last executing test programs:

8m17.335876887s ago: executing program 0 (id=766):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000012c0), 0xa0400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
syz_kvm_setup_cpu$x86(r3, r2, &(0x7f00003fd000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="ba4200ec0f780a6426640fc7b857cf660f14e32ef30f01eabaf80c66b8070e44892e0f01b12bf0bafc0cecb80c008ed00f7903f30faef4baa000ec", 0x3b}], 0x1, 0x2, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000800000a01"])

8m17.224161265s ago: executing program 0 (id=769):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={0x20, 0x3e, 0x301, 0x270bd26, 0x25dfdc00, {0x3}, [@nested={0xc, 0xda, 0x0, 0x1, [@typed={0x7, 0x7, 0x0, 0x0, @str=']!\x00'}]}]}, 0x20}}, 0x8004)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001640)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x68, 0x16, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK={0x40, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'xfrm0\x00'}, {0x14, 0x1, 'sit0\x00'}]}]}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}}, 0xb0}}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000040)=@gcm_128={{0x303}, "ff00000000000005", "5299c0eef5b4db2eba4cbf8115276d63", "01e068b8", '\x00\x00 \x00'}, 0x28)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000240)='n', 0x1}], 0x1}, 0x0)
setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f00000002c0)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "9f2dccacf7364d6e1bd9000000000008", "32ec00", "bb10000000000001"}, 0x28)
r3 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f0000000100)=[{0x0}, {&(0x7f00000003c0)="2b80", 0x2}], 0x2, 0x0, 0x0, 0x900}, 0x60)
recvfrom$inet6(r0, &(0x7f0000000100)=""/19, 0x1ff4, 0x40, 0x0, 0x0)

8m16.953832522s ago: executing program 0 (id=771):
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x0, 0x25, 0x148, 0x0, 0x60, 0x1e0, 0x2a8, 0x2a8, 0x1e0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xc0, 0x120, 0x0, {0x200003ae, 0x7f00}, [@inet=@rpfilter={{0x28}, {0xc}}, @inet=@rpfilter={{0x28}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @multicast, 0x4, 0xe, [0xe, 0x19, 0x20, 0xc, 0x8, 0xd, 0x1e, 0x9, 0x37, 0x2b, 0x16, 0x14, 0x12, 0x27, 0x9, 0x23], 0x0, 0x2}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}, {}, 0x0, 0x3}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x2d8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@ipv6_newrule={0x30, 0x1a, 0x1, 0x0, 0x0, {0x81}, [@FRA_SRC={0x14, 0x2, @private2}]}, 0x30}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0x80}}, 0x26}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x12, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010024bd7000e8dbdf252100000008000300", @ANYRES32=r4, @ANYBLOB="08009e00"], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x0)

8m16.68275998s ago: executing program 0 (id=773):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x5, &(0x7f0000006680))
mkdir(&(0x7f0000000400)='./file0\x00', 0x1b6)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
move_mount(r2, &(0x7f0000000100)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
lsm_set_self_attr(0x64, 0x0, 0xe3, 0x6040000)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000380)=ANY=[@ANYRES32=0x0], 0x0)

8m13.422488375s ago: executing program 0 (id=784):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc8301, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000fc0000000000000000000aaff02000000000000000000000000000188"], 0xffe)

8m12.094551169s ago: executing program 0 (id=790):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3103000000000000000f0800000008000300", @ANYRES32=r2, @ANYBLOB="08000600", @ANYRES32], 0x24}}, 0x0)

8m11.183691469s ago: executing program 32 (id=790):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3103000000000000000f0800000008000300", @ANYRES32=r2, @ANYBLOB="08000600", @ANYRES32], 0x24}}, 0x0)

7m59.422576549s ago: executing program 3 (id=830):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
io_setup(0x3, &(0x7f00000004c0)=<r1=>0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
userfaultfd(0x801)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
mmap$xdp(&(0x7f0000016000/0x4000)=nil, 0x4000, 0x700000d, 0x811, 0xffffffffffffffff, 0x180000000)
io_submit(r1, 0xca, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e8000072a, 0x8000000, 0x0, 0x10}])

7m57.307613798s ago: executing program 3 (id=834):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x41, 0x0, 0xf7ffff7f}, 0x18)

7m56.862279381s ago: executing program 3 (id=836):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000650000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000080)="0fc73b0f20c066350300000044680090660f58d2baf80c66b8bc11308466efbafc0cb80700ef2a4de5c5c50f01c9640fc75ef526f3d9c40fc4e6e1640f08", 0x3e}], 0x1, 0x64, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000d84000)={0xa, 0x2, 0x2, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r3, &(0x7f0000000140)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0xfffffffc}, 0x1c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
shutdown(r3, 0x1)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000340), 0x480, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, 0x0)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000300), 0x40a40, 0x0)
ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f00000000c0)=0x1)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x40a40, 0x0)
ioctl$PPPIOCATTCHAN(r6, 0x40047438, &(0x7f0000000040)=0x2)
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0xfffffffffffffd02, 0x0, 0x0)
socket(0x13, 0xa, 0x6)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000660000/0x18000)=nil, &(0x7f0000000b80)=[@text32={0x20, 0x0}], 0x1, 0x23, 0x0, 0x0)

7m55.225788421s ago: executing program 3 (id=837):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), r0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80006)
syz_emit_ethernet(0x32, &(0x7f0000000080)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x2, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x8c, 0x100, @val=0x80}}}}}}}, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0xbe, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "9e188a80c32aa9b86ed6ce56992732d9f7fc6cda762c07530a038941764a92bb", "074336477e9205df5f47f7da965c25c746ba7f8ca07841d3da17308a6df3f54855ecedd6d8664fa125e3972a48e81039", "a562ff321beb3f036b9fd27aeff89c8e79a57a3873e0b4e6553e2c44", {"4cf02a016458a5f67aa497153eddc6a1", "9a3f9661ac468177dc130be49bdd8eb5"}}}}}}}, 0x0)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
close(0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000080), 0xfffffffffffffffb, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
listen(r5, 0x10000a47)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r1, @ANYBLOB="010000020c00fbdbdf25010000000800020000000000050005000000000008000300010000004800018005000200200000000600010002000000080006000a000000080003"], 0x84}}, 0x0)

7m54.830569682s ago: executing program 3 (id=839):
ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000db000000010000000000000003000000000000000700000000000000060000000000000000000000000000000000000000000000000000000000000006000000da0000000000000000000000c80c0000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000"/640])
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
userfaultfd(0x80001)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x20)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
getgroups(0x0, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f00000001c0)=0x21, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r3=>0x0})
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000003c0)=0x40, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000100)=0x1204161, 0x4)
bind$xdp(r1, &(0x7f00000002c0)={0x2c, 0x0, r3}, 0xfffffea0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
socket$inet(0x2b, 0x801, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffffffffffe41, 0x0}, 0x200400d4)
r4 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x2, 0x400000d, 0x0, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x9, 0x7, 0x7, 0x200000000000000, 0x5, 0x7}, 0x0, 0x0)

7m53.730636135s ago: executing program 3 (id=843):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4c000000020601080000000000200000000000400500010006000000050005000200000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0)
close(0xffffffffffffffff)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="480000000906010200000000000000000700ffff200007800c00018008000140e000000208000a400000000105000300020000000900020073797a31000000000500010007"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)

7m38.534621857s ago: executing program 33 (id=843):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4c000000020601080000000000200000000000400500010006000000050005000200000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0)
close(0xffffffffffffffff)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="480000000906010200000000000000000700ffff200007800c00018008000140e000000208000a400000000105000300020000000900020073797a31000000000500010007"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)

11.167626299s ago: executing program 5 (id=2651):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)={0x14, 0x38, 0x301, 0x70bd26, 0x25dfdbfa, {0x5}}, 0x14}}, 0x4040010)

10.917992866s ago: executing program 6 (id=2652):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), 0x0, 0x0, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
r3 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r3, 0xc040565e, &(0x7f00000000c0)={0x5, 0x0, 0x0, {0xffff, 0x3, 0xb0c, 0x8}})
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0x40086602, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6d3a3068091d62b58999e0a046f9509cb8ddc2a9ad4e0f1f85e5f076218b4b931acdff0c34fc5bdbad17ec481f1c9b17727c14e053e315d0d8d03c24ddaba65c5ce5b1aa04d1f767e25662b155d49460ec720d54044ac2856c11407835f341e2614bcae270000000001000000df7f736aab5d713240b2f40ec7be8251eba969686b2670ddc1a84df6ab12ab3e0cf8747837062233935704ebbd943ef0c5fef29513c7c1d6d2611796dccb45bdfd9e6533ad3574be5b9ea70e0c3b41a32067c03f5f8ed147cd0655c90d656f66eaed18a3c284c4f19417b5d91431759356db5d45ea40c9866957105b6252b0c028c672049ce163126f143f5758faf2a43f4c4f45a69b4e9113f85ae531085c11c75edbdee5af454757cdaff396c15ab9b210c202ffaea96d1bac60c6d6c56a4babc659858789bd479334e13e1c7876f95429431e61400815788c1397b260600d78e7513c58d9ac9474d392cc06f789753e1e7ebf5f1b55e2a64b9150c6580bf48e7bff763034801cccf403108d127b959ffc425a563ea2b90fbe779fd7d2ebfe94"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r6 = socket$kcm(0x11, 0x2, 0x300)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r5, 0x4)
r7 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r7, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e1f, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @multicast2}}}], 0x20}, 0x0)
unshare(0x4200ffef)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001300)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x7, 0x1, 0x9, 0x2, 0x4, 0x6}, {0x3, 0x2, 0xe, 0xb3b, 0x3, 0x6}, 0x9, 0x2, 0x2d}}, @TCA_TBF_PTAB={0x404, 0x3, [0xfb, 0x2, 0x101, 0x5, 0x2, 0xa28, 0x4, 0x9, 0xf, 0xffff6d77, 0xe4, 0x280, 0x107, 0x8001, 0x2, 0x0, 0x7, 0xff, 0x4, 0x401, 0x9, 0x5, 0x3, 0x1, 0xfffffff5, 0x5, 0xb8, 0x7, 0x3, 0x1, 0x157, 0x26553de0, 0x4, 0x3ff, 0x80, 0x4, 0x1, 0x5, 0x1, 0x4, 0xf, 0x1000, 0x9, 0x6, 0xfff, 0x42, 0x44, 0x9, 0x6, 0x1, 0x7f, 0x9, 0x9, 0x6, 0x40, 0xffff, 0x0, 0x3, 0x9, 0x3, 0x7, 0xd61a, 0x1, 0x4, 0x8000, 0x5400000, 0x8000, 0x6, 0x400, 0x8000, 0x401, 0x4, 0xffffffff, 0x5, 0x8000, 0x1000, 0xb5, 0x6, 0x7, 0x0, 0x800, 0x1, 0x7fff, 0x401, 0x0, 0x2, 0x6e9, 0x8, 0x6, 0x5, 0xfffffffa, 0xffffff83, 0x7f, 0x9, 0x5feecc8, 0xb, 0x1a48dadd, 0xa3b, 0xfffffffa, 0x4, 0xffff, 0xc5, 0xbfa, 0x80000001, 0x8, 0x6, 0xacc, 0x7, 0x9, 0x1, 0x8001, 0x9, 0xcd4d, 0x5, 0x0, 0x7ff, 0x5, 0x5fd, 0x8, 0x8001, 0x9, 0xfffffff7, 0x76, 0x400, 0x4, 0x5, 0x9, 0x6, 0x17, 0x6, 0x2, 0x4, 0x400000, 0x10001, 0xd17, 0x1, 0x89, 0x4, 0x4, 0x8, 0x8, 0x10000, 0x9, 0x1, 0xce3, 0x4, 0x9, 0x96, 0x4, 0x6, 0x9, 0x8001, 0xc, 0x3, 0x2, 0x8969, 0x100, 0x100, 0x101, 0x7, 0x10000, 0x0, 0xc, 0x9, 0xfffffff1, 0x1, 0x1, 0x6, 0x7, 0x34a00, 0x45, 0x800, 0x2, 0x2, 0x7, 0x3800, 0x8, 0x4, 0x4, 0xfffffffb, 0x4, 0xb, 0xc, 0x5, 0x2, 0x4, 0x2000000, 0x2, 0x2, 0x5, 0x5, 0xfffffff8, 0xda, 0x9, 0x8, 0x2, 0x1, 0x4, 0x8, 0x7, 0x36a3, 0x2, 0x5, 0xa1, 0x94, 0x4a9b, 0x9, 0x5, 0x0, 0x3, 0x3, 0x4, 0xe, 0xd, 0xfffffff2, 0x5, 0x8, 0x0, 0x200, 0x7d, 0x2, 0x4, 0x1, 0x7fff, 0x3, 0x6, 0x3ff, 0x10000, 0x10, 0x0, 0x6, 0x8, 0x6, 0x8, 0x8, 0xf, 0x81, 0x4, 0x400, 0x3, 0xc, 0x8, 0x3, 0x6, 0x2c, 0x8, 0x25, 0x0, 0xb9, 0x3, 0x330c, 0xfffffffe, 0xc, 0x3a8b, 0x9, 0x1]}]}}]}, 0x45c}}, 0x0)
connect$can_bcm(0xffffffffffffffff, &(0x7f00000004c0), 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000)={0x1d, 0x4e23, @empty}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000040)="1c9ca1fb88a402aed73a4364a5593768ae", 0x11}, {&(0x7f0000000080)="ed463b47a5e15be18f0190e400a6cb790b1936018db66b35d292824c728b1517f91069e7ab23b11bef629a69498cb6a195b05d6aaf8673b3b0bfc4b0eed382c042f46c74b3eee646bc39bda0a9dac149e13d8bed49c206c5b5c84608062af97bde88ec091389baddaf5532323d70a984e14fd56d45b29cd049143c68cbfdf7bce491b98a03eb43e6cb5bc05444d32c79635c7c24e1ba8b256efa97cd013f129613fafdf274e7c365b4841b17b72331183df97b540eb25880548b2941fee9ef4bb4092693f348cc251b834b0f3ef456", 0xcf}, {&(0x7f0000000180)="089ac0c1e955ef204d91740257a17cc3fac9babd1c46685d45f5a83a57fc1f304d66f7a02562a67b601fff40b9d4d33750784dd41e2370f96cd64db637f2f0e1c2a9cd22bb3c50c52b5a2d92e17cde2cc5e10fc9a3c2310e576efefe1320e13e3ffaec8c97b930e56806ec3e54eeecc16511f9c8b6d9d4a0e00475554c53d6e15dead20608c4ad45337ef5a5f75716e97d28f6f07c5b7ce6136d8bc3433069a2ad2c76dd", 0xa4}, {&(0x7f0000000500)="ff52b31410d9bc32656fe6e33de3a8667b01f76b553c389d85235d3a29272e1b5e45da102d3619080bcccc57d12ac1740468589b29ba0da2c5d1258aca5a11b4a086949792fe4b212660a595f6ccfc815906a1ca3df268f38ff5ebef22fea176051bdca251679870b33901d8dd9a01d70231e231000137818f4f1a0dba3814e6b4f30856d470dc0109e7b1de08061c2420c8271bdd4906ec67e1cef27ebdac482cf978477f21a5c0ccea64ece13d4595a5af818817b4ace348ba3a9e496f461dd87b46703be45be02f1542f3d7df72e3ed491f5aee7ea0822abcb2a3f641031323e0ed221eaa28500eb98838cc0884b5d379", 0xf2}, {&(0x7f0000000340)="c83c", 0x2}], 0x5}, 0x20000090)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000800)={'bridge0\x00'})
fcntl$dupfd(0xffffffffffffffff, 0x0, r8)

10.746350614s ago: executing program 5 (id=2654):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508)
syz_emit_ethernet(0x4a, &(0x7f0000000dc0)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a3ff2", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
syz_emit_ethernet(0x7a, &(0x7f0000000180)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x44, 0x2f, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @private}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x57}}}}}}}, 0x0)

10.246964285s ago: executing program 5 (id=2657):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb00000001090224f85ee3c890eb2515b8acc3d26ca856d6b529af088e61e4cec152a4e6cfdd1fe55bc856472352412f04939f542f79fb40b5e84c7ba4ccda86e4c762ad044d0cc0de7f8415ca885867eaef7fc39a417b445fd3b4a07b4df54dc72c8de19d09978d83ff6bf16cac3643e1144b6809b3293c09394892cfc4541244c265b822c1d4d542e0813fdbb50a123a92eb9fd1e04f2a278e8783e82fafa2330b231978120805a9031ae1b3b680d3158e4e0f84baabbd73ce74a9592efb56b726ce0f9845efb28c9b18f0bf77f27e30ba65df4d815e66e29f34b433547cf9c592464d84c4d9742f517c076c87eeee4825d63890dbed2d397e89bd469317390ea43e5184c9eb06ff58de1fad9dbc64ab152f81fc0000000000000000", @ANYRES64=r1, @ANYRES16=0x0], 0x0)
add_key(&(0x7f0000000080)='rxrpc\x00', 0x0, &(0x7f0000000280)="f487441bd636011fb505068b0d37dd26ffe7dfe6ae582033b82e095096ae43fab17f0dc832e3c64158404d00c44751bd751a2dcf7f6304f2", 0x38, 0xfffffffffffffffe)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0xc2882, 0x0)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0xebff5d0857818f7f}, 0x4000)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps_rollup\x00')
lseek(r2, 0xffffeffffffffffe, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600))
r3 = syz_open_procfs(0x0, &(0x7f0000000440)='projid_map\x00')
write$tcp_mem(r3, &(0x7f0000000180)={0x0, 0x20, 0x0, 0x20, 0x0, 0x2}, 0x48)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a32000000001400048008000240326565a708000140000000000900010073797a300000000048000000060a010400000000000000000100000008000b40000000000900010073797a3000000000200004801c0001800b00010072656a"], 0xd0}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000060a0b0400000000000000000100000114007888776c5219adbbb850f66e760480100001800700010263740000040002800900010073797a3000b60e8f0000000900ec007398ad0f7f424a03f900000a"], 0x68}}, 0x0)
timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f00000000c0))
r7 = socket$inet6(0xa, 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020300090a0000000000000000000000030006000000001502000000ac1414000000000000000000020001000000000000000002fffffffb03000500000000000200000000000000000000000000000065e950075a1cfa165062e5854665b605b5d4aa1bea567899388d71946c01b31a43fa266cdb0f0de3c5ea38a41d3cdf3c1525e4654ecb"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{}, {0x0, 0x3938700}}, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x13}, &(0x7f0000000140)=<r8=>0x0)
timer_settime(r8, 0x0, &(0x7f00000010c0)={{0x77359400}, {0x0, 0x989680}}, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000003800010329bd7000fadbdb2504"], 0x14}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000000)

9.474568846s ago: executing program 1 (id=2658):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x98, 0x98, 0x4, [@const={0x9}, @decl_tag={0x9, 0x0, 0x0, 0x11, 0x2, 0x4}, @const={0x8, 0x0, 0x0, 0xa, 0xc}, @union={0xf, 0x1, 0x0, 0x5, 0x0, 0x4, [{0xd, 0x5}]}, @type_tag={0xb, 0x0, 0x0, 0x12, 0x5}, @volatile={0x1, 0x0, 0x0, 0x9, 0x4}, @type_tag={0xe, 0x0, 0x0, 0x12, 0x4}, @enum={0xd, 0x5, 0x0, 0x6, 0x4, [{0x0, 0x2}, {0x3}, {0xa, 0xf4}, {0x3, 0x5}, {0x9, 0x1b13}]}]}, {0x0, [0x30, 0x5f]}}, &(0x7f00000000c0)=""/73, 0xb4, 0x49, 0x0, 0x10000, 0x0, @void, @value}, 0x28)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r0}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x5, 0x1ff003, 0x81, 0xffff, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0xfffffffc, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$igmp(0x2, 0x3, 0x2)

9.273307028s ago: executing program 1 (id=2659):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaabaaaaaa0806000608000604"], 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknodat(0xffffffffffffffff, 0x0, 0x800, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1004000, 0x0, 0xb49, 0x9, 0x6, 0x0, 0x3}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0xfffe, 0x7, @mcast2}, {0xa, 0x0, 0xb, @mcast1}, r5}}, 0x48)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="020e000010000000000000000004830008001200000001000000ff000000400000001ea0abff7f00000000000000d41f9ab9000100700000ebdf000008000000c4fc0000100000000000e2ffff1c004f030006000020080002000080f5008e24ce6e4ae300a50000030005"], 0x80}}, 0x44814)
r6 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r6, &(0x7f0000000180), 0x229ffa1c4ce5369, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x3e, &(0x7f0000000340)={@local, @broadcast, @val={@val={0x88a8, 0x6, 0x1, 0x2}, {0x8100, 0x7, 0x0, 0x1}}, {@ipv6={0x86dd, @generic={0x0, 0x6, '\x00', 0x0, 0x84, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
unshare(0x6a040000)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)

8.037192761s ago: executing program 6 (id=2662):
r0 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000000), 0x208041, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
ioctl$BTRFS_IOC_ADD_DEV(r5, 0xff08, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_acct\x00')
preadv(r6, &(0x7f0000000540)=[{&(0x7f0000000140)=""/205, 0xcd}], 0x1, 0xfffffffb, 0xbf6b)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000030f6d39b6a000000000000009400c0ffffffffff9500000000000000"], 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_usb_connect$printer(0x6, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x5, 0x10, 0x7, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x10, 0x1, 0x7}}, [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x3, 0xfd, 0x8}}]}}}]}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x201, 0x1, 0xa0, 0x16, 0x0, 0x4}, 0xe5, &(0x7f00000002c0)={0x5, 0xf, 0xe5, 0x6, [@generic={0x59, 0x10, 0x4, "05ed6bf221018d4d29668b92c0ab5740b5c2698060da084cd8a4c7afb9682b92b2139dc0d209aa2da0efc0cd3fe212efeec3df0e76208b5c09b0778f2e96984681ad90dd6177f3f64747585a751564489c21632e09ff"}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x9}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0xf, 0x1}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "7a35cfdf60108af992e1c945d0293a53"}, @ssp_cap={0xc, 0x10, 0xa, 0x8, 0x0, 0x7fff, 0xf000, 0x6}, @generic={0x59, 0x10, 0x3, "0d0360498c1a22a7d1615fc32441ec17ff78fca1a769e1adf37c47c28f70feda486665c11403bd2e8daab7a9b4927057b61bb55b3edd6fd978360ab493f564e46841d869f2b32398bbaee8f2fd2f067760a4e3c1df38"}]}, 0x2, [{0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0xc0c}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x1a28}}]})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r8=>0xffffffffffffffff})
r9 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0xe1002)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000007100)="5802009400140091d491323b478925450db4564df63e79dbf0", 0x19}], 0x1)
ioctl$SCSI_IOCTL_SEND_COMMAND(r9, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r8])
ioctl$VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000180)={0xa, @pix_mp={0x0, 0x7, 0x32314d4e, 0x7, 0x0, [{}, {0xffffffff, 0x3}, {0x4}, {}, {}, {}, {0x0, 0xffffffff}], 0x4e}})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_ID={0x8, 0x1, 0x1}, @IFLA_GENEVE_TTL_INHERIT={0x5}]}}}]}, 0x44}}, 0x2000000)
unshare(0x22020400)
getsockname$packet(r0, 0x0, 0x0)
r10 = openat$rdma_cm(0xffffff9c, &(0x7f0000003a80), 0x2, 0x0)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r10, &(0x7f0000003c00)={0xb, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x6}}, 0x18)
eventfd(0x4)

6.895360344s ago: executing program 5 (id=2666):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x640503, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, &(0x7f0000000000)=0xf3, 0x4)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'dvmrp1\x00'})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2})
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
syz_emit_ethernet(0xd6, &(0x7f0000000380)={@random="88da00005bfd", @dev, @void, {@ipv4={0x800, @generic={{0x6, 0x4, 0x0, 0x5, 0xc8, 0x65, 0x0, 0x8, 0x67, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@lsrr={0x83, 0x3, 0x4b}]}}, "a4c6badd94b737bf096b3f9f57bb878cd6d95fd2ba4417a8ce68dd0fcb951fd0465ebf9206fec0aed9bce1ae2512b79920a09cf61366297ce6e77b2c811698fee384fb3a8deefe44115cf70651fa3cdf033c32390814a07024e5025fd47b0b75fa070e791317481a5672c242372b4b07d0ffd2d00b7d6285fc907f59e1942d63b0f8fb66abf2ffe82c83318a77b76d06cd4d297c6bad7700e0abc82deecc5d8511cf85be48f7d6aa099b0b1872e723e2"}}}}, 0x0)
io_cancel(0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000001780)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xb}, @hci_ev_le_remote_conn_param_req={{}, {0xc9, 0x8, 0xff, 0x6, 0x2}}}}, 0xe)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_register$IORING_REGISTER_NAPI(r2, 0x1b, &(0x7f0000000240)={0x2, 0xff}, 0x1)
io_uring_enter(r2, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000180)})
r5 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io$uac1(r5, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB=' \v\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

6.838528985s ago: executing program 4 (id=2667):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x45, 0x0, 0x1, 0xfffffffc}, {0x0, 0x0, 0x0, 0x700}, {0x6, 0x0, 0x0, 0x7fff0000}]})

6.143999024s ago: executing program 1 (id=2669):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x101001a, &(0x7f0000000100)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0xfd, 0x0, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
syz_emit_ethernet(0x1f, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffffff000000e8ff000011424203", @ANYRESDEC], 0x0)
read$FUSE(r2, &(0x7f0000004100)={0x2020}, 0x2020)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a00000000000b000000000008000400", @ANYRES32=r4, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r3], 0x38}}, 0x10)

5.682329763s ago: executing program 2 (id=2671):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="77ba00000000000000001f00000008000100", @ANYRES32=r1], 0x48}, 0x1, 0x0, 0x0, 0x15}, 0x0)

5.542606097s ago: executing program 2 (id=2672):
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
creat(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000106d049cc2000000000001090224"], 0x0)
syz_open_procfs(0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001100)=ANY=[@ANYBLOB="180100001300010026bd7000fcdbdf25737464726e67000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002400000020"], 0x118}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
ioctl$SNDRV_PCM_IOCTL_RESET(r1, 0x4141, 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0884113, &(0x7f0000000240)={0x1, 0x80, 0x200, 0x10001, 0x0, 0x8, 0x40009, 0x6, 0x4, 0x2c, 0x1, 0x1})
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff)

5.122093551s ago: executing program 1 (id=2673):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
clock_gettime(0xa, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c030000160001000000000000080000fc010000000000000000000000000000fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c000000ac14140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000000000000000000000000000300000006"], 0x34c}}, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000180)={0x3, 0x8, 0x2, {0x1, @sliced={0xffff, [0x5, 0xc, 0x2800, 0x4, 0x6, 0x804, 0x3, 0x1, 0x7, 0x1, 0x5, 0x7ff, 0x4, 0x1, 0x6, 0x70b, 0x2, 0x3, 0x5, 0x6, 0xf, 0xc, 0x5, 0x1, 0x4, 0x10, 0x93d, 0x3, 0x5, 0x3, 0x9, 0x0, 0x3, 0x2f24, 0x6, 0x8, 0x3, 0x6, 0x3, 0xe1e, 0x2, 0x6, 0x7b, 0x6, 0xa, 0xe0, 0x20, 0xb], 0x7}}, 0x3ff})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETLINK(r4, 0x400454cd, 0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x4008031, 0xffffffffffffffff, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)
setxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='system.posix_acl_default\x00', 0x0, 0x0, 0x1)

4.3783566s ago: executing program 4 (id=2674):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0)
landlock_create_ruleset(&(0x7f00000002c0)={0x3218}, 0x8, 0x0)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
writev(r1, &(0x7f00000014c0)=[{&(0x7f0000000200)="5617", 0x2}], 0x1)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

4.015651194s ago: executing program 4 (id=2675):
r0 = socket(0x11, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r3, 0x800, 0x70bd2c, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e31, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x54080)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="c0000000", @ANYRES16=r3, @ANYBLOB="040029bd7000fddbdf250f000000040001806c0005802c000280080004000180000008000400fbffffff0800020008000000080002000e0000000800040007000000070001006962000034000280080001011d000000080001000e00000008000400090000000800010015000000080002008c50000008000100040000002800078008000200115c84520c0004000900000000000000080002006b3400000800020018e0000004000180100007800c0004000100000000000000"], 0xc0}, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r4=>0x0})
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f00000000c0)={0x28, 0x3, r6, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r5, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r6, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_IOAS_COPY(r5, 0x3b83, &(0x7f0000002300)={0x28, 0x4, r6, r6, 0x2, 0x80, 0x4})
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/power/pm_freeze_timeout', 0x169a82, 0x80)
sendfile(r7, r7, 0x0, 0xb)
r8 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r9 = dup(r8)
write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c)
r10 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r9}, &(0x7f0000000080)=<r11=>0x0, &(0x7f0000000340)=<r12=>0x0)
syz_io_uring_submit(r11, r12, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}})
io_uring_enter(r10, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r13 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0)
readv(r13, &(0x7f00000002c0)=[{&(0x7f0000001500)=""/4110, 0x100e}], 0x1)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
sendmsg$NL80211_CMD_SET_WIPHY(r7, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x54, 0x0, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x1ff}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x6}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x1}, @NL80211_ATTR_WIPHY_ANTENNA_TX={0x8, 0x69, 0x4}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x2}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x4}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4044081)
bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14)
accept$inet6(r7, &(0x7f0000000580)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000600)=0x1c)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x4e6f, 0x4)
sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e357b679f0001140000002f0600ac141430e0000003808a8972bd0b72e4108296a3d206163944f8afc1bf505602da9168d6f9ce320068ff1f7e345a170d1423c2e18c8ed410c8aab9a20b514d2b583b90a86da4483488c0fdc6c2"], 0xdd12}], 0x1, 0x0, 0x0, 0x4000}, 0x1)

3.237492713s ago: executing program 6 (id=2676):
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x1c3000, 0x11, 0x3b}, 0x18)
r1 = fspick(r0, &(0x7f0000000080)='./file0\x00', 0x1)
r2 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r3 = dup(r2)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000100)={0x0, 0x1, 0x7, 0x956f}) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000140)="0f237f2e0f090f06660f070fc73db82d010f00d8fa0f060f00122c54", 0x1c}], 0x1, 0x20, &(0x7f00000001c0), 0x0) (async)
r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x102, 0x0) (async)
readv(r1, &(0x7f00000002c0)=[{&(0x7f0000000240)=""/4, 0x4}, {&(0x7f0000000280)=""/18, 0x12}], 0x2) (async)
r6 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000300), 0x200000, 0x0)
r7 = signalfd(r6, &(0x7f0000000340)={[0x5]}, 0x8)
ioctl$KVM_CAP_STEAL_TIME(r7, 0x4068aea3, &(0x7f0000000380)) (async)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r1, 0x8008f511, &(0x7f0000000400)) (async)
pwrite64(r1, &(0x7f0000000440)="c0930a49e6445a5a2849398404143c0f487f63e73979c96423bcf731255339ecb9986762bec13e5de7e96fcbb696c4c44d15bc684b240c5c1e8610d33d659494d118142ad84c4b9143fa9d64499dc8c2998cfea1007c93039d36fa8b9c48165e386e7f519e9167f0f22a466ce886029ab0701cca36319d8848747f5d216510eea878830d0cf7204ae421681522fe125eaea3ad546f3bbc5508d741a7c8d90b86ef78672710f6862e226e7731ce916b3f6e2fa3552771d0b6b52a6a599489f193faf3c5e765af4af53714d78602257c79da79fbc2d9996dbec4f3902cc47e15a671ad30aee59abe79db2996887c", 0xed, 0x5) (async)
r8 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000540), 0x200800, 0x0)
fchmod(r8, 0xdc) (async)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000580)={0x0, 0x7fffffff, 0xffffffff, 0x1}) (async)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000980)={[0x2, 0x9, 0x10000, 0x9, 0x2, 0x9, 0x0, 0x0, 0xe, 0x26c, 0x9, 0x3, 0x800, 0x18000000, 0x6, 0x6], 0x2, 0x200002}) (async)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000a40)={0x1ff})
r9 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000a80)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0xeef, 0x1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x80, 0xb0, 0x6, [{{0x9, 0x4, 0x0, 0xa1, 0x2, 0x3, 0x1, 0x0, 0x6, {0x9, 0x21, 0x1000, 0x2, 0x1, {0x22, 0xba1}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0xa, 0xe, 0x14}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0x0, 0x81, 0x8}}]}}}]}}]}}, &(0x7f0000000d40)={0xa, &(0x7f0000000ac0)={0xa, 0x6, 0x201, 0xe, 0x9, 0x4, 0x10, 0xcf}, 0xaa, &(0x7f0000000b00)={0x5, 0xf, 0xaa, 0x6, [@ptm_cap={0x3}, @ssp_cap={0x14, 0x10, 0xa, 0x8, 0x2, 0x10001, 0xf000, 0xd627, [0xc030, 0xffc000]}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x5, 0x0, 0x8}, @generic={0x72, 0x10, 0x1, "64ba4f732fa922bcf9268d2e4b4df108c680e47cec6143ef9b4308c8a40d2b82f69a7f571d1126e806197cba8cdfc4c97ced6306ce08656c1d0b799df979cb3d1f5b182de0a0c2265dc15e821b2ca8493e3601dcd89947ad0fd3305209ba4ae3f97fb5976562bc1434b0461ad5d27a"}, @wireless={0xb, 0x10, 0x1, 0x2, 0xc9, 0x26, 0x9, 0x4, 0x4}, @generic={0xa, 0x10, 0x3, "a60745cb61a952"}]}, 0x4, [{0x4, &(0x7f0000000bc0)=@lang_id={0x4, 0x3, 0x809}}, {0x6a, &(0x7f0000000c00)=@string={0x6a, 0x3, "eef8b2b11f08839ee5eb3a4a921d648abfdae7041a7fb575d39e57481df4d55d1be58f448c2ab51c71d64895d0f8e5cf4718778d4b622815dba5187feb5d2fdad7db029b0472e748d4246e3095a443c63b0999cf9d80824a0492d2d22db697a790cb15727fd1377b"}}, {0x73, &(0x7f0000000c80)=@string={0x73, 0x3, "08495c3c71073fe0f7edf9037f200f03ac7efca940a940a7b50303bf7e5742ed5cbb1e76718daff1eef63a601cd2f01e1b1be786f2495699d8bc238ec880b85069416c31820c5b7dde39323cc7cb5629e925fe84301c5a4078131804bccf3cdc648b1c2be654edbfe52275a0d13b08e7f8"}}, {0x4, &(0x7f0000000d00)=@lang_id={0x4, 0x3, 0x423}}]})
syz_usb_control_io$hid(r9, &(0x7f0000000f00)={0x24, &(0x7f0000000dc0)={0x20, 0x31, 0x57, {0x57, 0x9, "b19120ceec313f30f100dbb46cc9e70edeae3932d1490fb5b13e122d34b67e0b4f754bc5d114adebb5fe2aad03ce8328f8916bb0cb7c584aea74ccfb6dbd7f2e0e40a67dd0c1faf2b24d391312de4f8c7bf016ea09"}}, &(0x7f0000000e40)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1409}}, &(0x7f0000000e80)={0x0, 0x22, 0x11, {[@main=@item_4={0x3, 0x0, 0x9, "73c8842b"}, @global=@item_4={0x3, 0x1, 0x9, "e079107b"}, @local=@item_4={0x3, 0x2, 0x1, "c649b1aa"}, @main=@item_012={0x1, 0x0, 0x9, "d5"}]}}, &(0x7f0000000ec0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x3, 0x21, 0x1, {0x22, 0x37c}}}}, &(0x7f00000010c0)={0x2c, &(0x7f0000000f40)={0x0, 0x10, 0x60, "abf061ed4b1d3e1024e1686b6f36b8dcc85766979025c57bec3807b1d92a6ca3c6404cb9815835eeb3a2ebe837eb63a5e430247d5ac9b6a8a1ab784413358d810c7f36ff5357358f410fe2e1e961e55f5969e89b167a664e071e39876ad6ec84"}, &(0x7f0000000fc0)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000001000)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000001040)={0x20, 0x1, 0x2a, "d1e05231bf40d7a88f4d4bfaabf7ab4fbdba539c040ece8733f2c0f15a757b3f7a9ae0e86e61ff97ae1a"}, &(0x7f0000001080)={0x20, 0x3, 0x1, 0x9}}) (async)
r10 = socket$l2tp6(0xa, 0x2, 0x73)
sendto$inet6(r10, &(0x7f0000001100)="9bbc65008c968d45f5ac1aa0558a40d10097d48a84646a57f6", 0x19, 0x0, &(0x7f0000001140)={0xa, 0x4e23, 0xea6, @empty, 0x8001}, 0x1c) (async)
r11 = open$dir(&(0x7f0000001180)='./file0\x00', 0xc00, 0x20)
openat(r11, &(0x7f00000011c0)='./file0\x00', 0x0, 0x1c) (async)
r12 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_aout(r12, &(0x7f0000001200)={{0xcc, 0x1, 0x5, 0x201, 0x1b5, 0xfffffeff, 0x381, 0x8}, "735077c8022c38823aa282e831695366e4a8bb39a146e3e7b526b7028d9b6a30f037a9f1eecf521a48e4f956ee8e7db30c1a6977e000e56a35df2ff46d3f17b580049ea1fee3c193ebd4af4aace00d03bbd3d45fff901c41d06a6cd017e27741dfa1d6ac8665a474df3ad0bf163fbbd05294", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x892)
ioctl$EVIOCSCLOCKID(r6, 0x400445a0, &(0x7f0000001ac0)=0x7) (async)
read$watch_queue(r5, &(0x7f0000001b00)=""/242, 0xf2)

3.090612426s ago: executing program 5 (id=2677):
syz_emit_ethernet(0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6000008d001406"], 0x0)

2.972384408s ago: executing program 6 (id=2678):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8090, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x13}, 0xffffffff}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r2 = creat(0x0, 0xd4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a32000000002800048008000240000000000800014000000005"], 0xe8}, 0x1, 0x0, 0x0, 0x40040000}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000880)=@IORING_OP_SENDMSG={0x9, 0xf, 0x0, r1, 0x0, 0x0, 0x0, 0x80, 0x0, {0x0, r6}})
timer_create(0xb, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x74, &(0x7f0000000480)={<r7=>r5, 0xfffe, 0x30, 0x20000000000005, 0x3b0000}, &(0x7f00000009c0)=0x18)
r8 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000040)={0x26, 0xa, 0x3, "55ac07d401cc000000b28d002f179dd37829c92b00", 0x38414261})
getsockopt$inet_sctp_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000300)={r5, 0x328, 0x40, 0x9, 0x800, 0x7ac, 0x0, 0x3, {r7, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x401, 0x26, 0x4, 0x7, 0x10000}}, &(0x7f00000001c0)=0xb0)

2.754835161s ago: executing program 5 (id=2679):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
syz_emit_ethernet(0x52, 0x0, 0x0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
request_key(&(0x7f0000000240)='encrypted\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='\x00\xa8\xd8~3[q\x1f\x80\xc8\xcd\xd0\xa6\xd2G\xbb}\x1b\xd40\xb7\x1c^T\xb9\xeb\xda1\a]2F\x02\x8f\x0f\xb9K\x06S\xae\xac\x8d\xa89\xf9A\xe85\x93\xd8\xa0L8\x87\x16\xc8\xd7:\xeb\x19\xb1\xb7\xf4\x8c\xa0\xf6\xee\xdf\xf0\x11Y\x81p\xa3b\x8dvHf\xea\xe9\xe5\xce\xcb\x05\xef\x82\x8cYXo\x0e\xa2\b\x1c\xeb;J\x81c\x91[\x8a\x81O\x93g\xd9\xaf\x97\x99\t\xe6?#\x85', r2)
add_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, r2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000c54000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2)
socket$netlink(0x10, 0x3, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x3, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00')
syz_open_procfs(0x0, &(0x7f0000000080)='net/vlan/vlan0\x00')
r4 = getpid()
openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x24020000)
syz_clone(0xfdba2180, 0x0, 0x0, 0x0, 0x0, 0x0)

2.384492547s ago: executing program 1 (id=2680):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
pipe2(&(0x7f0000000200)={<r2=>0xffffffffffffffff}, 0x0) (async)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f00000024c0), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) (async)
splice(r2, 0x0, r3, 0x0, 0x50, 0xf) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2540, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x24048084)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x260041, 0x0) (async)
socket$unix(0x1, 0x1, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2800002cc382c95a1150a05f28834a5228bc3f001e00110000000000000000000200000001000007"], 0x28}}, 0x4000)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) (async)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x441, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2b442, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) (async)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) (async)
move_mount(r9, &(0x7f0000000140)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x43) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, @void, @value}, 0x28)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

2.382037136s ago: executing program 4 (id=2681):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0xfffe, 0x2})

2.110378319s ago: executing program 1 (id=2682):
r0 = syz_open_dev$usbfs(&(0x7f0000000280), 0x65, 0x8301)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x2, 0xfffffffe)
userfaultfd(0x801)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x22, 0x2, 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r6, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r6, 0x0, 0x0)
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0)
shutdown(r6, 0x1)
r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r7)
recvmsg$kcm(r4, &(0x7f0000002ac0)={&(0x7f0000000880)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000002a40)=[{&(0x7f0000000900)=""/117, 0x75}, {&(0x7f0000000980)}, {&(0x7f0000001a00)=""/43, 0x2b}, {&(0x7f0000001a40)=""/4096, 0x1000}], 0x4, &(0x7f0000002a80)=""/40, 0x28}, 0x20000000)
sendmmsg$inet(r5, 0x0, 0x0, 0xf00)
syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="175e1220ee006e39120001fd00e0000904fc0200ba70"], 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=@getqdisc={0x34, 0x26, 0x8, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0x4, 0xc}, {0x5, 0xd}, {0x3, 0x5}}, [{0x4}, {0x4}, {0x4}, {0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x2}, 0x2000480d)
r9 = syz_open_dev$sndctrl(&(0x7f0000000840), 0x0, 0x40000)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r9, 0x80dc5521, &(0x7f0000000a00)=""/4096)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f00000005c0)={0x0, 0x2, "5a779d318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28defff019009a14d90d1f6"})
syz_usb_connect$cdc_ncm(0x2, 0xc0, &(0x7f0000000140)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xae, 0x2, 0x1, 0x5, 0x50, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xa}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x7, 0xb, 0xe6}, {0x6, 0x24, 0x1a, 0x9, 0x50}, [@call_mgmt={0x5, 0x24, 0x1, 0x3, 0x5e}, @obex={0x5, 0x24, 0x15, 0x8001}, @mdlm_detail={0x48, 0x24, 0x13, 0x7, "8670e30e9fc421949d7e0fee57a9c7b7e9501b06c43abb1a7d8e3cc2c5639393118fae906f66bab5612d58dfe7cb952893d4c0f528fbf05d27718100bc78c1846e6fefa3"}]}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0xae, 0x3}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x48, 0x8, 0x2, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x2, 0x5, 0xfa}}}}}}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x110, 0x6, 0x6, 0xd, 0x20, 0x5}, 0xfd, &(0x7f00000002c0)={0x5, 0xf, 0xfd, 0x6, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xf, "5bfe1ec30dc2d6795d54d77c46e644e3"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x3, 0xe2, 0x43, 0x5, 0x3}, @generic={0xd0, 0x10, 0xa, "8823fe91c38f52d94bc1e96dac7916422ed29cfda281e3cd96bcfacf2d0baaa5468b4b4eff58d1b8fb0366acd86ee1769588edbffc43cd305de151bb0ead10fc084fc03a70aa641dba43f778b3b0f498701e337752c2e5f8ebee70974560005f66b7a8f6710b92038a764c51ea77e7de339ea4ef6feefab111ac0bea4af341fe89185d6406838a45b4848bf057b4d7794313f16694ea9e243dbc1120438b1e2216fd4eb04e7e1e4fccc2ca8de1c54bf26b2cfc8bffbf9ae9a10215dfe5e8af8388ee4b9842f9ebc3ec0324a601"}, @ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x4, [{0xa8, &(0x7f0000000400)=ANY=[@ANYBLOB="a803265639b50466c6e5746d27424be59f7acb297933a464661de07be0417d9e8107c9155a8148f019e41539227ed8f9dc9fcbe0a1d791b060d1b35fa3a3088929a618c60dae17dd61102c948e189e1fcb9a52b525335800914efa24eefcc9e706b530fc4f29929210c581cbe69e1b5dbb418c542583244ebb9676db070d347d75e17a53ffc581fb5526055f633ccb41609c6df03c229a4e1b322b32b45d45a4bd9a98da63a8b83f"]}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x455}}, {0xda, &(0x7f00000004c0)=@string={0xda, 0x3, "4dddd26aa13b62e795a616e5c12a8010e6ca04273ae2897909c1b16a589ea6562ed926e973c901f8cadec6f59af4ccbd0ef223f2147038fe125fa4bbf1a0e8de4e7adf2c7fbc121a320f0227753298e020e9a0c179aa564f838a9944822d12ab7c6fb3d4189087969489d06b76471d44e3ce36b21c99989e247a6fa67a09ca6853fb5f9c5f39c29d70384141e6bcb2182835785dd896a5b5724c2cdd60f42315898cf4c94edf8d5ae0e36f1bb18fab05775a538da07bad80389f13bf344d9ba1ed6ed84d9024d354d4a5316004ca68baa2965356c14b5d17"}}, {0xb2, &(0x7f0000002b00)=ANY=[@ANYBLOB="c6454ca2ed24f94550cc4a547fd7175e3f31ed380b4e67d2aa870e1876f962113f9660cb47a9d76cf77979e93521032499d255cb8e25cc8d9205565870e0114630bcd03154940b0d4b27b78d6238f0f37cf07201843fc0fe0d7b3c4f7977bb8857132947e2f89db5c8bef31de551fdb9564dbf38957623fe42009d105eae0018aced3dba100fd8f76fdbe0d0a49047307d2bd281562c05f4675724fdb4db928ae86673cad5093c65f52cf8464b90c897d269ff083efbb51cc01f815413e12036290a9cac348f692cd9c20f7a37d2c4e0d7c72c11f737b3f848d98c8753167a5a5fa75ce0bf8e6ba451c195309b1d1a24a6c6bbb5da365d25de32f041a794457a8832602e7fcce6a4cf3b0ee9b9a55ced03693b7f99a302951f3eaffab4673eb11d594fa9d29c5a26f773c6c74e133af818596c9536b2eef12ea35813b3ff59351293783355abce6fe9b47854fd845ee556a0093466cb008dd8adbe33b22797e90113a9ec18cbe784528ea59cd8713ea4b55c1b528d5b80a3d120970000000000000000000000000000bc"]}]})

1.727437477s ago: executing program 2 (id=2683):
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
getgroups(0x0, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f00000001c0)=0x21, 0x4)
bind$xdp(r1, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffffffffffe41, 0x0}, 0x200400d4)
r2 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x2, 0x400000d, 0x0, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x9, 0x7, 0x7, 0x200000000000000, 0x5, 0x7}, 0x0, 0x0) (fail_nth: 2)
ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

1.168006427s ago: executing program 6 (id=2684):
socket$inet6(0xa, 0x1, 0x8010000000000084)
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x271b, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x6c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x38, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @local}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x7ff}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x1}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e23}]}}}]}, 0x6c}}, 0x44850)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x40, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x9, 0x2}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x400}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x80000000}, @qdisc_kind_options=@q_ingress={0xc}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000002}, 0x20004004)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e22, 0x0, @empty}}, 0x0, 0x0, 0x6, 0x1, 0x3f, 0x202}, 0x9c)
connect$can_bcm(r2, &(0x7f0000000040)={0x1d, r3}, 0x10)
socket$inet6(0xa, 0x1, 0x8010000000000084) (async)
socket(0x15, 0x5, 0x0) (async)
getsockopt(r0, 0x200000000114, 0x271b, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x6c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x38, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @local}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x7ff}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x1}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e23}]}}}]}, 0x6c}}, 0x44850) (async)
socket(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) (async)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x40, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x9, 0x2}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x400}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x80000000}, @qdisc_kind_options=@q_ingress={0xc}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000002}, 0x20004004) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e22, 0x0, @empty}}, 0x0, 0x0, 0x6, 0x1, 0x3f, 0x202}, 0x9c) (async)
connect$can_bcm(r2, &(0x7f0000000040)={0x1d, r3}, 0x10) (async)

802.661818ms ago: executing program 2 (id=2685):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0)
landlock_create_ruleset(&(0x7f00000002c0)={0x3218}, 0x8, 0x0)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
writev(r1, &(0x7f00000014c0)=[{&(0x7f0000000200)="5617", 0x2}], 0x1)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

657.121968ms ago: executing program 4 (id=2686):
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x1ff003, 0x81, 0xffff, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffc, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (fail_nth: 14)

581.766255ms ago: executing program 2 (id=2687):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
r1 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
r3 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa76975b88885041ff4e66e618d6c37c787f014eadb6c9f65", 0x139, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r1, r2, r3}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}})
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x21})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000a5d000/0x2000)=nil, 0x2000}, 0x5})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

38.324316ms ago: executing program 2 (id=2688):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_io_uring_setup(0x1b7e, &(0x7f0000000080)={0x0, 0xfcc0, 0x4, 0x3, 0xf5}, &(0x7f0000000400), &(0x7f0000000180))
r3 = io_uring_setup(0x3c8f, &(0x7f0000000100)={0x0, 0xeca2, 0x80, 0x2, 0x13, 0x0, r2})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x20000023896)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f00000001c0)={0x7, r2, 0x5, {0xfffffffffffffff4, 0x4}}, 0x1)
close_range(r3, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000340)={&(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x4})
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000080000006a0a413f000000002e40000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="1000000000000025050000000000000000000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0x8, &(0x7f0000000080)=""/177, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x3b, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x49)
r6 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}], 0x1, 0x40)
bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r6, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4)
recvmmsg(r6, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4)
sendto$inet6(r6, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c)
io_setup(0x400, &(0x7f0000000200)=<r7=>0x0)
io_pgetevents(r7, 0x8, 0x1, &(0x7f0000000240)=[{}], &(0x7f0000000280)={0x77359400}, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r5, 0x84, 0x73, &(0x7f0000000380)={0x0, 0x40, 0x30, 0x2, 0x101}, &(0x7f00000003c0)=0x18)
r8 = userfaultfd(0x80001)
r9 = syz_open_dev$video(&(0x7f0000000040), 0x7, 0x0)
ioctl$VIDIOC_ENUMINPUT(r9, 0xc050561a, &(0x7f0000000080)={0x2, "80a246be447894f43a16d380ec57003faa2e5a0000000000000800", 0x2, 0x4, 0x1, 0x40, 0x606020a, 0x4})
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r8, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})

37.818583ms ago: executing program 4 (id=2689):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="1201edffffff0040d118305000000000ef000902240001000000080904000001030000000921010100012205000905810308402c0000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000100)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205000000aa1aefa9f4ea0ad10cf97e29be102c58375d69199e62c2a5d262ca8f1c0c66adcdb560ee4304d35197f9b1ca715286a1089c7900306ed43d6b07676bc2ce641c4b8d7a876850156d0c3c09992390904b9a594303041bdba138d1a6b83940950a2b9e4377474afc8dc01e6a2495acc2066179505735501824f1469d4f5252aa2cb3f2a79546acbf31"], 0x0}, 0x0) (async)
unshare(0xa040480)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, 0x0, 0x0) (async)
unshare(0x6a040000) (async)
unshare(0x10000)

0s ago: executing program 6 (id=2690):
socket(0x1d, 0x2, 0x6)
unshare(0x22020600)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x24, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x92a3, 0x4, 0x1, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x1000, 0xfffffffc, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0x6, 0x1, 0xff, 0x5, 0x5, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7, 0x8000, 0x1, 0xfe000000, 0x9, 0x2, 0x7f, 0x9, 0x3, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x2], [0x7, 0x6, 0x0, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x1, 0x8, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x3, 0x8, 0x4, 0x7ffe, 0x5, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x10002, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x25], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x2, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0xb, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
unshare(0x22020600)
move_mount(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', r0, 0x0, 0x260)
futex_waitv(&(0x7f00000007c0)=[{0x0, 0xffffffffffffffff, 0x2}], 0x1, 0x0, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

[  675.016563][T13807] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  675.024891][T13811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  675.035020][T13811] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  675.068763][T13813] netlink: 2048 bytes leftover after parsing attributes in process `syz.6.2225'.
[  675.204555][T13813] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2225'.
[  675.415896][ T5840] usb 3-1: new high-speed USB device number 118 using dummy_hcd
[  675.635722][ T5840] usb 3-1: config index 0 descriptor too short (expected 63524, got 36)
[  675.676038][ T5840] usb 3-1: config 227 has too many interfaces: 94, using maximum allowed: 32
[  675.684868][ T5840] usb 3-1: config 227 has an invalid descriptor of length 37, skipping remainder of the config
[  675.820586][ T5840] usb 3-1: config 227 has 0 interfaces, different from the descriptor's value: 94
[  675.820658][ T5840] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  675.820683][ T5840] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.051202][T13815] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2227'.
[  676.585092][T13828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  676.629851][T13828] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.945096][T13844] netlink: 'syz.1.2235': attribute type 29 has an invalid length.
[  676.965842][T13844] netlink: 'syz.1.2235': attribute type 29 has an invalid length.
[  676.986796][T13844] netlink: 500 bytes leftover after parsing attributes in process `syz.1.2235'.
[  678.278464][ T5840] usb 3-1: string descriptor 0 read error: -71
[  678.295092][ T5840] usb 3-1: USB disconnect, device number 118
[  678.387155][T13857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2240'.
[  678.397646][T13857] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2240'.
[  678.913188][T13872] netlink: 'syz.1.2244': attribute type 10 has an invalid length.
[  678.972763][T13872] bridge0: port 2(bridge_slave_1) entered disabled state
[  678.980499][T13872] bridge0: port 1(bridge_slave_0) entered disabled state
[  679.546851][T13872] bridge0: port 2(bridge_slave_1) entered blocking state
[  679.554108][T13872] bridge0: port 2(bridge_slave_1) entered forwarding state
[  679.561755][T13872] bridge0: port 1(bridge_slave_0) entered blocking state
[  679.568954][T13872] bridge0: port 1(bridge_slave_0) entered forwarding state
[  679.577619][T13880] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  679.698107][T13872] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  680.054261][T13893] dlm: plock device version mismatch: kernel (1.2.0), user (4245159966.9.4)
[  680.205289][T13889] pim6reg: entered allmulticast mode
[  680.218191][T13889] pim6reg: left allmulticast mode
[  682.495940][ T5887] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  682.682952][ T5887] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  682.747920][ T5887] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  682.792785][ T5887] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  682.822046][T13936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  682.870761][ T5887] usb 5-1: config 0 interface 0 has no altsetting 0
[  682.918566][T13936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  682.918774][ T5887] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  683.043183][ T5887] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  683.092542][ T5887] usb 5-1: config 0 interface 0 has no altsetting 0
[  683.192105][ T5887] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  683.241331][ T5887] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  684.505935][ T5887] usb 5-1: config 0 interface 0 has no altsetting 0
[  684.517667][ T5887] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  684.575333][ T5887] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  684.596906][ T5887] usb 5-1: config 0 interface 0 has no altsetting 0
[  684.605070][ T5887] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  684.661357][ T5887] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  684.731014][ T5887] usb 5-1: config 0 interface 0 has no altsetting 0
[  684.757860][ T5887] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  684.778459][T13952] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2268'.
[  684.790879][ T5887] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  684.810650][T13952] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2268'.
[  684.834024][ T5887] usb 5-1: config 0 interface 0 has no altsetting 0
[  684.877146][ T5887] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  684.899756][T13954] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  684.919793][ T5887] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  684.937564][ T5887] usb 5-1: config 0 interface 0 has no altsetting 0
[  684.979577][ T5887] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  684.999746][ T5887] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  685.017865][ T5887] usb 5-1: config 0 interface 0 has no altsetting 0
[  685.032988][ T5887] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  685.045043][ T5887] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  685.097381][ T5887] usb 5-1: Product: syz
[  685.101945][ T5887] usb 5-1: Manufacturer: syz
[  685.107214][ T5887] usb 5-1: SerialNumber: syz
[  685.132175][ T5887] usb 5-1: config 0 descriptor??
[  685.180499][ T5887] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[  685.328422][ T5887] usb 5-1: USB disconnect, device number 100
[  685.370820][ T5887] yurex 5-1:0.0: USB YUREX #0 now disconnected
[  685.839326][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  685.923472][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  686.196725][T13974] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  686.343981][T13976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  686.444055][T13976] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  686.468820][T13976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  686.503553][T13976] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  687.339144][T13991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  687.349527][T13991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  687.379059][T13991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  687.389581][T13991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  687.399842][T13991] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2280'.
[  688.401653][T14004] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2286'.
[  689.950826][T14019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  689.960467][T14019] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  690.027370][T14010] syz.4.2285: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  690.207624][T14010] CPU: 0 UID: 0 PID: 14010 Comm: syz.4.2285 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  690.207658][T14010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  690.207673][T14010] Call Trace:
[  690.207682][T14010]  <TASK>
[  690.207694][T14010]  dump_stack_lvl+0x189/0x250
[  690.207733][T14010]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  690.207766][T14010]  ? __pfx_dump_stack_lvl+0x10/0x10
[  690.207800][T14010]  ? __pfx__printk+0x10/0x10
[  690.207823][T14010]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  690.207848][T14010]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  690.207881][T14010]  warn_alloc+0x214/0x310
[  690.207922][T14010]  ? __pfx_warn_alloc+0x10/0x10
[  690.207966][T14010]  ? __get_vm_area_node+0x28f/0x300
[  690.208005][T14010]  __vmalloc_node_range_noprof+0x5f2/0x12c0
[  690.208040][T14010]  ? __asan_memset+0x22/0x50
[  690.208061][T14010]  ? __kernel_text_address+0xd/0x40
[  690.208113][T14010]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  690.208141][T14010]  ? __kasan_kmalloc_large+0x1a/0xa0
[  690.208167][T14010]  ? rcu_is_watching+0x15/0xb0
[  690.208186][T14010]  ? translate_table+0x198/0x2000
[  690.208205][T14010]  ? translate_table+0x198/0x2000
[  690.208222][T14010]  __kvmalloc_node_noprof+0x3a0/0x5e0
[  690.208249][T14010]  ? translate_table+0x198/0x2000
[  690.208266][T14010]  ? xt_alloc_table_info+0x3b/0xa0
[  690.208297][T14010]  translate_table+0x198/0x2000
[  690.208334][T14010]  ? __pfx_translate_table+0x10/0x10
[  690.208357][T14010]  ? __might_fault+0xb0/0x130
[  690.208399][T14010]  ? _copy_from_user+0x94/0xb0
[  690.208430][T14010]  do_ipt_set_ctl+0x967/0xcd0
[  690.208457][T14010]  ? rcu_is_watching+0x15/0xb0
[  690.208473][T14010]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  690.208509][T14010]  ? __pfx___mutex_lock+0x10/0x10
[  690.208535][T14010]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  690.208559][T14010]  ? aa_sk_perm+0x81e/0x950
[  690.208580][T14010]  ? file_init_path+0x3b/0x590
[  690.208613][T14010]  ? __pfx_aa_sk_perm+0x10/0x10
[  690.208639][T14010]  nf_setsockopt+0x26c/0x290
[  690.208665][T14010]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  690.208689][T14010]  do_sock_setsockopt+0x25a/0x3e0
[  690.208716][T14010]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  690.208739][T14010]  ? __fget_files+0x2a/0x420
[  690.208769][T14010]  ? __fget_files+0x3a0/0x420
[  690.208793][T14010]  ? __fget_files+0x2a/0x420
[  690.208825][T14010]  __x64_sys_setsockopt+0x18b/0x220
[  690.208856][T14010]  do_syscall_64+0xf6/0x210
[  690.208882][T14010]  ? clear_bhb_loop+0x60/0xb0
[  690.208906][T14010]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.208924][T14010] RIP: 0033:0x7f96b798e969
[  690.208941][T14010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  690.208957][T14010] RSP: 002b:00007f96b8807038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  690.208977][T14010] RAX: ffffffffffffffda RBX: 00007f96b7bb6320 RCX: 00007f96b798e969
[  690.208992][T14010] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000008
[  690.209003][T14010] RBP: 00007f96b7a10ab1 R08: 00000000000003b8 R09: 0000000000000000
[  690.209015][T14010] R10: 0000200000000700 R11: 0000000000000246 R12: 0000000000000000
[  690.209027][T14010] R13: 0000000000000000 R14: 00007f96b7bb6320 R15: 00007f96b7cdfa28
[  690.209054][T14010]  </TASK>
[  690.211078][T14010] Mem-Info:
[  690.574466][T14010] active_anon:52525 inactive_anon:1 isolated_anon:0
[  690.574466][T14010]  active_file:19193 inactive_file:40138 isolated_file:0
[  690.574466][T14010]  unevictable:768 dirty:300 writeback:0
[  690.574466][T14010]  slab_reclaimable:10803 slab_unreclaimable:114927
[  690.574466][T14010]  mapped:36349 shmem:45002 pagetables:1475
[  690.574466][T14010]  sec_pagetables:0 bounce:0
[  690.574466][T14010]  kernel_misc_reclaimable:0
[  690.574466][T14010]  free:1233135 free_pcp:5939 free_cma:0
[  690.744608][T14010] Node 0 active_anon:210496kB inactive_anon:4kB active_file:76676kB inactive_file:160348kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:141240kB dirty:1200kB writeback:0kB shmem:178376kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11952kB pagetables:5900kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  690.824572][T14010] Node 1 active_anon:0kB inactive_anon:0kB active_file:96kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:60kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  690.886015][T14010] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  691.036104][T14010] lowmem_reserve[]: 0 2504 2504 2504 2504
[  691.051473][T14010] Node 0 DMA32 free:1008628kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:205156kB inactive_anon:4kB active_file:76676kB inactive_file:160248kB unevictable:1536kB writepending:1200kB present:3129332kB managed:2564128kB mlocked:0kB bounce:0kB free_pcp:34156kB local_pcp:10056kB free_cma:0kB
[  691.090567][T14022] binder: 14021:14022 ioctl c0306201 2000000007c0 returned -11
[  691.148780][T14022] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  691.149035][T14025] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2290'.
[  691.176487][T14022] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  691.185887][T14010] lowmem_reserve[]: 0 0 0 0 0
[  691.207876][T14025] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  691.358385][T14010] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:100kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  691.710195][T14010] lowmem_reserve[]: 0 0 0 0 0
[  691.715076][T14010] Node 1 Normal free:3907016kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:96kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:4096kB local_pcp:0kB free_cma:0kB
[  691.868099][T14010] lowmem_reserve[]: 0 0 0 0 0
[  691.894794][T14010] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  691.994111][T14010] Node 0 DMA32: 16*4kB (UE) 6*8kB (UME) 6*16kB (UME) 113*32kB (UME) 96*64kB (UM) 105*128kB (UM) 80*256kB (ME) 54*512kB (UME) 58*1024kB (UME) 19*2048kB (UME) 209*4096kB (UM) = 1025904kB
[  692.115114][T14010] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  692.243195][T14010] Node 1 Normal: 212*4kB (UM) 65*8kB (UME) 45*16kB (UME) 183*32kB (UME) 91*64kB (UME) 34*128kB (UME) 13*256kB (UM) 11*512kB (UME) 3*1024kB (UM) 7*2048kB (UME) 943*4096kB (M) = 3907016kB
[  692.507849][ T5840] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[  692.512632][T14010] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  692.576030][T14010] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  692.663808][T14010] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  692.688864][ T5840] usb 3-1: config 0 has no interfaces?
[  692.709189][T14010] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  692.730434][ T5840] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  692.739760][ T5840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  692.748312][ T5840] usb 3-1: Product: syz
[  692.752582][ T5840] usb 3-1: Manufacturer: syz
[  692.758716][ T5840] usb 3-1: SerialNumber: syz
[  692.783653][T14010] 105830 total pagecache pages
[  692.847530][ T5840] usb 3-1: config 0 descriptor??
[  692.855822][T14010] 1 pages in swap cache
[  692.866075][T14010] Free swap  = 124992kB
[  692.941498][T14010] Total swap = 124996kB
[  692.967126][T14010] 2097051 pages RAM
[  693.042621][T14010] 0 pages HighMem/MovableOnly
[  693.079639][T14010] 424361 pages reserved
[  693.185706][T14010] 0 pages cma reserved
[  693.243491][T14037] veth0_virt_wifi: mtu less than device minimum
[  693.254355][T14037] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  694.286423][T14054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2297'.
[  694.433806][T14054] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  694.488467][T14054] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  694.635529][T14054] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  694.735122][T14054] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  694.746133][T14054] geneve2: entered promiscuous mode
[  694.751490][T14054] geneve2: entered allmulticast mode
[  695.303298][ T5889] usb 3-1: USB disconnect, device number 119
[  696.156270][T13723] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[  696.167263][T14071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.183943][T14071] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.334271][T13723] usb 3-1: config 0 has no interfaces?
[  696.455158][T13723] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  696.472273][T13723] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  696.482409][T13723] usb 3-1: Product: syz
[  696.492528][T13723] usb 3-1: Manufacturer: syz
[  696.511680][T13723] usb 3-1: SerialNumber: syz
[  696.519947][T14075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.530519][T14075] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.553687][T14076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.587380][T14077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.601258][T13723] usb 3-1: config 0 descriptor??
[  696.634999][T14076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.706983][T14077] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.835948][T14068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.846821][T14068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.857090][T14068] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2301'.
[  696.931764][T14081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.954243][T14081] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  697.165937][ T5826] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[  697.315872][ T5826] usb 5-1: Using ep0 maxpacket: 16
[  697.323092][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  697.396300][ T5826] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  697.406186][ T5826] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.414307][ T5826] usb 5-1: Product: syz
[  697.418784][ T5826] usb 5-1: Manufacturer: syz
[  697.423512][ T5826] usb 5-1: SerialNumber: syz
[  697.441594][ T5826] usb 5-1: config 0 descriptor??
[  697.453894][ T5826] hub 5-1:0.0: bad descriptor, ignoring hub
[  697.464862][ T5826] hub 5-1:0.0: probe with driver hub failed with error -5
[  697.483102][ T5826] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input33
[  697.600402][T14088] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  697.610508][T14088] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  697.622585][T14088] fuse: Bad value for 'fd'
[  697.734111][T14090] input: syz0 as /devices/virtual/input/input34
[  697.986682][T14092] IPVS: sed: UDP 224.0.0.2:20004 - no destination available
[  697.994319][ T5914] IPVS: starting estimator thread 0...
[  698.085864][T14095] IPVS: using max 25 ests per chain, 60000 per kthread
[  698.526171][ T5889] usb 3-1: USB disconnect, device number 120
[  698.694954][T14104] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2312'.
[  698.845829][T14104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  698.872261][T14104] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  699.589225][T14114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  699.626344][T14114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  699.805877][ T5141] Bluetooth: hci1: command 0x0406 tx timeout
[  699.813494][ T5826] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  699.826750][ T5826] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  700.402984][T14119] FAULT_INJECTION: forcing a failure.
[  700.402984][T14119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  700.471782][T14119] CPU: 0 UID: 0 PID: 14119 Comm: syz.4.2318 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  700.471813][T14119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  700.471827][T14119] Call Trace:
[  700.471836][T14119]  <TASK>
[  700.471845][T14119]  dump_stack_lvl+0x189/0x250
[  700.471879][T14119]  ? __lock_acquire+0xaac/0xd20
[  700.471911][T14119]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.471942][T14119]  ? __pfx__printk+0x10/0x10
[  700.471963][T14119]  ? __might_fault+0xb0/0x130
[  700.472003][T14119]  should_fail_ex+0x414/0x560
[  700.472029][T14119]  _copy_from_user+0x2d/0xb0
[  700.472061][T14119]  __sys_bpf+0x1ed/0x860
[  700.472091][T14119]  ? __pfx___sys_bpf+0x10/0x10
[  700.472132][T14119]  ? ksys_write+0x1f0/0x250
[  700.472170][T14119]  __x64_sys_bpf+0x7c/0x90
[  700.472195][T14119]  do_syscall_64+0xf6/0x210
[  700.472224][T14119]  ? clear_bhb_loop+0x60/0xb0
[  700.472249][T14119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.472270][T14119] RIP: 0033:0x7f96b798e969
[  700.472294][T14119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.472312][T14119] RSP: 002b:00007f96b888b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  700.472335][T14119] RAX: ffffffffffffffda RBX: 00007f96b7bb5fa0 RCX: 00007f96b798e969
[  700.472350][T14119] RDX: 0000000000000020 RSI: 00002000000007c0 RDI: 0000000000000008
[  700.472364][T14119] RBP: 00007f96b888b090 R08: 0000000000000000 R09: 0000000000000000
[  700.472377][T14119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  700.472389][T14119] R13: 0000000000000001 R14: 00007f96b7bb5fa0 R15: 00007f96b7cdfa28
[  700.472421][T14119]  </TASK>
[  700.645093][    C0] vkms_vblank_simulate: vblank timer overrun
[  701.128202][ T5887] usb 3-1: new low-speed USB device number 121 using dummy_hcd
[  701.329671][ T5887] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  701.351350][T14135] FAULT_INJECTION: forcing a failure.
[  701.351350][T14135] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  701.378592][ T5887] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  701.395276][T14135] CPU: 0 UID: 0 PID: 14135 Comm: syz.6.2323 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  701.395306][T14135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  701.395319][T14135] Call Trace:
[  701.395329][T14135]  <TASK>
[  701.395338][T14135]  dump_stack_lvl+0x189/0x250
[  701.395372][T14135]  ? __lock_acquire+0xaac/0xd20
[  701.395405][T14135]  ? __pfx_dump_stack_lvl+0x10/0x10
[  701.395440][T14135]  ? __pfx__printk+0x10/0x10
[  701.395462][T14135]  ? __might_fault+0xb0/0x130
[  701.395502][T14135]  should_fail_ex+0x414/0x560
[  701.395530][T14135]  _copy_from_iter+0x1db/0x15a0
[  701.395565][T14135]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  701.395589][T14135]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  701.395637][T14135]  ? __pfx__copy_from_iter+0x10/0x10
[  701.395666][T14135]  ? __build_skb_around+0x257/0x3e0
[  701.395698][T14135]  ? netlink_sendmsg+0x642/0xb30
[  701.395722][T14135]  ? skb_put+0x11b/0x210
[  701.395755][T14135]  netlink_sendmsg+0x6b2/0xb30
[  701.395790][T14135]  ? __pfx_netlink_sendmsg+0x10/0x10
[  701.395820][T14135]  ? aa_sock_msg_perm+0x94/0x160
[  701.395848][T14135]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  701.395873][T14135]  ? __pfx_netlink_sendmsg+0x10/0x10
[  701.395900][T14135]  __sock_sendmsg+0x21c/0x270
[  701.395925][T14135]  ____sys_sendmsg+0x505/0x830
[  701.395962][T14135]  ? __pfx_____sys_sendmsg+0x10/0x10
[  701.396001][T14135]  ? import_iovec+0x74/0xa0
[  701.396036][T14135]  ___sys_sendmsg+0x21f/0x2a0
[  701.396069][T14135]  ? __pfx____sys_sendmsg+0x10/0x10
[  701.396138][T14135]  ? __fget_files+0x2a/0x420
[  701.396173][T14135]  ? __fget_files+0x3a0/0x420
[  701.396213][T14135]  __x64_sys_sendmsg+0x19b/0x260
[  701.396247][T14135]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  701.396295][T14135]  ? do_syscall_64+0xba/0x210
[  701.396329][T14135]  do_syscall_64+0xf6/0x210
[  701.396358][T14135]  ? clear_bhb_loop+0x60/0xb0
[  701.396385][T14135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.396405][T14135] RIP: 0033:0x7f68b6d8e969
[  701.396425][T14135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  701.396443][T14135] RSP: 002b:00007f68b7b6a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  701.396466][T14135] RAX: ffffffffffffffda RBX: 00007f68b6fb5fa0 RCX: 00007f68b6d8e969
[  701.396482][T14135] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  701.396496][T14135] RBP: 00007f68b7b6a090 R08: 0000000000000000 R09: 0000000000000000
[  701.396510][T14135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  701.396522][T14135] R13: 0000000000000000 R14: 00007f68b6fb5fa0 R15: 00007f68b70dfa28
[  701.396555][T14135]  </TASK>
[  701.416674][ T5887] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  701.847260][ T5887] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  701.857300][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.962758][T13723] usb 5-1: USB disconnect, device number 101
[  701.972918][ T5141] Bluetooth: hci2: command 0x0406 tx timeout
[  701.975625][ T5826] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  702.007259][ T5826] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  702.030820][T14145] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  702.056869][T14126] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  702.079029][T14145] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  702.080053][ T5887] hub 3-1:1.0: bad descriptor, ignoring hub
[  702.101929][ T5887] hub 3-1:1.0: probe with driver hub failed with error -5
[  702.122685][ T5887] cdc_wdm 3-1:1.0: skipping garbage
[  702.128124][ T5887] cdc_wdm 3-1:1.0: skipping garbage
[  702.150662][T14145] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  702.219014][ T5887] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  702.256410][T14137] batadv_slave_1: entered promiscuous mode
[  702.411627][T14149] "syz.2.2321" (14149) uses obsolete ecb(arc4) skcipher
[  702.419144][T14136] batadv_slave_1: left promiscuous mode
[  702.439609][ T5887] cdc_wdm 3-1:1.0: Unknown control protocol
[  702.766538][T13723] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[  702.925505][T13723] usb 5-1: Using ep0 maxpacket: 32
[  702.942944][T13723] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  702.969084][T13723] usb 5-1: config 0 has no interface number 0
[  702.991690][T13723] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  703.013043][T13723] usb 5-1: config 0 interface 1 has no altsetting 0
[  703.049757][T13723] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  703.122093][T13723] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.131080][T13723] usb 5-1: Product: syz
[  703.139928][T14155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  703.141432][T13723] usb 5-1: Manufacturer: syz
[  703.151091][T14155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  703.171303][T13723] usb 5-1: SerialNumber: syz
[  703.196130][T13723] usb 5-1: config 0 descriptor??
[  703.262035][    C0] wdm_int_callback: 77 callbacks suppressed
[  703.262066][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  703.274590][    C0] wdm_int_callback: 77 callbacks suppressed
[  703.274609][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  703.417086][T13723] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  703.437346][T13723] cx231xx 5-1:0.1: Failed to read PCB config
[  703.443569][T13723] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71
[  703.460592][T13723] usb 5-1: USB disconnect, device number 102
[  703.935852][ T5914] usb 3-1: USB disconnect, device number 121
[  703.936018][T13723] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  704.141003][T14164] netlink: 'syz.1.2331': attribute type 29 has an invalid length.
[  704.151130][T14164] netlink: 'syz.1.2331': attribute type 29 has an invalid length.
[  704.161642][T14164] netlink: 500 bytes leftover after parsing attributes in process `syz.1.2331'.
[  704.195943][T13723] usb 5-1: Using ep0 maxpacket: 32
[  704.206397][ T5826] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  704.206401][ T5141] Bluetooth: hci4: command 0x0406 tx timeout
[  704.224043][ T5826] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  704.227561][T13723] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  704.243998][T13723] usb 5-1: config 0 has no interface number 0
[  704.257324][T13723] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  704.269889][T13723] usb 5-1: config 0 interface 1 has no altsetting 0
[  704.280283][T13723] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  704.289885][T13723] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  704.298312][T13723] usb 5-1: Product: syz
[  704.302589][T13723] usb 5-1: Manufacturer: syz
[  704.307299][T13723] usb 5-1: SerialNumber: syz
[  704.315879][T13723] usb 5-1: config 0 descriptor??
[  704.536725][T13723] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  704.558036][T13723] cx231xx 5-1:0.1: Identified as Conexant Hybrid TV - RDU253S (card=4)
[  704.686316][T13723] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --110
[  704.696110][T13723] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32
[  704.707208][T13723] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32
[  704.716603][T13723] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32
[  704.730125][T13723] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32
[  704.738525][T13723] cx231xx 5-1:0.1: Failed to set devmode to analog: error: -32
[  704.782167][T13723] i2c i2c-3: Added multiplexed i2c bus 5
[  704.796409][T13723] i2c i2c-3: Added multiplexed i2c bus 6
[  704.802806][T13723] cx231xx 5-1:0.1: cx231xx_dev_init: Failed to set Power - errCode [-71]!
[  704.834364][T13723] cx231xx 5-1:0.1: cx231xx_init_dev: cx231xx_i2c_register - errCode [-71]!
[  704.899083][T13723] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71
[  704.928027][T13723] usb 5-1: USB disconnect, device number 103
[  705.501830][T14179] FAULT_INJECTION: forcing a failure.
[  705.501830][T14179] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  705.592106][T14179] CPU: 0 UID: 0 PID: 14179 Comm: syz.4.2335 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  705.592140][T14179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  705.592155][T14179] Call Trace:
[  705.592164][T14179]  <TASK>
[  705.592175][T14179]  dump_stack_lvl+0x189/0x250
[  705.592210][T14179]  ? __lock_acquire+0xaac/0xd20
[  705.592244][T14179]  ? __pfx_dump_stack_lvl+0x10/0x10
[  705.592275][T14179]  ? __pfx__printk+0x10/0x10
[  705.592298][T14179]  ? __might_fault+0xb0/0x130
[  705.592338][T14179]  should_fail_ex+0x414/0x560
[  705.592366][T14179]  _copy_from_iter+0x1db/0x15a0
[  705.592402][T14179]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  705.592453][T14179]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  705.592484][T14179]  ? __pfx__copy_from_iter+0x10/0x10
[  705.592514][T14179]  ? __build_skb_around+0x257/0x3e0
[  705.592546][T14179]  ? netlink_sendmsg+0x642/0xb30
[  705.592570][T14179]  ? skb_put+0x11b/0x210
[  705.592603][T14179]  netlink_sendmsg+0x6b2/0xb30
[  705.592639][T14179]  ? __pfx_netlink_sendmsg+0x10/0x10
[  705.592669][T14179]  ? aa_sock_msg_perm+0x94/0x160
[  705.592696][T14179]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  705.592721][T14179]  ? __pfx_netlink_sendmsg+0x10/0x10
[  705.592749][T14179]  __sock_sendmsg+0x21c/0x270
[  705.592781][T14179]  ____sys_sendmsg+0x505/0x830
[  705.592817][T14179]  ? __pfx_____sys_sendmsg+0x10/0x10
[  705.592857][T14179]  ? import_iovec+0x74/0xa0
[  705.592892][T14179]  ___sys_sendmsg+0x21f/0x2a0
[  705.592924][T14179]  ? __pfx____sys_sendmsg+0x10/0x10
[  705.592993][T14179]  ? __fget_files+0x2a/0x420
[  705.593022][T14179]  ? __fget_files+0x3a0/0x420
[  705.593062][T14179]  __x64_sys_sendmsg+0x19b/0x260
[  705.593101][T14179]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  705.593150][T14179]  ? do_syscall_64+0xba/0x210
[  705.593183][T14179]  do_syscall_64+0xf6/0x210
[  705.593214][T14179]  ? clear_bhb_loop+0x60/0xb0
[  705.593241][T14179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.593263][T14179] RIP: 0033:0x7f96b798e969
[  705.593283][T14179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  705.593302][T14179] RSP: 002b:00007f96b888b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  705.593325][T14179] RAX: ffffffffffffffda RBX: 00007f96b7bb5fa0 RCX: 00007f96b798e969
[  705.593342][T14179] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  705.593355][T14179] RBP: 00007f96b888b090 R08: 0000000000000000 R09: 0000000000000000
[  705.593369][T14179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  705.593382][T14179] R13: 0000000000000000 R14: 00007f96b7bb5fa0 R15: 00007f96b7cdfa28
[  705.593415][T14179]  </TASK>
[  706.370562][ T5141] Bluetooth: hci0: command 0x0406 tx timeout
[  706.380986][ T5826] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  706.392955][ T5826] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  706.552617][T14196] openvswitch: netlink: Actions may not be safe on all matching packets
[  706.620272][T14196] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  707.826431][T14211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  707.886556][T14211] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  707.913431][T14211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  707.946181][T14211] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  707.976707][T14211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  707.986178][T14213] FAULT_INJECTION: forcing a failure.
[  707.986178][T14213] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  707.997203][T14211] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  708.042641][T14211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  708.056276][T14211] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  708.215681][T14213] CPU: 1 UID: 0 PID: 14213 Comm: syz.5.2344 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  708.215705][T14213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  708.215715][T14213] Call Trace:
[  708.215721][T14213]  <TASK>
[  708.215728][T14213]  dump_stack_lvl+0x189/0x250
[  708.215759][T14213]  ? __pfx_dump_stack_lvl+0x10/0x10
[  708.215782][T14213]  ? __pfx__printk+0x10/0x10
[  708.215807][T14213]  should_fail_ex+0x414/0x560
[  708.215827][T14213]  _copy_to_user+0x31/0xb0
[  708.215852][T14213]  simple_read_from_buffer+0xe1/0x170
[  708.215876][T14213]  proc_fail_nth_read+0x1df/0x250
[  708.215901][T14213]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  708.215927][T14213]  ? rw_verify_area+0x258/0x650
[  708.215944][T14213]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  708.215973][T14213]  vfs_read+0x200/0x980
[  708.215995][T14213]  ? __pfx___mutex_lock+0x10/0x10
[  708.216016][T14213]  ? __pfx_vfs_read+0x10/0x10
[  708.216035][T14213]  ? __fget_files+0x2a/0x420
[  708.216060][T14213]  ? __fget_files+0x3a0/0x420
[  708.216080][T14213]  ? __fget_files+0x2a/0x420
[  708.216107][T14213]  ksys_read+0x145/0x250
[  708.216127][T14213]  ? __pfx_ksys_read+0x10/0x10
[  708.216148][T14213]  ? do_syscall_64+0xba/0x210
[  708.216172][T14213]  do_syscall_64+0xf6/0x210
[  708.216193][T14213]  ? clear_bhb_loop+0x60/0xb0
[  708.216218][T14213]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.216234][T14213] RIP: 0033:0x7f090538d37c
[  708.216247][T14213] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  708.216261][T14213] RSP: 002b:00007f090616f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  708.216278][T14213] RAX: ffffffffffffffda RBX: 00007f09055b5fa0 RCX: 00007f090538d37c
[  708.216290][T14213] RDX: 000000000000000f RSI: 00007f090616f0a0 RDI: 0000000000000003
[  708.216300][T14213] RBP: 00007f090616f090 R08: 0000000000000000 R09: 0000000000000000
[  708.216310][T14213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  708.216319][T14213] R13: 0000000000000001 R14: 00007f09055b5fa0 R15: 00007f09056dfa28
[  708.216342][T14213]  </TASK>
[  708.696574][ T5141] Bluetooth: hci3: command 0x0406 tx timeout
[  708.761221][ T5826] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  708.873872][ T5826] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  709.764132][T14252] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2358'.
[  710.216678][T14258] loop6: detected capacity change from 0 to 128
[  710.953428][T14271] FAULT_INJECTION: forcing a failure.
[  710.953428][T14271] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  710.983410][T14271] CPU: 1 UID: 0 PID: 14271 Comm: syz.5.2365 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  710.983441][T14271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  710.983454][T14271] Call Trace:
[  710.983463][T14271]  <TASK>
[  710.983473][T14271]  dump_stack_lvl+0x189/0x250
[  710.983508][T14271]  ? __lock_acquire+0xaac/0xd20
[  710.983542][T14271]  ? __pfx_dump_stack_lvl+0x10/0x10
[  710.983572][T14271]  ? __pfx__printk+0x10/0x10
[  710.983593][T14271]  ? __might_fault+0xb0/0x130
[  710.983632][T14271]  should_fail_ex+0x414/0x560
[  710.983660][T14271]  _copy_from_user+0x2d/0xb0
[  710.983691][T14271]  ___sys_sendmsg+0x158/0x2a0
[  710.983724][T14271]  ? __pfx____sys_sendmsg+0x10/0x10
[  710.983798][T14271]  ? __might_fault+0xb0/0x130
[  710.983829][T14271]  __sys_sendmmsg+0x227/0x430
[  710.983863][T14271]  ? __pfx___sys_sendmmsg+0x10/0x10
[  710.983900][T14271]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  710.983945][T14271]  ? ksys_write+0x1f0/0x250
[  710.983968][T14271]  ? rcu_is_watching+0x15/0xb0
[  710.983996][T14271]  __x64_sys_sendmmsg+0xa0/0xc0
[  710.984027][T14271]  do_syscall_64+0xf6/0x210
[  710.984055][T14271]  ? clear_bhb_loop+0x60/0xb0
[  710.984080][T14271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  710.984100][T14271] RIP: 0033:0x7f090538e969
[  710.984119][T14271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  710.984137][T14271] RSP: 002b:00007f090616f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  710.984159][T14271] RAX: ffffffffffffffda RBX: 00007f09055b5fa0 RCX: 00007f090538e969
[  710.984183][T14271] RDX: 040000000000037c RSI: 0000200000002440 RDI: 0000000000000004
[  710.984198][T14271] RBP: 00007f090616f090 R08: 0000000000000000 R09: 0000000000000000
[  710.984211][T14271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  710.984223][T14271] R13: 0000000000000000 R14: 00007f09055b5fa0 R15: 00007f09056dfa28
[  710.984254][T14271]  </TASK>
[  711.181820][    C1] vkms_vblank_simulate: vblank timer overrun
[  711.325585][  T975] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  711.478317][  T975] usb 5-1: Using ep0 maxpacket: 32
[  711.497746][  T975] usb 5-1: config 0 has an invalid interface number: 85 but max is 0
[  711.517460][  T975] usb 5-1: config 0 has no interface number 0
[  711.523660][  T975] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  711.569905][T14284] FAULT_INJECTION: forcing a failure.
[  711.569905][T14284] name failslab, interval 1, probability 0, space 0, times 0
[  711.575990][  T975] usb 5-1: config 0 interface 85 has no altsetting 0
[  711.592935][T14284] CPU: 0 UID: 0 PID: 14284 Comm: syz.5.2370 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  711.592975][T14284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  711.592989][T14284] Call Trace:
[  711.592998][T14284]  <TASK>
[  711.593014][T14284]  dump_stack_lvl+0x189/0x250
[  711.593064][T14284]  ? __pfx_dump_stack_lvl+0x10/0x10
[  711.593096][T14284]  ? __pfx__printk+0x10/0x10
[  711.593123][T14284]  ? __pfx___might_resched+0x10/0x10
[  711.593150][T14284]  should_fail_ex+0x414/0x560
[  711.593179][T14284]  should_failslab+0xa8/0x100
[  711.593210][T14284]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  711.593240][T14284]  ? __alloc_skb+0x112/0x2d0
[  711.593272][T14284]  __alloc_skb+0x112/0x2d0
[  711.593304][T14284]  netlink_sendmsg+0x5c6/0xb30
[  711.593341][T14284]  ? __pfx_netlink_sendmsg+0x10/0x10
[  711.593371][T14284]  ? aa_sock_msg_perm+0x94/0x160
[  711.593398][T14284]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  711.593423][T14284]  ? __pfx_netlink_sendmsg+0x10/0x10
[  711.593451][T14284]  __sock_sendmsg+0x21c/0x270
[  711.593477][T14284]  ____sys_sendmsg+0x505/0x830
[  711.593514][T14284]  ? __pfx_____sys_sendmsg+0x10/0x10
[  711.593554][T14284]  ? import_iovec+0x74/0xa0
[  711.593589][T14284]  ___sys_sendmsg+0x21f/0x2a0
[  711.593622][T14284]  ? __pfx____sys_sendmsg+0x10/0x10
[  711.593690][T14284]  ? __fget_files+0x2a/0x420
[  711.593718][T14284]  ? __fget_files+0x3a0/0x420
[  711.593759][T14284]  __x64_sys_sendmsg+0x19b/0x260
[  711.593792][T14284]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  711.593840][T14284]  ? do_syscall_64+0xba/0x210
[  711.593873][T14284]  do_syscall_64+0xf6/0x210
[  711.593902][T14284]  ? clear_bhb_loop+0x60/0xb0
[  711.593929][T14284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  711.593950][T14284] RIP: 0033:0x7f090538e969
[  711.593981][T14284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  711.594000][T14284] RSP: 002b:00007f090616f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  711.594023][T14284] RAX: ffffffffffffffda RBX: 00007f09055b5fa0 RCX: 00007f090538e969
[  711.594040][T14284] RDX: 0000000020050800 RSI: 00002000000000c0 RDI: 0000000000000003
[  711.594054][T14284] RBP: 00007f090616f090 R08: 0000000000000000 R09: 0000000000000000
[  711.594068][T14284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  711.594082][T14284] R13: 0000000000000000 R14: 00007f09055b5fa0 R15: 00007f09056dfa28
[  711.594115][T14284]  </TASK>
[  711.622359][  T975] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  711.985810][T14294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  712.049458][T14294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  712.124113][T14294] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2372'.
[  712.133565][ T5826] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[  712.180649][T14294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  712.197402][T14294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  712.380218][ T5826] usb 3-1: config 0 has no interfaces?
[  712.403285][ T5826] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  712.415179][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.430837][ T5826] usb 3-1: Product: syz
[  712.435268][ T5826] usb 3-1: Manufacturer: syz
[  712.443484][ T5826] usb 3-1: SerialNumber: syz
[  712.463528][ T5826] usb 3-1: config 0 descriptor??
[  712.549929][  T975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.644575][  T975] usb 5-1: Product: syz
[  712.651632][  T975] usb 5-1: Manufacturer: syz
[  712.664865][  T975] usb 5-1: SerialNumber: syz
[  712.677488][  T975] usb 5-1: config 0 descriptor??
[  712.710807][T14291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  712.719979][T14291] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  712.730306][T14291] program syz.2.2371 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  713.303966][  T975] appletouch 5-1:0.85: Geyser mode initialized.
[  713.314957][  T975] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input35
[  713.519265][ T5826] usb 5-1: USB disconnect, device number 104
[  713.631390][ T5826] appletouch 5-1:0.85: input: appletouch disconnected
[  713.864910][T14301] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  714.706470][  T975] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  715.025975][  T975] usb 5-1: Using ep0 maxpacket: 32
[  715.061919][T14317] fuse: Bad value for 'fd'
[  715.120120][  T975] usb 5-1: unable to get BOS descriptor or descriptor too short
[  715.150645][  T975] usb 5-1: unable to read config index 0 descriptor/start: -71
[  715.165290][  T975] usb 5-1: can't read configurations, error -71
[  715.234278][T14323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  715.257566][T14323] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  715.666907][ T5826] usb 3-1: USB disconnect, device number 122
[  715.923811][T14331] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2384'.
[  715.969022][T14331] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2384'.
[  718.273204][T14349] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  718.299252][T14349] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  719.015551][ T5826] usb 3-1: new high-speed USB device number 123 using dummy_hcd
[  719.165578][ T5826] usb 3-1: Using ep0 maxpacket: 8
[  719.174117][ T5826] usb 3-1: config 127 has an invalid interface number: 171 but max is 1
[  719.183640][ T5826] usb 3-1: config 127 has no interface number 1
[  719.190458][ T5826] usb 3-1: config 127 interface 171 has no altsetting 0
[  719.206215][ T5826] usb 3-1: config 127 interface 0 has no altsetting 0
[  719.226733][ T5826] usb 3-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9
[  719.241239][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.258106][ T5826] usb 3-1: Product: syz
[  719.262512][ T5826] usb 3-1: Manufacturer: syz
[  719.268008][ T5826] usb 3-1: SerialNumber: syz
[  719.496727][ T5826] xr_serial 3-1:127.171: xr_serial converter detected
[  719.509910][ T5826] xr_serial ttyUSB0: Failed to set reg 0x1a: -71
[  719.518604][ T5826] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  719.527812][ T5914] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  719.546463][ T5826] usb 3-1: USB disconnect, device number 123
[  719.554001][ T5826] xr_serial 3-1:127.171: device disconnected
[  719.695494][ T5914] usb 5-1: Using ep0 maxpacket: 8
[  719.702579][ T5914] usb 5-1: config 32 has 1 interface, different from the descriptor's value: 2
[  719.711681][ T5914] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  719.721278][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.940159][ T5914] usb 5-1: string descriptor 0 read error: -71
[  719.999250][ T5914] usb 5-1: USB disconnect, device number 107
[  720.675524][  T975] usb 3-1: new high-speed USB device number 124 using dummy_hcd
[  720.851117][  T975] usb 3-1: config 0 has no interfaces?
[  720.882657][  T975] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  720.910783][  T975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  720.928919][  T975] usb 3-1: Product: syz
[  720.943251][  T975] usb 3-1: Manufacturer: syz
[  720.954089][  T975] usb 3-1: SerialNumber: syz
[  720.983630][  T975] usb 3-1: config 0 descriptor??
[  722.881004][T14393] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2404'.
[  723.776073][T14405] xt_bpf: check failed: parse error
[  724.307150][ T5914] usb 3-1: USB disconnect, device number 124
[  724.445872][T14419] input: syz1 as /devices/virtual/input/input36
[  725.524945][T14422] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  725.531501][T14422] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  725.586029][T14422] vhci_hcd vhci_hcd.0: Device attached
[  725.684535][T14424] vhci_hcd: connection closed
[  725.686358][   T13] vhci_hcd: stop threads
[  725.700039][   T13] vhci_hcd: release socket
[  725.724857][   T13] vhci_hcd: disconnect device
[  725.766133][ T5914] vhci_hcd: vhci_device speed not set
[  726.438194][T14447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  726.496476][T14447] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  726.951097][T14456] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2426'.
[  727.617107][T14473] Invalid logical block size (-16678)
[  727.748853][T14480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  727.831025][T14484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2438'.
[  727.847015][T14484] netlink: 312 bytes leftover after parsing attributes in process `syz.2.2438'.
[  727.932881][T14485] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2437'.
[  727.942619][T14480] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  728.384731][T14495] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2440'.
[  728.425683][T14495] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2440'.
[  728.434827][T14495] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2440'.
[  728.786789][T14495] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2440'.
[  728.917673][ T5914] IPVS: starting estimator thread 0...
[  729.006014][T14498] IPVS: using max 26 ests per chain, 62400 per kthread
[  729.198634][T14504] FAULT_INJECTION: forcing a failure.
[  729.198634][T14504] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  729.307647][T14504] CPU: 0 UID: 0 PID: 14504 Comm: syz.2.2442 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  729.307670][T14504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  729.307681][T14504] Call Trace:
[  729.307687][T14504]  <TASK>
[  729.307695][T14504]  dump_stack_lvl+0x189/0x250
[  729.307721][T14504]  ? __lock_acquire+0xaac/0xd20
[  729.307745][T14504]  ? __pfx_dump_stack_lvl+0x10/0x10
[  729.307768][T14504]  ? __pfx__printk+0x10/0x10
[  729.307783][T14504]  ? __might_fault+0xb0/0x130
[  729.307812][T14504]  should_fail_ex+0x414/0x560
[  729.307832][T14504]  _copy_from_iter+0x1db/0x15a0
[  729.307859][T14504]  ? policy_nodemask+0x27c/0x720
[  729.307879][T14504]  ? __pfx__copy_from_iter+0x10/0x10
[  729.307904][T14504]  ? set_page_refcounted+0xa0/0x1e0
[  729.307926][T14504]  ? page_copy_sane+0x4e/0x280
[  729.307947][T14504]  copy_page_from_iter+0x7b/0x100
[  729.307969][T14504]  tun_get_user+0x1b13/0x3c20
[  729.307996][T14504]  ? tun_get_user+0x687/0x3c20
[  729.308029][T14504]  ? __pfx_tun_get_user+0x10/0x10
[  729.308057][T14504]  ? aa_file_perm+0x11f/0xed0
[  729.308077][T14504]  ? aa_file_perm+0x3e7/0xed0
[  729.308105][T14504]  ? ref_tracker_alloc+0x318/0x460
[  729.308125][T14504]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  729.308146][T14504]  ? tun_get+0x1c/0x2f0
[  729.308172][T14504]  ? tun_get+0x1c/0x2f0
[  729.308193][T14504]  ? tun_get+0x1c/0x2f0
[  729.308219][T14504]  tun_chr_write_iter+0x113/0x200
[  729.308243][T14504]  vfs_write+0x54b/0xa90
[  729.308265][T14504]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  729.308293][T14504]  ? __pfx_vfs_write+0x10/0x10
[  729.308331][T14504]  ? __fget_files+0x2a/0x420
[  729.308372][T14504]  ksys_write+0x145/0x250
[  729.308402][T14504]  ? __pfx_ksys_write+0x10/0x10
[  729.308430][T14504]  ? do_syscall_64+0xba/0x210
[  729.308455][T14504]  do_syscall_64+0xf6/0x210
[  729.308476][T14504]  ? clear_bhb_loop+0x60/0xb0
[  729.308495][T14504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.308510][T14504] RIP: 0033:0x7fbb6678d41f
[  729.308523][T14504] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  729.308537][T14504] RSP: 002b:00007fbb6761c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  729.308553][T14504] RAX: ffffffffffffffda RBX: 00007fbb669b5fa0 RCX: 00007fbb6678d41f
[  729.308565][T14504] RDX: 0000000000000052 RSI: 00002000000004c0 RDI: 00000000000000c8
[  729.308575][T14504] RBP: 00007fbb6761c090 R08: 0000000000000000 R09: 0000000000000000
[  729.308584][T14504] R10: 0000000000000052 R11: 0000000000000293 R12: 0000000000000001
[  729.308594][T14504] R13: 0000000000000001 R14: 00007fbb669b5fa0 R15: 00007fbb66adfa28
[  729.308616][T14504]  </TASK>
[  729.579140][T14506] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2443'.
[  729.795237][T14512] FAULT_INJECTION: forcing a failure.
[  729.795237][T14512] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  729.898675][T14512] CPU: 1 UID: 0 PID: 14512 Comm: syz.2.2446 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  729.898707][T14512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  729.898721][T14512] Call Trace:
[  729.898743][T14512]  <TASK>
[  729.898753][T14512]  dump_stack_lvl+0x189/0x250
[  729.898789][T14512]  ? __lock_acquire+0xaac/0xd20
[  729.898824][T14512]  ? __pfx_dump_stack_lvl+0x10/0x10
[  729.898855][T14512]  ? __pfx__printk+0x10/0x10
[  729.898876][T14512]  ? __might_fault+0xb0/0x130
[  729.898916][T14512]  should_fail_ex+0x414/0x560
[  729.898944][T14512]  _copy_from_user+0x2d/0xb0
[  729.898975][T14512]  ___sys_sendmsg+0x158/0x2a0
[  729.899015][T14512]  ? __pfx____sys_sendmsg+0x10/0x10
[  729.899083][T14512]  ? __fget_files+0x2a/0x420
[  729.899111][T14512]  ? __fget_files+0x3a0/0x420
[  729.899151][T14512]  __x64_sys_sendmsg+0x19b/0x260
[  729.899184][T14512]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  729.899231][T14512]  ? do_syscall_64+0xba/0x210
[  729.899264][T14512]  do_syscall_64+0xf6/0x210
[  729.899293][T14512]  ? clear_bhb_loop+0x60/0xb0
[  729.899338][T14512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.899359][T14512] RIP: 0033:0x7fbb6678e969
[  729.899379][T14512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  729.899399][T14512] RSP: 002b:00007fbb6761c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  729.899423][T14512] RAX: ffffffffffffffda RBX: 00007fbb669b5fa0 RCX: 00007fbb6678e969
[  729.899440][T14512] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  729.899455][T14512] RBP: 00007fbb6761c090 R08: 0000000000000000 R09: 0000000000000000
[  729.899469][T14512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  729.899483][T14512] R13: 0000000000000000 R14: 00007fbb669b5fa0 R15: 00007fbb66adfa28
[  729.899515][T14512]  </TASK>
[  730.121362][T14510] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  730.130272][T14510] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  730.523280][T14518] tmpfs: Unknown parameter 'fÿ'
[  730.754302][   T12] IPVS: stop unused estimator thread 0...
[  731.540165][T14538] loop6: detected capacity change from 0 to 7
[  731.580936][T14538] Dev loop6: unable to read RDB block 7
[  731.605987][T14538]  loop6: AHDI p1 p2 p3 p4
[  731.632687][T14538] loop6: partition table partially beyond EOD, truncated
[  731.656170][T14538] loop6: p1 start 926365495 is beyond EOD, truncated
[  731.662934][T14538] loop6: p2 start 744947712 is beyond EOD, truncated
[  731.706295][T14538] loop6: p3 start 1886353253 is beyond EOD, truncated
[  732.088043][T14547] FAULT_INJECTION: forcing a failure.
[  732.088043][T14547] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  732.101962][T14547] CPU: 1 UID: 0 PID: 14547 Comm: syz.1.2460 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  732.101993][T14547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  732.102007][T14547] Call Trace:
[  732.102015][T14547]  <TASK>
[  732.102025][T14547]  dump_stack_lvl+0x189/0x250
[  732.102066][T14547]  ? __pfx_dump_stack_lvl+0x10/0x10
[  732.102099][T14547]  ? __pfx__printk+0x10/0x10
[  732.102125][T14547]  ? get_sigframe+0x596/0x7d0
[  732.102155][T14547]  should_fail_ex+0x414/0x560
[  732.102184][T14547]  _copy_to_user+0x31/0xb0
[  732.102218][T14547]  copy_siginfo_to_user+0x22/0xc0
[  732.102243][T14547]  x64_setup_rt_frame+0x777/0xd40
[  732.102289][T14547]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  732.102323][T14547]  arch_do_signal_or_restart+0x3e5/0x780
[  732.102349][T14547]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  732.102385][T14547]  ? local_irq_enable_exit_to_user+0x5/0x10
[  732.102424][T14547]  syscall_exit_to_user_mode+0x8b/0x120
[  732.102455][T14547]  do_syscall_64+0x103/0x210
[  732.102486][T14547]  ? clear_bhb_loop+0x60/0xb0
[  732.102513][T14547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.102535][T14547] RIP: 0033:0x7f8ae038e967
[  732.102555][T14547] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  732.102574][T14547] RSP: 002b:00007f8ae12c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  732.102598][T14547] RAX: 000000000000002f RBX: 00007f8ae05b5fa0 RCX: 00007f8ae038e969
[  732.102614][T14547] RDX: 0000000000001f00 RSI: 0000200000000500 RDI: 0000000000000006
[  732.102628][T14547] RBP: 00007f8ae12c7090 R08: 0000000000000000 R09: 0000000000000000
[  732.102642][T14547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  732.102656][T14547] R13: 0000000000000000 R14: 00007f8ae05b5fa0 R15: 00007f8ae06dfa28
[  732.102688][T14547]  </TASK>
[  732.786399][T14570] bridge0: port 3(veth0_to_bridge) entered blocking state
[  732.794060][T14570] bridge0: port 3(veth0_to_bridge) entered disabled state
[  732.802385][T14570] veth0_to_bridge: entered allmulticast mode
[  732.805959][ T5887] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  732.811126][T14570] veth0_to_bridge: entered promiscuous mode
[  732.941090][T14575] loop2: detected capacity change from 0 to 7
[  732.985212][T14575] Dev loop2: unable to read RDB block 7
[  732.995914][ T5887] usb 5-1: Using ep0 maxpacket: 16
[  733.017909][T14575]  loop2: unable to read partition table
[  733.023906][T14575] loop2: partition table beyond EOD, truncated
[  733.025670][ T5887] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  733.066546][T14575] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  733.069435][ T5887] usb 5-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  733.121890][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  733.139992][T14583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  733.154587][ T5887] usb 5-1: Product: syz
[  733.164928][ T5887] usb 5-1: Manufacturer: syz
[  733.176918][T14583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  733.184828][ T5887] usb 5-1: SerialNumber: syz
[  733.203099][ T5887] usb 5-1: config 0 descriptor??
[  733.219268][ T5887] mcba_usb 5-1:0.0: Can't find endpoints
[  733.738783][ T5201] Dev loop2: unable to read RDB block 7
[  733.744643][ T5201]  loop2: unable to read partition table
[  733.752754][ T5201] loop2: partition table beyond EOD, truncated
[  733.839720][T14593] fuse: Unknown parameter 'group_id00000000000000000000'
[  734.255974][ T5887] usb 3-1: new high-speed USB device number 125 using dummy_hcd
[  734.405739][ T5887] usb 3-1: Using ep0 maxpacket: 8
[  734.417924][ T5887] usb 3-1: config 135 has an invalid interface number: 230 but max is 0
[  734.432361][ T5887] usb 3-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  734.445096][ T5887] usb 3-1: config 135 has no interface number 0
[  734.452962][ T5887] usb 3-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  734.464915][ T5887] usb 3-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  734.479424][ T5887] usb 3-1: config 135 interface 230 has no altsetting 0
[  734.489870][ T5887] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  734.500622][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  734.510180][ T5887] usb 3-1: Product: syz
[  734.514561][ T5887] usb 3-1: Manufacturer: syz
[  734.523992][ T5887] usb 3-1: SerialNumber: syz
[  734.759558][T14595] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  734.786143][T14595] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  734.813530][ T5887] usb 3-1: USB disconnect, device number 125
[  734.931864][T14612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  734.941018][T14612] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  735.157611][T14612] netlink: 'syz.5.2482': attribute type 1 has an invalid length.
[  735.165808][T14612] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.2482'.
[  735.176910][T14612] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2482'.
[  735.477149][ T5826] usb 5-1: USB disconnect, device number 108
[  735.977520][ T5826] usb 3-1: new high-speed USB device number 126 using dummy_hcd
[  736.140728][T14627] fuse: Unknown parameter 'group_id00000000000000000000'
[  736.172107][ T5826] usb 3-1: config 0 has no interfaces?
[  736.259886][ T5826] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  736.294506][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  736.323491][ T5826] usb 3-1: Product: syz
[  736.345554][ T5826] usb 3-1: Manufacturer: syz
[  736.360340][ T5826] usb 3-1: SerialNumber: syz
[  736.380023][T14632] Invalid logical block size (65533)
[  736.433828][ T5826] usb 3-1: config 0 descriptor??
[  736.605835][ T5887] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  736.802394][ T5887] usb 5-1: Using ep0 maxpacket: 8
[  736.813638][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  737.188755][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  737.242160][ T5887] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  737.276128][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  737.314402][T14652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  737.330693][ T5887] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  737.346715][T14652] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  737.868138][ T5887] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  737.936198][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.976816][ T5887] usb 5-1: config 0 descriptor??
[  737.991473][T14630] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  738.421670][T14651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  738.440624][T14651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  738.553579][T14659] FAULT_INJECTION: forcing a failure.
[  738.553579][T14659] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  738.568576][T14659] CPU: 1 UID: 0 PID: 14659 Comm: syz.6.2499 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  738.568608][T14659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  738.568622][T14659] Call Trace:
[  738.568631][T14659]  <TASK>
[  738.568641][T14659]  dump_stack_lvl+0x189/0x250
[  738.568687][T14659]  ? __pfx_dump_stack_lvl+0x10/0x10
[  738.568719][T14659]  ? __pfx__printk+0x10/0x10
[  738.568753][T14659]  should_fail_ex+0x414/0x560
[  738.568782][T14659]  _copy_to_user+0x31/0xb0
[  738.568817][T14659]  simple_read_from_buffer+0xe1/0x170
[  738.568849][T14659]  proc_fail_nth_read+0x1df/0x250
[  738.568885][T14659]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  738.568921][T14659]  ? rw_verify_area+0x258/0x650
[  738.568945][T14659]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  738.568980][T14659]  vfs_read+0x200/0x980
[  738.569011][T14659]  ? __pfx___mutex_lock+0x10/0x10
[  738.569041][T14659]  ? __pfx_vfs_read+0x10/0x10
[  738.569068][T14659]  ? __fget_files+0x2a/0x420
[  738.569103][T14659]  ? __fget_files+0x3a0/0x420
[  738.569131][T14659]  ? __fget_files+0x2a/0x420
[  738.569169][T14659]  ksys_read+0x145/0x250
[  738.569194][T14659]  ? rcu_is_watching+0x15/0xb0
[  738.569217][T14659]  ? __pfx_ksys_read+0x10/0x10
[  738.569247][T14659]  ? do_syscall_64+0xba/0x210
[  738.569281][T14659]  do_syscall_64+0xf6/0x210
[  738.569312][T14659]  ? clear_bhb_loop+0x60/0xb0
[  738.569340][T14659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  738.569361][T14659] RIP: 0033:0x7f68b6d8d37c
[  738.569389][T14659] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  738.569409][T14659] RSP: 002b:00007f68b7b6a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  738.569433][T14659] RAX: ffffffffffffffda RBX: 00007f68b6fb5fa0 RCX: 00007f68b6d8d37c
[  738.569450][T14659] RDX: 000000000000000f RSI: 00007f68b7b6a0a0 RDI: 0000000000000003
[  738.569463][T14659] RBP: 00007f68b7b6a090 R08: 0000000000000000 R09: 0000000000000000
[  738.569477][T14659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  738.569491][T14659] R13: 0000000000000001 R14: 00007f68b6fb5fa0 R15: 00007f68b70dfa28
[  738.569525][T14659]  </TASK>
[  739.013650][T13723] usb 3-1: USB disconnect, device number 126
[  739.145165][T14663] fuse: Unknown parameter 'group_id00000000000000000000'
[  739.409932][   T30] audit: type=1326 audit(1747186154.680:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14664 comm="syz.6.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b6d2ab39 code=0x7ffc0000
[  739.488640][   T30] audit: type=1326 audit(1747186154.710:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14664 comm="syz.6.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b6d2ab39 code=0x7ffc0000
[  739.510929][    C1] vkms_vblank_simulate: vblank timer overrun
[  739.521944][   T30] audit: type=1326 audit(1747186154.710:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14664 comm="syz.6.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b6d2ab39 code=0x7ffc0000
[  739.544212][    C1] vkms_vblank_simulate: vblank timer overrun
[  739.571081][T13723] usb 5-1: USB disconnect, device number 109
[  739.582574][ T5141] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  739.637374][   T30] audit: type=1326 audit(1747186154.710:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14664 comm="syz.6.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b6d2ab39 code=0x7ffc0000
[  739.659644][    C1] vkms_vblank_simulate: vblank timer overrun
[  739.666476][   T30] audit: type=1326 audit(1747186154.710:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14664 comm="syz.6.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b6d2ab39 code=0x7ffc0000
[  739.689526][   T30] audit: type=1326 audit(1747186154.710:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14664 comm="syz.6.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b6d2ab39 code=0x7ffc0000
[  739.712409][   T30] audit: type=1326 audit(1747186154.710:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14664 comm="syz.6.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b6d2ab39 code=0x7ffc0000
[  739.829319][   T30] audit: type=1326 audit(1747186154.710:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14664 comm="syz.6.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b6d2ab39 code=0x7ffc0000
[  739.878742][   T30] audit: type=1326 audit(1747186154.710:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14664 comm="syz.6.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b6d2ab39 code=0x7ffc0000
[  739.902032][   T30] audit: type=1326 audit(1747186154.710:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14664 comm="syz.6.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b6d2ab39 code=0x7ffc0000
[  739.924356][    C1] vkms_vblank_simulate: vblank timer overrun
[  740.034450][T14679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  740.056166][T14679] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  740.600397][T13723] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  740.789278][T13723] usb 5-1: config 0 has no interfaces?
[  740.801119][T13723] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  740.810967][T13723] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.835091][T13723] usb 5-1: Product: syz
[  740.863436][T13723] usb 5-1: Manufacturer: syz
[  740.888506][T13723] usb 5-1: SerialNumber: syz
[  740.934562][T13723] usb 5-1: config 0 descriptor??
[  741.640017][T14699] fuse: Bad value for 'user_id'
[  741.644990][T14699] fuse: Bad value for 'user_id'
[  741.861205][T14702] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2514'.
[  742.208064][T13723] usb 3-1: new high-speed USB device number 127 using dummy_hcd
[  742.448222][T14710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  742.464185][T14710] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  742.486592][T13723] usb 3-1: Using ep0 maxpacket: 8
[  742.525871][T13723] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  742.579455][T13723] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  742.616980][T14710] netlink: 'syz.5.2517': attribute type 4 has an invalid length.
[  742.622663][T13723] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  742.666248][T14710] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2517'.
[  742.675543][T13723] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  742.675582][T13723] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  742.675630][T13723] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  742.675655][T13723] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  742.723669][T13723] usb 3-1: config 0 descriptor??
[  742.734877][T14710] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  742.771871][T14705] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  743.212409][T14716] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2518'.
[  744.056696][ T5826] usb 5-1: USB disconnect, device number 110
[  744.400304][T14739] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2521'.
[  744.845734][ T5141] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  744.870321][ T5887] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[  745.041942][T13723] usb 3-1: USB disconnect, device number 127
[  745.066753][ T5887] usb 5-1: Using ep0 maxpacket: 8
[  745.083567][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  745.177431][ T5887] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  745.207700][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  745.269968][ T5887] usb 5-1: config 0 descriptor??
[  745.512995][ T5887] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  745.826391][T14748] fuse: Bad value for 'user_id'
[  745.831324][T14748] fuse: Bad value for 'user_id'
[  745.979280][T14754] netlink: 'syz.1.2528': attribute type 4 has an invalid length.
[  746.395553][ T5887] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  746.529375][T14768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  746.548478][T14768] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  746.627450][T14769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  746.645077][T14769] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  746.691613][T14769] fuse: Bad value for 'fd'
[  746.708750][ T5887] usb 3-1: config 36 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 192, changing to 11
[  746.753910][ T5887] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  746.763168][ T5887] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  746.785431][ T5887] usb 3-1: Manufacturer: syz
[  746.795951][ T5887] usb 3-1: SerialNumber: syz
[  747.157702][T14757] 8021q: adding VLAN 0 to HW filter on device bond0
[  747.174150][T14757] 8021q: adding VLAN 0 to HW filter on device team0
[  747.218778][T14757] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  747.250337][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  747.256704][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  747.433287][T13723] usb 5-1: USB disconnect, device number 111
[  747.885669][T13723] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[  748.035515][T13723] usb 5-1: Using ep0 maxpacket: 32
[  748.044118][T13723] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  748.053657][T13723] usb 5-1: config 0 has no interface number 0
[  748.078594][T13723] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  748.171721][T13723] usb 5-1: config 0 interface 1 has no altsetting 0
[  748.222954][T13723] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  748.334421][T13723] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  748.419112][T13723] usb 5-1: Product: syz
[  748.449108][T13723] usb 5-1: Manufacturer: syz
[  748.471115][T13723] usb 5-1: SerialNumber: syz
[  748.514286][T13723] usb 5-1: config 0 descriptor??
[  748.783643][T13723] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  748.831448][T13723] cx231xx 5-1:0.1: Failed to read PCB config
[  748.872082][T13723] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71
[  748.948225][T13723] usb 5-1: USB disconnect, device number 112
[  749.178868][ T5887] usbhid 3-1:36.0: couldn't find an input interrupt endpoint
[  749.202693][ T5887] usb 3-1: USB disconnect, device number 2
[  749.835716][T13723] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[  749.855794][T14784] fuse: Bad value for 'user_id'
[  749.860718][T14784] fuse: Bad value for 'user_id'
[  750.025639][T13723] usb 5-1: Using ep0 maxpacket: 32
[  750.061823][T13723] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  750.081721][T13723] usb 5-1: config 0 has no interface number 0
[  750.101933][T13723] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  750.130007][T13723] usb 5-1: config 0 interface 1 has no altsetting 0
[  750.169335][T13723] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  750.188926][T13723] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  750.223097][T13723] usb 5-1: Product: syz
[  750.232426][T13723] usb 5-1: Manufacturer: syz
[  750.247642][T14794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  750.258180][T13723] usb 5-1: SerialNumber: syz
[  750.264612][   T30] kauditd_printk_skb: 925 callbacks suppressed
[  750.264631][   T30] audit: type=1326 audit(1747186165.510:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14785 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ae038e969 code=0x7ffc0000
[  750.274186][T14794] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  750.317366][T13723] usb 5-1: config 0 descriptor??
[  750.374106][   T30] audit: type=1326 audit(1747186165.510:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14785 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ae038e969 code=0x7ffc0000
[  750.447488][   T30] audit: type=1326 audit(1747186165.510:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14785 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ae038e969 code=0x7ffc0000
[  750.502629][   T30] audit: type=1326 audit(1747186165.510:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14785 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8ae038e969 code=0x7ffc0000
[  750.526039][   T30] audit: type=1326 audit(1747186165.510:1154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14785 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ae038e969 code=0x7ffc0000
[  750.556140][   T30] audit: type=1326 audit(1747186165.510:1155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14785 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f8ae038e969 code=0x7ffc0000
[  750.563280][T14802] FAULT_INJECTION: forcing a failure.
[  750.563280][T14802] name failslab, interval 1, probability 0, space 0, times 0
[  750.615907][T13723] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  750.626716][T13723] cx231xx 5-1:0.1: Identified as Conexant Hybrid TV - RDU253S (card=4)
[  750.639907][   T30] audit: type=1326 audit(1747186165.570:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14785 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ae038e969 code=0x7ffc0000
[  750.734778][T14802] CPU: 0 UID: 0 PID: 14802 Comm: syz.1.2545 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  750.734810][T14802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  750.734825][T14802] Call Trace:
[  750.734835][T14802]  <TASK>
[  750.734844][T14802]  dump_stack_lvl+0x189/0x250
[  750.734885][T14802]  ? __pfx_dump_stack_lvl+0x10/0x10
[  750.734931][T14802]  ? __pfx__printk+0x10/0x10
[  750.734960][T14802]  ? __pfx___might_resched+0x10/0x10
[  750.734980][T14802]  ? fs_reclaim_acquire+0x7d/0x100
[  750.735017][T14802]  should_fail_ex+0x414/0x560
[  750.735044][T14802]  should_failslab+0xa8/0x100
[  750.735077][T14802]  __kmalloc_cache_noprof+0x70/0x3d0
[  750.735104][T14802]  ? rtm_new_nexthop+0x26e4/0x7e40
[  750.735138][T14802]  rtm_new_nexthop+0x26e4/0x7e40
[  750.735166][T14802]  ? __dev_queue_xmit+0x1adf/0x3a70
[  750.735199][T14802]  ? netlink_unicast+0x72f/0x8d0
[  750.735220][T14802]  ? netlink_sendmsg+0x805/0xb30
[  750.735243][T14802]  ? __sock_sendmsg+0x21c/0x270
[  750.735264][T14802]  ? do_syscall_64+0xf6/0x210
[  750.735292][T14802]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.735324][T14802]  ? __pfx_rtm_new_nexthop+0x10/0x10
[  750.735377][T14802]  ? kasan_quarantine_put+0xdd/0x220
[  750.735405][T14802]  ? lockdep_hardirqs_on+0x9c/0x150
[  750.735438][T14802]  ? nlmon_xmit+0xb0/0x100
[  750.735468][T14802]  ? kmem_cache_free+0x192/0x3f0
[  750.735505][T14802]  ? __local_bh_enable_ip+0x12d/0x1c0
[  750.735527][T14802]  ? lockdep_hardirqs_on+0x9c/0x150
[  750.735555][T14802]  ? __local_bh_enable_ip+0x12d/0x1c0
[  750.735599][T14802]  ? __lock_acquire+0xaac/0xd20
[  750.735657][T14802]  ? __pfx_rtm_new_nexthop+0x10/0x10
[  750.735685][T14802]  rtnetlink_rcv_msg+0x7cc/0xb70
[  750.735715][T14802]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  750.735739][T14802]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  750.735769][T14802]  ? ref_tracker_free+0x63a/0x7d0
[  750.735791][T14802]  ? __copy_skb_header+0xa7/0x550
[  750.735832][T14802]  netlink_rcv_skb+0x21c/0x490
[  750.735858][T14802]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  750.735885][T14802]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  750.735952][T14802]  ? netlink_deliver_tap+0x2e/0x1b0
[  750.735978][T14802]  ? netlink_deliver_tap+0x2e/0x1b0
[  750.736009][T14802]  netlink_unicast+0x758/0x8d0
[  750.736043][T14802]  netlink_sendmsg+0x805/0xb30
[  750.736079][T14802]  ? __pfx_netlink_sendmsg+0x10/0x10
[  750.736109][T14802]  ? aa_sock_msg_perm+0x94/0x160
[  750.736138][T14802]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  750.736164][T14802]  ? __pfx_netlink_sendmsg+0x10/0x10
[  750.736192][T14802]  __sock_sendmsg+0x21c/0x270
[  750.736218][T14802]  ____sys_sendmsg+0x505/0x830
[  750.736255][T14802]  ? __pfx_____sys_sendmsg+0x10/0x10
[  750.736294][T14802]  ? ___sys_sendmsg+0x205/0x2a0
[  750.736332][T14802]  ___sys_sendmsg+0x21f/0x2a0
[  750.736365][T14802]  ? __pfx____sys_sendmsg+0x10/0x10
[  750.736437][T14802]  ? __fget_files+0x2a/0x420
[  750.736466][T14802]  ? __fget_files+0x3a0/0x420
[  750.736507][T14802]  __x64_sys_sendmsg+0x19b/0x260
[  750.736541][T14802]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  750.736592][T14802]  ? do_syscall_64+0xba/0x210
[  750.736624][T14802]  do_syscall_64+0xf6/0x210
[  750.736652][T14802]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  750.736674][T14802]  ? clear_bhb_loop+0x60/0xb0
[  750.736698][T14802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.736719][T14802] RIP: 0033:0x7f8ae038e969
[  750.736739][T14802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  750.736759][T14802] RSP: 002b:00007f8ae12c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  750.736783][T14802] RAX: ffffffffffffffda RBX: 00007f8ae05b5fa0 RCX: 00007f8ae038e969
[  750.736799][T14802] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  750.736813][T14802] RBP: 00007f8ae12c7090 R08: 0000000000000000 R09: 0000000000000000
[  750.736827][T14802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  750.736841][T14802] R13: 0000000000000000 R14: 00007f8ae05b5fa0 R15: 00007f8ae06dfa28
[  750.736874][T14802]  </TASK>
[  750.737710][   T30] audit: type=1326 audit(1747186165.570:1157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14785 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ae038e969 code=0x7ffc0000
[  750.945805][ T5840] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  750.982409][T13723] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --110
[  751.508115][ T5840] usb 3-1: config 0 has no interfaces?
[  751.521794][   T30] audit: type=1326 audit(1747186165.580:1158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14796 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8ae03c1225 code=0x7ffc0000
[  751.570710][ T5840] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  751.581992][ T5840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  751.593338][ T5840] usb 3-1: Product: syz
[  751.632173][ T5840] usb 3-1: Manufacturer: syz
[  751.689890][   T30] audit: type=1326 audit(1747186165.580:1159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14785 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f8ae038e969 code=0x7ffc0000
[  751.694605][ T5840] usb 3-1: SerialNumber: syz
[  751.746463][T13723] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --71
[  751.755682][T13723] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --71
[  751.774004][T13723] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --71
[  751.784569][T13723] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --71
[  751.823783][ T5840] usb 3-1: config 0 descriptor??
[  751.841709][T13723] cx231xx 5-1:0.1: Failed to set devmode to analog: error: -71
[  751.977240][T13723] i2c i2c-3: Added multiplexed i2c bus 5
[  752.005108][T14815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  752.015263][T13723] i2c i2c-3: Added multiplexed i2c bus 6
[  752.033510][T13723] cx231xx 5-1:0.1: cx231xx_dev_init: Failed to set Power - errCode [-71]!
[  752.066594][T13723] cx231xx 5-1:0.1: cx231xx_init_dev: cx231xx_i2c_register - errCode [-71]!
[  752.263616][T14815] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  752.799115][T13723] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71
[  752.976025][T13723] usb 5-1: USB disconnect, device number 113
[  753.258529][T14811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  753.281954][T14811] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  753.575825][T13723] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  753.620439][ T5887] usb 3-1: USB disconnect, device number 3
[  753.697465][T14825] fuse: Bad value for 'fd'
[  753.735584][T13723] usb 5-1: Using ep0 maxpacket: 32
[  753.744191][T13723] usb 5-1: unable to get BOS descriptor or descriptor too short
[  753.755158][T13723] usb 5-1: config 6 has an invalid interface number: 66 but max is 0
[  753.764269][T13723] usb 5-1: config 6 has no interface number 0
[  753.771639][T13723] usb 5-1: config 6 interface 66 has no altsetting 0
[  753.808770][T13723] usb 5-1: New USB device found, idVendor=0499, idProduct=1006, bcdDevice=d6.95
[  753.843211][T13723] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  753.864634][T13723] usb 5-1: Product: syz
[  753.871852][T13723] usb 5-1: Manufacturer: syz
[  753.900901][T13723] usb 5-1: SerialNumber: syz
[  754.211679][T14829] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  754.313469][T14819] fuse: Bad value for 'fd'
[  754.412088][T13723] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  754.499672][T13723] snd-usb-audio 5-1:6.66: probe with driver snd-usb-audio failed with error -2
[  754.531154][T13723] usb 5-1: USB disconnect, device number 114
[  754.672373][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:6.66/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  754.689826][ T5840] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  755.016138][ T5840] usb 3-1: config index 0 descriptor too short (expected 63524, got 36)
[  755.024972][ T5840] usb 3-1: config 227 has too many interfaces: 94, using maximum allowed: 32
[  755.034457][ T5840] usb 3-1: config 227 has an invalid descriptor of length 37, skipping remainder of the config
[  755.055274][ T5840] usb 3-1: config 227 has 0 interfaces, different from the descriptor's value: 94
[  755.078133][T14839] warn_alloc: 1 callbacks suppressed
[  755.078148][T14839] syz.5.2557: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  755.121581][ T5840] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  755.133229][ T5840] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  755.145771][T14839] CPU: 0 UID: 0 PID: 14839 Comm: syz.5.2557 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  755.145805][T14839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  755.145819][T14839] Call Trace:
[  755.145829][T14839]  <TASK>
[  755.145839][T14839]  dump_stack_lvl+0x189/0x250
[  755.145881][T14839]  ? __pfx_dump_stack_lvl+0x10/0x10
[  755.145913][T14839]  ? __pfx__printk+0x10/0x10
[  755.145936][T14839]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  755.145960][T14839]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  755.145986][T14839]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  755.146014][T14839]  warn_alloc+0x214/0x310
[  755.146055][T14839]  ? __pfx_warn_alloc+0x10/0x10
[  755.146087][T14839]  ? kasan_save_track+0x4f/0x80
[  755.146113][T14839]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  755.146140][T14839]  ? xskq_create+0x56/0x170
[  755.146167][T14839]  ? __x64_sys_setsockopt+0x18b/0x220
[  755.146194][T14839]  ? do_syscall_64+0xf6/0x210
[  755.146223][T14839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  755.146258][T14839]  __vmalloc_node_range_noprof+0x125/0x12c0
[  755.146322][T14839]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  755.146353][T14839]  ? xskq_create+0x56/0x170
[  755.146393][T14839]  ? __kasan_kmalloc+0x93/0xb0
[  755.146427][T14839]  vmalloc_user_noprof+0x74/0x80
[  755.146459][T14839]  ? xskq_create+0xbf/0x170
[  755.146484][T14839]  xskq_create+0xbf/0x170
[  755.146514][T14839]  xsk_init_queue+0xb0/0x110
[  755.146543][T14839]  xsk_setsockopt+0x43f/0x710
[  755.146570][T14839]  ? __pfx_xsk_setsockopt+0x10/0x10
[  755.146608][T14839]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  755.146634][T14839]  ? __pfx_xsk_setsockopt+0x10/0x10
[  755.146661][T14839]  do_sock_setsockopt+0x25a/0x3e0
[  755.146693][T14839]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  755.146720][T14839]  ? __fget_files+0x2a/0x420
[  755.146755][T14839]  ? __fget_files+0x3a0/0x420
[  755.146783][T14839]  ? __fget_files+0x2a/0x420
[  755.146822][T14839]  __x64_sys_setsockopt+0x18b/0x220
[  755.146859][T14839]  do_syscall_64+0xf6/0x210
[  755.146889][T14839]  ? clear_bhb_loop+0x60/0xb0
[  755.146917][T14839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  755.146938][T14839] RIP: 0033:0x7f090538e969
[  755.146957][T14839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  755.146977][T14839] RSP: 002b:00007f090614e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  755.147001][T14839] RAX: ffffffffffffffda RBX: 00007f09055b6080 RCX: 00007f090538e969
[  755.147018][T14839] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007
[  755.147032][T14839] RBP: 00007f0905410ab1 R08: 0000000000000052 R09: 0000000000000000
[  755.147046][T14839] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  755.147060][T14839] R13: 0000000000000000 R14: 00007f09055b6080 R15: 00007f09056dfa28
[  755.147093][T14839]  </TASK>
[  755.147170][T14839] Mem-Info:
[  755.506686][T14839] active_anon:56720 inactive_anon:1 isolated_anon:0
[  755.506686][T14839]  active_file:19250 inactive_file:40162 isolated_file:0
[  755.506686][T14839]  unevictable:768 dirty:192 writeback:25
[  755.506686][T14839]  slab_reclaimable:10745 slab_unreclaimable:115867
[  755.506686][T14839]  mapped:31995 shmem:46170 pagetables:1513
[  755.506686][T14839]  sec_pagetables:0 bounce:0
[  755.506686][T14839]  kernel_misc_reclaimable:0
[  755.506686][T14839]  free:1241368 free_pcp:5926 free_cma:0
[  755.689663][T14839] Node 0 active_anon:227288kB inactive_anon:4kB active_file:76888kB inactive_file:160444kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127912kB dirty:744kB writeback:0kB shmem:183144kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12220kB pagetables:6008kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  755.726816][T14839] Node 1 active_anon:0kB inactive_anon:0kB active_file:112kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:68kB dirty:24kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  755.765781][T14839] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  755.801288][T14839] lowmem_reserve[]: 0 2504 2504 2504 2504
[  755.821725][T14839] Node 0 DMA32 free:1061248kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:227480kB inactive_anon:4kB active_file:76888kB inactive_file:160344kB unevictable:1536kB writepending:744kB present:3129332kB managed:2564128kB mlocked:0kB bounce:0kB free_pcp:12208kB local_pcp:3896kB free_cma:0kB
[  755.877117][T14834] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2554'.
[  755.901878][T14834] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2554'.
[  755.955776][T14839] lowmem_reserve[]: 0 0 0 0 0
[  755.984808][T14839] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:100kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  756.085935][T14839] lowmem_reserve[]: 0 0 0 0 0
[  756.103042][T14839] Node 1 Normal free:3905016kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:112kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:4032kB local_pcp:3684kB free_cma:0kB
[  756.309614][T14839] lowmem_reserve[]: 0 0 0 0 0
[  756.352782][T14839] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  756.432770][T14839] Node 0 DMA32: 1501*4kB (UME) 775*8kB (UME) 633*16kB (UME) 261*32kB (UME) 288*64kB (UME) 138*128kB (UM) 98*256kB (UME) 71*512kB (UME) 55*1024kB (UME) 21*2048kB (UME) 211*4096kB (UM) = 1091804kB
[  756.473641][T14839] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  756.519391][T14839] Node 1 Normal: 214*4kB (UM) 66*8kB (UME) 47*16kB (UME) 187*32kB (UME) 95*64kB (UME) 35*128kB (UME) 17*256kB (UM) 10*512kB (UME) 4*1024kB (UM) 5*2048kB (UE) 943*4096kB (M) = 3905016kB
[  756.613545][T14839] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  756.652675][T14839] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  756.810205][T14839] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  756.832901][T14839] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  756.857158][T14839] 105581 total pagecache pages
[  756.862224][T14839] 1 pages in swap cache
[  756.871637][T14839] Free swap  = 124992kB
[  756.878150][T14860] netlink: 'syz.1.2561': attribute type 1 has an invalid length.
[  756.892983][T14839] Total swap = 124996kB
[  756.901723][T14839] 2097051 pages RAM
[  757.030206][T14839] 0 pages HighMem/MovableOnly
[  757.105930][T14839] 424361 pages reserved
[  757.127153][T14839] 0 pages cma reserved
[  757.137155][ T5840] usb 3-1: string descriptor 0 read error: -71
[  757.146270][ T5840] usb 3-1: USB disconnect, device number 4
[  757.254714][T14869] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2563'.
[  757.281625][T14863] 8021q: adding VLAN 0 to HW filter on device bond2
[  757.367205][T14860] veth3: entered promiscuous mode
[  757.390325][T14860] bond2: (slave veth3): Enslaving as a backup interface with a down link
[  757.663771][T14878] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  757.696367][T14878] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  757.828251][T14882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  757.851599][T14882] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  759.911456][T14907] FAULT_INJECTION: forcing a failure.
[  759.911456][T14907] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  759.925155][T14907] CPU: 1 UID: 0 PID: 14907 Comm: syz.2.2573 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  759.925186][T14907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  759.925208][T14907] Call Trace:
[  759.925218][T14907]  <TASK>
[  759.925227][T14907]  dump_stack_lvl+0x189/0x250
[  759.925264][T14907]  ? __lock_acquire+0xaac/0xd20
[  759.925299][T14907]  ? __pfx_dump_stack_lvl+0x10/0x10
[  759.925332][T14907]  ? __pfx__printk+0x10/0x10
[  759.925354][T14907]  ? __might_fault+0xb0/0x130
[  759.925400][T14907]  should_fail_ex+0x414/0x560
[  759.925429][T14907]  _copy_from_user+0x2d/0xb0
[  759.925461][T14907]  core_sys_select+0x4d2/0x990
[  759.925501][T14907]  ? __pfx_core_sys_select+0x10/0x10
[  759.925554][T14907]  ? __pfx_set_user_sigmask+0x10/0x10
[  759.925589][T14907]  __se_sys_pselect6+0x27a/0x300
[  759.925624][T14907]  ? __pfx___se_sys_pselect6+0x10/0x10
[  759.925661][T14907]  ? __x64_sys_pselect6+0x21/0xf0
[  759.925693][T14907]  do_syscall_64+0xf6/0x210
[  759.925724][T14907]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  759.925746][T14907]  ? clear_bhb_loop+0x60/0xb0
[  759.925773][T14907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  759.925796][T14907] RIP: 0033:0x7fbb6678e969
[  759.925815][T14907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  759.925835][T14907] RSP: 002b:00007fbb675fb038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  759.925858][T14907] RAX: ffffffffffffffda RBX: 00007fbb669b6080 RCX: 00007fbb6678e969
[  759.925876][T14907] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000040
[  759.925890][T14907] RBP: 00007fbb675fb090 R08: 0000000000000000 R09: 0000000000000000
[  759.925904][T14907] R10: 0000200000000680 R11: 0000000000000246 R12: 0000000000000001
[  759.925918][T14907] R13: 0000000000000001 R14: 00007fbb669b6080 R15: 00007fbb66adfa28
[  759.925952][T14907]  </TASK>
[  760.989290][T14920] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2577'.
[  761.067306][T14922] netlink: 6 bytes leftover after parsing attributes in process `syz.2.2578'.
[  761.365546][ T5840] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  761.515683][ T5840] usb 3-1: Using ep0 maxpacket: 8
[  761.527531][ T5840] usb 3-1: config 135 has an invalid interface number: 230 but max is 0
[  761.536797][ T5840] usb 3-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  761.548212][ T5840] usb 3-1: config 135 has no interface number 0
[  761.554535][ T5840] usb 3-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  761.568989][ T5840] usb 3-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  761.582760][ T5840] usb 3-1: config 135 interface 230 has no altsetting 0
[  761.594643][ T5840] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  761.604176][ T5840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.617836][ T5840] usb 3-1: Product: syz
[  761.622056][ T5840] usb 3-1: Manufacturer: syz
[  761.631546][ T5840] usb 3-1: SerialNumber: syz
[  761.675518][ T5826] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[  761.847047][ T5826] usb 5-1: Using ep0 maxpacket: 8
[  761.887791][ T5840] usb 3-1: USB disconnect, device number 5
[  761.898953][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  761.921692][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  761.939493][T14935] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  761.953609][T14935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  761.963005][T14935] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  762.002136][ T5826] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  762.113013][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  762.182847][T14938] xt_bpf: check failed: parse error
[  762.185790][ T5826] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  762.281378][ T5826] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  762.293232][ T5826] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.310680][ T5826] usb 5-1: config 0 descriptor??
[  762.321800][T14929] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22
[  762.589970][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  762.589984][   T30] audit: type=1326 audit(1747186177.860:1165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14942 comm="syz.2.2584" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb6678e969 code=0x0
[  764.378992][ T5141] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  764.489834][ T5887] usb 5-1: USB disconnect, device number 115
[  766.117140][T14967] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2589'.
[  766.137135][T14967] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2589'.
[  766.581100][T14974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  766.646257][T14974] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  768.055310][T14991] FAULT_INJECTION: forcing a failure.
[  768.055310][T14991] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  768.182975][T14991] CPU: 1 UID: 0 PID: 14991 Comm: syz.4.2598 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  768.183009][T14991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  768.183019][T14991] Call Trace:
[  768.183026][T14991]  <TASK>
[  768.183034][T14991]  dump_stack_lvl+0x189/0x250
[  768.183063][T14991]  ? __pfx_dump_stack_lvl+0x10/0x10
[  768.183086][T14991]  ? __pfx__printk+0x10/0x10
[  768.183104][T14991]  ? fs_reclaim_acquire+0x7d/0x100
[  768.183140][T14991]  should_fail_ex+0x414/0x560
[  768.183160][T14991]  prepare_alloc_pages+0x213/0x610
[  768.183190][T14991]  __alloc_frozen_pages_noprof+0x123/0x370
[  768.183209][T14991]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  768.183231][T14991]  ? policy_nodemask+0x27c/0x720
[  768.183256][T14991]  alloc_pages_mpol+0x232/0x4a0
[  768.183281][T14991]  alloc_pages_noprof+0xa9/0x190
[  768.183304][T14991]  get_free_pages_noprof+0xc/0x30
[  768.183318][T14991]  kasan_populate_vmalloc_pte+0x3a/0x100
[  768.183338][T14991]  __apply_to_page_range+0x7ce/0xd20
[  768.183361][T14991]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  768.183384][T14991]  ? __pfx___apply_to_page_range+0x10/0x10
[  768.183404][T14991]  ? do_raw_spin_unlock+0x122/0x240
[  768.183427][T14991]  alloc_vmap_area+0x1e09/0x24d0
[  768.183464][T14991]  ? __pfx_alloc_vmap_area+0x10/0x10
[  768.183485][T14991]  ? __kasan_kmalloc+0x93/0xb0
[  768.183505][T14991]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  768.183526][T14991]  ? __get_vm_area_node+0x13f/0x300
[  768.183547][T14991]  ? htab_map_alloc+0x3e9/0xbe0
[  768.183561][T14991]  __get_vm_area_node+0x1f8/0x300
[  768.183587][T14991]  __vmalloc_node_range_noprof+0x2f1/0x12c0
[  768.183611][T14991]  ? htab_map_alloc+0x3e9/0xbe0
[  768.183624][T14991]  ? pcpu_memcg_post_alloc_hook+0x131/0x700
[  768.183650][T14991]  ? __pfx_pcpu_memcg_post_alloc_hook+0x10/0x10
[  768.183680][T14991]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  768.183706][T14991]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  768.183744][T14991]  ? pcpu_alloc_noprof+0xfdb/0x16b0
[  768.183780][T14991]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  768.183824][T14991]  bpf_map_area_alloc+0xf1/0x120
[  768.183857][T14991]  ? htab_map_alloc+0x3e9/0xbe0
[  768.183876][T14991]  htab_map_alloc+0x3e9/0xbe0
[  768.183901][T14991]  ? htab_map_alloc_check+0x35c/0x440
[  768.183926][T14991]  map_create+0x903/0x1150
[  768.183960][T14991]  ? security_bpf+0x7e/0x300
[  768.183986][T14991]  __sys_bpf+0x67e/0x860
[  768.184017][T14991]  ? __pfx___sys_bpf+0x10/0x10
[  768.184060][T14991]  ? ksys_write+0x1f0/0x250
[  768.184085][T14991]  ? rcu_is_watching+0x15/0xb0
[  768.184118][T14991]  __x64_sys_bpf+0x7c/0x90
[  768.184151][T14991]  do_syscall_64+0xf6/0x210
[  768.184183][T14991]  ? clear_bhb_loop+0x60/0xb0
[  768.184210][T14991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  768.184232][T14991] RIP: 0033:0x7f96b798e969
[  768.184251][T14991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  768.184271][T14991] RSP: 002b:00007f96b888b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  768.184295][T14991] RAX: ffffffffffffffda RBX: 00007f96b7bb5fa0 RCX: 00007f96b798e969
[  768.184311][T14991] RDX: 0000000000000050 RSI: 0000200000000200 RDI: 0000000000000000
[  768.184327][T14991] RBP: 00007f96b888b090 R08: 0000000000000000 R09: 0000000000000000
[  768.184341][T14991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  768.184355][T14991] R13: 0000000000000001 R14: 00007f96b7bb5fa0 R15: 00007f96b7cdfa28
[  768.184389][T14991]  </TASK>
[  769.000261][T14992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  769.012342][T14992] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  769.103622][T14998] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2601'.
[  769.129223][T14998] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2601'.
[  769.151012][T14998] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2601'.
[  769.170325][T14998] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2601'.
[  769.509445][T15013] netlink: 324 bytes leftover after parsing attributes in process `syz.4.2605'.
[  769.845821][T13723] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[  769.995499][T13723] usb 5-1: Using ep0 maxpacket: 8
[  770.002456][T13723] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  770.010455][T13723] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  770.021924][T13723] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0x5F, changing to 0xF
[  770.033742][T13723] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  770.052428][T13723] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  770.063675][T13723] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  770.071811][T13723] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  770.083164][T13723] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0x5F, changing to 0xF
[  770.094786][T13723] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  770.106147][T13723] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  770.117237][T13723] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  770.124692][T13723] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  770.136811][T13723] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0x5F, changing to 0xF
[  770.153586][T13723] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  770.178064][T13723] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  770.219286][T13723] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  770.228930][T13723] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  770.244683][T13723] usb 5-1: Product: syz
[  770.262950][T13723] usb 5-1: Manufacturer: syz
[  770.279481][T13723] usb 5-1: SerialNumber: syz
[  770.426892][T15020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  770.441656][T15020] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  770.524974][T13723] adutux 5-1:168.0: interrupt endpoints not found
[  770.560100][T13723] usb 5-1: USB disconnect, device number 116
[  770.681993][T15029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  770.692677][T15029] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  771.341535][T15035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  771.352825][T15035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  771.384937][T15035] fuse: Bad value for 'fd'
[  772.995806][ T5887] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[  773.135790][ T5887] usb 5-1: device descriptor read/64, error -71
[  773.375514][ T5887] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[  773.555790][ T5887] usb 5-1: device descriptor read/64, error -71
[  773.676967][ T5887] usb usb5-port1: attempt power cycle
[  774.015545][ T5887] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[  774.187277][ T5887] usb 5-1: device descriptor read/8, error -71
[  774.421093][T15055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  774.430584][T15055] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  774.485862][ T5887] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[  774.516331][ T5887] usb 5-1: device descriptor read/8, error -71
[  774.699325][ T5887] usb usb5-port1: unable to enumerate USB device
[  776.232355][T15068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  776.255103][T15068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  776.736264][T13723] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[  776.982137][T13723] usb 5-1: config 0 has no interfaces?
[  777.006083][T13723] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  777.017579][T13723] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  777.038375][T13723] usb 5-1: Product: syz
[  777.049652][T13723] usb 5-1: Manufacturer: syz
[  777.054498][T13723] usb 5-1: SerialNumber: syz
[  777.080471][T13723] usb 5-1: config 0 descriptor??
[  777.256903][T15080] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  777.305926][T15080] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  777.474083][T15085] input: syz0 as /devices/virtual/input/input37
[  777.703607][T15090] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2630'.
[  778.024848][ T5826] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  778.037768][T15097] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  778.061435][T15097] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  778.267319][ T5826] usb 3-1: config 0 has an invalid interface number: 113 but max is 0
[  778.304855][ T5826] usb 3-1: config 0 has no interface number 0
[  778.320390][ T5826] usb 3-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[  778.393898][ T5826] usb 3-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  779.085538][ T5826] usb 3-1: config 0 interface 113 has no altsetting 0
[  779.200509][ T5826] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  779.215089][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  779.258119][ T5826] usb 3-1: Product: syz
[  779.295203][ T5826] usb 3-1: Manufacturer: syz
[  779.332523][ T5826] usb 3-1: SerialNumber: syz
[  779.381194][ T5826] usb 3-1: config 0 descriptor??
[  779.438249][    C0] usb 3-1: NFC: Urb failure (status -71)
[  779.483151][ T5826] usb 3-1: NFC: Unable to get FW version
[  779.518774][ T5826] pn533_usb 3-1:0.113: probe with driver pn533_usb failed with error -90
[  779.625985][ T5912] usb 3-1: USB disconnect, device number 6
[  780.704937][T13723] usb 5-1: USB disconnect, device number 121
[  780.938634][T15117] usb usb8: usbfs: process 15117 (syz.4.2638) did not claim interface 0 before use
[  781.274526][T15121] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2638'.
[  781.359147][T15121] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  781.575643][ T5889] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  781.945488][ T5889] usb 3-1: Using ep0 maxpacket: 8
[  782.161800][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  782.174605][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  782.207355][ T5889] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  782.266847][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  782.298126][ T5889] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  782.316688][ T5889] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  782.329943][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  782.370629][ T5889] usb 3-1: config 0 descriptor??
[  782.412262][T15114] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  783.066333][ T5141] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  783.075602][T13723] usb 3-1: USB disconnect, device number 7
[  783.284095][T15144] xt_CT: You must specify a L4 protocol and not use inversions on it
[  783.878080][T15157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  783.914253][T15157] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  783.937586][T15157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  784.001931][T15160] ptm ptm13: ldisc open failed (-12), clearing slot 13
[  784.043591][T15157] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  785.300542][T15187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  785.309593][T15187] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  785.332740][T15187] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2657'.
[  785.406293][ T5887] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[  785.522741][T15188] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2657'.
[  785.615795][ T5887] usb 5-1: Using ep0 maxpacket: 8
[  785.626861][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  785.642340][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  785.670167][ T5887] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  785.781178][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  785.870572][ T5887] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  786.126091][ T5887] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  786.167622][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.211743][ T5887] usb 5-1: config 0 descriptor??
[  786.228530][T15195] FAULT_INJECTION: forcing a failure.
[  786.228530][T15195] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  786.243652][T15181] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  786.272894][T15195] CPU: 1 UID: 0 PID: 15195 Comm: syz.2.2660 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  786.272918][T15195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  786.272928][T15195] Call Trace:
[  786.272939][T15195]  <TASK>
[  786.272950][T15195]  dump_stack_lvl+0x189/0x250
[  786.272987][T15195]  ? __lock_acquire+0xaac/0xd20
[  786.273020][T15195]  ? __pfx_dump_stack_lvl+0x10/0x10
[  786.273048][T15195]  ? __pfx__printk+0x10/0x10
[  786.273063][T15195]  ? __might_fault+0xb0/0x130
[  786.273096][T15195]  should_fail_ex+0x414/0x560
[  786.273127][T15195]  _copy_from_user+0x2d/0xb0
[  786.273158][T15195]  ___sys_sendmsg+0x158/0x2a0
[  786.273191][T15195]  ? __pfx____sys_sendmsg+0x10/0x10
[  786.273250][T15195]  ? __might_fault+0xb0/0x130
[  786.273284][T15195]  __sys_sendmmsg+0x227/0x430
[  786.273319][T15195]  ? __pfx___sys_sendmmsg+0x10/0x10
[  786.273355][T15195]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  786.273389][T15195]  ? ksys_write+0x1f0/0x250
[  786.273423][T15195]  ? rcu_is_watching+0x15/0xb0
[  786.273454][T15195]  __x64_sys_sendmmsg+0xa0/0xc0
[  786.273486][T15195]  do_syscall_64+0xf6/0x210
[  786.273511][T15195]  ? clear_bhb_loop+0x60/0xb0
[  786.273530][T15195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.273545][T15195] RIP: 0033:0x7fbb6678e969
[  786.273566][T15195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  786.273587][T15195] RSP: 002b:00007fbb6761c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  786.273608][T15195] RAX: ffffffffffffffda RBX: 00007fbb669b5fa0 RCX: 00007fbb6678e969
[  786.273623][T15195] RDX: 040000000000037c RSI: 0000200000002440 RDI: 0000000000000004
[  786.273638][T15195] RBP: 00007fbb6761c090 R08: 0000000000000000 R09: 0000000000000000
[  786.273651][T15195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  786.273659][T15195] R13: 0000000000000000 R14: 00007fbb669b5fa0 R15: 00007fbb66adfa28
[  786.273682][T15195]  </TASK>
[  786.472130][    C1] vkms_vblank_simulate: vblank timer overrun
[  788.184213][ T5887] usb 5-1: USB disconnect, device number 122
[  788.199571][ T5141] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  789.745976][T15234] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  789.772936][T15237] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2671'.
[  789.856028][T15234] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  790.425921][ T5887] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  790.644963][T15246] netlink: 'syz.1.2673': attribute type 29 has an invalid length.
[  790.654255][T15246] netlink: 'syz.1.2673': attribute type 29 has an invalid length.
[  790.663180][T15246] netlink: 500 bytes leftover after parsing attributes in process `syz.1.2673'.
[  790.875688][ T5887] usb 3-1: Using ep0 maxpacket: 16
[  790.887668][ T5887] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  791.275493][ T5887] usb 3-1: config 0 has no interfaces?
[  791.294148][ T5887] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  791.307185][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  791.355134][ T5887] usb 3-1: config 0 descriptor??
[  792.094300][T15242] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2672'.
[  792.922360][T15267] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2678'.
[  793.001804][T15269] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  793.011040][T15269] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  793.633507][ T5840] usb 3-1: USB disconnect, device number 8
[  793.749691][T15286] FAULT_INJECTION: forcing a failure.
[  793.749691][T15286] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  793.777968][T15286] CPU: 1 UID: 0 PID: 15286 Comm: syz.2.2683 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  793.778009][T15286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  793.778028][T15286] Call Trace:
[  793.778037][T15286]  <TASK>
[  793.778048][T15286]  dump_stack_lvl+0x189/0x250
[  793.778084][T15286]  ? __lock_acquire+0xaac/0xd20
[  793.778117][T15286]  ? __pfx_dump_stack_lvl+0x10/0x10
[  793.778148][T15286]  ? __pfx__printk+0x10/0x10
[  793.778171][T15286]  ? __might_fault+0xb0/0x130
[  793.778212][T15286]  should_fail_ex+0x414/0x560
[  793.778242][T15286]  _copy_from_user+0x2d/0xb0
[  793.778275][T15286]  core_sys_select+0x633/0x990
[  793.778316][T15286]  ? __pfx_core_sys_select+0x10/0x10
[  793.778406][T15286]  ? __pfx_set_user_sigmask+0x10/0x10
[  793.778442][T15286]  __se_sys_pselect6+0x27a/0x300
[  793.778478][T15286]  ? __pfx___se_sys_pselect6+0x10/0x10
[  793.778514][T15286]  ? __x64_sys_pselect6+0x21/0xf0
[  793.778545][T15286]  do_syscall_64+0xf6/0x210
[  793.778577][T15286]  ? clear_bhb_loop+0x60/0xb0
[  793.778604][T15286]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  793.778635][T15286] RIP: 0033:0x7fbb6678e969
[  793.778665][T15286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  793.778689][T15286] RSP: 002b:00007fbb675fb038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  793.778713][T15286] RAX: ffffffffffffffda RBX: 00007fbb669b6080 RCX: 00007fbb6678e969
[  793.778742][T15286] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000040
[  793.778757][T15286] RBP: 00007fbb675fb090 R08: 0000000000000000 R09: 0000000000000000
[  793.778771][T15286] R10: 0000200000000680 R11: 0000000000000246 R12: 0000000000000001
[  793.778785][T15286] R13: 0000000000000001 R14: 00007fbb669b6080 R15: 00007fbb66adfa28
[  793.778828][T15286]  </TASK>
[  794.137974][T15287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  794.146990][T15287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  794.159768][T15287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  794.169251][T15287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  794.771300][T15300] FAULT_INJECTION: forcing a failure.
[  794.771300][T15300] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  794.811981][T15300] CPU: 0 UID: 0 PID: 15300 Comm: syz.4.2686 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  794.812014][T15300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  794.812028][T15300] Call Trace:
[  794.812037][T15300]  <TASK>
[  794.812047][T15300]  dump_stack_lvl+0x189/0x250
[  794.812088][T15300]  ? __pfx_dump_stack_lvl+0x10/0x10
[  794.812120][T15300]  ? __pfx__printk+0x10/0x10
[  794.812144][T15300]  ? fs_reclaim_acquire+0x7d/0x100
[  794.812187][T15300]  should_fail_ex+0x414/0x560
[  794.812215][T15300]  prepare_alloc_pages+0x213/0x610
[  794.812257][T15300]  __alloc_frozen_pages_noprof+0x123/0x370
[  794.812283][T15300]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  794.812313][T15300]  ? policy_nodemask+0x27c/0x720
[  794.812347][T15300]  alloc_pages_mpol+0x232/0x4a0
[  794.812386][T15300]  alloc_pages_noprof+0xa9/0x190
[  794.812417][T15300]  get_free_pages_noprof+0xc/0x30
[  794.812437][T15300]  kasan_populate_vmalloc_pte+0x3a/0x100
[  794.812464][T15300]  __apply_to_page_range+0x7ce/0xd20
[  794.812496][T15300]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  794.812525][T15300]  ? __pfx___apply_to_page_range+0x10/0x10
[  794.812552][T15300]  ? do_raw_spin_unlock+0x122/0x240
[  794.812583][T15300]  alloc_vmap_area+0x1e09/0x24d0
[  794.812642][T15300]  ? __pfx_alloc_vmap_area+0x10/0x10
[  794.812671][T15300]  ? __kasan_kmalloc+0x93/0xb0
[  794.812699][T15300]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  794.812729][T15300]  ? __get_vm_area_node+0x13f/0x300
[  794.812757][T15300]  ? htab_map_alloc+0x3e9/0xbe0
[  794.812778][T15300]  __get_vm_area_node+0x1f8/0x300
[  794.812815][T15300]  __vmalloc_node_range_noprof+0x2f1/0x12c0
[  794.812846][T15300]  ? htab_map_alloc+0x3e9/0xbe0
[  794.812866][T15300]  ? pcpu_memcg_post_alloc_hook+0x131/0x700
[  794.812901][T15300]  ? __pfx_pcpu_memcg_post_alloc_hook+0x10/0x10
[  794.812930][T15300]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  794.812956][T15300]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  794.812993][T15300]  ? pcpu_alloc_noprof+0xfdb/0x16b0
[  794.813027][T15300]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  794.813070][T15300]  bpf_map_area_alloc+0xf1/0x120
[  794.813101][T15300]  ? htab_map_alloc+0x3e9/0xbe0
[  794.813121][T15300]  htab_map_alloc+0x3e9/0xbe0
[  794.813146][T15300]  ? htab_map_alloc_check+0x35c/0x440
[  794.813172][T15300]  map_create+0x903/0x1150
[  794.813205][T15300]  ? security_bpf+0x7e/0x300
[  794.813230][T15300]  __sys_bpf+0x67e/0x860
[  794.813261][T15300]  ? __pfx___sys_bpf+0x10/0x10
[  794.813301][T15300]  ? ksys_write+0x1f0/0x250
[  794.813325][T15300]  ? rcu_is_watching+0x15/0xb0
[  794.813357][T15300]  __x64_sys_bpf+0x7c/0x90
[  794.813383][T15300]  do_syscall_64+0xf6/0x210
[  794.813415][T15300]  ? clear_bhb_loop+0x60/0xb0
[  794.813442][T15300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.813464][T15300] RIP: 0033:0x7f96b798e969
[  794.813483][T15300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  794.813503][T15300] RSP: 002b:00007f96b888b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  794.813527][T15300] RAX: ffffffffffffffda RBX: 00007f96b7bb5fa0 RCX: 00007f96b798e969
[  794.813543][T15300] RDX: 0000000000000050 RSI: 0000200000000200 RDI: 0000000000000000
[  794.813557][T15300] RBP: 00007f96b888b090 R08: 0000000000000000 R09: 0000000000000000
[  794.813570][T15300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  794.813583][T15300] R13: 0000000000000001 R14: 00007f96b7bb5fa0 R15: 00007f96b7cdfa28
[  794.813622][T15300]  </TASK>
[  795.672370][T15312] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] SMP KASAN PTI
[  795.684341][T15312] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
[  795.692786][T15312] CPU: 1 UID: 0 PID: 15312 Comm: syz.6.2690 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) 
[  795.704888][T15312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  795.714975][T15312] RIP: 0010:do_move_mount+0x27d/0xb10
[  795.720389][T15312] Code: e8 08 22 83 ff 41 be ea ff ff ff 49 bd 00 00 00 00 00 fc ff df 48 8b 6c 24 18 4c 8b 7c 24 08 48 8d 5d 48 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 84 1a e5 ff 48 8b 1b 31 ff 48 89
[  795.740057][T15312] RSP: 0018:ffffc9000ba07d50 EFLAGS: 00010206
[  795.746160][T15312] RAX: 0000000000000009 RBX: 0000000000000048 RCX: 0000000000080000
[  795.754248][T15312] RDX: ffffc9001db62000 RSI: 00000000000000e0 RDI: 00000000000000e1
[  795.762248][T15312] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  795.770248][T15312] R10: 0000000000000000 R11: ffffffff823b3fd9 R12: 0000000000000048
[  795.778272][T15312] R13: dffffc0000000000 R14: 00000000ffffffea R15: ffff88801cabd300
[  795.786279][T15312] FS:  00007f68b7b6a6c0(0000) GS:ffff8881261c7000(0000) knlGS:0000000000000000
[  795.795246][T15312] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  795.801872][T15312] CR2: 00007fbb675b9d58 CR3: 000000003276c000 CR4: 00000000003526f0
[  795.809884][T15312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  795.817893][T15312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  795.825891][T15312] Call Trace:
[  795.829200][T15312]  <TASK>
[  795.832178][T15312]  __se_sys_move_mount+0x4aa/0x580
[  795.837350][T15312]  ? __pfx___se_sys_move_mount+0x10/0x10
[  795.843031][T15312]  ? do_syscall_64+0xba/0x210
[  795.847746][T15312]  ? __x64_sys_move_mount+0x20/0xc0
[  795.852995][T15312]  do_syscall_64+0xf6/0x210
[  795.857544][T15312]  ? clear_bhb_loop+0x60/0xb0
[  795.862257][T15312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  795.868177][T15312] RIP: 0033:0x7f68b6d8e969
[  795.872623][T15312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  795.892259][T15312] RSP: 002b:00007f68b7b6a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad
[  795.900680][T15312] RAX: ffffffffffffffda RBX: 00007f68b6fb5fa0 RCX: 00007f68b6d8e969
[  795.908654][T15312] RDX: 0000000000000004 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  795.916656][T15312] RBP: 00007f68b6e10ab1 R08: 0000000000000260 R09: 0000000000000000
[  795.924625][T15312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  795.932610][T15312] R13: 0000000000000000 R14: 00007f68b6fb5fa0 R15: 00007f68b70dfa28
[  795.940587][T15312]  </TASK>
[  795.943612][T15312] Modules linked in:
[  795.948326][T15312] ---[ end trace 0000000000000000 ]---
[  795.955611][T15312] RIP: 0010:do_move_mount+0x27d/0xb10
[  795.961185][T15312] Code: e8 08 22 83 ff 41 be ea ff ff ff 49 bd 00 00 00 00 00 fc ff df 48 8b 6c 24 18 4c 8b 7c 24 08 48 8d 5d 48 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 84 1a e5 ff 48 8b 1b 31 ff 48 89
[  796.201836][ T5887] usb 5-1: new high-speed USB device number 123 using dummy_hcd
[  796.217959][T15312] RSP: 0018:ffffc9000ba07d50 EFLAGS: 00010206
[  796.224558][T15312] RAX: 0000000000000009 RBX: 0000000000000048 RCX: 0000000000080000
[  796.234391][T15312] RDX: ffffc9001db62000 RSI: 00000000000000e0 RDI: 00000000000000e1
[  796.242810][T15312] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  796.257521][T15312] R10: 0000000000000000 R11: ffffffff823b3fd9 R12: 0000000000000048
[  796.313407][T15312] R13: dffffc0000000000 R14: 00000000ffffffea R15: ffff88801cabd300
[  796.323846][T15312] FS:  00007f68b7b6a6c0(0000) GS:ffff8881260c7000(0000) knlGS:0000000000000000
[  796.333267][T15312] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  796.376879][T15312] CR2: 0000200000084030 CR3: 000000003276c000 CR4: 00000000003526f0
[  796.438490][T15312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  796.460377][T15312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  796.487822][T15312] Kernel panic - not syncing: Fatal exception
[  796.494448][T15312] Kernel Offset: disabled
[  796.498782][T15312] Rebooting in 86400 seconds..