510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fb7539 code=0x7ffc0000
[  195.607256][ T5886] usb 2-1: Using ep0 maxpacket: 8
[  195.614355][ T5886] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  195.625650][   T30] audit: type=1326 audit(1762144961.857:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz.0.510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb7539 code=0x7ffc0000
[  195.647828][   T30] audit: type=1326 audit(1762144961.857:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz.0.510" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7fb7539 code=0x7ffc0000
[  195.650015][ T5886] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  195.850959][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.936958][ T5886] usb 2-1: Product: syz
[  195.952643][ T5886] usb 2-1: Manufacturer: syz
[  195.957846][ T5886] usb 2-1: SerialNumber: syz
[  195.967931][ T5886] usb 2-1: config 0 descriptor??
[  195.983022][ T5886] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  196.001538][ T5886] usb 2-1: setting power ON
[  196.011019][ T5886] dvb-usb: bulk message failed: -22 (2/0)
[  196.038335][ T5886] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  196.061002][ T5886] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  196.096438][ T5886] usb 2-1: media controller created
[  196.167678][ T5886] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  196.195171][ T7936] dvb-usb: bulk message failed: -22 (3/0)
[  196.202166][ T7936] dvb-usb: bulk message failed: -22 (4/0)
[  196.208757][ T7936] cxusb: i2c read failed
[  196.263837][ T5886] usb 2-1: selecting invalid altsetting 6
[  196.276403][ T5886] usb 2-1: digital interface selection failed (-22)
[  196.288892][ T5886] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  196.325273][ T5886] usb 2-1: setting power OFF
[  196.334721][ T5886] dvb-usb: bulk message failed: -22 (2/0)
[  196.359532][ T5886] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  196.391599][ T5886] (NULL device *): no alternate interface
[  196.395323][ T7953] netlink: 'syz.3.515': attribute type 2 has an invalid length.
[  196.410382][ T7953] netlink: 132 bytes leftover after parsing attributes in process `syz.3.515'.
[  197.706936][ T5911] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  197.868949][ T5911] usb 5-1: Using ep0 maxpacket: 16
[  197.887099][    T9] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  197.900061][ T5911] usb 5-1: config 0 has no interfaces?
[  197.920657][ T5911] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  197.940245][ T5911] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  197.956340][ T5911] usb 5-1: Manufacturer: syz
[  197.977162][ T5911] usb 5-1: config 0 descriptor??
[  198.058846][    T9] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  198.175325][    T9] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  198.191569][    T9] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  198.204118][    T9] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  198.215927][    T9] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  198.276609][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  198.290925][    T9] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  198.300513][    T9] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  198.309292][    T9] usb 3-1: Product: syz
[  198.313674][    T9] usb 3-1: Manufacturer: syz
[  198.333905][    T9] usb 3-1: SerialNumber: syz
[  198.390675][ T7993] netlink: 8 bytes leftover after parsing attributes in process `syz.4.522'.
[  198.405943][ T7978] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  198.428912][    T9] usb 3-1: config 0 descriptor??
[  198.435327][ T7981] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  198.445058][    T9] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  198.456479][    T9] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  198.762897][ T7975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  198.786546][ T7975] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.826982][    T9] usb 3-1: USB disconnect, device number 19
[  198.854738][    T9] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  200.017251][ T8019] bond0: (slave virt_wifi0): The slave device specified does not support setting the MAC address
[  200.087647][ T8019] bond0: (slave virt_wifi0): Error -95 calling set_mac_address
[  200.315468][ T5911] usb 5-1: USB disconnect, device number 15
[  200.775900][ T8036] program syz.4.537 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  200.949059][ T5892] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  201.096999][ T5911] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  201.237665][ T5892] usb 4-1: Using ep0 maxpacket: 16
[  201.250409][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.298582][ T5911] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  201.310578][ T5892] usb 4-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00
[  201.325159][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.356777][ T5911] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  201.367304][ T5911] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  201.381443][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.392381][ T5911] usb 5-1: Manufacturer: syz
[  201.419267][ T5911] usb 5-1: config 0 descriptor??
[  201.446276][ T5892] usb 4-1: config 0 descriptor??
[  201.517075][ T5911] rc_core: IR keymap rc-hauppauge not found
[  201.523258][ T5911] Registered IR keymap rc-empty
[  201.540707][ T5911] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  201.575367][ T5911] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input13
[  202.449823][ T5900] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  202.521628][ T5900] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  203.572618][ T8062] netlink: 8 bytes leftover after parsing attributes in process `syz.4.537'.
[  203.851313][ T5912] usb 5-1: USB disconnect, device number 16
[  203.903083][ T8068] netlink: 8 bytes leftover after parsing attributes in process `syz.0.542'.
[  204.312983][ T5892] usbhid 4-1:0.0: can't add hid device: -71
[  204.344189][ T5892] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  204.372447][ T5892] usb 4-1: USB disconnect, device number 13
[  205.191893][ T8097] netlink: 8 bytes leftover after parsing attributes in process `syz.0.552'.
[  205.237691][ T8097] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  205.822035][ T8094] netlink: 136 bytes leftover after parsing attributes in process `syz.4.551'.
[  205.868505][ T8094] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[  206.407843][   T43] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  206.559886][   T43] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  206.567576][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64
[  206.609969][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  206.686188][   T43] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  206.694346][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64
[  206.714301][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  206.742234][   T43] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  206.752469][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64
[  206.785920][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  206.818919][   T43] usb 1-1: string descriptor 0 read error: -22
[  206.826406][   T43] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  206.840876][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.880308][   T43] adutux 1-1:168.0: interrupt endpoints not found
[  207.099020][    T9] usb 1-1: USB disconnect, device number 5
[  207.952178][ T5911] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  208.119969][ T5911] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  208.155881][ T5911] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C
[  208.192864][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 10
[  208.222467][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  208.244820][ T5911] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  208.264421][ T5911] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  208.284039][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.299496][ T5911] usb 5-1: Product: syz
[  208.309366][ T5911] usb 5-1: Manufacturer: syz
[  208.319649][ T5911] usb 5-1: SerialNumber: syz
[  208.339995][ T5911] usb 5-1: config 0 descriptor??
[  208.362873][ T5911] xbox_remote_probe: endpoint_in message size==0?
[  208.615092][ T8108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.625625][ T8108] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.680746][ T8108] program syz.4.556 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.701943][    T9] usb 5-1: USB disconnect, device number 17
[  208.978175][ T8135] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  209.034885][ T8135] netlink: 'syz.2.560': attribute type 32 has an invalid length.
[  209.043821][ T8135] netlink: 'syz.2.560': attribute type 32 has an invalid length.
[  209.086962][   T43] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  209.278084][   T43] usb 1-1: Using ep0 maxpacket: 16
[  209.291477][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  209.311829][   T43] usb 1-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00
[  209.355283][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.416058][   T43] usb 1-1: config 0 descriptor??
[  210.046227][ T8132] netlink: 'syz.2.560': attribute type 9 has an invalid length.
[  211.259160][ T8170] FAULT_INJECTION: forcing a failure.
[  211.259160][ T8170] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  211.307002][ T8170] CPU: 1 UID: 0 PID: 8170 Comm: syz.2.565 Not tainted syzkaller #0 PREEMPT(full) 
[  211.307025][ T8170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  211.307035][ T8170] Call Trace:
[  211.307043][ T8170]  <TASK>
[  211.307050][ T8170]  dump_stack_lvl+0x189/0x250
[  211.307078][ T8170]  ? __pfx____ratelimit+0x10/0x10
[  211.307096][ T8170]  ? __pfx_dump_stack_lvl+0x10/0x10
[  211.307113][ T8170]  ? __pfx__printk+0x10/0x10
[  211.307128][ T8170]  ? __might_fault+0xb0/0x130
[  211.307157][ T8170]  should_fail_ex+0x414/0x560
[  211.307185][ T8170]  _copy_from_user+0x2d/0xb0
[  211.307206][ T8170]  ucma_disconnect+0x88/0x2a0
[  211.307227][ T8170]  ? __pfx_ucma_disconnect+0x10/0x10
[  211.307256][ T8170]  ucma_write+0x249/0x2e0
[  211.307278][ T8170]  ? __pfx_ucma_write+0x10/0x10
[  211.307298][ T8170]  ? security_file_permission+0x75/0x290
[  211.307319][ T8170]  ? rw_verify_area+0x255/0x4d0
[  211.307345][ T8170]  vfs_writev+0x4b6/0x960
[  211.307364][ T8170]  ? __pfx_ucma_write+0x10/0x10
[  211.307384][ T8170]  ? __pfx_vfs_writev+0x10/0x10
[  211.307415][ T8170]  ? __fget_files+0x2a/0x420
[  211.307435][ T8170]  ? __fget_files+0x3a0/0x420
[  211.307451][ T8170]  ? __fget_files+0x2a/0x420
[  211.307484][ T8170]  do_writev+0x14d/0x2d0
[  211.307506][ T8170]  ? __pfx_do_writev+0x10/0x10
[  211.307526][ T8170]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  211.307548][ T8170]  ? lockdep_hardirqs_on+0x9c/0x150
[  211.307571][ T8170]  __do_fast_syscall_32+0xb6/0x2b0
[  211.307591][ T8170]  ? lockdep_hardirqs_on+0x9c/0x150
[  211.307615][ T8170]  do_fast_syscall_32+0x34/0x80
[  211.307635][ T8170]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  211.307654][ T8170] RIP: 0023:0xf700d539
[  211.307669][ T8170] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  211.307684][ T8170] RSP: 002b:00000000f53dc55c EFLAGS: 00000206 ORIG_RAX: 0000000000000092
[  211.307701][ T8170] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000000
[  211.307712][ T8170] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[  211.307721][ T8170] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  211.307729][ T8170] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  211.307738][ T8170] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  211.307765][ T8170]  </TASK>
[  211.768979][   T43] usbhid 1-1:0.0: can't add hid device: -71
[  211.782935][   T43] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  211.798704][   T43] usb 1-1: USB disconnect, device number 6
[  212.164151][    T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  212.329009][    T9] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  212.339491][    T9] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  212.356236][    T9] usb 4-1: config 4 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  212.375201][    T9] usb 4-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xDC, changing to 0x8C
[  212.402873][    T9] usb 4-1: config 4 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 243
[  212.454531][    T9] usb 4-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  212.464008][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.481348][    T9] usb 4-1: Product: syz
[  212.493430][    T9] usb 4-1: Manufacturer: syz
[  212.510950][    T9] usb 4-1: SerialNumber: syz
[  212.534602][ T8173] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  212.562704][    T9] usb 4-1: ucan: probing device on interface #0
[  212.586665][    T9] usb 4-1: ucan: invalid out_ep MaxPacketSize
[  212.610543][    T9] usb 4-1: ucan: probe failed; try to update the device firmware
[  212.768736][    T9] usb 4-1: USB disconnect, device number 14
[  213.142201][ T8198] netlink: 20 bytes leftover after parsing attributes in process `syz.2.571'.
[  213.747030][ T5900] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  213.907151][ T5900] usb 4-1: Using ep0 maxpacket: 32
[  213.914390][ T5900] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  213.934281][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.004488][ T5900] usb 4-1: config 0 descriptor??
[  214.279564][ T5900] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  214.505214][ T5900] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  214.536048][ T5900] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  214.673699][ T5900] usb 4-1: media controller created
[  214.835760][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  214.903118][ T8223] netlink: 20 bytes leftover after parsing attributes in process `syz.3.572'.
[  214.948880][ T8223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.986198][ T8223] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  215.199894][ T5900] az6027: usb out operation failed. (-71)
[  215.205675][ T5900] stb0899_attach: Driver disabled by Kconfig
[  215.225514][ T5900] az6027: no front-end attached
[  215.225514][ T5900] 
[  215.268285][ T5900] az6027: usb out operation failed. (-71)
[  215.283137][ T5900] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  215.337567][ T5900] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input14
[  215.414781][ T5900] dvb-usb: schedule remote query interval to 400 msecs.
[  215.453908][ T5900] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  215.467230][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  215.467246][   T30] audit: type=1326 audit(1762144982.317:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8230 comm="syz.3.577" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70cd539 code=0x0
[  215.556127][ T5900] usb 4-1: USB disconnect, device number 15
[  215.587664][   T30] audit: type=1326 audit(1762144982.367:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8230 comm="syz.3.577" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70cd539 code=0x0
[  215.682984][ T5900] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  217.654491][ T8260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  217.664835][ T8260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.896701][ T8321] netlink: 4 bytes leftover after parsing attributes in process `syz.0.595'.
[  222.166264][ T8329] FAULT_INJECTION: forcing a failure.
[  222.166264][ T8329] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  222.180754][ T8329] CPU: 0 UID: 0 PID: 8329 Comm: syz.1.597 Not tainted syzkaller #0 PREEMPT(full) 
[  222.180777][ T8329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  222.180787][ T8329] Call Trace:
[  222.180794][ T8329]  <TASK>
[  222.180800][ T8329]  dump_stack_lvl+0x189/0x250
[  222.180826][ T8329]  ? __pfx____ratelimit+0x10/0x10
[  222.180844][ T8329]  ? __pfx_dump_stack_lvl+0x10/0x10
[  222.180864][ T8329]  ? __pfx__printk+0x10/0x10
[  222.180882][ T8329]  ? __might_fault+0xb0/0x130
[  222.180915][ T8329]  should_fail_ex+0x414/0x560
[  222.180945][ T8329]  _copy_from_user+0x2d/0xb0
[  222.180968][ T8329]  copy_uabi_to_xstate+0x469/0x970
[  222.180992][ T8329]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[  222.181007][ T8329]  ? __local_bh_enable_ip+0x12d/0x1c0
[  222.181032][ T8329]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  222.181055][ T8329]  ? x86_task_fpu+0x4c/0x90
[  222.181079][ T8329]  fpu__restore_sig+0xf75/0x1100
[  222.181103][ T8329]  ? fpu__restore_sig+0xa42/0x1100
[  222.181132][ T8329]  ? __pfx_fpu__restore_sig+0x10/0x10
[  222.181184][ T8329]  ia32_restore_sigcontext+0x449/0x5b0
[  222.181204][ T8329]  ? cgroup_freezing+0x20/0x350
[  222.181228][ T8329]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  222.181248][ T8329]  ? cgroup_freezing+0x29a/0x350
[  222.181285][ T8329]  ? _raw_spin_unlock_irq+0x23/0x50
[  222.181305][ T8329]  ? lockdep_hardirqs_on+0x9c/0x150
[  222.181329][ T8329]  __ia32_compat_sys_rt_sigreturn+0x1a9/0x260
[  222.181352][ T8329]  ? __pfx___ia32_compat_sys_rt_sigreturn+0x10/0x10
[  222.181378][ T8329]  ? do_int80_emulation+0xec/0x390
[  222.181403][ T8329]  ? asm_int80_emulation+0x1a/0x20
[  222.181420][ T8329]  do_int80_emulation+0x126/0x390
[  222.181443][ T8329]  ? clear_bhb_loop+0x60/0xb0
[  222.181467][ T8329]  ? clear_bhb_loop+0x60/0xb0
[  222.181498][ T8329]  asm_int80_emulation+0x1a/0x20
[  222.181514][ T8329] RIP: 0023:0xf70dd537
[  222.181536][ T8329] Code: 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  222.181557][ T8329] RSP: 002b:00000000f548b55c EFLAGS: 00000206
[  222.181573][ T8329] RAX: 0000000000000174 RBX: 0000000000000005 RCX: 0000000080000ac0
[  222.181585][ T8329] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000000
[  222.181596][ T8329] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  222.181606][ T8329] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  222.181617][ T8329] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  222.181644][ T8329]  </TASK>
[  223.039887][ T8334] netlink: 8 bytes leftover after parsing attributes in process `syz.0.598'.
[  223.052208][ T8334] netlink: 44 bytes leftover after parsing attributes in process `syz.0.598'.
[  223.097600][ T8343] netlink: 8 bytes leftover after parsing attributes in process `syz.1.601'.
[  223.144508][ T8343] netlink: 8 bytes leftover after parsing attributes in process `syz.1.601'.
[  223.569150][ T8348] netlink: 'syz.2.600': attribute type 27 has an invalid length.
[  224.596931][ T5900] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  224.758768][ T5900] usb 4-1: config 0 has an invalid descriptor of length 74, skipping remainder of the config
[  224.776079][ T5900] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  224.801281][ T5900] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.98
[  224.814383][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=181
[  224.831349][ T5900] usb 4-1: Product: syz
[  224.840365][ T5900] usb 4-1: Manufacturer: syz
[  225.782626][ T5900] usb 4-1: SerialNumber: syz
[  225.805349][ T5900] usb 4-1: config 0 descriptor??
[  227.260425][ T8408] netlink: 8 bytes leftover after parsing attributes in process `syz.1.614'.
[  227.333410][ T8408] netlink: 44 bytes leftover after parsing attributes in process `syz.1.614'.
[  227.725898][ T5892] usb 4-1: USB disconnect, device number 16
[  228.467314][ T8445] netlink: 8 bytes leftover after parsing attributes in process `syz.2.621'.
[  228.552227][ T8445] netlink: 8 bytes leftover after parsing attributes in process `syz.2.621'.
[  228.829311][ T8459] netlink: 'syz.3.619': attribute type 27 has an invalid length.
[  229.923336][ T8466] vivid-000: disconnect
[  230.100460][ T8468] netlink: 4 bytes leftover after parsing attributes in process `syz.3.625'.
[  230.247025][ T5912] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  230.728469][ T5912] usb 1-1: config 0 has an invalid interface number: 120 but max is 0
[  230.738459][ T5912] usb 1-1: config 0 has no interface number 0
[  230.754283][ T5912] usb 1-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  230.821201][ T5912] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  230.842731][ T5912] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  230.868473][ T5912] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  230.889208][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.948560][ T5912] usb 1-1: config 0 descriptor??
[  230.976576][ T5912] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.120/input/input15
[  231.182188][ T8465] vivid-000: reconnect
[  231.187158][ T5912] usb 1-1: USB disconnect, device number 7
[  232.355165][ T8485] netlink: 8 bytes leftover after parsing attributes in process `syz.2.629'.
[  232.364751][ T8485] netlink: 44 bytes leftover after parsing attributes in process `syz.2.629'.
[  232.486413][ T8490] sctp: [Deprecated]: syz.1.641 (pid 8490) Use of int in maxseg socket option.
[  232.486413][ T8490] Use struct sctp_assoc_value instead
[  232.894404][ T8502] netlink: 'syz.4.633': attribute type 4 has an invalid length.
[  232.903071][ T8502] FAULT_INJECTION: forcing a failure.
[  232.903071][ T8502] name failslab, interval 1, probability 0, space 0, times 0
[  232.928331][ T8502] CPU: 0 UID: 0 PID: 8502 Comm: syz.4.633 Not tainted syzkaller #0 PREEMPT(full) 
[  232.928357][ T8502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  232.928367][ T8502] Call Trace:
[  232.928374][ T8502]  <TASK>
[  232.928382][ T8502]  dump_stack_lvl+0x189/0x250
[  232.928414][ T8502]  ? __pfx____ratelimit+0x10/0x10
[  232.928435][ T8502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  232.928456][ T8502]  ? __pfx__printk+0x10/0x10
[  232.928480][ T8502]  ? __pfx___might_resched+0x10/0x10
[  232.928502][ T8502]  should_fail_ex+0x414/0x560
[  232.928531][ T8502]  should_failslab+0xa8/0x100
[  232.928549][ T8502]  kmem_cache_alloc_node_noprof+0x77/0x710
[  232.928572][ T8502]  ? __alloc_skb+0x112/0x2d0
[  232.928591][ T8502]  __alloc_skb+0x112/0x2d0
[  232.928610][ T8502]  rtmsg_ifa+0xf8/0x1f0
[  232.928638][ T8502]  __inet_del_ifa+0x869/0x1040
[  232.928675][ T8502]  inetdev_event+0x632/0x15b0
[  232.928702][ T8502]  ? __pfx_inetdev_event+0x10/0x10
[  232.928733][ T8502]  notifier_call_chain+0x1b6/0x3e0
[  232.928761][ T8502]  netif_set_mtu_ext+0x594/0x7d0
[  232.928785][ T8502]  ? __pfx_netif_set_mtu_ext+0x10/0x10
[  232.928800][ T8502]  ? console_unlock+0x13a/0x190
[  232.928819][ T8502]  ? __pfx___down_trylock_console_sem+0x10/0x10
[  232.928842][ T8502]  ? __pfx_console_unlock+0x10/0x10
[  232.928864][ T8502]  ? irq_work_queue+0xbc/0x140
[  232.928881][ T8502]  ? validate_linkmsg+0x765/0x950
[  232.928906][ T8502]  do_setlink+0x91a/0x41c0
[  232.928937][ T8502]  ? __pfx_do_setlink+0x10/0x10
[  232.928954][ T8502]  ? _printk+0xcf/0x120
[  232.928969][ T8502]  ? __pfx____ratelimit+0x10/0x10
[  232.928998][ T8502]  ? __lock_acquire+0xab9/0xd20
[  232.929023][ T8502]  ? __mutex_trylock_common+0x153/0x260
[  232.929046][ T8502]  ? __pfx___mutex_trylock_common+0x10/0x10
[  232.929070][ T8502]  ? rcu_is_watching+0x15/0xb0
[  232.929090][ T8502]  ? trace_contention_end+0x39/0x120
[  232.929111][ T8502]  ? __mutex_lock+0x335/0x1350
[  232.929134][ T8502]  ? stack_trace_save+0x9c/0xe0
[  232.929159][ T8502]  ? rtnl_setlink+0x4f2/0x910
[  232.929183][ T8502]  ? __pfx___mutex_lock+0x10/0x10
[  232.929220][ T8502]  ? ns_capable+0x8a/0xf0
[  232.929246][ T8502]  rtnl_setlink+0x60c/0x910
[  232.929274][ T8502]  ? __pfx_rtnl_setlink+0x10/0x10
[  232.929394][ T8502]  ? __pfx_rtnl_setlink+0x10/0x10
[  232.929417][ T8502]  rtnetlink_rcv_msg+0x7cf/0xb70
[  232.929442][ T8502]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  232.929463][ T8502]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  232.929482][ T8502]  ? ref_tracker_free+0x63a/0x7d0
[  232.929497][ T8502]  ? __asan_memcpy+0x40/0x70
[  232.929517][ T8502]  ? __pfx_ref_tracker_free+0x10/0x10
[  232.929532][ T8502]  ? __skb_clone+0x63/0x7a0
[  232.929559][ T8502]  netlink_rcv_skb+0x208/0x470
[  232.929584][ T8502]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  232.929606][ T8502]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  232.929641][ T8502]  ? netlink_deliver_tap+0x2e/0x1b0
[  232.929665][ T8502]  netlink_unicast+0x82f/0x9e0
[  232.929695][ T8502]  ? __pfx_netlink_unicast+0x10/0x10
[  232.929719][ T8502]  ? netlink_sendmsg+0x642/0xb30
[  232.929733][ T8502]  ? skb_put+0x11b/0x210
[  232.929751][ T8502]  netlink_sendmsg+0x805/0xb30
[  232.929776][ T8502]  ? __pfx_netlink_sendmsg+0x10/0x10
[  232.929796][ T8502]  ? aa_sock_msg_perm+0xf1/0x1d0
[  232.929822][ T8502]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  232.929839][ T8502]  ? __pfx_netlink_sendmsg+0x10/0x10
[  232.929856][ T8502]  __sock_sendmsg+0x21c/0x270
[  232.929880][ T8502]  sock_write_iter+0x279/0x360
[  232.929903][ T8502]  ? __pfx_sock_write_iter+0x10/0x10
[  232.929946][ T8502]  do_iter_readv_writev+0x623/0x8c0
[  232.929977][ T8502]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  232.929998][ T8502]  ? common_file_perm+0x1b5/0x230
[  232.930025][ T8502]  ? bpf_lsm_file_permission+0x9/0x20
[  232.930043][ T8502]  ? security_file_permission+0x75/0x290
[  232.930064][ T8502]  ? rw_verify_area+0x255/0x4d0
[  232.930088][ T8502]  vfs_writev+0x31a/0x960
[  232.930110][ T8502]  ? __lock_acquire+0xab9/0xd20
[  232.930129][ T8502]  ? __pfx_vfs_writev+0x10/0x10
[  232.930160][ T8502]  ? __fget_files+0x2a/0x420
[  232.930180][ T8502]  ? __fget_files+0x3a0/0x420
[  232.930194][ T8502]  ? __fget_files+0x2a/0x420
[  232.930225][ T8502]  do_writev+0x14d/0x2d0
[  232.930246][ T8502]  ? __pfx_do_writev+0x10/0x10
[  232.930267][ T8502]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  232.930291][ T8502]  ? lockdep_hardirqs_on+0x9c/0x150
[  232.930315][ T8502]  __do_fast_syscall_32+0xb6/0x2b0
[  232.930338][ T8502]  ? lockdep_hardirqs_on+0x9c/0x150
[  232.930367][ T8502]  do_fast_syscall_32+0x34/0x80
[  232.930390][ T8502]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  232.930411][ T8502] RIP: 0023:0xf7fe2539
[  232.930427][ T8502] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  232.930441][ T8502] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000092
[  232.930460][ T8502] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800003c0
[  232.930471][ T8502] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  232.930481][ T8502] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  232.930491][ T8502] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  232.930501][ T8502] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  232.930530][ T8502]  </TASK>
[  233.525636][ T8506] mmap: syz.2.634 (8506) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  233.539935][ T8506] binder: 8503:8506 ioctl c0306201 80000540 returned -22
[  233.801405][ T8508] netlink: 4 bytes leftover after parsing attributes in process `syz.4.637'.
[  235.087788][ T8538] FAULT_INJECTION: forcing a failure.
[  235.087788][ T8538] name fail_futex, interval 1, probability 0, space 0, times 1
[  235.136169][ T8538] CPU: 0 UID: 0 PID: 8538 Comm: syz.3.642 Not tainted syzkaller #0 PREEMPT(full) 
[  235.136192][ T8538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  235.136202][ T8538] Call Trace:
[  235.136209][ T8538]  <TASK>
[  235.136216][ T8538]  dump_stack_lvl+0x189/0x250
[  235.136241][ T8538]  ? __pfx____ratelimit+0x10/0x10
[  235.136270][ T8538]  ? __pfx_dump_stack_lvl+0x10/0x10
[  235.136289][ T8538]  ? __pfx__printk+0x10/0x10
[  235.136304][ T8538]  ? stack_trace_save+0x9c/0xe0
[  235.136335][ T8538]  should_fail_ex+0x414/0x560
[  235.136361][ T8538]  get_futex_key+0x1a8/0x1660
[  235.136382][ T8538]  ? look_up_lock_class+0x74/0x170
[  235.136410][ T8538]  ? __pfx_get_futex_key+0x10/0x10
[  235.136430][ T8538]  ? __lock_acquire+0xab9/0xd20
[  235.136455][ T8538]  futex_wake+0xf8/0x560
[  235.136471][ T8538]  ? __pfx___mutex_trylock_common+0x10/0x10
[  235.136494][ T8538]  ? __pfx_futex_wake+0x10/0x10
[  235.136514][ T8538]  ? __lock_acquire+0xab9/0xd20
[  235.136541][ T8538]  do_futex+0x395/0x420
[  235.136570][ T8538]  ? __pfx_do_futex+0x10/0x10
[  235.136596][ T8538]  ? __might_fault+0xb0/0x130
[  235.136622][ T8538]  mm_release+0x188/0x390
[  235.136642][ T8538]  ? __pfx_mm_release+0x10/0x10
[  235.136659][ T8538]  ? lockdep_hardirqs_on+0x9c/0x150
[  235.136690][ T8538]  exit_mm+0xa8/0x2c0
[  235.136714][ T8538]  ? __pfx_exit_mm+0x10/0x10
[  235.136737][ T8538]  ? rcu_is_watching+0x15/0xb0
[  235.136765][ T8538]  do_exit+0x648/0x2300
[  235.136790][ T8538]  ? cgroup_freezing+0x20/0x350
[  235.136805][ T8538]  ? __pfx_do_exit+0x10/0x10
[  235.136825][ T8538]  ? cgroup_freezing+0x20/0x350
[  235.136842][ T8538]  ? cgroup_freezing+0x20/0x350
[  235.136869][ T8538]  do_group_exit+0x21c/0x2d0
[  235.136889][ T8538]  ? lockdep_hardirqs_on+0x9c/0x150
[  235.136910][ T8538]  get_signal+0x1285/0x1340
[  235.136946][ T8538]  arch_do_signal_or_restart+0xa0/0x790
[  235.136973][ T8538]  ? __pfx_do_compat_fcntl64+0x10/0x10
[  235.136995][ T8538]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  235.137022][ T8538]  ? exit_to_user_mode_loop+0x40/0x130
[  235.137033][ T8538]  exit_to_user_mode_loop+0x72/0x130
[  235.137043][ T8538]  __do_fast_syscall_32+0x1f4/0x2b0
[  235.137061][ T8538]  do_fast_syscall_32+0x34/0x80
[  235.137074][ T8538]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  235.137085][ T8538] RIP: 0023:0xf70cd539
[  235.137095][ T8538] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  235.137103][ T8538] RSP: 002b:00000000f547b55c EFLAGS: 00000206 ORIG_RAX: 0000000000000037
[  235.137115][ T8538] RAX: fffffffffffffff0 RBX: 000000000000000b RCX: 0000000000000409
[  235.137121][ T8538] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000
[  235.137127][ T8538] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  235.137133][ T8538] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  235.137139][ T8538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  235.137153][ T8538]  </TASK>
[  236.630601][ T8574] FAULT_INJECTION: forcing a failure.
[  236.630601][ T8574] name failslab, interval 1, probability 0, space 0, times 0
[  236.630634][ T8574] CPU: 1 UID: 0 PID: 8574 Comm: syz.3.650 Not tainted syzkaller #0 PREEMPT(full) 
[  236.630646][ T8574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  236.630653][ T8574] Call Trace:
[  236.630657][ T8574]  <TASK>
[  236.630661][ T8574]  dump_stack_lvl+0x189/0x250
[  236.630677][ T8574]  ? __pfx____ratelimit+0x10/0x10
[  236.630690][ T8574]  ? __pfx_dump_stack_lvl+0x10/0x10
[  236.630703][ T8574]  ? __pfx__printk+0x10/0x10
[  236.630716][ T8574]  ? __pfx___might_resched+0x10/0x10
[  236.630726][ T8574]  ? fs_reclaim_acquire+0x7d/0x100
[  236.630743][ T8574]  should_fail_ex+0x414/0x560
[  236.630760][ T8574]  should_failslab+0xa8/0x100
[  236.630771][ T8574]  __kmalloc_noprof+0xcb/0x7f0
[  236.630783][ T8574]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  236.630796][ T8574]  ? __local_bh_enable_ip+0x12d/0x1c0
[  236.630808][ T8574]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  236.630824][ T8574]  genl_family_rcv_msg_doit+0xb8/0x300
[  236.630840][ T8574]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  236.630855][ T8574]  ? apparmor_capable+0x137/0x1b0
[  236.630868][ T8574]  ? bpf_lsm_capable+0x9/0x20
[  236.630885][ T8574]  ? security_capable+0x7e/0x2e0
[  236.630900][ T8574]  genl_rcv_msg+0x60e/0x790
[  236.630915][ T8574]  ? __pfx_genl_rcv_msg+0x10/0x10
[  236.630925][ T8574]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  236.630936][ T8574]  ? __pfx_nl80211_start_ap+0x10/0x10
[  236.630946][ T8574]  ? __pfx_nl80211_post_doit+0x10/0x10
[  236.630957][ T8574]  ? __asan_memcpy+0x40/0x70
[  236.630968][ T8574]  ? __pfx_ref_tracker_free+0x10/0x10
[  236.630982][ T8574]  netlink_rcv_skb+0x208/0x470
[  236.630995][ T8574]  ? __lock_acquire+0xab9/0xd20
[  236.631004][ T8574]  ? __pfx_genl_rcv_msg+0x10/0x10
[  236.631016][ T8574]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  236.631040][ T8574]  ? down_read+0x1ad/0x2e0
[  236.631055][ T8574]  genl_rcv+0x28/0x40
[  236.631065][ T8574]  netlink_unicast+0x82f/0x9e0
[  236.631083][ T8574]  ? __pfx_netlink_unicast+0x10/0x10
[  236.631096][ T8574]  ? netlink_sendmsg+0x642/0xb30
[  236.631105][ T8574]  ? skb_put+0x11b/0x210
[  236.631116][ T8574]  netlink_sendmsg+0x805/0xb30
[  236.631132][ T8574]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.631143][ T8574]  ? __import_iovec+0x5d4/0x7f0
[  236.631154][ T8574]  ? aa_sock_msg_perm+0xf1/0x1d0
[  236.631169][ T8574]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  236.631178][ T8574]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.631188][ T8574]  __sock_sendmsg+0x21c/0x270
[  236.631202][ T8574]  ____sys_sendmsg+0x505/0x830
[  236.631216][ T8574]  ? __pfx_____sys_sendmsg+0x10/0x10
[  236.631234][ T8574]  ___sys_sendmsg+0x21f/0x2a0
[  236.631246][ T8574]  ? __pfx____sys_sendmsg+0x10/0x10
[  236.631274][ T8574]  ? __fget_files+0x2a/0x420
[  236.631283][ T8574]  ? __fget_files+0x3a0/0x420
[  236.631298][ T8574]  __sys_sendmsg+0x164/0x220
[  236.631309][ T8574]  ? __pfx___sys_sendmsg+0x10/0x10
[  236.631324][ T8574]  ? __pfx_ksys_write+0x10/0x10
[  236.631338][ T8574]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  236.631352][ T8574]  ? lockdep_hardirqs_on+0x9c/0x150
[  236.631366][ T8574]  __do_fast_syscall_32+0xb6/0x2b0
[  236.631379][ T8574]  ? lockdep_hardirqs_on+0x9c/0x150
[  236.631393][ T8574]  do_fast_syscall_32+0x34/0x80
[  236.631406][ T8574]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  236.631417][ T8574] RIP: 0023:0xf70cd539
[  236.631427][ T8574] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  236.631435][ T8574] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  236.631449][ T8574] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  236.631456][ T8574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  236.631462][ T8574] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.631467][ T8574] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  236.631472][ T8574] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.631488][ T8574]  </TASK>
[  236.997904][ T8581] FAULT_INJECTION: forcing a failure.
[  236.997904][ T8581] name failslab, interval 1, probability 0, space 0, times 0
[  236.997936][ T8581] CPU: 0 UID: 0 PID: 8581 Comm: syz.4.652 Not tainted syzkaller #0 PREEMPT(full) 
[  236.997955][ T8581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  236.997965][ T8581] Call Trace:
[  236.997972][ T8581]  <TASK>
[  236.997979][ T8581]  dump_stack_lvl+0x189/0x250
[  236.998005][ T8581]  ? __pfx____ratelimit+0x10/0x10
[  236.998027][ T8581]  ? __pfx_dump_stack_lvl+0x10/0x10
[  236.998056][ T8581]  ? __pfx__printk+0x10/0x10
[  236.998077][ T8581]  ? __pfx___might_resched+0x10/0x10
[  236.998100][ T8581]  should_fail_ex+0x414/0x560
[  236.998129][ T8581]  should_failslab+0xa8/0x100
[  236.998149][ T8581]  __kmalloc_cache_noprof+0x6f/0x6f0
[  236.998173][ T8581]  ? dev_ingress_queue_create+0xfe/0x190
[  236.998201][ T8581]  dev_ingress_queue_create+0xfe/0x190
[  236.998225][ T8581]  tc_modify_qdisc+0x5e6/0x20e0
[  236.998263][ T8581]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  236.998326][ T8581]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  236.998346][ T8581]  rtnetlink_rcv_msg+0x77c/0xb70
[  236.998374][ T8581]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  236.998397][ T8581]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  236.998419][ T8581]  ? ref_tracker_free+0x63a/0x7d0
[  236.998436][ T8581]  ? __asan_memcpy+0x40/0x70
[  236.998455][ T8581]  ? __pfx_ref_tracker_free+0x10/0x10
[  236.998468][ T8581]  ? __skb_clone+0x63/0x7a0
[  236.998494][ T8581]  netlink_rcv_skb+0x208/0x470
[  236.998519][ T8581]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  236.998543][ T8581]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  236.998576][ T8581]  ? netlink_deliver_tap+0x2e/0x1b0
[  236.998598][ T8581]  netlink_unicast+0x82f/0x9e0
[  236.998623][ T8581]  ? __pfx_netlink_unicast+0x10/0x10
[  236.998641][ T8581]  ? netlink_sendmsg+0x642/0xb30
[  236.998652][ T8581]  ? skb_put+0x11b/0x210
[  236.998667][ T8581]  netlink_sendmsg+0x805/0xb30
[  236.998687][ T8581]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.998701][ T8581]  ? __import_iovec+0x5d4/0x7f0
[  236.998716][ T8581]  ? aa_sock_msg_perm+0xf1/0x1d0
[  236.998735][ T8581]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  236.998748][ T8581]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.998761][ T8581]  __sock_sendmsg+0x21c/0x270
[  236.998780][ T8581]  ____sys_sendmsg+0x505/0x830
[  236.998799][ T8581]  ? __pfx_____sys_sendmsg+0x10/0x10
[  236.998826][ T8581]  ___sys_sendmsg+0x21f/0x2a0
[  236.998841][ T8581]  ? __pfx____sys_sendmsg+0x10/0x10
[  236.998882][ T8581]  ? __fget_files+0x2a/0x420
[  236.998894][ T8581]  ? __fget_files+0x3a0/0x420
[  236.998913][ T8581]  __sys_sendmsg+0x164/0x220
[  236.998929][ T8581]  ? __pfx___sys_sendmsg+0x10/0x10
[  236.998949][ T8581]  ? __pfx_ksys_write+0x10/0x10
[  236.998969][ T8581]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  236.998988][ T8581]  ? lockdep_hardirqs_on+0x9c/0x150
[  236.999006][ T8581]  __do_fast_syscall_32+0xb6/0x2b0
[  236.999024][ T8581]  ? lockdep_hardirqs_on+0x9c/0x150
[  236.999049][ T8581]  do_fast_syscall_32+0x34/0x80
[  236.999066][ T8581]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  236.999082][ T8581] RIP: 0023:0xf7fe2539
[  236.999094][ T8581] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  236.999105][ T8581] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  236.999120][ T8581] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800012c0
[  236.999130][ T8581] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  236.999137][ T8581] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.999145][ T8581] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  236.999153][ T8581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.999174][ T8581]  </TASK>
[  238.085733][ T8607] netlink: 'syz.2.655': attribute type 4 has an invalid length.
[  238.085750][ T8607] netlink: 17 bytes leftover after parsing attributes in process `syz.2.655'.
[  238.129579][ T8609] delete_channel: no stack
[  238.999438][ T8620] delete_channel: no stack
[  239.023420][ T8620] FAULT_INJECTION: forcing a failure.
[  239.023420][ T8620] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  239.023442][ T8620] CPU: 0 UID: 0 PID: 8620 Comm: syz.2.656 Not tainted syzkaller #0 PREEMPT(full) 
[  239.023453][ T8620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  239.023460][ T8620] Call Trace:
[  239.023464][ T8620]  <TASK>
[  239.023469][ T8620]  dump_stack_lvl+0x189/0x250
[  239.023485][ T8620]  ? __pfx____ratelimit+0x10/0x10
[  239.023499][ T8620]  ? __pfx_dump_stack_lvl+0x10/0x10
[  239.023511][ T8620]  ? __pfx__printk+0x10/0x10
[  239.023521][ T8620]  ? __might_fault+0xb0/0x130
[  239.023540][ T8620]  should_fail_ex+0x414/0x560
[  239.023557][ T8620]  _copy_from_user+0x2d/0xb0
[  239.023571][ T8620]  do_sys_poll+0x242/0x1070
[  239.023593][ T8620]  ? __pfx_do_sys_poll+0x10/0x10
[  239.023641][ T8620]  ? __pfx___cant_migrate+0x10/0x10
[  239.023653][ T8620]  ? rcu_read_lock_any_held+0xb3/0x120
[  239.023665][ T8620]  ? clear_bhb_loop+0x60/0xb0
[  239.023674][ T8620]  ? clear_bhb_loop+0x60/0xb0
[  239.023683][ T8620]  ? clear_bhb_loop+0x60/0xb0
[  239.023691][ T8620]  ? clear_bhb_loop+0x60/0xb0
[  239.023700][ T8620]  ? clear_bhb_loop+0x60/0xb0
[  239.023708][ T8620]  ? clear_bhb_loop+0xe/0xb0
[  239.023730][ T8620]  ? set_compat_user_sigmask+0xc1/0x1b0
[  239.023742][ T8620]  ? __pfx_set_compat_user_sigmask+0x10/0x10
[  239.023758][ T8620]  __ia32_compat_sys_ppoll_time32+0x299/0x300
[  239.023775][ T8620]  ? __pfx___ia32_compat_sys_ppoll_time32+0x10/0x10
[  239.023789][ T8620]  ? __pfx_ksys_write+0x10/0x10
[  239.023803][ T8620]  ? __secure_computing+0xe2/0x2a0
[  239.023819][ T8620]  __do_fast_syscall_32+0xb6/0x2b0
[  239.023833][ T8620]  ? lockdep_hardirqs_on+0x9c/0x150
[  239.023848][ T8620]  do_fast_syscall_32+0x34/0x80
[  239.023860][ T8620]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  239.023879][ T8620] RIP: 0023:0xf700d539
[  239.023888][ T8620] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  239.023896][ T8620] RSP: 002b:00000000f53bb55c EFLAGS: 00000206 ORIG_RAX: 0000000000000135
[  239.023907][ T8620] RAX: ffffffffffffffda RBX: 00000000800000c0 RCX: 00000000000000dc
[  239.023914][ T8620] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  239.023920][ T8620] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  239.023925][ T8620] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  239.023931][ T8620] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  239.023945][ T8620]  </TASK>
[  240.622856][ T8644] netlink: 64 bytes leftover after parsing attributes in process `syz.2.665'.
[  240.647045][ T8644] netlink: 60 bytes leftover after parsing attributes in process `syz.2.665'.
[  240.656439][ T8644] unsupported nlmsg_type 40
[  241.011762][ T8656] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  241.948531][ T8671] netlink: 12 bytes leftover after parsing attributes in process `syz.3.673'.
[  241.972925][ T8671] pimreg: entered allmulticast mode
[  242.060545][ T8678] delete_channel: no stack
[  242.135797][ T8671] pimreg: left allmulticast mode
[  242.711565][ T8691] delete_channel: no stack
[  246.376646][ T8753] netlink: 28 bytes leftover after parsing attributes in process `syz.3.691'.
[  246.620726][ T8758] FAULT_INJECTION: forcing a failure.
[  246.620726][ T8758] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  246.667070][ T8758] CPU: 0 UID: 0 PID: 8758 Comm: syz.0.692 Not tainted syzkaller #0 PREEMPT(full) 
[  246.667094][ T8758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  246.667103][ T8758] Call Trace:
[  246.667111][ T8758]  <TASK>
[  246.667117][ T8758]  dump_stack_lvl+0x189/0x250
[  246.667143][ T8758]  ? __pfx____ratelimit+0x10/0x10
[  246.667163][ T8758]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.667184][ T8758]  ? __pfx__printk+0x10/0x10
[  246.667215][ T8758]  should_fail_ex+0x414/0x560
[  246.667244][ T8758]  _copy_to_user+0x31/0xb0
[  246.667268][ T8758]  simple_read_from_buffer+0xe1/0x170
[  246.667302][ T8758]  proc_fail_nth_read+0x1b3/0x220
[  246.667326][ T8758]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  246.667351][ T8758]  ? rw_verify_area+0x2a6/0x4d0
[  246.667372][ T8758]  ? __lock_acquire+0xab9/0xd20
[  246.667387][ T8758]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  246.667409][ T8758]  vfs_read+0x200/0xa30
[  246.667430][ T8758]  ? fdget_pos+0x247/0x320
[  246.667450][ T8758]  ? __pfx___mutex_lock+0x10/0x10
[  246.667474][ T8758]  ? __pfx_vfs_read+0x10/0x10
[  246.667498][ T8758]  ? __fget_files+0x2a/0x420
[  246.667518][ T8758]  ? __fget_files+0x3a0/0x420
[  246.667534][ T8758]  ? __fget_files+0x2a/0x420
[  246.667558][ T8758]  ksys_read+0x145/0x250
[  246.667583][ T8758]  ? __pfx_ksys_read+0x10/0x10
[  246.667608][ T8758]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  246.667632][ T8758]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.667656][ T8758]  __do_fast_syscall_32+0xb6/0x2b0
[  246.667680][ T8758]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.667704][ T8758]  do_fast_syscall_32+0x34/0x80
[  246.667726][ T8758]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  246.667747][ T8758] RIP: 0023:0xf7fb7539
[  246.667762][ T8758] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  246.667776][ T8758] RSP: 002b:00000000f54a6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  246.667795][ T8758] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54a6620
[  246.667807][ T8758] RDX: 000000000000000f RSI: 00000000f7445ff4 RDI: 0000000000000000
[  246.667818][ T8758] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  246.667836][ T8758] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  246.667846][ T8758] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  246.667875][ T8758]  </TASK>
[  248.646978][ T5912] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  248.871001][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.882073][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  248.891896][ T5912] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  249.134904][ T5912] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  249.167177][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.191667][ T5912] usb 5-1: config 0 descriptor??
[  249.749838][ T5912] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd
[  249.779244][ T5912] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  251.831090][    T9] usb 5-1: USB disconnect, device number 18
[  255.759631][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  255.765968][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  257.868978][ T5200] udevd[5200]: worker [6012] /devices/platform/dummy_hcd.1/usb2/2-1 is taking a long time
[  317.201428][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  317.208166][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  353.677197][   T31] INFO: task kworker/1:3:5886 blocked for more than 143 seconds.
[  353.685047][   T31]       Not tainted syzkaller #0
[  353.690032][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  353.698798][   T31] task:kworker/1:3     state:D stack:21176 pid:5886  tgid:5886  ppid:2      task_flags:0x4208060 flags:0x00080000
[  353.710858][   T31] Workqueue: usb_hub_wq hub_event
[  353.715888][   T31] Call Trace:
[  353.719189][   T31]  <TASK>
[  353.722238][   T31]  __schedule+0x1798/0x4cc0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=-1 (errno 104: Connection reset by peer)
[  353.726786][   T31]  ? __pfx___schedule+0x10/0x10
[  353.731831][   T31]  ? schedule+0x91/0x360
[  353.736105][   T31]  schedule+0x165/0x360
[  353.740477][   T31]  schedule_timeout+0x9a/0x270
[  353.745281][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  353.752015][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  353.786901][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  353.792158][   T31]  ? wait_for_completion+0x267/0x5d0
[  353.847039][   T31]  wait_for_completion+0x2bf/0x5d0
[  353.853125][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  353.896907][   T31]  i2c_del_adapter+0x581/0x6e0
[  353.901784][   T31]  ? dvb_usb_adapter_exit+0xd7/0x240
[  353.926996][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[  353.932437][   T31]  ? dvb_usb_adapter_exit+0xd7/0x240
[  353.946207][   T31]  ? kfree+0x4d/0x6d0
[  353.957368][   T31]  dvb_usb_i2c_exit+0x64/0xb0
[  353.962305][   T31]  dvb_usb_device_exit+0x1be/0x350
[  353.974404][   T31]  ? __pfx_dvb_usb_device_exit+0x10/0x10
[  353.985454][   T31]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  353.995419][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.001034][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  354.007273][   T31]  cxusb_probe+0x603/0x700
[  354.011714][   T31]  ? __pfx_cxusb_probe+0x10/0x10
[  354.016662][   T31]  ? __pm_runtime_set_status+0x785/0xa50
[  354.022842][   T31]  usb_probe_interface+0x668/0xc30
[  354.029093][   T31]  ? __pfx_usb_probe_interface+0x10/0x10
[  354.034748][   T31]  really_probe+0x26d/0x9e0
[  354.039678][   T31]  __driver_probe_device+0x18c/0x2f0
[  354.044982][   T31]  driver_probe_device+0x4f/0x430
[  354.050427][   T31]  __device_attach_driver+0x2ce/0x530
[  354.055919][   T31]  bus_for_each_drv+0x251/0x2e0
[  354.061418][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  354.067630][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  354.073023][   T31]  __device_attach+0x2b8/0x400
[  354.078366][   T31]  ? __pfx___device_attach+0x10/0x10
[  354.083691][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  354.089365][   T31]  bus_probe_device+0x185/0x260
[  354.094430][   T31]  device_add+0x7b6/0xb50
[  354.099085][   T31]  usb_set_configuration+0x1a87/0x20e0
[  354.104768][   T31]  usb_generic_driver_probe+0x8d/0x150
[  354.110866][   T31]  usb_probe_device+0x1c4/0x390
[  354.115757][   T31]  ? __pfx_usb_probe_device+0x10/0x10
[  354.121615][   T31]  really_probe+0x26d/0x9e0
[  354.126170][   T31]  __driver_probe_device+0x18c/0x2f0
[  354.132010][   T31]  driver_probe_device+0x4f/0x430
[  354.137299][   T31]  __device_attach_driver+0x2ce/0x530
[  354.142701][   T31]  bus_for_each_drv+0x251/0x2e0
[  354.147628][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  354.153552][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  354.159260][   T31]  __device_attach+0x2b8/0x400
[  354.164052][   T31]  ? __pfx___device_attach+0x10/0x10
[  354.175542][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  354.180865][   T31]  bus_probe_device+0x185/0x260
[  354.185740][   T31]  device_add+0x7b6/0xb50
[  354.190181][   T31]  usb_new_device+0xa39/0x16f0
[  354.194986][   T31]  ? __pfx_usb_new_device+0x10/0x10
[  354.200264][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  354.205487][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.210867][   T31]  hub_event+0x2958/0x4a20
[  354.215357][   T31]  ? __pfx_hub_event+0x10/0x10
[  354.220371][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  354.226200][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  354.231449][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  354.240399][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  354.246250][   T31]  process_scheduled_works+0xae1/0x17b0
[  354.251924][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  354.258002][   T31]  worker_thread+0x8a0/0xda0
[  354.263039][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  354.269538][   T31]  ? __kthread_parkme+0x7b/0x200
[  354.274525][   T31]  kthread+0x711/0x8a0
[  354.278674][   T31]  ? __pfx_worker_thread+0x10/0x10
[  354.283794][   T31]  ? __pfx_kthread+0x10/0x10
[  354.288504][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  354.293711][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.298958][   T31]  ? __pfx_kthread+0x10/0x10
[  354.303564][   T31]  ret_from_fork+0x4bc/0x870
[  354.308207][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  354.313329][   T31]  ? __switch_to_asm+0x39/0x70
[  354.318178][   T31]  ? __switch_to_asm+0x33/0x70
[  354.323053][   T31]  ? __pfx_kthread+0x10/0x10
[  354.327697][   T31]  ret_from_fork_asm+0x1a/0x30
[  354.332468][   T31]  </TASK>
[  354.335564][   T31] 
[  354.335564][   T31] Showing all locks held in the system:
[  354.343458][   T31] 1 lock held by khungtaskd/31:
[  354.359944][ T5886] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  354.406895][   T31]  #0: ffffffff8df3d620 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  354.431634][ T5886] usb 2-1: USB disconnect, device number 15
[  354.466895][   T31] 2 locks held by getty/5582:
[  354.471628][   T31]  #0: ffff88814e5150a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  354.536881][   T31]  #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  354.596936][   T31] 1 lock held by syz-executor/5837:
[  354.603751][   T31] 1 lock held by syz-executor/5838:
[  354.617892][   T31]  #0: ffffffff8f2cb648 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  354.656969][   T31] 1 lock held by udevd/5839:
[  354.665213][   T31]  #0: ffff8880b883a058 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  354.701815][   T31] 3 locks held by kworker/0:5/5892:
[  354.726913][   T31] 3 locks held by kworker/1:5/5912:
[  354.732156][   T31]  #0: ffff88801a055948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  354.776967][   T31]  #1: ffffc900052f7ba0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  354.816909][   T31]  #2: ffffffff8df430b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  354.837116][   T31] 1 lock held by syz.1.275/7017:
[  354.851996][   T31] 
[  354.854367][   T31] =============================================
[  354.854367][   T31] 
[  354.901000][   T31] NMI backtrace for cpu 1
[  354.901021][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  354.901041][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  354.901051][   T31] Call Trace:
[  354.901057][   T31]  <TASK>
[  354.901142][   T31]  dump_stack_lvl+0x189/0x250
[  354.901175][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  354.901197][   T31]  ? __pfx__printk+0x10/0x10
[  354.901227][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  354.901249][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  354.901270][   T31]  ? __pfx__printk+0x10/0x10
[  354.901291][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  354.901318][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  354.901346][   T31]  watchdog+0xf60/0xfa0
[  354.901383][   T31]  ? watchdog+0x1e2/0xfa0
[  354.901406][   T31]  kthread+0x711/0x8a0
[  354.901431][   T31]  ? __pfx_watchdog+0x10/0x10
[  354.901448][   T31]  ? __pfx_kthread+0x10/0x10
[  354.901470][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  354.901491][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.901511][   T31]  ? __pfx_kthread+0x10/0x10
[  354.901533][   T31]  ret_from_fork+0x4bc/0x870
[  354.901554][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  354.901578][   T31]  ? __switch_to_asm+0x39/0x70
[  354.901592][   T31]  ? __switch_to_asm+0x33/0x70
[  354.901605][   T31]  ? __pfx_kthread+0x10/0x10
[  354.901627][   T31]  ret_from_fork_asm+0x1a/0x30
[  354.901658][   T31]  </TASK>
[  354.901665][   T31] Sending NMI from CPU 1 to CPUs 0:
[  355.049896][    C0] NMI backtrace for cpu 0
[  355.049912][    C0] CPU: 0 UID: 0 PID: 5900 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT(full) 
[  355.049930][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  355.049940][    C0] Workqueue: rcu_gp process_srcu
[  355.049962][    C0] RIP: 0010:debug_lockdep_rcu_enabled+0x0/0x40
[  355.049984][    C0] Code: e6 d7 3c f6 90 0f 0b 90 90 90 eb c4 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 31 c0 83 3d a7 94 36 04 00 74 1e 83 3d aa c3 36 04 00
[  355.049998][    C0] RSP: 0018:ffffc900052578c8 EFLAGS: 00000092
[  355.050011][    C0] RAX: 1030841412bbbe00 RBX: 0000000000000000 RCX: 1030841412bbbe00
[  355.050022][    C0] RDX: 0000000000000000 RSI: ffffffff8d8f3eb0 RDI: ffffffff8bbf0760
[  355.050033][    C0] RBP: 1ffff1100340af38 R08: 0000000000000000 R09: ffffffff8189e2a2
[  355.050050][    C0] R10: dffffc0000000000 R11: ffffed10062ab65b R12: dffffc0000000000
[  355.050061][    C0] R13: ffff88803155b2d0 R14: 0000000000000008 R15: ffff88801a057800
[  355.050072][    C0] FS:  0000000000000000(0000) GS:ffff88812613d000(0000) knlGS:0000000000000000
[  355.050084][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  355.050095][    C0] CR2: 0000556551454094 CR3: 000000000dd38000 CR4: 00000000003526f0
[  355.050109][    C0] Call Trace:
[  355.050115][    C0]  <TASK>
[  355.050121][    C0]  __queue_work+0x12c/0xfb0
[  355.050140][    C0]  ? __queue_work+0x102/0xfb0
[  355.050155][    C0]  ? __queue_delayed_work+0xe1/0x2d0
[  355.050173][    C0]  queue_delayed_work_on+0x18b/0x280
[  355.050193][    C0]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  355.050210][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  355.050229][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  355.050244][    C0]  ? srcu_reschedule+0xfd/0x170
[  355.050258][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  355.050276][    C0]  process_scheduled_works+0xae1/0x17b0
[  355.050304][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  355.050328][    C0]  worker_thread+0x8a0/0xda0
[  355.050345][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  355.050366][    C0]  ? __kthread_parkme+0x7b/0x200
[  355.050387][    C0]  kthread+0x711/0x8a0
[  355.050406][    C0]  ? __pfx_worker_thread+0x10/0x10
[  355.050421][    C0]  ? __pfx_kthread+0x10/0x10
[  355.050440][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  355.050456][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  355.050473][    C0]  ? __pfx_kthread+0x10/0x10
[  355.050491][    C0]  ret_from_fork+0x4bc/0x870
[  355.050507][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  355.050525][    C0]  ? __switch_to_asm+0x39/0x70
[  355.050538][    C0]  ? __switch_to_asm+0x33/0x70
[  355.050550][    C0]  ? __pfx_kthread+0x10/0x10
[  355.050568][    C0]  ret_from_fork_asm+0x1a/0x30
[  355.050590][    C0]  </TASK>
[  355.489370][   T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.666165][   T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.753477][   T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.810408][   T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.904950][   T36] bridge_slave_1: left allmulticast mode
[  355.912016][   T36] bridge_slave_1: left promiscuous mode
[  355.919373][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.929400][   T36] bridge_slave_0: left allmulticast mode
[  355.935034][   T36] bridge_slave_0: left promiscuous mode
[  355.941346][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.320076][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  356.331247][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  356.341097][   T36] bond0 (unregistering): Released all slaves
[  356.781385][   T36] hsr_slave_0: left promiscuous mode
[  356.787564][   T36] hsr_slave_1: left promiscuous mode
[  356.793396][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  356.800919][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  356.809258][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  356.816636][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  356.837116][   T36] veth1_macvtap: left promiscuous mode
[  356.842872][   T36] veth0_macvtap: left promiscuous mode
[  356.849470][   T36] veth1_vlan: left promiscuous mode
[  356.855089][   T36] veth0_vlan: left promiscuous mode
[  357.230420][   T36] team0 (unregistering): Port device team_slave_1 removed
[  357.265571][   T36] team0 (unregistering): Port device team_slave_0 removed
[  357.990553][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.060768][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.150549][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.246575][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.458267][   T36] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.566116][   T36] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.624777][   T36] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.715810][   T36] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.910119][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.004037][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.103086][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.186132][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.365940][   T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.441884][   T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.517639][   T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.622107][   T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.802691][   T36] bridge_slave_1: left allmulticast mode
[  359.808542][   T36] bridge_slave_1: left promiscuous mode
[  359.814342][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  359.825332][   T36] bridge_slave_0: left allmulticast mode
[  359.831423][   T36] bridge_slave_0: left promiscuous mode
[  359.837492][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  359.853126][   T36] bridge_slave_1: left allmulticast mode
[  359.858896][   T36] bridge_slave_1: left promiscuous mode
[  359.864663][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  359.873432][   T36] bridge_slave_0: left allmulticast mode
[  359.879272][   T36] bridge_slave_0: left promiscuous mode
[  359.884919][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  359.896248][   T36] bridge_slave_1: left allmulticast mode
[  359.902407][   T36] bridge_slave_1: left promiscuous mode
[  359.908271][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  359.917119][   T36] bridge_slave_0: left allmulticast mode
[  359.922789][   T36] bridge_slave_0: left promiscuous mode
[  359.928788][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  359.941656][   T36] bridge_slave_1: left allmulticast mode
[  359.947652][   T36] bridge_slave_1: left promiscuous mode
[  359.953396][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  359.962761][   T36] bridge_slave_0: left allmulticast mode
[  359.969494][   T36] bridge_slave_0: left promiscuous mode
[  359.975197][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  360.204454][   T36] bond1 (unregistering): (slave gretap1): Releasing active interface
[  360.451362][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  360.462817][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  360.473427][   T36] bond0 (unregistering): Released all slaves
[  360.485560][   T36] bond1 (unregistering): Released all slaves
[  360.768412][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  360.778961][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  360.789431][   T36] bond0 (unregistering): Released all slaves
[  361.070146][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  361.080449][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  361.091297][   T36] bond0 (unregistering): Released all slaves
[  361.408446][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  361.418742][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  361.428808][   T36] bond0 (unregistering): Released all slaves
[  361.442695][   T36] bond1 (unregistering): Released all slaves
[  361.619994][   T36] : left promiscuous mode
[  362.796784][   T36] hsr_slave_0: left promiscuous mode
[  362.805740][   T36] hsr_slave_1: left promiscuous mode
[  362.816704][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  362.824689][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  362.832981][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  362.840709][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  362.854918][   T36] hsr_slave_0: left promiscuous mode
[  362.862501][   T36] hsr_slave_1: left promiscuous mode
[  362.868876][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  362.876450][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  362.885990][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  362.893642][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  362.915465][   T36] hsr_slave_0: left promiscuous mode
[  362.921478][   T36] hsr_slave_1: left promiscuous mode
[  362.927786][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  362.935175][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  362.944345][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  362.953385][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  362.965043][   T36] hsr_slave_0: left promiscuous mode
[  362.970972][   T36] hsr_slave_1: left promiscuous mode
[  362.976756][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  362.984262][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  362.992143][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  362.999694][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  363.041347][   T36] veth1_macvtap: left promiscuous mode
[  363.047930][   T36] veth0_macvtap: left promiscuous mode
[  363.054026][   T36] veth1_vlan: left promiscuous mode
[  363.059507][   T36] veth0_vlan: left promiscuous mode
[  363.065942][   T36] veth1_macvtap: left promiscuous mode
[  363.071607][   T36] veth0_macvtap: left promiscuous mode
[  363.077233][   T36] veth1_vlan: left promiscuous mode
[  363.082513][   T36] veth0_vlan: left promiscuous mode
[  363.089004][   T36] veth1_macvtap: left promiscuous mode
[  363.094512][   T36] veth0_macvtap: left promiscuous mode
[  363.100353][   T36] veth1_vlan: left promiscuous mode
[  363.105846][   T36] veth0_vlan: left promiscuous mode
[  363.112558][   T36] veth1_macvtap: left promiscuous mode
[  363.118130][   T36] veth0_macvtap: left promiscuous mode
[  363.123688][   T36] veth1_vlan: left promiscuous mode
[  363.129283][   T36] veth0_vlan: left promiscuous mode
[  363.392650][   T36] pim6reg (unregistering): left allmulticast mode