last executing test programs:

12.575483817s ago: executing program 4 (id=2670):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902120001000000000904"], 0x0) (async)
r1 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="0000004e0000004e0000004e0000004e0000004e0000004e0000004e0000004e0000004e0000004e0000004e03b39d07608f7b5828bbdf7e480a3447000c821869e145288f8b84e21ba77eb77813207a7cb971a9b66117423a3d7777962df2114d75f173291366040c002614393300a2937f"])
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)

11.325775028s ago: executing program 4 (id=2678):
r0 = fsopen(&(0x7f00000000c0)='jffs2\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbM:', 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x20b6, &(0x7f0000000100)=[{0x5, 0x3, 0x1, 0x17}, {0x9, 0x9, 0xc, 0x5}, {0x5, 0x3, 0x91, 0x5}, {0x7, 0x9, 0x0, 0xfffffffb}, {0xff, 0xdc, 0x0, 0xaf}, {0x200, 0x5, 0x1d, 0x5}, {0x1000, 0x8, 0xfb, 0x9}, {0x514e, 0x4, 0xf, 0x200}, {0x7ff, 0xf, 0x7, 0xa}]})
set_mempolicy_home_node(&(0x7f00002b5000/0x400000)=nil, 0x400000, 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000018010040"])
r4 = syz_open_dev$hiddev(&(0x7f0000000040), 0x9, 0x123480)
ioctl$HIDIOCGVERSION(r4, 0x80044801, &(0x7f0000000080))

11.137518933s ago: executing program 4 (id=2679):
r0 = socket$kcm(0x2, 0x1, 0x84)
syz_usb_connect(0x3, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="3f0100000001090000000100000000090400"/29, @ANYRESOCT=r0, @ANYRES8=r0, @ANYRES8=r0], 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
syz_open_pts(0xffffffffffffffff, 0x2c0000)
ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r2)
recvmmsg(r2, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffc4c, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000500), r2)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x40, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000018d000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x67, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0x7, 0x3)
r4 = io_uring_setup(0x177d, &(0x7f0000000140)={0x0, 0x698b, 0x2, 0x2, 0x347})
close_range(r4, 0xffffffffffffffff, 0x200000000000000)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
mlock2(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1)
mlock2(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r5, 0x2)
socket$igmp6(0xa, 0x3, 0x2)
syz_emit_ethernet(0x56, &(0x7f00000003c0)=ANY=[@ANYRESHEX, @ANYBLOB="8dedbafb159a769a09ed96c18337c8f3492d990b04e1ecbb575d079a15f406c74f9f3e49813656af49e40ac751e46313f578cd589b19214b17bff9be48fc17126bda88805ff8be0ed9a065da0af5a3eeeea7b636f48ec1c301d718bc241410e471a99c991421169fb101836b8c6f3b29f2ab9f4867def922a74c29cc98daae6aa1c43c81a72ea3ec0bfe54e63d245e8ab022b2a90c9af98b4cfe2b9b4af28bc7a127b86584aa382b334308ac155de62bd1357ef5f36f06420f90d9c88389c554b1be8a5f82b2c707f9f8eef105637c7b0a59f328268ded155af1b645d18ccfd14ddd7d987b2b1f97d72269dae0c19c8972b7ec5250859df85d", @ANYRES16=r4], 0x0)
syz_emit_ethernet(0x33a, &(0x7f0000001100)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000008848000000004474032800660000012f9078ac1414aa0a0101010713beac1414380a010101ac1e0001640101014418fb800000006d0000000b000000020000000000001d47890fc5e0000001ac14143dac1414bb00000c20880b00a10003ed1812df3589c5b8a70ce0f6b058ebf62f5f7a7cfcfa7e6b46d66418ebf78689bbcfeaf0f557a524943435c2e44d0c96fc867e04a0a39e044548e12fe6dc1f33284d8d30992f17f46baac810338d1571a3342db4af218fedc8b3b176e3c1d61596677d56f3004fef225bb470bcf6400648b43d011023a6b198d8c33213fa0fa0bd13a236f63a9ef198845c8d003a665e7cf613e32f41e4abba927a430994bfcdac010008007ba3c6ba071dd01acafc2d3c14931de0bd761d39712c1bf0a79d5cf166f53cc9ab1e3c41fa9b708b5f7159463641baa5494689c3bfc197f2aabb165d8b48594515320e934f732a8545fbe3ae1121847f8eb9d8b6b9af39a08de0c2423b465ee15c92642bc5c5ed1069486453169400c000f6c75bca02084024181b4d0f6ab24cf92da4319708ba778f28a0a71994e4ebca4e4c7067db8635e9b943440c0086dd00047b690008dc9abb9585ad61eef4d896d8330fa2c56ed87e8c7bf24895685f407517f13d3b4b647ac680713f402db3277f327f10e29f03f5ce9142252081ac14dc0913eeae3a6b99237961a6fe43d30983daa386cd8eb7a1300b178f465eea2de9f38e39c9abca7f9ceae5862f3e462269843be0fcce17072291d917d20574815bd8349e1215734b577bc874ed49868728ce90a9f8d40d5afc2d9282b8d8c9d8f472c47a3f080088be00000000120547030100000000006d5a080022eb000000022105e17d020000000000aab900074503080065580000000341705cf310716498f1ab60b08833acd77b38b3c0958286d430aa7eb3d213e9345e8abfcbea0444a2e8ef167ab096219e88793fd0e48d1643f4a2412ebe40de36ae60fded9eda86bf6db692248477c8c2a2b06abea23e79c52aeb51d2bec28c98eec4656cf36bbf3ffac27a7586f32c9b419ee3391a959ee13ff678d0583dbff699f2bf6ef2b7546e24a53862de54c32aa8e11bb519f0d48804f660b4817647cebb0924d6dde556ee9b7046945e7fde5545c4c225dcf9413f795d7af04dc60b82704f0b14678b6ff4ed3620ab813421aa4fcbfdc726650fa5a25dec11270d650db09ac146784606c878d844c3c4cfa08927f0713fb0f02b7ae96150b46de3b24412c2e8121b5201174fd5e2321eda977baa6eed2d6be15b8f08e1837f50aa7c"], 0x0)

8.636106235s ago: executing program 0 (id=2689):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff}, 0x106}}, 0x20)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00')
r3 = openat$ubi_ctrl(0xffffff9c, &(0x7f0000000140), 0x111201, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r6, 0x303, 0x0, 0xfffffffc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
read$FUSE(r2, &(0x7f0000002400)={0x2020}, 0x2020)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r7, 0x0)
read$FUSE(r2, &(0x7f0000004440)={0x2020}, 0x2020)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0x6000000, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, {0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000, 0x8e84fffef67c07}}, r1}}, 0x48)

8.436248552s ago: executing program 0 (id=2690):
r0 = socket$inet6_dccp(0xa, 0x6, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000580), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000100)={0x410000, 0x2, 0x2})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000140)=0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}]}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x5c}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x1000000000000)

8.285126859s ago: executing program 0 (id=2692):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
fcntl$getownex(r0, 0x10, &(0x7f0000000400)={0x0, <r2=>0x0})
move_pages(r2, 0x4, &(0x7f0000000440)=[&(0x7f00001c7000/0x1000)=nil, &(0x7f000035a000/0x3000)=nil, &(0x7f000014f000/0x4000)=nil, &(0x7f0000056000/0x1000)=nil], &(0x7f0000000480)=[0x4, 0x0, 0x81, 0x100, 0x7ff, 0xa8b, 0x4, 0x400, 0x3, 0xff], &(0x7f00000004c0)=[0x0, 0x0], 0x4)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000600))
ioctl$GIO_CMAP(r3, 0x4b70, 0x0)
pwrite64(r3, &(0x7f0000000500)="d6ea0f900898b50c917f972fc9ca70589353a7e53a5363fa644ea169eb6a1c1e328be2c11a15490c1aed7229c4298a4d2699a401cc7746ce4fec6c9fca189d44398ccb77f02a55e2909d68d3296bef1d21b0de81c0fbba5e35afe06b51d6a1adaa61c0f9329d7c09701ebee26d693fb8ae67ef1ae1f7f202c99402b236312fb705e62628ebc907814973dbacd241f5e7385bab28a13f45e6fa96f94a9b546354d90a9d39c89ba981187da97d9901086ec1150dbcdb7e5cec81eef8055a496c904f1bf4966135985c848e941f13c1e32bde9fd4a253360d9caa47294066", 0xdd, 0xffffffffffffffff)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
sendmsg$sock(r1, &(0x7f00000003c0)={&(0x7f0000000000)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)="8f0011bda202d22fbaafbc7d02cfa65e493a062290bf1f3ed1cebc4171a67408c055e3fafb2092734a2f2763a8f0736f1e5e4d1fa676ebe75f933891a9a803ab006b300ff8bf63da831262594b09e35640bc66c34e434d00cd62319861392a16abbac1b1f99ceb73193fab0c7bd2c64ba02aceccc9705242bf14b4465ef0e3137eaabb19f735f5767d19a0affececd2f5461defb0bfd29688e7bc9490e3899b3a2b3baeec37404df71acff35", 0xac}, {&(0x7f0000000180)="ae64c69ab574cc83f4febfa23854101c35b75f6ea2f6d0547f39e29840c131f724c353dc8c45e666a1cbec6df2995981eb5e8cf09e81e8ab0c2bb925b37c0512b235eaddefa8ec80a4b7dd75ae311803475d4866a63cff5d5e", 0x59}, {&(0x7f0000000200)="287f97a7b9a6c9375d866afb4de8a06bcaf45643bfaf34e2faa5e4273aec3ec8ba2fcdc9506c93bb659c363bb8d762b6cea1f526efcdf3576cae30fe789ebefd37c402ccf37d4f611af7923871093ee4d68a446006f932f32a10af15be02cc189482a5619358802b6d95a2b143a9284741dbbfd850e8eb0d3d6c930a623c97170f0c533ba942bc2c5515378e2a0cdb75d7d3675b66ddf6a6c19ab50440f313384d1e6df606226db13f6ef48b1c1ed21c84c4df3b43becf94916c571486ac92577758d88553fd148f23b2e784a17daa630fd60f60c8e9350201be568a77278599f14ab0ad", 0xe4}], 0x3, &(0x7f0000000340)=[@txtime={{0x18, 0x1, 0x3d, 0x999}}, @txtime={{0x18}}, @txtime={{0x18, 0x1, 0x3d, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0x80000001}}, @timestamping={{0x14, 0x1, 0x25, 0x4}}], 0x78}, 0x20000000)
munlockall()
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x14, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xe8}, 0x1, 0x0, 0x0, 0x40011}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

8.101901676s ago: executing program 4 (id=2694):
r0 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[@ANYBLOB="12011001000000202505a8a4720b1c25030109021f000101ff8008090400fd010701010109050102"], 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0003620000000003"]}, 0x0)
syz_usb_control_io(r0, &(0x7f00000015c0)={0x2c, 0x0, &(0x7f0000001480)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40b}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000003d00)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000003a00)={0x20, 0x0, 0x4, {0x2, 0x10}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
syz_usb_disconnect(r2)
syz_usb_control_io$uac1(r2, &(0x7f00000008c0)={0x14, &(0x7f0000000400)={0x20, 0x4, 0x2a, {0x2a, 0x6, "1b108c75323b8e1bb2b231acfba78e8e22ec54f268ea30d494010216976d2b134038e2620720f687"}}, &(0x7f0000000880)={0x0, 0x3, 0x4, @lang_id={0x4}}}, &(0x7f0000000bc0)={0x44, &(0x7f0000000900)={0x0, 0x14, 0xc6, "fc1dbddacbf8173cbe8c6d3f8ef166848c5de6256708a7b71dc279abb487b24a24ef0ebc6e48010d0f18ed71d74ea7dd03e11964149c63ee638de6191e4d3f1dc5d6e8b0a46a60b7a87023f54de1786f25d243e28950e750142674935db6d009e8b54626e436ae7f2cf4e59eb662f82cc5b62d8121d2e11826ea2014b9f1e9e98c06ea22968a1539798b41456855795a8e724f32c7f159492682924c5b892c8b3a5ba93093da1191ceb14ebd6839e0a314f840dec1aceb50fcd52f2860a41b9a7854a2252dc4"}, &(0x7f0000000a00)={0x0, 0xa, 0x1, 0xf6}, &(0x7f0000000a40)={0x0, 0x8, 0x1, 0x1}, 0x0, &(0x7f0000000ac0)={0x20, 0x82, 0x2, "809e"}, &(0x7f0000000b00)={0x20, 0x83, 0x3, "70d072"}, &(0x7f0000000b40)={0x20, 0x84, 0x1, 'v'}, &(0x7f0000000b80)={0x20, 0x85, 0x3, "d3ff52"}})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
write$char_usb(r4, &(0x7f0000006800)="10", 0x1)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32=r5, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00')
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r9=>0x0}, &(0x7f0000001080)=0x4)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000001c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x4, 0x80, 0x1, [{{0x9, 0x4, 0x0, 0x33, 0x1, 0x7, 0x1, 0x1, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x0, 0x8, 0x68}}}}}]}}]}}, &(0x7f0000000800)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x110, 0x6, 0x1, 0x9, 0xff, 0x4}, 0x4d, &(0x7f0000000280)={0x5, 0xf, 0x4d, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x81, "3c631a8bfdf5d1c7b025609df11393d9"}, @ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0x5, 0xe229a3bed5371c1b, 0x4, [0x7, 0xc000]}, @ssp_cap={0x20, 0x10, 0xa, 0x4, 0x5, 0x4, 0xf, 0x2, [0xff3fc0, 0xff3f0f, 0xc0, 0xf, 0xcf]}]}, 0x7, [{0xc8, &(0x7f0000000300)=@string={0xc8, 0x3, "05e35c4c7868785d53a3ff057f47a0084b30929143c30726771d7e14b6e8d8279172f097bc59a2f063e15eb33d4ba51448c609553af43c5e52bd8b185257b3dd811f4eab0b21a7eaf1447a7d2c2f0f3e94337c8bc0ad13090ce7425215196353399d8ed17ad0fdbc58bae19100a21bd583ef86c9bec557bc77d3dad1f4c942448b37713c1031d36e4cd8ae194270d10a4a1ae5b7fbe6bede3935047aeafb5e7bc0cf3acd4f94bff7231b9f464b924072ac7495afc9e4b545ae1e5aeab67c9a03fe077aedb0b3"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x448}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x100c}}, {0x72, &(0x7f00000004c0)=@string={0x72, 0x3, "af2bf69d81cb199b6fd90d6f639e655ac38dc862ec963527ae4f2067bdd54443bac77bc02759981d5e8fa964894946d076d616589c7ddef9b2c3ef8cc82a5b46fb44344ddc049580b9cd2823171d57970b5b15340bdfabfebc4c2f95b6afe41e7da7c0aa813890e1231bdf0df90758ea"}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x100a}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x40c}}, {0xcd, &(0x7f0000000700)=@string={0xcd, 0x3, "46f5fcd176643e20af6d7f63545cd2358d9cef4a35bb016655a1d7632a5d58b6916ed71b1fd0cb7b6a4e5712616443386569246cb0da42e061fb04e0d4f935f47cabf9c4b817d40b4fa4fc3774b9d932e1af3969242d997a9beb1f32815562e95e9ed9aebcf6ce41b1c89df0c35e387d821139e5e7ac4e61b3246717dfc4461662004b69ff9c5b06312e1590deed28613d603e244b6b180694a5857c37641b58eaf0a4836e0845744e3a8f4bca3f8648a348c2433b5e51b56b72cbb582114c54392319b20b8c6a47aa7b49"}}]})
r10 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000080)={'ipvlan1\x00'})
sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000c40)=ANY=[@ANYRES32=r1, @ANYRES32=0x0, @ANYRES8=r0, @ANYRESDEC=r2, @ANYBLOB='\x00\x00\x00'], 0x4c}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r10, 0xc1205531, &(0x7f0000000540)={0x3, 0x20000046, 0x0, 0x4, '\x00', '\x00', '\x00', 0x0, 0x100a, 0x9, 0x3, "b6855a32674ffa64f778ddcf29c94337"})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x20000)
r12 = userfaultfd(0x1)
ioctl$UFFDIO_API(r12, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r12, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000117000/0x4000)=nil, 0x400000, 0x3, 0x2})
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f0000000140)=@assoc_value={r9, 0x3}, 0x8)
preadv(r6, 0x0, 0x0, 0x3a, 0x5)

5.173458132s ago: executing program 3 (id=2703):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000180)={0x8f, 0x0, 0x2})
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x5, 0x200004, 0x2, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@arm64={0x31, 0xb, 0x2, '\x00', 0x3})
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dc4a)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x57}], 0xee01}, 0x18, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.757647569s ago: executing program 3 (id=2704):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) (async)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f0000000480)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1e6, {0xfd}, {0x7}, @queue={0x4, {0xb, 0x3}}}, {0x2, 0x0, 0x9, 0x89, @tick=0x391, {0xfd}, {}, @note={0x81}}, {0x6, 0x3, 0x9, 0x3, @time={0xd, 0x1000}, {0xe, 0x4}, {0xc, 0x2}, @note={0xfa, 0x94, 0x0, 0x4, 0x8}}], 0x54)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01) (async)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01)
write$sndseq(r1, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @tick=0x8, {}, {}, @result}], 0x1c)
r2 = socket$inet(0x2, 0x6, 0x0)
bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e22, @loopback}, 0x10)
getsockopt$sock_buf(r2, 0x1, 0x1c, &(0x7f0000000100)=""/252, &(0x7f0000000000)=0xfc) (async)
getsockopt$sock_buf(r2, 0x1, 0x1c, &(0x7f0000000100)=""/252, &(0x7f0000000000)=0xfc)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x4e23, @local}, 0x10)

4.124073614s ago: executing program 4 (id=2706):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f0000000b80)=[{{&(0x7f00000001c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000c80)=""/227, 0xe3}, {&(0x7f00000003c0)=""/172, 0xac}], 0x2}}, {{&(0x7f0000000480)=@can, 0x80, &(0x7f0000000500)=[{&(0x7f00000000c0)=""/36, 0x24}], 0x1, &(0x7f0000000540)=""/64, 0x40}, 0x8}, {{0x0, 0x0, &(0x7f0000000580), 0x0, &(0x7f0000000700)=""/111, 0x6f}, 0x80}, {{&(0x7f00000002c0)=@nfc_llcp, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000800)=""/93, 0x5d}, {&(0x7f0000000880)=""/83, 0x53}, {&(0x7f0000000900)=""/25, 0x19}, {&(0x7f0000000940)=""/226, 0xe2}], 0x4, &(0x7f0000000ac0)=""/130, 0x82}, 0x20000000}], 0x4, 0x2, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0x40086602, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r2, &(0x7f0000000040)='T', 0x1, 0x8910, &(0x7f0000000280)={0xa, 0xfffc, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000b5403340861a227536350102030109021200010000"], 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000500)=ANY=[@ANYBLOB="f69a1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000200), 0x8, 0x800)
dup(0xffffffffffffffff)
syz_open_pts(0xffffffffffffffff, 0x200400)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000240), 0x10400, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x141040, 0x0)
fspick(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
r4 = syz_clone(0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r4)

3.922187959s ago: executing program 0 (id=2707):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000540))
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0xffac, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x8, &(0x7f00000011c0)=ANY=[@ANYBLOB="1400000000000000010000002500000002010000000000004800000000000000080000000700000010000034366567f2219787566400007300000000000000000000000008000000ef3820f3439cb150a3651e799e1459c9c9a7521737a8879e3ef4dca1e3c32158996e4b2abde5342e22f2ba8b679121ac0b0ad62ade31fb2c47f0bbf781eb8bd1e3064141e90e9eac25b189c0da98b676571bbeefba392c3e15a10e03dee4ae1dfe99793e51ec0c6bb5fa6d7b357d249502f5919ef251e5d0e5bed378265b8bd55fde4689cb509b14fa754813a27e72d175e8d677420e10d651833e6e2ab8168b1d633b1bb9a7d4d59ebdc7083d93d35cd469de", @ANYRES32=0x0, @ANYBLOB="e1212f0409000000e70bcf35ac837225dd355ad309a5ec6096633ba38e1ef5baf006020e5f45c993cb5680017c6720bea9b7c451516a8cff7f00000000000019f20b784b2336d43c8a0f7347801a596dfb0b078a967980ccec1d115c7a0000000000000000000000fed6260fdf140498f1274bc569d0d87656d0d18d903580f0ec0915e89bd286b2c25165043f6a001d53f84eaabf01cc310ff28c7c76867ce1a2c9c91b1db7295614e2a4f8711ec37ae999180cb5bbb9c5382120076e117539d423a2ec0f468db35960831f5f884c1fa9f46b3472327697495b8e8ba8e2f3defbe93e1fc733b06dfc74890a3f63b154e9681d69cdd9894c914ee45c286462888ff84e401a6d8895ffda88a171b7359f815d7b6f7562fba1bbff4cba08f7a39a8e88b66a4717b3c318f85aecbe8b5f3485f8d31bf5a57b9dd53b382ec017a33d1fabe09daf76b3b0"], 0x6b}, 0x0)

3.800915636s ago: executing program 3 (id=2708):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000300)=ANY=[@ANYBLOB="f7f433e733a1e0c0aaaaaaaaaaaaaaffb9228b23b790a8ccddc56028d21b64ff86dd671d74b100181100fe80000000000000000000000000000000000069f9004e214e21001890780400000002000000040004000000000000ddff030000000000007fe60ff56425cfd99a58b3f9f28965b7c9940dadfac0e2757f049a5ccf"], 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000880)=ANY=[@ANYBLOB="940000001000010400"/20, @ANYBLOB="47e7d6d842cb100bd8023c5d3f10462889d457dd391a3fd2345ac07ff3d116f2a770e73d2a0aac31fda9d415940e78d3837ba6a4540cf2879ea0368c53c82ec2ea2e312b8ca8c72be2f51248da0a7494384bd70c0d742d7546dfc130852327ea0f7510606104f21b1a2c678c137d06f89474d92178a758cc062d6a0a761ccbe2ea24f73e4d977e0e4f4636b63784aa1efbcd935e0df628400a7f8b34b78d0aa9ceab392c4c90d6ba35830c9f111bcd55e839cfc8ac4072fc5f7b089e4bbc467cad95a7f793aef21e3f38675b0e24291a2e6d611b3546128ca100ba3fefa503827628f50ce5cb397f53", @ANYBLOB="0300000000000000640012800b0001006970366772650000540002800800150061db0a0008000100", @ANYRES32=r0, @ANYBLOB="14000700fe8000000000000000000000000000aa08000d005fe1ffff060010004e22000008000500200c000014000600fc"], 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB="40010000100001000000e3ffffffffffffff0000000000000000ffff7f000001fe8000000000000000000000080000bb0000000010000000000002f26ee1d82186ddea7be9b9caee762734b23fdc53912127a990f67cc2b8f20b9f45a4db568753f48e5ec682f676bd2b2eb5c0e376b95229622afd", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000fc000000006c000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000200000000000000000000000800160002000000480003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000051000000"], 0x140}}, 0x801)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000001c0)="8fe9f001163100670f0179d80f01cb0f32baf80c66b8ccd23d8c66efbafc0c66b82f00000066efbaf80c66b8ae14518066efbafc0cb83945eff3d9f1f263e766660f3881983fd0660fe702", 0x4b}], 0x1, 0x60, &(0x7f0000000280)=[@cstype3={0x5, 0x3}], 0x1)
syz_extract_tcp_res(&(0x7f0000000180), 0x9, 0x3)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x3, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCPKT(r6, 0x5420, 0x0)
add_key$user(0x0, &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, 0xffffffffffffffff, 0x2c9ab000)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000a00)={0x246, 0x7d, 0x0, {{0x500, 0x105, 0x0, 0xfffffffa, {0x1}, 0x1aac0000, 0x1, 0x0, 0x0, 0x25, '\x04no\xc8f\xc9}`\x99\x06\x00\x00\x00\x00\x00\x00\x00\x90\x00\x00\x1d\xf6\xdb\x00\x00\x00\x00\x00\x00=\xd3\x00\x00\x00\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x17, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x0fX\x05\x02\xb6n\x00\xf3\x13\xf6\x00', 0x5e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\xf3u)\x9b\xc6l\n\xe3k\x1dR\xc3l\xfe{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'/94}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x05\x00\x00\x00\x00\x00\x00\x00\xc2g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x246)
syz_open_dev$sg(0x0, 0x0, 0x0)
msgget$private(0x0, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_LOG_STATUS(r7, 0x5646, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3)
syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')

3.374123634s ago: executing program 0 (id=2709):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000700)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6b", 0x2a}, {&(0x7f0000000a00)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc48755381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b933aa9169f5f7b51dd5319b8016623d1863d70581691a79a6678db1e5e7fa1c98c5b9e4a87272e9c4a1bd98dbb2ab76919ba5c1020e80bd0659e82d861dc6fe4c62639134c504aa438689d28748c22ebfe2772d64b64e706d94864d785dcc6b24fff7858b2a4edb673503cf002e28e331bc529b433cd74ab6c48a2c", 0xf6}, {&(0x7f0000000180)="5be3b011e12323e4ab88c0472f0700000000000000e71ba62334303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000000000d6e36e737691a1c6bd2a64b2a85cbaaf648c9100000000000000006a8f4f5405596e72f8fe08c33a33b275787892f61fbb621794716f96031931b55af30fa01d72aa5a53ee4c07ab7c96a4a9ed93f4d20269982ab6feb22d8e77afb7b861622ab963b07f0026fd6424082bcd0864a854e542aacc3201fff7", 0xd8}, {&(0x7f0000001000)="bd2f6aa36cea0e4bccda24dc5bd69ad762e998d923018ec9f30d63c7059c3c786069915581888508ff589f82857ff546b23b88d6bd61f1efc982005bf6c9abc4fe2caf32ef3ff105b69346a4d09afd7b0b8bd5f8c25f0eab84d8ad1b6576552ee2acc2ef0a9b0f9964d5705db134bdd9f261b7349aeede1c42e31b1082eec37b959d16afb967f54c471f2c7922c3c069f6a67c6ffee04bb1106c7e99752f50c7efdfa8afc8bd11acfc7a82e59dc5ffc88775bf6c9794b3ca2f475d25203ec0e0dd996b25d908e16539ac6e6086da296964d83ba527dcb6e7de403ef2a089ba3a5e094333a951cb48b75ac346a4783121dbceeef0a14f71fce2f4eb8bb7e758a67b9f7bd6231f410120746c1450cfd1aa4ba36a3bf20ded587f261a4c980fcd1e966d88d1c82912a289858e876d45f85516db0e8aa12e436a4faf2ffccc7b12c716a3f0499246752636a5b5e3762fa5dff7e78942123a253565e3058926808ee581d47fdd34118121a5c5", 0x16a}], 0x4}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000840)="b5d383823677f025217943343e363268a73daecfa0fdc5beb5a7ac332a11533627b41dbe33a6be0055bf716aa2b23b97d43cc40c632f6b9850f364ba0831ed0d6f7157f204275aa850d992d81ba6ab984bd809254e847b644cf6459a813bc3ebba62168141343c9938965233cdaef85778ce05c77e962fd6bf3a4b9eb05654e64f1867398e202b4920e8ebc08f6e6dc652a12e000000000000000000dabfc714629971d55b52192c803e89147c9434e190ba2de9c450883623e826c07629f995ad852ebf1727f940374dd2245519c82a823f551fb0df615425f7e0d6ec20e4d85814cc430ee2fcc6145748301f", 0xed}, {&(0x7f0000000500)="e47ecfc6ce6d4d9cc5a0fbf98f301803da3adfbec8a1d5324076b744b24bc7cf83120d4819726e827d90219c7100dc54", 0x30}], 0x2}}], 0x2, 0xc0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf64ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

2.83620921s ago: executing program 1 (id=2711):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x7, 0x7, 0x582, 0x3, 0x3, 0x15e8c, 0x8}, 0x1c)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x48, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bridge\x00'}]}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x70}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000)

2.79251473s ago: executing program 1 (id=2712):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r1, &(0x7f00000085c0)=[{{&(0x7f0000000380)={0x2, 0x0, @dev}, 0x10, &(0x7f00000016c0)=[{&(0x7f00000003c0)='X;', 0x2}], 0x1}}], 0x1, 0x0) (fail_nth: 9)

2.469695821s ago: executing program 1 (id=2713):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x46403, 0x0)
r1 = socket$pptp(0x18, 0x1, 0x2)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000040))
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r4}, 0x18)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
shutdown(r2, 0x1)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDARP(r5, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @remote}, 0x0, {0x2, 0x2, @private=0x40}, 'syz_tun\x00'})

2.456847365s ago: executing program 0 (id=2714):
bind$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x4e22, @multicast2}, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000)=0x5, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
r4 = openat$6lowpan_control(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r4, &(0x7f0000000040)='connect aa:aa:aa:aa:aa:10 2', 0x1b)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, 0x0, 0x0)
bind$inet(r5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x19, &(0x7f0000000140)=ANY=[@ANYRES32=r0, @ANYRES8=0x0, @ANYRES16=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r6)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r7, 0x10001)
connect$inet(r7, &(0x7f00000000c0)={0x2, 0x4e22, @rand_addr=0x64010102}, 0x10)
listen(r2, 0xfffffffd)
sendmsg$inet(r5, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000040)=0x193a, 0x4)
syz_usb_connect(0x2, 0xfffffffffffffef2, 0x0, 0x0)
lsetxattr$system_posix_acl(0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000080000000000000020000000000000008e6644e1b24221b2ea378b94b725174a6ff757dce41478b623f043aa3189ade427f27dfaf9d59a54e4ec6d51710bf725ff9c92a7f28a04a651a299530f2046b0361ec69d5093d075b896c5565b323d0417790e5783f28773652b4e1fda795c522a230ac63b65db743ab95943ae495de2a9fb809b399802a75e57af48db203595665d0e805ecaf08749e5a705d16ec79e551517e2840aaa1924bb68b216dccb02a4d426ce"], 0x24, 0x0)

2.424355187s ago: executing program 1 (id=2715):
r0 = semget$private(0x0, 0x4, 0x0)
semop(r0, &(0x7f0000000380)=[{0x0, 0xea39}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x8, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000611288000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x42000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r1 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x1c, &(0x7f0000000040), &(0x7f0000cab000)=0x7)
r2 = semget$private(0x0, 0x4000000009, 0x0)
r3 = shmget(0x1, 0x4000, 0x80, &(0x7f0000ffb000/0x4000)=nil)
shmctl$SHM_INFO(r3, 0xe, &(0x7f00000000c0)=""/233)
semop(r2, &(0x7f0000000240)=[{0x1, 0x7fff, 0x1000}], 0x1)
semop(r2, &(0x7f0000000080)=[{0x0, 0xfffe}], 0x1)
semctl$GETNCNT(r0, 0x0, 0xe, 0x0)

2.016485843s ago: executing program 3 (id=2717):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000001300)=ANY=[@ANYBLOB="0015f700000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f00000001c0)=ANY=[@ANYBLOB="40090d000000002c7f063a31"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f00000000c0)={0x20, 0x31, 0x41, {0x41, 0x9, "2294aa76cec01fbc7c619e1585cab2b68df57575ba6c363d37eeb5315064adc4a85c33afac5c0232a26f1b58edbaaaddfe05fd5d71140e193a60b9d7640c09"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x804}}, &(0x7f0000000340)={0x0, 0xf, 0x168, {0x5, 0xf, 0x168, 0x3, [@generic={0xb5, 0x10, 0x2, "938dd6579c92c004f8e86ed9156ffef3c793b009244755cc686d4fa7c28807688a7e144ba1acf3af0786e7e3993db5199d6eae3b7ffa359821a8039fbc40033a79ecfe52f468d41a5731fa349133c9095ac83e6a93ceb5c51562750646f6aee2ad2d1c2fe51166ef8ce68eed50042a4408541382d3a8ba750bff654aec098f497f25602539615472dc094a6a1f45d6950731403644b2f510007ce6064813bc08c82a63999989a5949959078da14abe1b504d"}, @ss_cap={0xa}, @generic={0xa4, 0x10, 0xb, "55f2c38bbf85034c229e9df8db47ab92afafc516475e84039cb5136f4b8feafe7ae49ed022b28cf84851a98ced019cde4249a363f93d8b50a68ef741046cd0dde3fd144eb03cd9daaebd9f2e7bba1ad81486449c492d3e9da29de9cd7ed8e49c255ea73297696d7742343ecf8302a73c7b008622714ca9e5904a69cce1dd29d5a144851aa91fb38e800c1324af44b1591d488859b910f8e5415514c2b386841328"}]}}, &(0x7f0000000180)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1, 0xe2, 0xb, 0x7, "62f64d78", "479ef7bc"}}, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x12, 0x5, 0xb, 0x6, 0x40, 0x6}}}, &(0x7f00000008c0)={0x84, &(0x7f0000000280)={0x0, 0xa, 0x1, "05"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x2}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000500)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000000540)={0x20, 0x0, 0x4, {0x100, 0x20}}, &(0x7f0000000580)={0x40, 0x7, 0x2, 0x1}, &(0x7f00000005c0)={0x40, 0x9, 0x1, 0xec}, &(0x7f0000000680)={0x40, 0xb, 0x2, "4a01"}, &(0x7f00000006c0)={0x40, 0xf, 0x2, 0x7ff}, &(0x7f0000000700)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, &(0x7f0000000740)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x63fee795893c8907}}, &(0x7f0000000780)={0x40, 0x19, 0x2, "9446"}, &(0x7f00000007c0)={0x40, 0x1a, 0x2, 0x7fff}, &(0x7f0000000800)={0x40, 0x1c, 0x1, 0x7}, &(0x7f0000000840)={0x40, 0x1e, 0x1, 0xd0}, &(0x7f0000000880)={0x40, 0x21, 0x1, 0xa}})
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, 0x0, 0x0)

1.80178299s ago: executing program 2 (id=2719):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0203f3021600000000000000200000000200090008000000e9000000000000000300060000000000020000000000000000000000000000000200010000000000000003fcff000020030005000000000002000000ac1414aa00000000000000000a0008000825"], 0xb0}, 0x1, 0x7}, 0x0) (fail_nth: 9)

1.535827463s ago: executing program 1 (id=2720):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000540))
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
ioctl$KVM_RUN(r0, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0xffac, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x8, &(0x7f00000011c0)=ANY=[@ANYBLOB="1400000000000000010000002500000002010000000000004800000000000000080000000700000010000034366567f2219787566400007300000000000000000000000008000000ef3820f3439cb150a3651e799e1459c9c9a7521737a8879e3ef4dca1e3c32158996e4b2abde5342e22f2ba8b679121ac0b0ad62ade31fb2c47f0bbf781eb8bd1e3064141e90e9eac25b189c0da98b676571bbeefba392c3e15a10e03dee4ae1dfe99793e51ec0c6bb5fa6d7b357d249502f5919ef251e5d0e5bed378265b8bd55fde4689cb509b14fa754813a27e72d175e8d677420e10d651833e6e2ab8168b1d633b1bb9a7d4d59ebdc7083d93d35cd469de", @ANYRES32=0x0, @ANYBLOB="e1212f0409000000e70bcf35ac837225dd355ad309a5ec6096633ba38e1ef5baf006020e5f45c993cb5680017c6720bea9b7c451516a8cff7f00000000000019f20b784b2336d43c8a0f7347801a596dfb0b078a967980ccec1d115c7a0000000000000000000000fed6260fdf140498f1274bc569d0d87656d0d18d903580f0ec0915e89bd286b2c25165043f6a001d53f84eaabf01cc310ff28c7c76867ce1a2c9c91b1db7295614e2a4f8711ec37ae999180cb5bbb9c5382120076e117539d423a2ec0f468db35960831f5f884c1fa9f46b3472327697495b8e8ba8e2f3defbe93e1fc733b06dfc74890a3f63b154e9681d69cdd9894c914ee45c286462888ff84e401a6d8895ffda88a171b7359f815d7b6f7562fba1bbff4cba08f7a39a8e88b66a4717b3c318f85aecbe8b5f3485f8d31bf5a57b9dd53b382ec017a33d1fabe09daf76b3b0"], 0x6b}, 0x0)

1.487436468s ago: executing program 2 (id=2721):
creat(&(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x8}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r2, r0)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x4, 0x288}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x7f00000000000000, 0x0, 0x0)

1.229500243s ago: executing program 1 (id=2722):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00')
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000800)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1b00"/12, @ANYRES32=0x0, @ANYBLOB="8429d0ebfb"], 0x20)
io_setup(0x9, &(0x7f0000000040))
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f00000000c0)={0x17, 0x44, &(0x7f0000000380)="480ea78a7b9a661bec44d7ed00c75000f4bee7c67dfb96632a4522c4f4cab2f3f4dc7291e69e15523e5521d355f4a3bee56a1bde03d54515b9c9645b321d461e1fdf184c"})
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
socket$rxrpc(0x21, 0x2, 0xa)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x24fb, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x200000}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x130a6e94}]})
socket$tipc(0x1e, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0xffffff9a, 0x0, 0x0, &(0x7f0000000140), 0xfebc}, 0x0)
r7 = openat$cgroup_ro(r1, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r7, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x20, 0x0, @fd=r2, 0x81, 0x0, 0x9eb})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(r8, &(0x7f000000f8c0)={0x0, 0x0, &(0x7f000000f880)={&(0x7f0000002b00)=@newtaction={0x1c, 0x16, 0xe67c0fb78d4e40bf, 0x0, 0x0, {0xa}, [{0x4}, {0x4}]}, 0x1c}}, 0x0)

1.224588256s ago: executing program 2 (id=2723):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000080)={0x220, 0x0, 0x1}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x1000, 0x3, 0x1}, 0x18, 0x0)
landlock_restrict_self(r2, 0x2)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x1000, 0x3}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
pipe(&(0x7f00000000c0))
landlock_restrict_self(r3, 0x0)
fcntl$notify(r1, 0x402, 0x8000003d)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000000)={0x6, 'bridge_slave_0\x00', {}, 0x100})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000040)={0x0, 'bridge_slave_1\x00', {0x2}, 0x9})

1.20431683s ago: executing program 3 (id=2724):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000030900010073797a300000000058000000060a010400000000000000000100000008000b40000000000900010073797a3000000000300004802c0001800a0001006c696d69740000001c0002800c00024000000000000010000c00014000000000000000031400000011"], 0xe0}, 0x1, 0x0, 0x0, 0x20008084}, 0x0) (fail_nth: 9)

831.791217ms ago: executing program 2 (id=2725):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x46403, 0x0)
r1 = socket$pptp(0x18, 0x1, 0x2)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000040))
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r4}, 0x18)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
shutdown(r2, 0x1)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDARP(r5, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @remote}, 0x0, {0x2, 0x2, @private=0x40}, 'syz_tun\x00'})

708.837543ms ago: executing program 3 (id=2726):
socket$nl_sock_diag(0x10, 0x3, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e24, 0x10000100, @loopback, 0xb}, 0x1c)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3000005, 0x4010, 0xffffffffffffffff, 0x0)
connect$unix(r1, &(0x7f00000003c0)=@file={0x1, './file0\x00'}, 0x6e)
pread64(0xffffffffffffffff, &(0x7f00000022c0)=""/157, 0x9d, 0x87)
ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, &(0x7f0000000280)={0x1, 0x0, {0x9, 0x8, 0x0, 0x4, 0x8, 0x6, 0x2, 0x4}})
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000000040)=0xcd45, 0x4)
r4 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r5 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5)
sendfile(r4, r4, 0x0, 0x24002de8)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r6 = socket$kcm(0x29, 0x5, 0x0)
write$cgroup_pressure(r6, &(0x7f0000000140)={'full', 0x20, 0x5b}, 0x2f)
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0}, 0x400c885)
ioctl$LOOP_SET_STATUS(r4, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x4, 0x0, 0x1, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x7]})
ioctl$LOOP_SET_STATUS(r4, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x1, 0x9, 0x4, 0xc, "522530d6e597ca5402000000295d3513b07ad7aca89590d709b29ee7c21514bb1f220000004000", "012a519a670231ce4623c52b637a4bffffce6a392e161f8e3005abf4f73f48a2", [0x3, 0xb]})

642.229017ms ago: executing program 2 (id=2727):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
socket(0x15, 0x5, 0x0)
epoll_create1(0x0)
epoll_create1(0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r2=>0x0})
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xb)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x403, 0x6101, 0x0, {0x0, 0x0, 0x0, 0x0, 0xff7f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x6811}, 0x2400c810)

412.372143ms ago: executing program 2 (id=2728):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000180)=ANY=[@ANYBLOB="200000002c00010026bd7000dadbdf250400000005000b"], 0x20}, 0x1, 0x0, 0x0, 0x404000d}, 0x20000000) (fail_nth: 9)

0s ago: executing program 4 (id=2729):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x300, 0x2}, 0x0, &(0x7f0000000100)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0)
r1 = syz_io_uring_setup(0x186, 0x0, &(0x7f0000000100)=<r2=>0x0, &(0x7f00000002c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24008000}, 0x0)

kernel console output (not intermixed with test programs):

00480 RDI: 0000000000000003
[  666.152629][T13529] RBP: 00007f421ba9e090 R08: 0000000000000000 R09: 0000000000000000
[  666.152637][T13529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  666.152645][T13529] R13: 0000000000000000 R14: 00007f421ada5fa0 R15: 00007f421aecfa28
[  666.152662][T13529]  </TASK>
[  666.605214][T13536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  666.613936][T13536] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  666.627880][T13536] netlink: 'syz.0.2441': attribute type 26 has an invalid length.
[  666.729242][T13547] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2440'.
[  666.846931][T13549] FAULT_INJECTION: forcing a failure.
[  666.846931][T13549] name failslab, interval 1, probability 0, space 0, times 0
[  666.860496][T13549] CPU: 1 UID: 0 PID: 13549 Comm: syz.2.2446 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  666.860521][T13549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  666.860532][T13549] Call Trace:
[  666.860539][T13549]  <TASK>
[  666.860547][T13549]  dump_stack_lvl+0x241/0x360
[  666.860577][T13549]  ? __pfx_dump_stack_lvl+0x10/0x10
[  666.860599][T13549]  ? __pfx__printk+0x10/0x10
[  666.860622][T13549]  ? __pfx___might_resched+0x10/0x10
[  666.860641][T13549]  should_fail_ex+0x424/0x570
[  666.860664][T13549]  should_failslab+0xac/0x100
[  666.860686][T13549]  __kmalloc_cache_noprof+0x73/0x370
[  666.860707][T13549]  ? genl_start+0x1cb/0x6d0
[  666.860735][T13549]  genl_start+0x1cb/0x6d0
[  666.860762][T13549]  __netlink_dump_start+0x45c/0x790
[  666.860785][T13549]  genl_rcv_msg+0x8a4/0xf00
[  666.860813][T13549]  ? __pfx_genl_rcv_msg+0x10/0x10
[  666.860836][T13549]  ? __dev_queue_xmit+0x1780/0x3f60
[  666.860857][T13549]  ? __pfx_genl_start+0x10/0x10
[  666.860879][T13549]  ? __pfx_genl_dumpit+0x10/0x10
[  666.860901][T13549]  ? __pfx_genl_done+0x10/0x10
[  666.860935][T13549]  ? __lock_acquire+0xad5/0xd80
[  666.860959][T13549]  ? __pfx_smcd_nl_get_device+0x10/0x10
[  666.860986][T13549]  netlink_rcv_skb+0x208/0x480
[  666.861006][T13549]  ? __pfx_genl_rcv_msg+0x10/0x10
[  666.861032][T13549]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  666.861064][T13549]  ? netlink_deliver_tap+0x2e/0x1b0
[  666.861088][T13549]  genl_rcv+0x28/0x40
[  666.861110][T13549]  netlink_unicast+0x7f8/0x9a0
[  666.861132][T13549]  ? __pfx_netlink_unicast+0x10/0x10
[  666.861148][T13549]  ? __virt_addr_valid+0x45f/0x530
[  666.861170][T13549]  ? __phys_addr_symbol+0x2f/0x70
[  666.861190][T13549]  ? __check_object_size+0x478/0x720
[  666.861216][T13549]  netlink_sendmsg+0x8e8/0xce0
[  666.861244][T13549]  ? __pfx_netlink_sendmsg+0x10/0x10
[  666.861267][T13549]  ? aa_sock_msg_perm+0x91/0x160
[  666.861293][T13549]  ? __pfx_netlink_sendmsg+0x10/0x10
[  666.861313][T13549]  __sock_sendmsg+0x221/0x270
[  666.861336][T13549]  ____sys_sendmsg+0x53c/0x870
[  666.861359][T13549]  ? __pfx_____sys_sendmsg+0x10/0x10
[  666.861379][T13549]  ? __fget_files+0x2a/0x420
[  666.861406][T13549]  ? __fget_files+0x2a/0x420
[  666.861437][T13549]  __sys_sendmsg+0x271/0x360
[  666.861462][T13549]  ? __pfx___sys_sendmsg+0x10/0x10
[  666.861513][T13549]  ? do_syscall_64+0xb6/0x230
[  666.861541][T13549]  do_syscall_64+0xf3/0x230
[  666.861566][T13549]  ? clear_bhb_loop+0x45/0xa0
[  666.861586][T13549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.861604][T13549] RIP: 0033:0x7f421ab8d169
[  666.861619][T13549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  666.861634][T13549] RSP: 002b:00007f421ba9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  666.861654][T13549] RAX: ffffffffffffffda RBX: 00007f421ada5fa0 RCX: 00007f421ab8d169
[  666.861667][T13549] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  666.861679][T13549] RBP: 00007f421ba9e090 R08: 0000000000000000 R09: 0000000000000000
[  666.861689][T13549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  666.861700][T13549] R13: 0000000000000000 R14: 00007f421ada5fa0 R15: 00007f421aecfa28
[  666.861722][T13549]  </TASK>
[  667.229924][T13551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  667.250320][T13551] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.574842][ T5885] usb 5-1: new full-speed USB device number 67 using dummy_hcd
[  667.637399][ T8390] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  667.749885][ T5885] usb 5-1: config 0 has an invalid interface number: 207 but max is 0
[  667.759550][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  667.773984][ T5885] usb 5-1: config 0 has no interface number 0
[  667.783384][ T5885] usb 5-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  667.799424][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.807822][ T5885] usb 5-1: Product: syz
[  667.813558][T13569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  667.814243][ T8390] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  667.865549][T13569] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.883256][ T5885] usb 5-1: Manufacturer: syz
[  667.888053][ T5885] usb 5-1: SerialNumber: syz
[  667.893586][ T8390] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  667.902702][ T8390] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  667.911474][ T5885] usb 5-1: config 0 descriptor??
[  667.925678][ T8390] usb 3-1: config 0 descriptor??
[  667.946085][ T8390] pwc: Askey VC010 type 2 USB webcam detected.
[  668.130107][T13555] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  668.141996][T13555] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  668.153112][ T5885] qmi_wwan 5-1:0.207: probe with driver qmi_wwan failed with error -22
[  668.172129][ T5885] usb 5-1: USB disconnect, device number 67
[  668.341529][ T8390] pwc: recv_control_msg error -32 req 02 val 2b00
[  668.385565][ T8390] pwc: recv_control_msg error -32 req 02 val 2700
[  668.428878][ T8390] pwc: recv_control_msg error -71 req 04 val 1000
[  668.469799][ T8390] pwc: recv_control_msg error -71 req 04 val 1300
[  668.614024][ T8390] pwc: recv_control_msg error -71 req 04 val 1400
[  668.621902][ T8390] pwc: recv_control_msg error -71 req 02 val 2000
[  668.628777][ T8390] pwc: recv_control_msg error -71 req 02 val 2100
[  668.636196][ T8390] pwc: recv_control_msg error -71 req 04 val 1500
[  668.642934][ T8390] pwc: recv_control_msg error -71 req 02 val 2500
[  668.701418][ T8390] pwc: recv_control_msg error -71 req 02 val 2400
[  668.738312][ T8390] pwc: recv_control_msg error -71 req 02 val 2600
[  668.763462][ T8390] pwc: recv_control_msg error -71 req 02 val 2900
[  668.789892][ T8390] pwc: recv_control_msg error -71 req 02 val 2800
[  668.817104][ T8390] pwc: recv_control_msg error -71 req 04 val 1100
[  668.844251][ T8390] pwc: recv_control_msg error -71 req 04 val 1200
[  668.870975][ T8390] pwc: Registered as video103.
[  668.878547][ T8390] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input43
[  668.900669][ T8390] usb 3-1: USB disconnect, device number 69
[  669.086560][T13592] SET target dimension over the limit!
[  669.097666][T13592] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2462'.
[  669.106637][T13594] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2463'.
[  669.120115][ T8399] usb 5-1: new full-speed USB device number 68 using dummy_hcd
[  669.123574][T13594] vivid-000: disconnect
[  669.139616][T13594] vivid-000: reconnect
[  669.260750][ T8390] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  669.286190][ T8399] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  669.310534][ T8399] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  669.324646][T13598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.333592][T13598] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.346629][ T8399] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  669.359285][ T8399] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  669.372853][ T8399] usb 5-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00
[  669.382712][ T8399] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.392675][ T8399] usb 5-1: config 0 descriptor??
[  669.424238][ T8390] usb 3-1: Using ep0 maxpacket: 16
[  669.431270][ T8390] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  669.442582][ T8390] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  669.451912][ T8390] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.461616][ T8390] usb 3-1: config 0 descriptor??
[  669.802550][T13588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.811592][T13588] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.822966][T13588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.834442][T13588] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.851267][ T8399] input: HID 28bd:0935 Mouse as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28BD:0935.001A/input/input44
[  669.881297][T13582] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2458'.
[  669.908592][ T8390] usbhid 3-1:0.0: can't add hid device: -71
[  669.918396][ T8390] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  669.929730][ T8390] usb 3-1: USB disconnect, device number 70
[  669.941540][ T8399] uclogic 0003:28BD:0935.001A: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0935] on usb-dummy_hcd.4-1/input0
[  669.957415][T13602] loop2: detected capacity change from 0 to 7
[  669.965588][T13602] Dev loop2: unable to read RDB block 7
[  669.971171][T13602]  loop2: AHDI p1 p2
[  669.975751][T13602] loop2: partition table partially beyond EOD, truncated
[  669.982902][T13602] loop2: p1 size 4227858431 extends beyond EOD, truncated
[  670.014862][ T8397] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[  670.024077][ T7962] udevd[7962]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  670.082486][ T8399] usb 5-1: USB disconnect, device number 68
[  670.164776][ T8397] usb 2-1: Using ep0 maxpacket: 32
[  670.176335][ T8397] usb 2-1: config 0 has an invalid interface number: 146 but max is 0
[  670.185856][ T8397] usb 2-1: config 0 has no interface number 0
[  670.193322][ T8397] usb 2-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  670.217200][ T8397] usb 2-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  670.245206][ T8397] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  670.258484][ T8397] usb 2-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  670.272114][ T8397] usb 2-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  670.284969][ T8397] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  670.298022][ T8397] usb 2-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  670.309678][ T8397] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  670.321372][ T8397] usb 2-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  670.362232][ T8397] usb 2-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  670.373419][ T8397] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.387793][ T8397] usb 2-1: Product: syz
[  670.391999][ T8397] usb 2-1: Manufacturer: syz
[  670.398943][ T8397] usb 2-1: SerialNumber: syz
[  670.416543][ T8397] usb 2-1: config 0 descriptor??
[  670.429667][T13600] raw-gadget.6 gadget.1: fail, usb_ep_enable returned -22
[  670.441141][ T8397] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 1 is not bulk.
[  670.457794][ T8397] microtek usb (rev 0.4.3): couldn't find an output bulk endpoint. Bailing out.
[  670.802960][ T8390] usb 2-1: USB disconnect, device number 108
[  670.912574][T13624] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2473'.
[  670.938656][T13625] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2473'.
[  671.324363][T13635] fuse: Bad value for 'group_id'
[  671.403760][T13638] fuse: Bad value for 'group_id'
[  671.412681][T13635] fuse: Bad value for 'group_id'
[  671.420888][T13638] fuse: Bad value for 'group_id'
[  671.547321][T13644] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  671.586269][T13643] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  671.858330][T13657] netlink: 'syz.1.2486': attribute type 1 has an invalid length.
[  671.904340][T13657] FAULT_INJECTION: forcing a failure.
[  671.904340][T13657] name failslab, interval 1, probability 0, space 0, times 0
[  671.930621][T13657] CPU: 0 UID: 0 PID: 13657 Comm: syz.1.2486 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  671.930651][T13657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  671.930665][T13657] Call Trace:
[  671.930671][T13657]  <TASK>
[  671.930680][T13657]  dump_stack_lvl+0x241/0x360
[  671.930711][T13657]  ? __pfx_dump_stack_lvl+0x10/0x10
[  671.930737][T13657]  ? __pfx__printk+0x10/0x10
[  671.930763][T13657]  ? __pfx___might_resched+0x10/0x10
[  671.930787][T13657]  should_fail_ex+0x424/0x570
[  671.930815][T13657]  should_failslab+0xac/0x100
[  671.930842][T13657]  __kvmalloc_node_noprof+0x170/0x5a0
[  671.930868][T13657]  ? alloc_netdev_mqs+0xacb/0x1210
[  671.930895][T13657]  alloc_netdev_mqs+0xacb/0x1210
[  671.930921][T13657]  rtnl_create_link+0x2f9/0xc90
[  671.930946][T13657]  rtnl_newlink_create+0x212/0xa50
[  671.930977][T13657]  ? __pfx___mutex_lock+0x10/0x10
[  671.931006][T13657]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  671.931046][T13657]  ? ns_capable+0x8a/0xf0
[  671.931076][T13657]  rtnl_newlink+0x1a0a/0x1f60
[  671.931107][T13657]  ? kernel_text_address+0xa7/0xe0
[  671.931135][T13657]  ? __pfx_rtnl_newlink+0x10/0x10
[  671.931158][T13657]  ? unwind_get_return_address+0x4d/0x90
[  671.931181][T13657]  ? arch_stack_walk+0xff/0x150
[  671.931213][T13657]  ? __lock_acquire+0xad5/0xd80
[  671.931278][T13657]  ? aa_get_newest_label+0x101/0x6f0
[  671.931308][T13657]  ? __lock_acquire+0xad5/0xd80
[  671.931349][T13657]  ? __pfx_rtnl_newlink+0x10/0x10
[  671.931375][T13657]  rtnetlink_rcv_msg+0x80f/0xd70
[  671.931397][T13657]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  671.931425][T13657]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  671.931466][T13657]  ? __lock_acquire+0xad5/0xd80
[  671.931505][T13657]  netlink_rcv_skb+0x208/0x480
[  671.931529][T13657]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  671.931556][T13657]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  671.931592][T13657]  ? netlink_deliver_tap+0x2e/0x1b0
[  671.931617][T13657]  ? netlink_deliver_tap+0x2e/0x1b0
[  671.931642][T13657]  netlink_unicast+0x7f8/0x9a0
[  671.931668][T13657]  ? __pfx_netlink_unicast+0x10/0x10
[  671.931686][T13657]  ? __virt_addr_valid+0x45f/0x530
[  671.931712][T13657]  ? __phys_addr_symbol+0x2f/0x70
[  671.931747][T13657]  ? __check_object_size+0x478/0x720
[  671.931777][T13657]  netlink_sendmsg+0x8e8/0xce0
[  671.931808][T13657]  ? __pfx_netlink_sendmsg+0x10/0x10
[  671.931834][T13657]  ? aa_sock_msg_perm+0x91/0x160
[  671.931864][T13657]  ? __pfx_netlink_sendmsg+0x10/0x10
[  671.931886][T13657]  __sock_sendmsg+0x221/0x270
[  671.931913][T13657]  ____sys_sendmsg+0x53c/0x870
[  671.931940][T13657]  ? __pfx_____sys_sendmsg+0x10/0x10
[  671.931959][T13657]  ? __fget_files+0x2a/0x420
[  671.931989][T13657]  ? __fget_files+0x2a/0x420
[  671.932030][T13657]  __sys_sendmsg+0x271/0x360
[  671.932054][T13657]  ? __pfx___sys_sendmsg+0x10/0x10
[  671.932111][T13657]  ? do_syscall_64+0xb6/0x230
[  671.932143][T13657]  do_syscall_64+0xf3/0x230
[  671.932172][T13657]  ? clear_bhb_loop+0x45/0xa0
[  671.932196][T13657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.932216][T13657] RIP: 0033:0x7fd40d98d169
[  671.932233][T13657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  671.932251][T13657] RSP: 002b:00007fd40b7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  671.932273][T13657] RAX: ffffffffffffffda RBX: 00007fd40dba5fa0 RCX: 00007fd40d98d169
[  671.932289][T13657] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  671.932302][T13657] RBP: 00007fd40b7f6090 R08: 0000000000000000 R09: 0000000000000000
[  671.932315][T13657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  671.932328][T13657] R13: 0000000000000000 R14: 00007fd40dba5fa0 R15: 00007fd40dccfa28
[  671.932354][T13657]  </TASK>
[  672.296938][    C0] vkms_vblank_simulate: vblank timer overrun
[  672.322739][ T5885] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  672.478025][ T5885] usb 3-1: Using ep0 maxpacket: 32
[  672.516547][ T5885] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  672.525272][ T5885] usb 3-1: config 0 has no interface number 0
[  672.532044][ T5885] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  672.543637][ T5885] usb 3-1: config 0 interface 85 has no altsetting 0
[  672.552729][ T5885] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  672.562145][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  672.570507][ T5885] usb 3-1: Product: syz
[  672.575033][ T5885] usb 3-1: Manufacturer: syz
[  672.579687][ T5885] usb 3-1: SerialNumber: syz
[  672.590013][ T5885] usb 3-1: config 0 descriptor??
[  672.724322][ T8397] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  672.789065][T13681] FAULT_INJECTION: forcing a failure.
[  672.789065][T13681] name failslab, interval 1, probability 0, space 0, times 0
[  672.818482][T13681] CPU: 0 UID: 0 PID: 13681 Comm: syz.0.2495 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  672.818517][T13681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  672.818531][T13681] Call Trace:
[  672.818539][T13681]  <TASK>
[  672.818548][T13681]  dump_stack_lvl+0x241/0x360
[  672.818581][T13681]  ? __pfx_dump_stack_lvl+0x10/0x10
[  672.818607][T13681]  ? __pfx__printk+0x10/0x10
[  672.818635][T13681]  ? __pfx___might_resched+0x10/0x10
[  672.818658][T13681]  should_fail_ex+0x424/0x570
[  672.818687][T13681]  should_failslab+0xac/0x100
[  672.818715][T13681]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  672.818743][T13681]  ? __alloc_skb+0x1c2/0x480
[  672.818776][T13681]  __alloc_skb+0x1c2/0x480
[  672.818810][T13681]  ? __pfx___alloc_skb+0x10/0x10
[  672.818840][T13681]  ? __pfx_rtnl_newlink+0x10/0x10
[  672.818881][T13681]  ? netlink_ack_tlv_len+0x6e/0x200
[  672.818904][T13681]  netlink_ack+0x147/0xa70
[  672.818923][T13681]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  672.818946][T13681]  ? __lock_acquire+0xad5/0xd80
[  672.818991][T13681]  netlink_rcv_skb+0x296/0x480
[  672.819014][T13681]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  672.819039][T13681]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  672.819073][T13681]  ? netlink_deliver_tap+0x2e/0x1b0
[  672.819097][T13681]  ? netlink_deliver_tap+0x2e/0x1b0
[  672.819121][T13681]  netlink_unicast+0x7f8/0x9a0
[  672.819145][T13681]  ? __pfx_netlink_unicast+0x10/0x10
[  672.819163][T13681]  ? __virt_addr_valid+0x45f/0x530
[  672.819188][T13681]  ? __phys_addr_symbol+0x2f/0x70
[  672.819210][T13681]  ? __check_object_size+0x478/0x720
[  672.819238][T13681]  netlink_sendmsg+0x8e8/0xce0
[  672.819269][T13681]  ? __pfx_netlink_sendmsg+0x10/0x10
[  672.819295][T13681]  ? aa_sock_msg_perm+0x91/0x160
[  672.819325][T13681]  ? __pfx_netlink_sendmsg+0x10/0x10
[  672.819347][T13681]  __sock_sendmsg+0x221/0x270
[  672.819374][T13681]  ____sys_sendmsg+0x53c/0x870
[  672.819399][T13681]  ? __pfx_____sys_sendmsg+0x10/0x10
[  672.819418][T13681]  ? __fget_files+0x2a/0x420
[  672.819448][T13681]  ? __fget_files+0x2a/0x420
[  672.819481][T13681]  __sys_sendmsg+0x271/0x360
[  672.819504][T13681]  ? __pfx___sys_sendmsg+0x10/0x10
[  672.819560][T13681]  ? do_syscall_64+0xb6/0x230
[  672.819592][T13681]  do_syscall_64+0xf3/0x230
[  672.819621][T13681]  ? clear_bhb_loop+0x45/0xa0
[  672.819643][T13681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.819663][T13681] RIP: 0033:0x7f3e3f38d169
[  672.819681][T13681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  672.819698][T13681] RSP: 002b:00007f3e40129038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  672.819734][T13681] RAX: ffffffffffffffda RBX: 00007f3e3f5a5fa0 RCX: 00007f3e3f38d169
[  672.819750][T13681] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  672.819763][T13681] RBP: 00007f3e40129090 R08: 0000000000000000 R09: 0000000000000000
[  672.819776][T13681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  672.819789][T13681] R13: 0000000000000000 R14: 00007f3e3f5a5fa0 R15: 00007f3e3f6cfa28
[  672.819832][T13681]  </TASK>
[  672.820076][ T5885] appletouch 3-1:0.85: Failed to read mode from device.
[  672.894863][ T8397] usb 5-1: Using ep0 maxpacket: 8
[  672.899150][ T5885] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  672.950410][ T8397] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  673.168331][ T8397] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  673.179291][ T8397] usb 5-1: config 0 has no interface number 0
[  673.187087][ T8397] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  673.199576][ T8397] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  673.210026][ T8397] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  673.232554][ T5885] usb 3-1: USB disconnect, device number 71
[  673.282571][ T8397] usb 5-1: config 0 interface 52 has no altsetting 0
[  673.306511][ T8397] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  673.322042][ T8397] usb 5-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  673.343775][ T8397] usb 5-1: Manufacturer: syz
[  673.359352][ T8397] usb 5-1: config 0 descriptor??
[  673.370508][T13692] FAULT_INJECTION: forcing a failure.
[  673.370508][T13692] name failslab, interval 1, probability 0, space 0, times 0
[  673.384089][T13692] CPU: 1 UID: 0 PID: 13692 Comm: syz.1.2499 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  673.384115][T13692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  673.384128][T13692] Call Trace:
[  673.384135][T13692]  <TASK>
[  673.384149][T13692]  dump_stack_lvl+0x241/0x360
[  673.384179][T13692]  ? __pfx_dump_stack_lvl+0x10/0x10
[  673.384203][T13692]  ? __pfx__printk+0x10/0x10
[  673.384227][T13692]  ? __pfx___might_resched+0x10/0x10
[  673.384249][T13692]  should_fail_ex+0x424/0x570
[  673.384276][T13692]  should_failslab+0xac/0x100
[  673.384301][T13692]  kmem_cache_alloc_noprof+0x78/0x390
[  673.384324][T13692]  ? vm_area_dup+0x61/0x290
[  673.384351][T13692]  vm_area_dup+0x61/0x290
[  673.384376][T13692]  __split_vma+0x1c2/0xc00
[  673.384426][T13692]  ? __pfx___split_vma+0x10/0x10
[  673.384456][T13692]  ? mas_find+0x950/0xbb0
[  673.384495][T13692]  ? __pfx_up_write+0x10/0x10
[  673.384513][T13692]  ? ima_get_action+0x75/0xb0
[  673.384542][T13692]  vms_gather_munmap_vmas+0x4bb/0x15f0
[  673.384578][T13692]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  673.384605][T13692]  ? mas_find+0x8c0/0xbb0
[  673.384634][T13692]  mmap_region+0xa54/0x2fc0
[  673.384677][T13692]  ? __pfx_mmap_region+0x10/0x10
[  673.384730][T13692]  ? preempt_schedule_irq+0x145/0x1c0
[  673.384756][T13692]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  673.384785][T13692]  ? irqentry_exit+0x63/0x90
[  673.384808][T13692]  ? lockdep_hardirqs_on+0x9d/0x150
[  673.384841][T13692]  ? __get_unmapped_area+0x2da/0x450
[  673.384866][T13692]  ? __get_unmapped_area+0x2f4/0x450
[  673.384899][T13692]  ? cap_mmap_addr+0xaa/0xf0
[  673.384920][T13692]  ? bpf_lsm_mmap_addr+0x9/0x10
[  673.384942][T13692]  ? security_mmap_addr+0x6f/0x250
[  673.384965][T13692]  ? shmem_mapping+0xd/0x50
[  673.384994][T13692]  do_mmap+0xd42/0x1420
[  673.385026][T13692]  ? __pfx_do_mmap+0x10/0x10
[  673.385049][T13692]  ? down_write_killable+0x1a0/0x260
[  673.385068][T13692]  ? vm_mmap_pgoff+0x214/0x530
[  673.385096][T13692]  ? __pfx_down_write_killable+0x10/0x10
[  673.385113][T13692]  ? common_file_perm+0x1a6/0x210
[  673.385142][T13692]  vm_mmap_pgoff+0x2a2/0x530
[  673.385177][T13692]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  673.385208][T13692]  ? __fget_files+0x2a/0x420
[  673.385235][T13692]  ? __fget_files+0x39d/0x420
[  673.385260][T13692]  ? __fget_files+0x2a/0x420
[  673.385289][T13692]  ksys_mmap_pgoff+0x4ee/0x720
[  673.385315][T13692]  ? __x64_sys_mmap+0x7f/0x140
[  673.385335][T13692]  do_syscall_64+0xf3/0x230
[  673.385363][T13692]  ? clear_bhb_loop+0x45/0xa0
[  673.385384][T13692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  673.385402][T13692] RIP: 0033:0x7fd40d98d169
[  673.385418][T13692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  673.385435][T13692] RSP: 002b:00007fd40b7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  673.385456][T13692] RAX: ffffffffffffffda RBX: 00007fd40dba5fa0 RCX: 00007fd40d98d169
[  673.385470][T13692] RDX: 0000000000000008 RSI: 0000000000002000 RDI: 0000200000ffc000
[  673.385481][T13692] RBP: 00007fd40b7f6090 R08: 0000000000000003 R09: 0000000100000000
[  673.385494][T13692] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[  673.385505][T13692] R13: 0000000000000000 R14: 00007fd40dba5fa0 R15: 00007fd40dccfa28
[  673.385528][T13692]  </TASK>
[  673.857861][T13696] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  673.867300][T13696] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  673.948068][ T8397] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  673.957407][ T8397] synaptics_usb 5-1:0.52: probe with driver synaptics_usb failed with error -5
[  674.105077][T13700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  674.145225][T13700] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  674.162690][T13700] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2503'.
[  674.175301][T13702] FAULT_INJECTION: forcing a failure.
[  674.175301][T13702] name failslab, interval 1, probability 0, space 0, times 0
[  674.192677][ T5885] usb 5-1: USB disconnect, device number 69
[  674.234830][T13702] CPU: 1 UID: 0 PID: 13702 Comm: syz.2.2502 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  674.234853][T13702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  674.234863][T13702] Call Trace:
[  674.234868][T13702]  <TASK>
[  674.234875][T13702]  dump_stack_lvl+0x241/0x360
[  674.234900][T13702]  ? __pfx_dump_stack_lvl+0x10/0x10
[  674.234918][T13702]  ? __pfx__printk+0x10/0x10
[  674.234937][T13702]  ? __pfx___might_resched+0x10/0x10
[  674.234954][T13702]  should_fail_ex+0x424/0x570
[  674.234974][T13702]  should_failslab+0xac/0x100
[  674.234993][T13702]  __kmalloc_noprof+0xdf/0x4d0
[  674.235012][T13702]  ? ima_alloc_init_template+0x8b/0x6e0
[  674.235035][T13702]  ima_alloc_init_template+0x8b/0x6e0
[  674.235057][T13702]  ? take_dentry_name_snapshot+0x2b/0x530
[  674.235077][T13702]  ? take_dentry_name_snapshot+0x515/0x530
[  674.235100][T13702]  ima_add_violation+0x229/0x510
[  674.235124][T13702]  ? __pfx_ima_add_violation+0x10/0x10
[  674.235145][T13702]  ? ima_d_path+0x224/0x280
[  674.235170][T13702]  ? ima_inode_get+0x2fa/0x4e0
[  674.235192][T13702]  process_measurement+0x683/0x1fb0
[  674.235221][T13702]  ? __pfx_process_measurement+0x10/0x10
[  674.235241][T13702]  ? tomoyo_check_open_permission+0x209/0x4f0
[  674.235259][T13702]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  674.235276][T13702]  ? do_filp_open+0x284/0x4e0
[  674.235305][T13702]  ? __pfx_apparmor_file_open+0x10/0x10
[  674.235321][T13702]  ? do_raw_spin_unlock+0x13c/0x8b0
[  674.235338][T13702]  ? file_set_fsnotify_mode_from_watchers+0x12a/0x640
[  674.235357][T13702]  ? inode_to_bdi+0x69/0xf0
[  674.235378][T13702]  ? apparmor_current_getlsmprop_subj+0xde/0x160
[  674.235398][T13702]  ima_file_check+0xdb/0x130
[  674.235418][T13702]  ? __pfx_ima_file_check+0x10/0x10
[  674.235441][T13702]  security_file_post_open+0xb9/0x280
[  674.235458][T13702]  path_openat+0x2cf7/0x35d0
[  674.235485][T13702]  ? kasan_save_track+0x51/0x80
[  674.235501][T13702]  ? __pfx_path_openat+0x10/0x10
[  674.235514][T13702]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  674.235533][T13702]  ? __lock_acquire+0xad5/0xd80
[  674.235555][T13702]  do_filp_open+0x284/0x4e0
[  674.235570][T13702]  ? __pfx_do_filp_open+0x10/0x10
[  674.235586][T13702]  ? do_raw_spin_lock+0x151/0x370
[  674.235618][T13702]  do_sys_openat2+0x12b/0x1d0
[  674.235639][T13702]  ? __pfx_do_sys_openat2+0x10/0x10
[  674.235658][T13702]  ? __fget_files+0x2a/0x420
[  674.235679][T13702]  ? __fget_files+0x2a/0x420
[  674.235701][T13702]  __x64_sys_openat+0x249/0x2a0
[  674.235722][T13702]  ? __pfx___x64_sys_openat+0x10/0x10
[  674.235746][T13702]  ? do_syscall_64+0xb6/0x230
[  674.235787][T13702]  do_syscall_64+0xf3/0x230
[  674.235809][T13702]  ? clear_bhb_loop+0x45/0xa0
[  674.235834][T13702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  674.235852][T13702] RIP: 0033:0x7f421ab8d169
[  674.235866][T13702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  674.235879][T13702] RSP: 002b:00007f421ba9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  674.235897][T13702] RAX: ffffffffffffffda RBX: 00007f421ada5fa0 RCX: 00007f421ab8d169
[  674.235909][T13702] RDX: 0000000000040000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  674.235920][T13702] RBP: 00007f421ba9e090 R08: 0000000000000000 R09: 0000000000000000
[  674.235930][T13702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  674.235940][T13702] R13: 0000000000000000 R14: 00007f421ada5fa0 R15: 00007f421aecfa28
[  674.235963][T13702]  </TASK>
[  674.237334][   T30] audit: type=1804 audit(1743074431.611:1961): pid=13702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2502" name="file0" dev="ramfs" ino=59853 res=0 errno=0
[  674.781779][T13708] netlink: 'syz.2.2505': attribute type 10 has an invalid length.
[  674.825101][T13708] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2505'.
[  674.937133][T13713] netlink: 'syz.4.2507': attribute type 10 has an invalid length.
[  674.948171][T13713] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2507'.
[  674.951603][T13708] geneve0: entered promiscuous mode
[  674.989992][T13715] FAULT_INJECTION: forcing a failure.
[  674.989992][T13715] name failslab, interval 1, probability 0, space 0, times 0
[  675.004061][T13708] team0: Port device geneve0 added
[  675.014824][T13715] CPU: 1 UID: 0 PID: 13715 Comm: syz.4.2507 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  675.014853][T13715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  675.014866][T13715] Call Trace:
[  675.014873][T13715]  <TASK>
[  675.014882][T13715]  dump_stack_lvl+0x241/0x360
[  675.014916][T13715]  ? __pfx_dump_stack_lvl+0x10/0x10
[  675.014942][T13715]  ? __pfx__printk+0x10/0x10
[  675.014969][T13715]  ? __pfx___might_resched+0x10/0x10
[  675.014992][T13715]  should_fail_ex+0x424/0x570
[  675.015021][T13715]  should_failslab+0xac/0x100
[  675.015048][T13715]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  675.015076][T13715]  ? __alloc_skb+0x1c2/0x480
[  675.015108][T13715]  __alloc_skb+0x1c2/0x480
[  675.015142][T13715]  ? __pfx___alloc_skb+0x10/0x10
[  675.015170][T13715]  ? __local_bh_enable_ip+0x168/0x200
[  675.015200][T13715]  ? l2tp_ip_sendmsg+0x36/0x1690
[  675.015229][T13715]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  675.015256][T13715]  ? do_raw_spin_unlock+0x13c/0x8b0
[  675.015283][T13715]  sock_wmalloc+0xab/0x120
[  675.015306][T13715]  l2tp_ip_sendmsg+0x1bd/0x1690
[  675.015338][T13715]  ? inet_sendmsg+0x330/0x390
[  675.015370][T13715]  __sock_sendmsg+0x1a6/0x270
[  675.015398][T13715]  ____sys_sendmsg+0x53c/0x870
[  675.015425][T13715]  ? __pfx_____sys_sendmsg+0x10/0x10
[  675.015456][T13715]  __sys_sendmmsg+0x3a0/0x7b0
[  675.015485][T13715]  ? __pfx___sys_sendmmsg+0x10/0x10
[  675.015530][T13715]  ? rcu_read_lock_any_held+0xbb/0x160
[  675.015553][T13715]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  675.015577][T13715]  ? vfs_write+0xb29/0xd10
[  675.015604][T13715]  ? ksys_write+0x24e/0x2d0
[  675.015626][T13715]  ? __mutex_unlock_slowpath+0x229/0x800
[  675.015676][T13715]  ? ksys_write+0x275/0x2d0
[  675.015705][T13715]  __x64_sys_sendmmsg+0xa0/0xb0
[  675.015728][T13715]  do_syscall_64+0xf3/0x230
[  675.015765][T13715]  ? clear_bhb_loop+0x45/0xa0
[  675.015792][T13715]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.015812][T13715] RIP: 0033:0x7f285a98d169
[  675.015829][T13715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  675.015848][T13715] RSP: 002b:00007f285b826038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  675.015870][T13715] RAX: ffffffffffffffda RBX: 00007f285aba6080 RCX: 00007f285a98d169
[  675.015885][T13715] RDX: 00000000040000cf RSI: 0000200000000900 RDI: 0000000000000003
[  675.015899][T13715] RBP: 00007f285b826090 R08: 0000000000000000 R09: 0000000000000000
[  675.015912][T13715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.015925][T13715] R13: 0000000000000001 R14: 00007f285aba6080 R15: 00007f285accfa28
[  675.015961][T13715]  </TASK>
[  675.293164][T13713] team0: Port device geneve0 added
[  675.376975][T13719] FAULT_INJECTION: forcing a failure.
[  675.376975][T13719] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  675.418763][T13719] CPU: 1 UID: 0 PID: 13719 Comm: syz.2.2508 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  675.418813][T13719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  675.418826][T13719] Call Trace:
[  675.418834][T13719]  <TASK>
[  675.418843][T13719]  dump_stack_lvl+0x241/0x360
[  675.418884][T13719]  ? __pfx_dump_stack_lvl+0x10/0x10
[  675.418908][T13719]  ? __pfx__printk+0x10/0x10
[  675.418935][T13719]  should_fail_ex+0x424/0x570
[  675.418960][T13719]  _copy_from_iter+0x211/0x1c70
[  675.418986][T13719]  ? __pfx__copy_from_iter+0x10/0x10
[  675.419004][T13719]  ? __virt_addr_valid+0x183/0x530
[  675.419025][T13719]  ? __virt_addr_valid+0x183/0x530
[  675.419044][T13719]  ? __virt_addr_valid+0x45f/0x530
[  675.419065][T13719]  ? __phys_addr_symbol+0x2f/0x70
[  675.419085][T13719]  ? __check_object_size+0x478/0x720
[  675.419111][T13719]  netlink_sendmsg+0x757/0xce0
[  675.419140][T13719]  ? __pfx_netlink_sendmsg+0x10/0x10
[  675.419162][T13719]  ? aa_sock_msg_perm+0x91/0x160
[  675.419188][T13719]  ? __pfx_netlink_sendmsg+0x10/0x10
[  675.419207][T13719]  __sock_sendmsg+0x221/0x270
[  675.419231][T13719]  ____sys_sendmsg+0x53c/0x870
[  675.419254][T13719]  ? __pfx_____sys_sendmsg+0x10/0x10
[  675.419270][T13719]  ? __fget_files+0x2a/0x420
[  675.419297][T13719]  ? __fget_files+0x2a/0x420
[  675.419342][T13719]  __sys_sendmsg+0x271/0x360
[  675.419364][T13719]  ? __pfx___sys_sendmsg+0x10/0x10
[  675.419415][T13719]  ? do_syscall_64+0xb6/0x230
[  675.419445][T13719]  do_syscall_64+0xf3/0x230
[  675.419472][T13719]  ? clear_bhb_loop+0x45/0xa0
[  675.419499][T13719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.419518][T13719] RIP: 0033:0x7f421ab8d169
[  675.419535][T13719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  675.419551][T13719] RSP: 002b:00007f421ba9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  675.419571][T13719] RAX: ffffffffffffffda RBX: 00007f421ada5fa0 RCX: 00007f421ab8d169
[  675.419585][T13719] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000004
[  675.419597][T13719] RBP: 00007f421ba9e090 R08: 0000000000000000 R09: 0000000000000000
[  675.419609][T13719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.419621][T13719] R13: 0000000000000000 R14: 00007f421ada5fa0 R15: 00007f421aecfa28
[  675.419643][T13719]  </TASK>
[  675.799363][T13723] macsec1: entered promiscuous mode
[  675.805818][T13723] bond0: entered promiscuous mode
[  675.811172][T13723] bond_slave_0: entered promiscuous mode
[  675.819333][T13723] bond_slave_1: entered promiscuous mode
[  675.826039][T13723] team0: entered promiscuous mode
[  675.831148][T13723] team_slave_0: entered promiscuous mode
[  675.838570][T13723] team_slave_1: entered promiscuous mode
[  675.845719][T13723] macsec1: entered allmulticast mode
[  675.851081][T13723] bond0: entered allmulticast mode
[  675.857271][T13723] bond_slave_0: entered allmulticast mode
[  675.863047][T13723] bond_slave_1: entered allmulticast mode
[  675.870143][T13723] team0: entered allmulticast mode
[  675.876109][T13723] team_slave_0: entered allmulticast mode
[  675.881884][T13723] team_slave_1: entered allmulticast mode
[  675.904982][T13723] bond0: left allmulticast mode
[  675.910108][T13723] bond_slave_0: left allmulticast mode
[  675.919288][T13723] bond_slave_1: left allmulticast mode
[  675.929758][T13723] team0: left allmulticast mode
[  675.935414][T13723] team_slave_0: left allmulticast mode
[  675.941076][T13723] team_slave_1: left allmulticast mode
[  675.947213][T13723] bond0: left promiscuous mode
[  675.952191][T13723] bond_slave_0: left promiscuous mode
[  675.958473][T13723] bond_slave_1: left promiscuous mode
[  675.964513][T13723] team0: left promiscuous mode
[  675.972987][T13731] netlink: 'syz.2.2513': attribute type 1 has an invalid length.
[  675.985200][T13723] team_slave_0: left promiscuous mode
[  675.992230][T13723] team_slave_1: left promiscuous mode
[  676.201355][T13736] veth3: entered promiscuous mode
[  676.434387][ T5885] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[  676.606109][ T5885] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  676.617985][ T5885] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  676.633479][ T5885] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  676.645185][ T5885] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  676.705327][T13759] net_ratelimit: 55 callbacks suppressed
[  676.705341][T13759] macsec0: mtu greater than device maximum
[  676.802781][T13760] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  676.812144][T13760] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.945608][ T8399] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  676.964877][ T5885] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  676.989705][ T5885] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  676.999323][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  677.007727][ T5885] usb 2-1: Product: syz
[  677.012212][ T5885] usb 2-1: Manufacturer: syz
[  677.098961][ T5885] cdc_wdm 2-1:1.0: skipping garbage
[  677.112580][ T5885] cdc_wdm 2-1:1.0: skipping garbage
[  677.127816][ T8399] usb 5-1: config index 0 descriptor too short (expected 14385, got 441)
[  677.137136][ T8399] usb 5-1: config 52 has too many interfaces: 52, using maximum allowed: 32
[  677.148967][ T5885] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  677.158909][ T5885] cdc_wdm 2-1:1.0: Unknown control protocol
[  677.180698][ T8399] usb 5-1: config 52 has an invalid descriptor of length 0, skipping remainder of the config
[  677.191545][ T8399] usb 5-1: config 52 has 0 interfaces, different from the descriptor's value: 52
[  677.201046][ T8399] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  677.214907][ T8399] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.441267][ T8399] usb 5-1: string descriptor 0 read error: -71
[  677.450463][ T8399] usb 5-1: USB disconnect, device number 70
[  677.688545][T13770] netlink: 'syz.3.2524': attribute type 12 has an invalid length.
[  677.710735][T13770] netlink: 'syz.3.2524': attribute type 12 has an invalid length.
[  677.744302][T13771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  677.769051][T13770] netlink: 'syz.3.2524': attribute type 12 has an invalid length.
[  677.777561][T13771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  677.791778][T13771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  677.813749][T13770] netlink: 'syz.3.2524': attribute type 12 has an invalid length.
[  677.837617][T13771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  677.851103][T13770] netlink: 'syz.3.2524': attribute type 12 has an invalid length.
[  677.859132][ T8397] usb 3-1: new full-speed USB device number 72 using dummy_hcd
[  677.867869][T13770] netlink: 'syz.3.2524': attribute type 12 has an invalid length.
[  677.896951][T13771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  677.911313][T13770] netlink: 'syz.3.2524': attribute type 12 has an invalid length.
[  677.923743][T13770] netlink: 'syz.3.2524': attribute type 12 has an invalid length.
[  677.949426][T13771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  677.957758][T13770] netlink: 'syz.3.2524': attribute type 12 has an invalid length.
[  677.977905][T13770] netlink: 'syz.3.2524': attribute type 12 has an invalid length.
[  677.998812][T13771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  678.037041][ T8397] usb 3-1: config index 0 descriptor too short (expected 31, got 27)
[  678.046587][ T8397] usb 3-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0
[  678.064495][T13771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  678.077927][T13771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  678.113832][ T8397] usb 3-1: config 1 interface 0 has no altsetting 0
[  678.138031][T13771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  678.154788][T13771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  678.166912][ T8397] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72
[  678.185484][ T8397] usb 3-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3
[  678.211139][T13771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  678.244657][ T8397] usb 3-1: Product: syz
[  678.252711][ T8397] usb 3-1: Manufacturer: syz
[  678.329322][ T8397] usb 3-1: SerialNumber: syz
[  678.996061][ T8397] usblp 3-1:1.0: usblp1: USB Unidirectional printer dev 72 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  679.211301][T13767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  679.245906][T13767] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  679.490075][T13767] sctp: [Deprecated]: syz.2.2522 (pid 13767) Use of int in max_burst socket option.
[  679.490075][T13767] Use struct sctp_assoc_value instead
[  679.540427][T13767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  679.554981][    C1] wdm_int_callback: 7 callbacks suppressed
[  679.555006][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  679.555158][ T5885] usb 2-1: USB disconnect, device number 109
[  679.560837][    C1] wdm_int_callback: 7 callbacks suppressed
[  679.560856][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  679.560875][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  679.563605][T13767] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  680.071315][ T5885] usb 2-1: new full-speed USB device number 110 using dummy_hcd
[  680.281934][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  680.297794][ T5885] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  680.318643][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  680.339003][ T5885] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  680.350446][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.362184][ T5885] usb 2-1: Product: syz
[  680.367508][ T5885] usb 2-1: Manufacturer: syz
[  680.377487][ T5885] usb 2-1: SerialNumber: syz
[  680.391702][ T5885] usb 2-1: config 0 descriptor??
[  680.400723][T13796] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  680.412196][T13796] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  680.436400][ T5885] usb 2-1: ucan: probing device on interface #0
[  680.549271][T13767] sctp: [Deprecated]: syz.2.2522 (pid 13767) Use of struct sctp_assoc_value in delayed_ack socket option.
[  680.549271][T13767] Use struct sctp_sack_info instead
[  680.551811][ T8397] usb 3-1: USB disconnect, device number 72
[  680.555268][ T8397] usblp1: removed
[  680.675233][ T5885] usb 2-1: ucan: device reported invalid device info
[  680.675258][ T5885] usb 2-1: ucan: probe failed; try to update the device firmware
[  680.876829][ T8397] usb 2-1: USB disconnect, device number 110
[  681.438016][T13813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  681.447258][T13813] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  681.504435][ T5885] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  681.532785][T13821] openvswitch: netlink: Key type 2063 is out of range max 32
[  681.826968][ T5885] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  681.842548][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  681.896134][ T5885] usb 5-1: config 0 descriptor??
[  681.912832][T13834] Invalid option length (1044984) for dns_resolver key
[  681.932361][ T5885] cp210x 5-1:0.0: cp210x converter detected
[  682.024326][ T8390] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  682.133929][T13815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  682.156396][T13815] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  682.177978][ T5885] usb 5-1: cp210x converter now attached to ttyUSB2
[  682.184472][ T8397] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[  682.216623][ T8390] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  682.225917][ T8390] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  682.237630][ T8390] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  682.248430][ T8390] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  682.260044][ T8390] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  682.278814][ T8390] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  682.289954][ T8390] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  682.301808][ T8390] usb 3-1: Product: syz
[  682.309143][ T8390] usb 3-1: Manufacturer: syz
[  682.321645][ T8390] cdc_wdm 3-1:1.0: skipping garbage
[  682.334829][ T8390] cdc_wdm 3-1:1.0: skipping garbage
[  682.347780][ T8397] usb 2-1: Using ep0 maxpacket: 8
[  682.348416][ T8390] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  682.362510][ T8390] cdc_wdm 3-1:1.0: Unknown control protocol
[  682.366113][ T8397] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  682.372451][ T5885] usb 5-1: USB disconnect, device number 71
[  682.387572][ T5885] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2
[  682.400422][ T8397] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  682.409274][ T5885] cp210x 5-1:0.0: device disconnected
[  682.450802][ T8397] usb 2-1: config 0 has no interface number 0
[  682.471586][ T8397] usb 2-1: config 0 interface 52 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  682.509679][ T8397] usb 2-1: config 0 interface 52 has no altsetting 0
[  682.526652][ T8397] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  682.536569][ T8397] usb 2-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  682.563303][ T8397] usb 2-1: Manufacturer: syz
[  682.606447][ T8397] usb 2-1: config 0 descriptor??
[  682.897631][ T8397] usb 2-1: Can not set alternate setting to 1, error: -71
[  682.907046][ T8397] synaptics_usb 2-1:0.52: probe with driver synaptics_usb failed with error -71
[  682.926467][ T8397] usb 2-1: USB disconnect, device number 111
[  683.033934][T13844] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  683.056281][T13844] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  683.229108][T13846] FAULT_INJECTION: forcing a failure.
[  683.229108][T13846] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  683.271880][T13846] CPU: 1 UID: 0 PID: 13846 Comm: syz.4.2547 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  683.271901][T13846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  683.271911][T13846] Call Trace:
[  683.271916][T13846]  <TASK>
[  683.271922][T13846]  dump_stack_lvl+0x241/0x360
[  683.271945][T13846]  ? __pfx_dump_stack_lvl+0x10/0x10
[  683.271963][T13846]  ? __pfx__printk+0x10/0x10
[  683.271984][T13846]  should_fail_ex+0x424/0x570
[  683.272004][T13846]  _copy_to_user+0x31/0xb0
[  683.272021][T13846]  simple_read_from_buffer+0xdc/0x170
[  683.272042][T13846]  proc_fail_nth_read+0x1ef/0x260
[  683.272065][T13846]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  683.272087][T13846]  ? rw_verify_area+0x246/0x630
[  683.272100][T13846]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  683.272121][T13846]  vfs_read+0x21f/0xb90
[  683.272136][T13846]  ? __pfx___mutex_lock+0x10/0x10
[  683.272156][T13846]  ? __pfx_vfs_read+0x10/0x10
[  683.272188][T13846]  ? __fget_files+0x2a/0x420
[  683.272209][T13846]  ? __fget_files+0x39d/0x420
[  683.272228][T13846]  ? __fget_files+0x2a/0x420
[  683.272252][T13846]  ksys_read+0x19d/0x2d0
[  683.272268][T13846]  ? __pfx_ksys_read+0x10/0x10
[  683.272285][T13846]  ? do_syscall_64+0xb6/0x230
[  683.272307][T13846]  do_syscall_64+0xf3/0x230
[  683.272329][T13846]  ? clear_bhb_loop+0x45/0xa0
[  683.272345][T13846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.272359][T13846] RIP: 0033:0x7f285a98bb7c
[  683.272372][T13846] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  683.272385][T13846] RSP: 002b:00007f285b847030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  683.272401][T13846] RAX: ffffffffffffffda RBX: 00007f285aba5fa0 RCX: 00007f285a98bb7c
[  683.272412][T13846] RDX: 000000000000000f RSI: 00007f285b8470a0 RDI: 0000000000000008
[  683.272421][T13846] RBP: 00007f285b847090 R08: 0000000000000000 R09: 0000000000000000
[  683.272431][T13846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  683.272439][T13846] R13: 0000000000000000 R14: 00007f285aba5fa0 R15: 00007f285accfa28
[  683.272457][T13846]  </TASK>
[  683.854344][ T5885] usb 5-1: new full-speed USB device number 72 using dummy_hcd
[  683.961065][T13858] syzkaller0: entered promiscuous mode
[  683.967108][T13858] syzkaller0: entered allmulticast mode
[  684.030294][ T5885] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  684.068135][ T5885] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  684.080479][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  684.090560][ T5885] usb 5-1: Product: syz
[  684.097139][ T5885] usb 5-1: Manufacturer: syz
[  684.103174][ T5885] usb 5-1: SerialNumber: syz
[  684.123375][ T5885] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  684.486541][T13863] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  684.496027][T13863] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  684.615072][ T8397] usb 3-1: USB disconnect, device number 73
[  684.735277][ T5885] usb 5-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  684.780705][ T5885] usb 5-1: USB disconnect, device number 72
[  684.796936][T13868] fuse: Unknown parameter 'J+0
[  684.796936][T13868] ¼y'
[  684.811987][T13868] fuse: Unknown parameter 'group_i'
[  685.767953][T13876] FAULT_INJECTION: forcing a failure.
[  685.767953][T13876] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  685.782862][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  685.789258][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  685.797238][T13876] CPU: 0 UID: 0 PID: 13876 Comm: syz.2.2558 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  685.797265][T13876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  685.797278][T13876] Call Trace:
[  685.797286][T13876]  <TASK>
[  685.797294][T13876]  dump_stack_lvl+0x241/0x360
[  685.797326][T13876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  685.797352][T13876]  ? __pfx__printk+0x10/0x10
[  685.797383][T13876]  should_fail_ex+0x424/0x570
[  685.797409][T13876]  _copy_from_iter+0x211/0x1c70
[  685.797435][T13876]  ? __pfx__copy_from_iter+0x10/0x10
[  685.797452][T13876]  ? __virt_addr_valid+0x183/0x530
[  685.797471][T13876]  ? __virt_addr_valid+0x183/0x530
[  685.797488][T13876]  ? __virt_addr_valid+0x45f/0x530
[  685.797507][T13876]  ? __phys_addr_symbol+0x2f/0x70
[  685.797524][T13876]  ? __check_object_size+0x478/0x720
[  685.797547][T13876]  netlink_sendmsg+0x757/0xce0
[  685.797573][T13876]  ? __pfx_netlink_sendmsg+0x10/0x10
[  685.797595][T13876]  ? aa_sock_msg_perm+0x91/0x160
[  685.797619][T13876]  ? __pfx_netlink_sendmsg+0x10/0x10
[  685.797636][T13876]  __sock_sendmsg+0x221/0x270
[  685.797676][T13876]  ____sys_sendmsg+0x53c/0x870
[  685.797698][T13876]  ? __pfx_____sys_sendmsg+0x10/0x10
[  685.797712][T13876]  ? __fget_files+0x2a/0x420
[  685.797737][T13876]  ? __fget_files+0x2a/0x420
[  685.797764][T13876]  __sys_sendmsg+0x271/0x360
[  685.797783][T13876]  ? __pfx___sys_sendmsg+0x10/0x10
[  685.797837][T13876]  ? do_syscall_64+0xb6/0x230
[  685.797865][T13876]  do_syscall_64+0xf3/0x230
[  685.797889][T13876]  ? clear_bhb_loop+0x45/0xa0
[  685.797908][T13876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.797924][T13876] RIP: 0033:0x7f421ab8d169
[  685.797939][T13876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  685.797954][T13876] RSP: 002b:00007f421ba7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  685.797972][T13876] RAX: ffffffffffffffda RBX: 00007f421ada6080 RCX: 00007f421ab8d169
[  685.797985][T13876] RDX: 0000000000000098 RSI: 0000200000000200 RDI: 0000000000000004
[  685.797996][T13876] RBP: 00007f421ba7d090 R08: 0000000000000000 R09: 0000000000000000
[  685.798007][T13876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  685.798018][T13876] R13: 0000000000000000 R14: 00007f421ada6080 R15: 00007f421aecfa28
[  685.798040][T13876]  </TASK>
[  686.328258][T13880] Invalid option length (1044984) for dns_resolver key
[  686.588224][ T5885] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  686.744769][ T5885] usb 5-1: Using ep0 maxpacket: 8
[  686.751309][ T5885] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  686.763420][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  686.774494][ T5885] usb 5-1: config 0 has no interface number 0
[  686.780690][ T5885] usb 5-1: config 0 interface 52 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  686.804396][ T5885] usb 5-1: config 0 interface 52 has no altsetting 0
[  686.812032][ T5885] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  686.824187][ T5885] usb 5-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  686.846441][ T5885] usb 5-1: Manufacturer: syz
[  686.852579][ T5885] usb 5-1: config 0 descriptor??
[  687.064412][ T5885] usb 5-1: Can not set alternate setting to 1, error: -71
[  687.077095][ T5885] synaptics_usb 5-1:0.52: probe with driver synaptics_usb failed with error -71
[  687.097199][ T5885] usb 5-1: USB disconnect, device number 73
[  687.573800][T13905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  687.582721][T13905] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  688.100765][T13911] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2571'.
[  688.141295][T13911] 8021q: VLANs not supported on caif0
[  689.210536][T13932] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2577'.
[  689.371135][T13934] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2576'.
[  689.761167][T13947] FAULT_INJECTION: forcing a failure.
[  689.761167][T13947] name failslab, interval 1, probability 0, space 0, times 0
[  689.780909][T13947] CPU: 0 UID: 0 PID: 13947 Comm: syz.0.2582 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  689.780932][T13947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  689.780943][T13947] Call Trace:
[  689.780954][T13947]  <TASK>
[  689.780961][T13947]  dump_stack_lvl+0x241/0x360
[  689.780986][T13947]  ? __pfx_dump_stack_lvl+0x10/0x10
[  689.781006][T13947]  ? __pfx__printk+0x10/0x10
[  689.781026][T13947]  ? __pfx___might_resched+0x10/0x10
[  689.781044][T13947]  should_fail_ex+0x424/0x570
[  689.781066][T13947]  should_failslab+0xac/0x100
[  689.781086][T13947]  kmem_cache_alloc_noprof+0x78/0x390
[  689.781106][T13947]  ? fib_insert_alias+0x30e/0x1280
[  689.781126][T13947]  fib_insert_alias+0x30e/0x1280
[  689.781144][T13947]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  689.781162][T13947]  ? kmem_cache_alloc_noprof+0x237/0x390
[  689.781193][T13947]  ? fib_table_insert+0x647/0x1fd0
[  689.781210][T13947]  fib_table_insert+0x83f/0x1fd0
[  689.781234][T13947]  ? __asan_memset+0x23/0x50
[  689.781247][T13947]  ? rtm_to_fib_config+0xfa8/0x13d0
[  689.781270][T13947]  ? rcu_is_watching+0x15/0xb0
[  689.781284][T13947]  ? __pfx_fib_table_insert+0x10/0x10
[  689.781298][T13947]  ? trace_contention_end+0x3c/0x120
[  689.781313][T13947]  ? __mutex_lock+0x39b/0x1000
[  689.781335][T13947]  ? fib_new_table+0x120/0x2d0
[  689.781356][T13947]  inet_rtm_newroute+0x14b/0x290
[  689.781379][T13947]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  689.781408][T13947]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  689.781430][T13947]  rtnetlink_rcv_msg+0x7c2/0xd70
[  689.781447][T13947]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  689.781467][T13947]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  689.781489][T13947]  ? __lock_acquire+0xad5/0xd80
[  689.781516][T13947]  netlink_rcv_skb+0x208/0x480
[  689.781534][T13947]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  689.781553][T13947]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  689.781576][T13947]  ? netlink_deliver_tap+0x2e/0x1b0
[  689.781593][T13947]  ? netlink_deliver_tap+0x2e/0x1b0
[  689.781610][T13947]  netlink_unicast+0x7f8/0x9a0
[  689.781628][T13947]  ? __pfx_netlink_unicast+0x10/0x10
[  689.781641][T13947]  ? __virt_addr_valid+0x45f/0x530
[  689.781659][T13947]  ? __phys_addr_symbol+0x2f/0x70
[  689.781675][T13947]  ? __check_object_size+0x478/0x720
[  689.781695][T13947]  netlink_sendmsg+0x8e8/0xce0
[  689.781718][T13947]  ? __pfx_netlink_sendmsg+0x10/0x10
[  689.781736][T13947]  ? aa_sock_msg_perm+0x91/0x160
[  689.781758][T13947]  ? __pfx_netlink_sendmsg+0x10/0x10
[  689.781773][T13947]  __sock_sendmsg+0x221/0x270
[  689.781793][T13947]  ____sys_sendmsg+0x53c/0x870
[  689.781812][T13947]  ? __pfx_____sys_sendmsg+0x10/0x10
[  689.781826][T13947]  ? __fget_files+0x2a/0x420
[  689.781847][T13947]  ? __fget_files+0x2a/0x420
[  689.781872][T13947]  __sys_sendmsg+0x271/0x360
[  689.781888][T13947]  ? __pfx___sys_sendmsg+0x10/0x10
[  689.781927][T13947]  ? do_syscall_64+0xb6/0x230
[  689.781949][T13947]  do_syscall_64+0xf3/0x230
[  689.781970][T13947]  ? clear_bhb_loop+0x45/0xa0
[  689.781986][T13947]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.782000][T13947] RIP: 0033:0x7f3e3f38d169
[  689.782013][T13947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  689.782026][T13947] RSP: 002b:00007f3e40129038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  689.782042][T13947] RAX: ffffffffffffffda RBX: 00007f3e3f5a5fa0 RCX: 00007f3e3f38d169
[  689.782053][T13947] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  689.782063][T13947] RBP: 00007f3e40129090 R08: 0000000000000000 R09: 0000000000000000
[  689.782072][T13947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  689.782081][T13947] R13: 0000000000000000 R14: 00007f3e3f5a5fa0 R15: 00007f3e3f6cfa28
[  689.782099][T13947]  </TASK>
[  690.584256][   T30] audit: type=1326 audit(1743074447.941:1962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13954 comm="syz.2.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421ab8d169 code=0x7ffc0000
[  690.642476][   T30] audit: type=1326 audit(1743074447.941:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13954 comm="syz.2.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421ab8d169 code=0x7ffc0000
[  690.770067][   T30] audit: type=1326 audit(1743074448.101:1964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13954 comm="syz.2.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421ab8d169 code=0x7ffc0000
[  690.818280][   T30] audit: type=1326 audit(1743074448.101:1965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13954 comm="syz.2.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421ab8d169 code=0x7ffc0000
[  690.908578][   T30] audit: type=1326 audit(1743074448.111:1966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13954 comm="syz.2.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f421ab8d169 code=0x7ffc0000
[  690.977231][   T30] audit: type=1326 audit(1743074448.111:1967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13954 comm="syz.2.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421ab8d169 code=0x7ffc0000
[  691.033413][T13971] FAULT_INJECTION: forcing a failure.
[  691.033413][T13971] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  691.056079][T13971] CPU: 1 UID: 0 PID: 13971 Comm: syz.2.2590 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  691.056107][T13971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  691.056119][T13971] Call Trace:
[  691.056126][T13971]  <TASK>
[  691.056134][T13971]  dump_stack_lvl+0x241/0x360
[  691.056166][T13971]  ? __pfx_dump_stack_lvl+0x10/0x10
[  691.056191][T13971]  ? __pfx__printk+0x10/0x10
[  691.056218][T13971]  should_fail_ex+0x424/0x570
[  691.056245][T13971]  _copy_to_user+0x31/0xb0
[  691.056267][T13971]  simple_read_from_buffer+0xdc/0x170
[  691.056293][T13971]  proc_fail_nth_read+0x1ef/0x260
[  691.056324][T13971]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  691.056353][T13971]  ? rw_verify_area+0x246/0x630
[  691.056371][T13971]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  691.056406][T13971]  vfs_read+0x21f/0xb90
[  691.056428][T13971]  ? __pfx___mutex_lock+0x10/0x10
[  691.056456][T13971]  ? __pfx_vfs_read+0x10/0x10
[  691.056476][T13971]  ? __fget_files+0x2a/0x420
[  691.056502][T13971]  ? __fget_files+0x39d/0x420
[  691.056526][T13971]  ? __fget_files+0x2a/0x420
[  691.056558][T13971]  ksys_read+0x19d/0x2d0
[  691.056578][T13971]  ? __pfx_ksys_read+0x10/0x10
[  691.056600][T13971]  ? do_syscall_64+0xb6/0x230
[  691.056630][T13971]  do_syscall_64+0xf3/0x230
[  691.056657][T13971]  ? clear_bhb_loop+0x45/0xa0
[  691.056679][T13971]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.056697][T13971] RIP: 0033:0x7f421ab8bb7c
[  691.056714][T13971] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  691.056729][T13971] RSP: 002b:00007f421ba9e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  691.056750][T13971] RAX: ffffffffffffffda RBX: 00007f421ada5fa0 RCX: 00007f421ab8bb7c
[  691.056764][T13971] RDX: 000000000000000f RSI: 00007f421ba9e0a0 RDI: 0000000000000003
[  691.056776][T13971] RBP: 00007f421ba9e090 R08: 0000000000000000 R09: 0000000000000000
[  691.056788][T13971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  691.056799][T13971] R13: 0000000000000000 R14: 00007f421ada5fa0 R15: 00007f421aecfa28
[  691.056821][T13971]  </TASK>
[  691.062861][   T30] audit: type=1326 audit(1743074448.111:1968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13954 comm="syz.2.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f421ab8d169 code=0x7ffc0000
[  691.359483][   T30] audit: type=1326 audit(1743074448.111:1969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13954 comm="syz.2.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421ab8d169 code=0x7ffc0000
[  691.404142][   T30] audit: type=1326 audit(1743074448.111:1970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13954 comm="syz.2.2584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421ab8d169 code=0x7ffc0000
[  691.516299][T13979] FAULT_INJECTION: forcing a failure.
[  691.516299][T13979] name failslab, interval 1, probability 0, space 0, times 0
[  691.585081][T13979] CPU: 1 UID: 0 PID: 13979 Comm: syz.0.2594 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  691.585114][T13979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  691.585127][T13979] Call Trace:
[  691.585135][T13979]  <TASK>
[  691.585144][T13979]  dump_stack_lvl+0x241/0x360
[  691.585178][T13979]  ? __pfx_dump_stack_lvl+0x10/0x10
[  691.585205][T13979]  ? __pfx__printk+0x10/0x10
[  691.585233][T13979]  ? __pfx___might_resched+0x10/0x10
[  691.585258][T13979]  should_fail_ex+0x424/0x570
[  691.585287][T13979]  should_failslab+0xac/0x100
[  691.585315][T13979]  __kvmalloc_node_noprof+0x170/0x5a0
[  691.585352][T13979]  ? alloc_netdev_mqs+0xacb/0x1210
[  691.585380][T13979]  alloc_netdev_mqs+0xacb/0x1210
[  691.585408][T13979]  rtnl_create_link+0x2f9/0xc90
[  691.585434][T13979]  rtnl_newlink_create+0x212/0xa50
[  691.585466][T13979]  ? __pfx___mutex_lock+0x10/0x10
[  691.585498][T13979]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  691.585532][T13979]  ? ns_capable+0x8a/0xf0
[  691.585564][T13979]  rtnl_newlink+0x1a0a/0x1f60
[  691.585598][T13979]  ? kernel_text_address+0xa7/0xe0
[  691.585627][T13979]  ? __pfx_rtnl_newlink+0x10/0x10
[  691.585652][T13979]  ? unwind_get_return_address+0x4d/0x90
[  691.585687][T13979]  ? arch_stack_walk+0xff/0x150
[  691.585713][T13979]  ? __lock_acquire+0xad5/0xd80
[  691.585744][T13979]  ? __lock_acquire+0xad5/0xd80
[  691.585780][T13979]  ? is_bpf_text_address+0x26/0x2a0
[  691.585810][T13979]  ? is_bpf_text_address+0x288/0x2a0
[  691.585835][T13979]  ? is_bpf_text_address+0x26/0x2a0
[  691.585862][T13979]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  691.585884][T13979]  ? kernel_text_address+0xa7/0xe0
[  691.585909][T13979]  ? __kernel_text_address+0xd/0x40
[  691.585932][T13979]  ? aa_get_newest_label+0x101/0x6f0
[  691.585956][T13979]  ? __lock_acquire+0xad5/0xd80
[  691.585986][T13979]  ? __pfx_rtnl_newlink+0x10/0x10
[  691.586005][T13979]  rtnetlink_rcv_msg+0x80f/0xd70
[  691.586023][T13979]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  691.586043][T13979]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  691.586064][T13979]  ? __lock_acquire+0xad5/0xd80
[  691.586093][T13979]  netlink_rcv_skb+0x208/0x480
[  691.586111][T13979]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  691.586130][T13979]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  691.586156][T13979]  ? netlink_deliver_tap+0x2e/0x1b0
[  691.586173][T13979]  ? netlink_deliver_tap+0x2e/0x1b0
[  691.586191][T13979]  netlink_unicast+0x7f8/0x9a0
[  691.586210][T13979]  ? __pfx_netlink_unicast+0x10/0x10
[  691.586223][T13979]  ? __virt_addr_valid+0x45f/0x530
[  691.586242][T13979]  ? __phys_addr_symbol+0x2f/0x70
[  691.586260][T13979]  ? __check_object_size+0x478/0x720
[  691.586282][T13979]  netlink_sendmsg+0x8e8/0xce0
[  691.586305][T13979]  ? __pfx_netlink_sendmsg+0x10/0x10
[  691.586334][T13979]  ? aa_sock_msg_perm+0x91/0x160
[  691.586358][T13979]  ? __pfx_netlink_sendmsg+0x10/0x10
[  691.586374][T13979]  __sock_sendmsg+0x221/0x270
[  691.586395][T13979]  ____sys_sendmsg+0x53c/0x870
[  691.586415][T13979]  ? __pfx_____sys_sendmsg+0x10/0x10
[  691.586429][T13979]  ? __fget_files+0x2a/0x420
[  691.586452][T13979]  ? __fget_files+0x2a/0x420
[  691.586478][T13979]  __sys_sendmsg+0x271/0x360
[  691.586495][T13979]  ? __pfx___sys_sendmsg+0x10/0x10
[  691.586536][T13979]  ? do_syscall_64+0xb6/0x230
[  691.586560][T13979]  do_syscall_64+0xf3/0x230
[  691.586583][T13979]  ? clear_bhb_loop+0x45/0xa0
[  691.586601][T13979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.586615][T13979] RIP: 0033:0x7f3e3f38d169
[  691.586629][T13979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  691.586643][T13979] RSP: 002b:00007f3e40129038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  691.586661][T13979] RAX: ffffffffffffffda RBX: 00007f3e3f5a5fa0 RCX: 00007f3e3f38d169
[  691.586673][T13979] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  691.586683][T13979] RBP: 00007f3e40129090 R08: 0000000000000000 R09: 0000000000000000
[  691.586692][T13979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  691.586701][T13979] R13: 0000000000000000 R14: 00007f3e3f5a5fa0 R15: 00007f3e3f6cfa28
[  691.586720][T13979]  </TASK>
[  692.090325][T13987] loop7: detected capacity change from 0 to 16384
[  692.102725][T13990] openvswitch: netlink: Missing valid actions attribute.
[  692.118333][T13990] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  692.175272][ T5885] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  692.213760][T13990] netlink: 1 bytes leftover after parsing attributes in process `syz.1.2598'.
[  692.223292][T13990] openvswitch: netlink: Actions may not be safe on all matching packets
[  692.446352][ T5885] usb 3-1: Using ep0 maxpacket: 16
[  692.482368][ T5885] usb 3-1: unable to read config index 0 descriptor/start: -61
[  692.515899][ T5885] usb 3-1: can't read configurations, error -61
[  692.645350][T13992] loop7: detected capacity change from 16384 to 16383
[  692.754272][ T5885] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  692.955136][T13997] loop7: detected capacity change from 16383 to 16384
[  693.073666][ T5885] usb 3-1: Using ep0 maxpacket: 16
[  693.122748][ T5885] usb 3-1: unable to read config index 0 descriptor/start: -61
[  693.130499][ T5885] usb 3-1: can't read configurations, error -61
[  693.137146][ T5885] usb usb3-port1: attempt power cycle
[  693.514417][ T5885] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  693.603513][ T5885] usb 3-1: Using ep0 maxpacket: 16
[  693.648922][ T5885] usb 3-1: unable to read config index 0 descriptor/start: -61
[  693.684271][ T5885] usb 3-1: can't read configurations, error -61
[  693.854967][ T5885] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  693.895367][ T5885] usb 3-1: Using ep0 maxpacket: 16
[  693.902316][ T5885] usb 3-1: unable to read config index 0 descriptor/start: -61
[  693.913835][ T5885] usb 3-1: can't read configurations, error -61
[  693.930975][ T5885] usb usb3-port1: unable to enumerate USB device
[  694.291674][T14019] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2604'.
[  694.699614][T14031] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2607'.
[  695.014335][ T5885] usb 2-1: new high-speed USB device number 112 using dummy_hcd
[  695.074791][ T8397] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  695.204383][ T5885] usb 2-1: Using ep0 maxpacket: 32
[  695.212085][ T5885] usb 2-1: config 0 interface 0 has no altsetting 0
[  695.219105][ T5885] usb 2-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e
[  695.243123][ T8397] usb 3-1: config index 0 descriptor too short (expected 32820, got 52)
[  695.247101][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.274487][ T8397] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  695.299404][ T5885] usb 2-1: config 0 descriptor??
[  695.312414][ T8397] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  695.330433][ T5885] usb 2-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state
[  695.358280][ T5885] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  695.389357][ T5885] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+)
[  695.394829][ T8397] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  695.445339][ T8397] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  695.454238][ T5885] usb 2-1: media controller created
[  695.511003][ T5885] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  695.564908][ T8397] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  695.577208][ T5885] set interface failed
[  695.577549][ T5885] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  695.602056][ T5885] error writing reg: 0xff, val: 0x00
[  695.631202][ T5885] dvb_usb_mxl111sf 2-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22
[  695.695128][ T8397] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  695.696434][ T5885] usb 2-1: USB disconnect, device number 112
[  695.852518][ T8397] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97
[  695.872494][ T8397] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  695.898884][ T8397] usb 3-1: Product: syz
[  695.903127][ T8397] usb 3-1: Manufacturer: syz
[  695.914975][ T8397] usb 3-1: SerialNumber: syz
[  695.930196][ T8397] usb 3-1: config 0 descriptor??
[  695.944058][ T8397] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  695.980531][ T8397] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -12
[  696.081994][ T7070] udevd[7070]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  696.284583][ T5885] usb 3-1: USB disconnect, device number 78
[  696.367411][T14056] FAULT_INJECTION: forcing a failure.
[  696.367411][T14056] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  696.381913][T14056] CPU: 1 UID: 0 PID: 14056 Comm: syz.0.2616 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  696.381942][T14056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  696.381954][T14056] Call Trace:
[  696.381960][T14056]  <TASK>
[  696.381968][T14056]  dump_stack_lvl+0x241/0x360
[  696.381996][T14056]  ? __pfx_dump_stack_lvl+0x10/0x10
[  696.382024][T14056]  ? __pfx__printk+0x10/0x10
[  696.382051][T14056]  should_fail_ex+0x424/0x570
[  696.382076][T14056]  prepare_alloc_pages+0x1dd/0x5c0
[  696.382098][T14056]  __alloc_frozen_pages_noprof+0x181/0x7b0
[  696.382118][T14056]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  696.382148][T14056]  alloc_pages_mpol+0x339/0x690
[  696.382174][T14056]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  696.382202][T14056]  vma_alloc_folio_noprof+0x12d/0x260
[  696.382226][T14056]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  696.382254][T14056]  folio_prealloc+0x2e/0x170
[  696.382271][T14056]  __handle_mm_fault+0x32e8/0x6ef0
[  696.382313][T14056]  ? __pfx___handle_mm_fault+0x10/0x10
[  696.382342][T14056]  ? __lock_acquire+0xad5/0xd80
[  696.382368][T14056]  ? do_raw_spin_lock+0x151/0x370
[  696.382392][T14056]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  696.382418][T14056]  ? __pte_offset_map_lock+0x276/0x310
[  696.382462][T14056]  ? __pfx___might_resched+0x10/0x10
[  696.382482][T14056]  handle_mm_fault+0x3e5/0x8d0
[  696.382512][T14056]  __get_user_pages+0x1adf/0x4180
[  696.382578][T14056]  ? __pfx___get_user_pages+0x10/0x10
[  696.382604][T14056]  ? __gup_longterm_locked+0xd86/0x1850
[  696.382634][T14056]  ? __pfx_down_read_killable+0x10/0x10
[  696.382653][T14056]  ? __lock_acquire+0xad5/0xd80
[  696.382705][T14056]  __gup_longterm_locked+0xec1/0x1850
[  696.382731][T14056]  ? try_get_folio+0xf1/0x6e0
[  696.382751][T14056]  ? try_grab_folio_fast+0x419/0x700
[  696.382770][T14056]  ? __pfx___gup_longterm_locked+0x10/0x10
[  696.382791][T14056]  ? sanity_check_pinned_pages+0x11b2/0x12a0
[  696.382824][T14056]  gup_fast_fallback+0x226b/0x29d0
[  696.382872][T14056]  ? __pfx_gup_fast_fallback+0x10/0x10
[  696.382911][T14056]  ? kasan_save_track+0x51/0x80
[  696.382928][T14056]  ? __kasan_slab_alloc+0x66/0x80
[  696.382947][T14056]  ? kmem_cache_alloc_noprof+0x1e1/0x390
[  696.382968][T14056]  ? mempool_alloc_noprof+0x199/0x5a0
[  696.383004][T14056]  ? __blkdev_direct_IO+0x288/0x1010
[  696.383036][T14056]  ? blkdev_direct_IO+0x1034/0x1560
[  696.383063][T14056]  ? blkdev_read_iter+0x247/0x460
[  696.383090][T14056]  ? io_submit_one+0x886/0x18b0
[  696.383115][T14056]  ? __se_sys_io_submit+0x17a/0x2e0
[  696.383137][T14056]  ? do_syscall_64+0xf3/0x230
[  696.383179][T14056]  ? is_valid_gup_args+0x124/0x200
[  696.383210][T14056]  pin_user_pages_fast+0xd2/0x160
[  696.383229][T14056]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  696.383259][T14056]  ? __lock_acquire+0xad5/0xd80
[  696.383286][T14056]  iov_iter_extract_pages+0x3bd/0x5c0
[  696.383312][T14056]  bio_iov_iter_get_pages+0x4f3/0x1460
[  696.383335][T14056]  ? bio_associate_blkg_from_css+0xa4/0xc70
[  696.383385][T14056]  ? bio_associate_blkg+0x6c/0x230
[  696.383406][T14056]  ? __pfx_bio_iov_iter_get_pages+0x10/0x10
[  696.383432][T14056]  ? bio_alloc_bioset+0x6d7/0x1130
[  696.383452][T14056]  ? blk_start_plug+0x53/0x1b0
[  696.383477][T14056]  __blkdev_direct_IO+0x583/0x1010
[  696.383513][T14056]  ? __pfx_aio_complete_rw+0x10/0x10
[  696.383544][T14056]  ? __pfx___blkdev_direct_IO+0x10/0x10
[  696.383583][T14056]  blkdev_direct_IO+0x1034/0x1560
[  696.383616][T14056]  ? __pfx_blkdev_direct_IO+0x10/0x10
[  696.383664][T14056]  ? rcu_read_lock_any_held+0xbb/0x160
[  696.383685][T14056]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  696.383725][T14056]  ? blkdev_read_iter+0x21c/0x460
[  696.383756][T14056]  ? blkdev_read_iter+0x21c/0x460
[  696.383787][T14056]  ? touch_atime+0x521/0x690
[  696.383812][T14056]  blkdev_read_iter+0x247/0x460
[  696.383847][T14056]  aio_read+0x38c/0x530
[  696.383879][T14056]  ? __pfx_aio_read+0x10/0x10
[  696.383934][T14056]  io_submit_one+0x886/0x18b0
[  696.383972][T14056]  ? __lock_acquire+0xad5/0xd80
[  696.384003][T14056]  ? __pfx_io_submit_one+0x10/0x10
[  696.384050][T14056]  ? __might_fault+0xaa/0x120
[  696.384083][T14056]  __se_sys_io_submit+0x17a/0x2e0
[  696.384111][T14056]  ? __pfx___se_sys_io_submit+0x10/0x10
[  696.384136][T14056]  ? ksys_write+0x275/0x2d0
[  696.384166][T14056]  ? do_syscall_64+0xb6/0x230
[  696.384197][T14056]  do_syscall_64+0xf3/0x230
[  696.384228][T14056]  ? clear_bhb_loop+0x45/0xa0
[  696.384252][T14056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  696.384272][T14056] RIP: 0033:0x7f3e3f38d169
[  696.384291][T14056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  696.384308][T14056] RSP: 002b:00007f3e40129038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  696.384332][T14056] RAX: ffffffffffffffda RBX: 00007f3e3f5a5fa0 RCX: 00007f3e3f38d169
[  696.384347][T14056] RDX: 00002000000000c0 RSI: 00000000000000ca RDI: 00007f3e40108000
[  696.384361][T14056] RBP: 00007f3e40129090 R08: 0000000000000000 R09: 0000000000000000
[  696.384375][T14056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  696.384387][T14056] R13: 0000000000000000 R14: 00007f3e3f5a5fa0 R15: 00007f3e3f6cfa28
[  696.384411][T14056]  </TASK>
[  697.114785][ T8397] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[  697.186959][T14064] tipc: Started in network mode
[  697.192233][T14064] tipc: Node identity fe80000000000000000000000000001e, cluster identity 4711
[  697.250884][T14064] tipc: Enabled bearer <udp:syz0>, priority 1
[  697.264978][ T8397] usb 2-1: Using ep0 maxpacket: 8
[  697.278006][ T8397] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x73, changing to 0x3
[  697.283962][T14067] FAULT_INJECTION: forcing a failure.
[  697.283962][T14067] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  697.291129][ T8397] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  697.316602][ T8397] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  697.320422][T14067] CPU: 0 UID: 0 PID: 14067 Comm: syz.0.2619 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  697.320450][T14067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  697.320463][T14067] Call Trace:
[  697.320470][T14067]  <TASK>
[  697.320478][T14067]  dump_stack_lvl+0x241/0x360
[  697.320509][T14067]  ? __pfx_dump_stack_lvl+0x10/0x10
[  697.320533][T14067]  ? __pfx__printk+0x10/0x10
[  697.320564][T14067]  should_fail_ex+0x424/0x570
[  697.320591][T14067]  _copy_from_user+0x2d/0xb0
[  697.320614][T14067]  copy_msghdr_from_user+0xb3/0x580
[  697.320644][T14067]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  697.320667][T14067]  ? __fget_files+0x2a/0x420
[  697.320694][T14067]  ? __fget_files+0x2a/0x420
[  697.320726][T14067]  __sys_sendmsg+0x20a/0x360
[  697.320748][T14067]  ? __pfx___sys_sendmsg+0x10/0x10
[  697.320799][T14067]  ? do_syscall_64+0xb6/0x230
[  697.320829][T14067]  do_syscall_64+0xf3/0x230
[  697.320857][T14067]  ? clear_bhb_loop+0x45/0xa0
[  697.320879][T14067]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.320898][T14067] RIP: 0033:0x7f3e3f38d169
[  697.320914][T14067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  697.320931][T14067] RSP: 002b:00007f3e40129038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  697.320959][T14067] RAX: ffffffffffffffda RBX: 00007f3e3f5a5fa0 RCX: 00007f3e3f38d169
[  697.320974][T14067] RDX: 0000000000000010 RSI: 0000200000000240 RDI: 000000000000000f
[  697.320986][T14067] RBP: 00007f3e40129090 R08: 0000000000000000 R09: 0000000000000000
[  697.320999][T14067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  697.321011][T14067] R13: 0000000000000000 R14: 00007f3e3f5a5fa0 R15: 00007f3e3f6cfa28
[  697.321034][T14067]  </TASK>
[  697.374643][T14069] validate_nla: 23 callbacks suppressed
[  697.374664][T14069] netlink: 'syz.4.2620': attribute type 1 has an invalid length.
[  697.377292][ T8397] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.536953][ T8397] usb 2-1: Product: syz
[  697.556492][ T8397] usb 2-1: Manufacturer: syz
[  697.561125][ T8397] usb 2-1: SerialNumber: syz
[  697.569353][ T8397] usb 2-1: config 0 descriptor??
[  697.598121][ T8397] streamzap 2-1:0.0: streamzap_probe: endpoint doesn't match input device 0203
[  698.080758][ T5885] usb 2-1: USB disconnect, device number 113
[  698.087563][T14082] syzkaller1: entered promiscuous mode
[  698.093122][T14082] syzkaller1: entered allmulticast mode
[  698.214812][ T8397] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  698.369540][ T8397] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  698.386828][ T5885] tipc: Node number set to 4269801502
[  698.421281][ T8397] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  698.453014][ T8397] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  698.463128][ T8397] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  698.475192][ T8397] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  698.489190][ T8397] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  698.503042][ T8397] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  698.512085][ T8397] usb 5-1: Product: syz
[  698.517007][ T8397] usb 5-1: Manufacturer: syz
[  698.534017][ T8397] cdc_wdm 5-1:1.0: skipping garbage
[  698.558870][ T8397] cdc_wdm 5-1:1.0: skipping garbage
[  698.588255][ T8397] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  698.604797][ T8397] cdc_wdm 5-1:1.0: Unknown control protocol
[  698.650953][T14089] FAULT_INJECTION: forcing a failure.
[  698.650953][T14089] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  698.664334][ T5885] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  698.721079][T14089] CPU: 0 UID: 0 PID: 14089 Comm: syz.0.2626 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  698.721109][T14089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  698.721122][T14089] Call Trace:
[  698.721130][T14089]  <TASK>
[  698.721139][T14089]  dump_stack_lvl+0x241/0x360
[  698.721172][T14089]  ? __pfx_dump_stack_lvl+0x10/0x10
[  698.721198][T14089]  ? __pfx__printk+0x10/0x10
[  698.721231][T14089]  should_fail_ex+0x424/0x570
[  698.721260][T14089]  _copy_from_user+0x2d/0xb0
[  698.721284][T14089]  kstrtouint_from_user+0xd6/0x190
[  698.721316][T14089]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  698.721349][T14089]  ? __lock_acquire+0xad5/0xd80
[  698.721385][T14089]  proc_fail_nth_write+0xac/0x2d0
[  698.721416][T14089]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  698.721439][T14089]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  698.721481][T14089]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  698.721514][T14089]  vfs_write+0x2bc/0xd10
[  698.721538][T14089]  ? fdget_pos+0x247/0x310
[  698.721570][T14089]  ? __pfx_vfs_write+0x10/0x10
[  698.721593][T14089]  ? __fget_files+0x2a/0x420
[  698.721622][T14089]  ? __fget_files+0x39d/0x420
[  698.721649][T14089]  ? __fget_files+0x2a/0x420
[  698.721683][T14089]  ksys_write+0x19d/0x2d0
[  698.721706][T14089]  ? __pfx_ksys_write+0x10/0x10
[  698.721732][T14089]  ? do_syscall_64+0xb6/0x230
[  698.721764][T14089]  do_syscall_64+0xf3/0x230
[  698.721794][T14089]  ? clear_bhb_loop+0x45/0xa0
[  698.721818][T14089]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.721837][T14089] RIP: 0033:0x7f3e3f38bc1f
[  698.721855][T14089] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  698.721873][T14089] RSP: 002b:00007f3e40129030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  698.721895][T14089] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3e3f38bc1f
[  698.721909][T14089] RDX: 0000000000000001 RSI: 00007f3e401290a0 RDI: 0000000000000004
[  698.721926][T14089] RBP: 00007f3e40129090 R08: 0000000000000000 R09: 0000000000000000
[  698.721939][T14089] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  698.721952][T14089] R13: 0000000000000000 R14: 00007f3e3f5a5fa0 R15: 00007f3e3f6cfa28
[  698.721977][T14089]  </TASK>
[  699.216138][ T5885] usb 3-1: Using ep0 maxpacket: 8
[  699.226680][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  699.254204][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  699.270906][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  699.281294][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  699.312290][ T5885] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  699.333658][ T5885] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  699.364685][T14101] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  699.373988][T14101] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  699.400941][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.467591][ T5885] usb 3-1: config 0 descriptor??
[  699.530001][T14104] macsec1: entered promiscuous mode
[  699.552970][T14104] 
: entered promiscuous mode
[  699.571405][T14104] bond_slave_0: entered promiscuous mode
[  699.591579][T14104] bond_slave_1: entered promiscuous mode
[  699.612951][T14104] macsec1: entered allmulticast mode
[  699.618351][T14104] 
: entered allmulticast mode
[  699.623325][T14104] bond_slave_0: entered allmulticast mode
[  699.633305][T14104] bond_slave_1: entered allmulticast mode
[  699.664299][ T8390] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[  699.843006][ T8390] usb 2-1: config 0 has no interfaces?
[  699.860276][ T8390] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  699.869689][ T8390] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.877980][ T8390] usb 2-1: Product: syz
[  699.883020][ T8390] usb 2-1: Manufacturer: syz
[  699.889024][ T8390] usb 2-1: SerialNumber: syz
[  699.901346][ T8390] usb 2-1: config 0 descriptor??
[  699.903712][ T8397] usb 3-1: USB disconnect, device number 79
[  699.984886][T14107] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2632'.
[  700.973866][ T8390] usb 5-1: USB disconnect, device number 74
[  701.331957][T14124] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:20003
[  701.458210][T14126] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2638'.
[  701.558955][ T5885] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  701.884219][ T5885] usb 3-1: device descriptor read/64, error -71
[  702.134243][ T5885] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  702.274379][ T5885] usb 3-1: device descriptor read/64, error -71
[  702.353956][T14144] FAULT_INJECTION: forcing a failure.
[  702.353956][T14144] name failslab, interval 1, probability 0, space 0, times 0
[  702.372496][T14144] CPU: 1 UID: 0 PID: 14144 Comm: syz.0.2644 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  702.372524][T14144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  702.372537][T14144] Call Trace:
[  702.372544][T14144]  <TASK>
[  702.372552][T14144]  dump_stack_lvl+0x241/0x360
[  702.372583][T14144]  ? __pfx_dump_stack_lvl+0x10/0x10
[  702.372608][T14144]  ? __pfx__printk+0x10/0x10
[  702.372633][T14144]  ? __pfx___might_resched+0x10/0x10
[  702.372655][T14144]  should_fail_ex+0x424/0x570
[  702.372683][T14144]  should_failslab+0xac/0x100
[  702.372707][T14144]  __kmalloc_noprof+0xdf/0x4d0
[  702.372731][T14144]  ? copy_splice_read+0x181/0xb50
[  702.372753][T14144]  ? __pfx_copy_splice_read+0x10/0x10
[  702.372780][T14144]  copy_splice_read+0x181/0xb50
[  702.372808][T14144]  ? __pfx_copy_splice_read+0x10/0x10
[  702.372840][T14144]  ? file_end_write+0xdd/0x250
[  702.372865][T14144]  ? direct_splice_actor+0x128/0x220
[  702.372890][T14144]  ? __pfx_copy_splice_read+0x10/0x10
[  702.372914][T14144]  splice_direct_to_actor+0x4af/0xc90
[  702.372949][T14144]  ? __pfx_direct_splice_actor+0x10/0x10
[  702.372976][T14144]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  702.373007][T14144]  do_splice_direct+0x281/0x3d0
[  702.373034][T14144]  ? __pfx_do_splice_direct+0x10/0x10
[  702.373060][T14144]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  702.373089][T14144]  ? bpf_lsm_file_permission+0x9/0x10
[  702.373114][T14144]  ? rw_verify_area+0x246/0x630
[  702.373136][T14144]  do_sendfile+0x582/0x8c0
[  702.373168][T14144]  ? __pfx_do_sendfile+0x10/0x10
[  702.373196][T14144]  ? __fget_files+0x2a/0x420
[  702.373238][T14144]  __se_sys_sendfile64+0x17e/0x1e0
[  702.373264][T14144]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  702.373292][T14144]  ? do_syscall_64+0xb6/0x230
[  702.373338][T14144]  do_syscall_64+0xf3/0x230
[  702.373366][T14144]  ? clear_bhb_loop+0x45/0xa0
[  702.373394][T14144]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.373413][T14144] RIP: 0033:0x7f3e3f38d169
[  702.373430][T14144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  702.373447][T14144] RSP: 002b:00007f3e3d1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  702.373468][T14144] RAX: ffffffffffffffda RBX: 00007f3e3f5a6160 RCX: 00007f3e3f38d169
[  702.373482][T14144] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005
[  702.373493][T14144] RBP: 00007f3e3d1f6090 R08: 0000000000000000 R09: 0000000000000000
[  702.373507][T14144] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001
[  702.373518][T14144] R13: 0000000000000000 R14: 00007f3e3f5a6160 R15: 00007f3e3f6cfa28
[  702.373542][T14144]  </TASK>
[  702.638345][ T5885] usb usb3-port1: attempt power cycle
[  703.120539][ T8390] usb 2-1: USB disconnect, device number 114
[  703.314263][ T5885] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  703.344693][ T5885] usb 3-1: device descriptor read/8, error -71
[  703.594592][ T5885] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  703.615154][ T5885] usb 3-1: device descriptor read/8, error -71
[  703.730291][ T5885] usb usb3-port1: unable to enumerate USB device
[  704.882907][T14188] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2659'.
[  704.905581][T14190] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2656'.
[  704.938156][T14193] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2660'.
[  704.938442][T14190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  704.969342][T14190] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  704.995682][T14190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  705.017988][T14190] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  705.071707][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2661'.
[  705.094997][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2661'.
[  705.106161][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2661'.
[  705.117038][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2661'.
[  705.128604][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2661'.
[  705.139196][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2661'.
[  705.149691][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2661'.
[  705.160281][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2661'.
[  705.170800][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2661'.
[  705.181197][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2661'.
[  705.311373][T14204] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  705.327413][ T8397] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  705.485133][ T8397] usb 5-1: Using ep0 maxpacket: 8
[  705.493010][ T8397] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  705.508066][ T8397] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  705.521634][ T8397] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  705.532744][ T8397] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  705.551106][ T8397] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  705.562586][ T8397] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  705.590449][T14210] fuse: Bad value for 'rootmode'
[  705.710518][T14221] netlink: 'syz.2.2666': attribute type 16 has an invalid length.
[  705.734874][T14221] netlink: 'syz.2.2666': attribute type 3 has an invalid length.
[  705.782243][ T8397] usb 5-1: GET_CAPABILITIES returned 0
[  705.802930][ T8397] usbtmc 5-1:16.0: can't read capabilities
[  705.988137][ T8397] usb 5-1: USB disconnect, device number 75
[  706.651604][T14232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  706.681264][T14232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  706.885046][ T8397] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  707.009725][T14241] Invalid option length (1044984) for dns_resolver key
[  707.054049][ T8397] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  707.073491][ T8397] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  707.093301][ T8397] usb 5-1: config 0 descriptor??
[  707.103802][ T8397] gspca_main: cpia1-2.14.0 probing 0813:0001
[  707.276027][ T8399] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[  707.302480][ T8397] gspca_cpia1: usb_control_msg 05, error -71
[  707.321297][ T8397] gspca_cpia1: usb_control_msg 01, error -71
[  707.329259][ T8397] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0)
[  707.341203][ T8397] usb 5-1: USB disconnect, device number 76
[  707.412461][T14245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  707.432230][T14245] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  707.444729][ T8399] usb 2-1: Using ep0 maxpacket: 8
[  707.456399][ T8399] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  707.471270][T14245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  707.482867][ T8399] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  707.501356][T14245] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  707.509968][ T8399] usb 2-1: config 0 has no interface number 0
[  707.522811][ T8399] usb 2-1: config 0 interface 52 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  707.542476][ T8399] usb 2-1: config 0 interface 52 has no altsetting 0
[  707.551175][ T8399] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  707.561549][ T8399] usb 2-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  707.570556][ T8399] usb 2-1: Manufacturer: syz
[  707.578438][ T8399] usb 2-1: config 0 descriptor??
[  707.760124][T14245] sctp: [Deprecated]: syz.0.2674 (pid 14245) Use of int in max_burst socket option.
[  707.760124][T14245] Use struct sctp_assoc_value instead
[  707.800889][ T8399] usb 2-1: Can not set alternate setting to 1, error: -71
[  707.810119][ T8399] synaptics_usb 2-1:0.52: probe with driver synaptics_usb failed with error -71
[  707.810192][T14245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  707.835863][ T8399] usb 2-1: USB disconnect, device number 115
[  707.844796][ T8397] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  707.859678][T14245] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  707.937294][T14252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  707.948426][T14252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  708.004279][ T8397] usb 3-1: Using ep0 maxpacket: 8
[  708.012633][ T8397] usb 3-1: config 0 has an invalid interface number: 31 but max is 0
[  708.032514][ T8397] usb 3-1: config 0 has no interface number 0
[  708.043079][ T8397] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  708.074682][ T8397] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.103171][ T8397] usb 3-1: Product: syz
[  708.111097][ T8397] usb 3-1: Manufacturer: syz
[  708.119171][ T8397] usb 3-1: SerialNumber: syz
[  708.142018][ T8397] usb 3-1: config 0 descriptor??
[  708.237175][T14245] sctp: [Deprecated]: syz.0.2674 (pid 14245) Use of struct sctp_assoc_value in delayed_ack socket option.
[  708.237175][T14245] Use struct sctp_sack_info instead
[  708.304426][ T5885] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  708.359668][T14249] pimreg: entered allmulticast mode
[  708.375383][T14249] pimreg: left allmulticast mode
[  708.444656][ T5885] usb 5-1: device descriptor read/64, error -71
[  708.452764][ T8397] usb 3-1: Found UVC 0.04 device syz (046d:08c3)
[  708.464872][ T8397] usb 3-1: No valid video chain found.
[  708.482063][ T8397] usb 3-1: USB disconnect, device number 84
[  708.704389][ T5885] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  708.784355][ T8399] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[  708.864383][ T5885] usb 5-1: device descriptor read/64, error -71
[  708.944847][ T8399] usb 2-1: Using ep0 maxpacket: 16
[  708.958429][ T8399] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  708.998948][ T5885] usb usb5-port1: attempt power cycle
[  709.008960][ T8399] usb 2-1: config 9 has 0 interfaces, different from the descriptor's value: 2
[  709.063445][ T8399] usb 2-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=ed.e2
[  709.084057][ T8399] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  709.136387][ T8399] usb 2-1: Product: syz
[  709.140723][ T8399] usb 2-1: Manufacturer: syz
[  709.149619][ T8399] usb 2-1: SerialNumber: syz
[  709.185946][T14274] FAULT_INJECTION: forcing a failure.
[  709.185946][T14274] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  709.199942][T14274] CPU: 0 UID: 0 PID: 14274 Comm: syz.2.2685 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  709.199962][T14274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  709.199971][T14274] Call Trace:
[  709.199976][T14274]  <TASK>
[  709.199999][T14274]  dump_stack_lvl+0x241/0x360
[  709.200024][T14274]  ? __pfx_dump_stack_lvl+0x10/0x10
[  709.200042][T14274]  ? __pfx__printk+0x10/0x10
[  709.200065][T14274]  should_fail_ex+0x424/0x570
[  709.200085][T14274]  _copy_to_user+0x31/0xb0
[  709.200102][T14274]  simple_read_from_buffer+0xdc/0x170
[  709.200123][T14274]  proc_fail_nth_read+0x1ef/0x260
[  709.200147][T14274]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  709.200171][T14274]  ? rw_verify_area+0x246/0x630
[  709.200184][T14274]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  709.200207][T14274]  vfs_read+0x21f/0xb90
[  709.200223][T14274]  ? __pfx___mutex_lock+0x10/0x10
[  709.200249][T14274]  ? __pfx_vfs_read+0x10/0x10
[  709.200264][T14274]  ? __fget_files+0x2a/0x420
[  709.200285][T14274]  ? __fget_files+0x39d/0x420
[  709.200304][T14274]  ? __fget_files+0x2a/0x420
[  709.200328][T14274]  ksys_read+0x19d/0x2d0
[  709.200343][T14274]  ? __pfx_ksys_read+0x10/0x10
[  709.200360][T14274]  ? do_syscall_64+0xb6/0x230
[  709.200383][T14274]  do_syscall_64+0xf3/0x230
[  709.200404][T14274]  ? clear_bhb_loop+0x45/0xa0
[  709.200420][T14274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  709.200434][T14274] RIP: 0033:0x7f421ab8bb7c
[  709.200447][T14274] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  709.200459][T14274] RSP: 002b:00007f421ba7d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  709.200475][T14274] RAX: ffffffffffffffda RBX: 00007f421ada6080 RCX: 00007f421ab8bb7c
[  709.200486][T14274] RDX: 000000000000000f RSI: 00007f421ba7d0a0 RDI: 000000000000000a
[  709.200495][T14274] RBP: 00007f421ba7d090 R08: 0000000000000000 R09: 0000000000000000
[  709.200504][T14274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  709.200513][T14274] R13: 0000000000000000 R14: 00007f421ada6080 R15: 00007f421aecfa28
[  709.200531][T14274]  </TASK>
[  709.413135][    C0] vkms_vblank_simulate: vblank timer overrun
[  709.433833][T14267] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  709.442457][T14267] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  709.640416][ T5885] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  709.665175][ T5885] usb 5-1: device descriptor read/8, error -71
[  709.831446][T14279] loop7: detected capacity change from 0 to 16384
[  709.924419][ T5885] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  709.974800][ T5885] usb 5-1: device descriptor read/8, error -71
[  710.076729][T14280] loop7: detected capacity change from 16384 to 16383
[  710.096057][ T5885] usb usb5-port1: unable to enumerate USB device
[  710.261322][T14281] loop7: detected capacity change from 16383 to 16384
[  710.440782][T14285] netlink: 'syz.0.2688': attribute type 8 has an invalid length.
[  710.460241][T14285] __nla_validate_parse: 24 callbacks suppressed
[  710.460262][T14285] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2688'.
[  711.369345][T14299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  711.378504][T14299] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  711.605608][ T5885] usb 5-1: new full-speed USB device number 81 using dummy_hcd
[  711.749823][ T8399] usb 2-1: USB disconnect, device number 116
[  711.768669][ T5885] usb 5-1: config index 0 descriptor too short (expected 31, got 27)
[  711.793315][ T5885] usb 5-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0
[  711.844923][ T5885] usb 5-1: config 1 interface 0 has no altsetting 0
[  712.003349][ T5885] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72
[  712.140802][ T5885] usb 5-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3
[  712.160771][ T5885] usb 5-1: Product: syz
[  712.167566][ T5885] usb 5-1: Manufacturer: syz
[  712.179066][ T5885] usb 5-1: SerialNumber: syz
[  712.615088][T14323] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2697'.
[  712.684064][T14325] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2697'.
[  712.890342][ T5885] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 81 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  713.087364][T14297] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  713.096518][T14297] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  713.324502][T14297] sctp: [Deprecated]: syz.4.2694 (pid 14297) Use of int in max_burst socket option.
[  713.324502][T14297] Use struct sctp_assoc_value instead
[  713.357017][T14297] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  713.384745][ T8399] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[  713.406740][T14297] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  713.493773][T14329] bond_slave_0: entered promiscuous mode
[  713.499988][T14329] bond_slave_1: entered promiscuous mode
[  713.585393][T14329] macsec2: entered promiscuous mode
[  713.590626][T14329] bond0: entered promiscuous mode
[  713.601762][T14329] bond4: entered promiscuous mode
[  713.614552][T14329] macsec2: entered allmulticast mode
[  713.691353][T14329] bond0: entered allmulticast mode
[  713.705403][T14329] bond_slave_0: entered allmulticast mode
[  713.711183][T14329] bond_slave_1: entered allmulticast mode
[  713.734596][ T8399] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  713.764330][T14329] bond4: entered allmulticast mode
[  713.780001][ T8399] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  713.830241][ T8399] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.862319][ T8399] usb 2-1: config 0 descriptor??
[  713.872015][ T8399] pwc: Askey VC010 type 2 USB webcam detected.
[  714.072521][ T8399] pwc: send_video_command error -71
[  714.079843][ T8399] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  714.098217][ T8399] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[  714.159850][ T8399] usb 2-1: USB disconnect, device number 117
[  714.291052][T14297] sctp: [Deprecated]: syz.4.2694 (pid 14297) Use of struct sctp_assoc_value in delayed_ack socket option.
[  714.291052][T14297] Use struct sctp_sack_info instead
[  714.346333][ T8397] usb 5-1: USB disconnect, device number 81
[  714.360326][ T8397] usblp0: removed
[  714.594862][ T8399] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[  714.757310][ T8399] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  714.769010][ T8399] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  714.779054][ T8399] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  714.791042][ T8399] usb 2-1: config 0 descriptor??
[  714.812588][ T8399] pwc: Askey VC010 type 2 USB webcam detected.
[  715.223157][ T8399] pwc: recv_control_msg error -32 req 02 val 2b00
[  715.236222][ T8399] pwc: recv_control_msg error -32 req 02 val 2700
[  715.259931][ T8399] pwc: recv_control_msg error -32 req 02 val 2c00
[  715.287582][ T8399] pwc: recv_control_msg error -32 req 04 val 1000
[  715.294354][ T8397] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  715.317721][ T8399] pwc: recv_control_msg error -32 req 04 val 1300
[  715.326530][ T8399] pwc: recv_control_msg error -32 req 04 val 1400
[  715.333638][ T8399] pwc: recv_control_msg error -32 req 02 val 2000
[  715.357883][ T8399] pwc: recv_control_msg error -32 req 02 val 2100
[  715.368452][ T8399] pwc: recv_control_msg error -32 req 04 val 1500
[  715.379238][ T8399] pwc: recv_control_msg error -32 req 02 val 2500
[  715.392317][ T8399] pwc: recv_control_msg error -32 req 02 val 2400
[  715.408441][T14358] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2708'.
[  715.478356][ T8397] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  715.501030][ T8397] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  715.530350][ T8397] usb 3-1: Product: syz
[  715.544217][ T8397] usb 3-1: Manufacturer: syz
[  715.549159][ T8397] usb 3-1: SerialNumber: syz
[  715.556689][ T8397] usb 3-1: config 0 descriptor??
[  715.576635][ T8397] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 085
[  715.608404][ T8399] pwc: recv_control_msg error -71 req 02 val 2900
[  715.624412][ T5885] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  715.626123][ T8399] pwc: recv_control_msg error -71 req 02 val 2800
[  715.652935][ T8399] pwc: recv_control_msg error -71 req 04 val 1100
[  715.673082][ T8399] pwc: recv_control_msg error -71 req 04 val 1200
[  715.695015][ T8399] pwc: Registered as video103.
[  715.715137][ T8399] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input48
[  715.755131][ T8399] usb 2-1: USB disconnect, device number 118
[  715.807084][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  715.843092][ T5885] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  715.911376][ T5885] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  715.931368][T14358] vivid-007: =================  START STATUS  =================
[  715.939714][T14358] vivid-007: Enable Output Cropping: true
[  715.946746][T14358] vivid-007: Enable Output Composing: true
[  715.951479][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  715.952825][T14358] vivid-007: Enable Output Scaler: 
[  715.966322][ T5885] usb 5-1: Product: syz
[  715.979351][ T8397]  (null): failure reading functionality
[  715.985767][ T5885] usb 5-1: Manufacturer: syz
[  715.990478][ T5885] usb 5-1: SerialNumber: syz
[  715.995483][T14358] true
[  716.000838][T14358] vivid-007: Tx RGB Quantization Range: Automatic
[  716.017514][ T5885] usb 5-1: config 0 descriptor??
[  716.023343][T14358] vivid-007: Transmit Mode: HDMI
[  716.032851][T14358] vivid-007: Hotplug Present: 0x00000000
[  716.039718][T14358] vivid-007: RxSense Present: 0x00000000
[  716.047240][T14358] vivid-007: EDID Present: 0x00000000
[  716.055823][T14358] vivid-007: ==================  END STATUS  ==================
[  716.179808][ T8397] i2c i2c-3: failure reading functionality
[  716.188210][ T8397] i2c i2c-3: connected i2c-tiny-usb device
[  716.206773][ T8397] usb 3-1: USB disconnect, device number 85
[  716.411803][T14372] FAULT_INJECTION: forcing a failure.
[  716.411803][T14372] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  716.425991][T14372] CPU: 0 UID: 0 PID: 14372 Comm: syz.1.2712 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  716.426018][T14372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  716.426038][T14372] Call Trace:
[  716.426045][T14372]  <TASK>
[  716.426054][T14372]  dump_stack_lvl+0x241/0x360
[  716.426084][T14372]  ? __pfx_dump_stack_lvl+0x10/0x10
[  716.426107][T14372]  ? __pfx__printk+0x10/0x10
[  716.426138][T14372]  should_fail_ex+0x424/0x570
[  716.426164][T14372]  _copy_from_user+0x2d/0xb0
[  716.426186][T14372]  kstrtouint_from_user+0xd6/0x190
[  716.426215][T14372]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  716.426243][T14372]  ? __lock_acquire+0xad5/0xd80
[  716.426275][T14372]  proc_fail_nth_write+0xac/0x2d0
[  716.426304][T14372]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  716.426325][T14372]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  716.426356][T14372]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  716.426384][T14372]  vfs_write+0x2bc/0xd10
[  716.426406][T14372]  ? fdget_pos+0x247/0x310
[  716.426435][T14372]  ? __pfx_vfs_write+0x10/0x10
[  716.426456][T14372]  ? __fget_files+0x2a/0x420
[  716.426482][T14372]  ? __fget_files+0x39d/0x420
[  716.426507][T14372]  ? __fget_files+0x2a/0x420
[  716.426539][T14372]  ksys_write+0x19d/0x2d0
[  716.426559][T14372]  ? __pfx_ksys_write+0x10/0x10
[  716.426582][T14372]  ? do_syscall_64+0xb6/0x230
[  716.426611][T14372]  do_syscall_64+0xf3/0x230
[  716.426638][T14372]  ? clear_bhb_loop+0x45/0xa0
[  716.426658][T14372]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.426676][T14372] RIP: 0033:0x7fd40d98bc1f
[  716.426692][T14372] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  716.426707][T14372] RSP: 002b:00007fd40b7f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  716.426727][T14372] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd40d98bc1f
[  716.426740][T14372] RDX: 0000000000000001 RSI: 00007fd40b7f60a0 RDI: 0000000000000005
[  716.426752][T14372] RBP: 00007fd40b7f6090 R08: 0000000000000000 R09: 0000000000000000
[  716.426763][T14372] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  716.426792][T14372] R13: 0000000000000000 R14: 00007fd40dba5fa0 R15: 00007fd40dccfa28
[  716.426817][T14372]  </TASK>
[  716.861700][T14381] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  716.872012][T14381] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  717.185457][T14389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  717.236830][T14389] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  717.383602][T14393] FAULT_INJECTION: forcing a failure.
[  717.383602][T14393] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  717.397802][T14393] CPU: 1 UID: 0 PID: 14393 Comm: syz.2.2719 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  717.397832][T14393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  717.397847][T14393] Call Trace:
[  717.397855][T14393]  <TASK>
[  717.397864][T14393]  dump_stack_lvl+0x241/0x360
[  717.397898][T14393]  ? __pfx_dump_stack_lvl+0x10/0x10
[  717.397925][T14393]  ? __pfx__printk+0x10/0x10
[  717.397957][T14393]  should_fail_ex+0x424/0x570
[  717.397987][T14393]  _copy_to_user+0x31/0xb0
[  717.398012][T14393]  simple_read_from_buffer+0xdc/0x170
[  717.398043][T14393]  proc_fail_nth_read+0x1ef/0x260
[  717.398079][T14393]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  717.398119][T14393]  ? rw_verify_area+0x246/0x630
[  717.398140][T14393]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  717.398173][T14393]  vfs_read+0x21f/0xb90
[  717.398197][T14393]  ? __pfx___mutex_lock+0x10/0x10
[  717.398229][T14393]  ? __pfx_vfs_read+0x10/0x10
[  717.398252][T14393]  ? __fget_files+0x2a/0x420
[  717.398281][T14393]  ? __fget_files+0x39d/0x420
[  717.398309][T14393]  ? __fget_files+0x2a/0x420
[  717.398344][T14393]  ksys_read+0x19d/0x2d0
[  717.398367][T14393]  ? __pfx_ksys_read+0x10/0x10
[  717.398393][T14393]  ? do_syscall_64+0xb6/0x230
[  717.398426][T14393]  do_syscall_64+0xf3/0x230
[  717.398457][T14393]  ? clear_bhb_loop+0x45/0xa0
[  717.398481][T14393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  717.398506][T14393] RIP: 0033:0x7f421ab8bb7c
[  717.398525][T14393] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  717.398543][T14393] RSP: 002b:00007f421ba9e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  717.398565][T14393] RAX: ffffffffffffffda RBX: 00007f421ada5fa0 RCX: 00007f421ab8bb7c
[  717.398581][T14393] RDX: 000000000000000f RSI: 00007f421ba9e0a0 RDI: 0000000000000004
[  717.398594][T14393] RBP: 00007f421ba9e090 R08: 0000000000000000 R09: 0000000000000000
[  717.398607][T14393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  717.398620][T14393] R13: 0000000000000000 R14: 00007f421ada5fa0 R15: 00007f421aecfa28
[  717.398645][T14393]  </TASK>
[  717.719064][T14398] fuse: Unknown parameter 'group_i00000000000000000000'
[  718.048080][T14405] FAULT_INJECTION: forcing a failure.
[  718.048080][T14405] name failslab, interval 1, probability 0, space 0, times 0
[  718.146678][T14405] CPU: 0 UID: 0 PID: 14405 Comm: syz.3.2724 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  718.146708][T14405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  718.146722][T14405] Call Trace:
[  718.146730][T14405]  <TASK>
[  718.146740][T14405]  dump_stack_lvl+0x241/0x360
[  718.146774][T14405]  ? __pfx_dump_stack_lvl+0x10/0x10
[  718.146810][T14405]  ? __pfx__printk+0x10/0x10
[  718.146837][T14405]  ? __pfx___might_resched+0x10/0x10
[  718.146860][T14405]  should_fail_ex+0x424/0x570
[  718.146881][T14405]  should_failslab+0xac/0x100
[  718.146900][T14405]  __kmalloc_cache_noprof+0x73/0x370
[  718.146919][T14405]  ? nfnetlink_rcv+0x1037/0x28f0
[  718.146942][T14405]  nfnetlink_rcv+0x1037/0x28f0
[  718.146961][T14405]  ? __kernel_text_address+0xd/0x40
[  718.146996][T14405]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  718.147023][T14405]  ? __lock_acquire+0xad5/0xd80
[  718.147066][T14405]  ? netlink_deliver_tap+0x2e/0x1b0
[  718.147084][T14405]  ? netlink_deliver_tap+0x2e/0x1b0
[  718.147101][T14405]  netlink_unicast+0x7f8/0x9a0
[  718.147119][T14405]  ? __pfx_netlink_unicast+0x10/0x10
[  718.147132][T14405]  ? __virt_addr_valid+0x45f/0x530
[  718.147150][T14405]  ? __phys_addr_symbol+0x2f/0x70
[  718.147166][T14405]  ? __check_object_size+0x478/0x720
[  718.147187][T14405]  netlink_sendmsg+0x8e8/0xce0
[  718.147210][T14405]  ? __pfx_netlink_sendmsg+0x10/0x10
[  718.147228][T14405]  ? aa_sock_msg_perm+0x91/0x160
[  718.147250][T14405]  ? __pfx_netlink_sendmsg+0x10/0x10
[  718.147266][T14405]  __sock_sendmsg+0x221/0x270
[  718.147286][T14405]  ____sys_sendmsg+0x53c/0x870
[  718.147305][T14405]  ? __pfx_____sys_sendmsg+0x10/0x10
[  718.147318][T14405]  ? __fget_files+0x2a/0x420
[  718.147341][T14405]  ? __fget_files+0x2a/0x420
[  718.147365][T14405]  __sys_sendmsg+0x271/0x360
[  718.147382][T14405]  ? __pfx___sys_sendmsg+0x10/0x10
[  718.147421][T14405]  ? do_syscall_64+0xb6/0x230
[  718.147444][T14405]  do_syscall_64+0xf3/0x230
[  718.147465][T14405]  ? clear_bhb_loop+0x45/0xa0
[  718.147481][T14405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.147495][T14405] RIP: 0033:0x7fc85e58d169
[  718.147508][T14405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  718.147521][T14405] RSP: 002b:00007fc85f3bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  718.147537][T14405] RAX: ffffffffffffffda RBX: 00007fc85e7a5fa0 RCX: 00007fc85e58d169
[  718.147548][T14405] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  718.147560][T14405] RBP: 00007fc85f3bf090 R08: 0000000000000000 R09: 0000000000000000
[  718.147570][T14405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  718.147578][T14405] R13: 0000000000000000 R14: 00007fc85e7a5fa0 R15: 00007fc85e8cfa28
[  718.147596][T14405]  </TASK>
[  718.274955][ T8399] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[  718.601076][T14415] loop7: detected capacity change from 0 to 16384
[  718.697662][ T8399] usb 2-1: Using ep0 maxpacket: 32
[  718.709525][ T8399] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  718.728762][ T8399] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  718.953239][ T8399] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  718.992851][ T8399] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  718.996539][T14419] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2728'.
[  719.069954][ T8399] usb 2-1: config 0 descriptor??
[  719.079775][ T8399] hub 2-1:0.0: USB hub found
[  719.110896][T14419] FAULT_INJECTION: forcing a failure.
[  719.110896][T14419] name failslab, interval 1, probability 0, space 0, times 0
[  719.175053][ T8390] usb 5-1: USB disconnect, device number 82
[  719.218268][T14419] CPU: 0 UID: 0 PID: 14419 Comm: syz.2.2728 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  719.218301][T14419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  719.218314][T14419] Call Trace:
[  719.218322][T14419]  <TASK>
[  719.218332][T14419]  dump_stack_lvl+0x241/0x360
[  719.218366][T14419]  ? __pfx_dump_stack_lvl+0x10/0x10
[  719.218394][T14419]  ? __pfx__printk+0x10/0x10
[  719.218418][T14419]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  719.218449][T14419]  ? __pfx___might_resched+0x10/0x10
[  719.218472][T14419]  should_fail_ex+0x424/0x570
[  719.218502][T14419]  should_failslab+0xac/0x100
[  719.218529][T14419]  __kmalloc_noprof+0xdf/0x4d0
[  719.218554][T14419]  ? rfkill_alloc+0xb0/0x2e0
[  719.218582][T14419]  rfkill_alloc+0xb0/0x2e0
[  719.218612][T14419]  wiphy_new_nm+0x1084/0x19a0
[  719.218644][T14419]  ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10
[  719.218670][T14419]  ieee80211_alloc_hw_nm+0x3d4/0x1ea0
[  719.218717][T14419]  mac80211_hwsim_new_radio+0x20c/0x4b40
[  719.218742][T14419]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  719.218777][T14419]  ? _printk+0xd5/0x120
[  719.218801][T14419]  ? __nla_validate_parse+0x2877/0x32e0
[  719.218832][T14419]  ? __pfx__printk+0x10/0x10
[  719.218856][T14419]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  719.218880][T14419]  ? rcu_is_watching+0x15/0xb0
[  719.218901][T14419]  ? do_trace_netlink_extack+0x8b/0x1f0
[  719.218938][T14419]  hwsim_new_radio_nl+0xed0/0x2290
[  719.219033][T14419]  ? __pfx___nla_validate_parse+0x10/0x10
[  719.219070][T14419]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  719.219119][T14419]  ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290
[  719.219157][T14419]  genl_rcv_msg+0xb38/0xf00
[  719.219193][T14419]  ? __pfx_genl_rcv_msg+0x10/0x10
[  719.219223][T14419]  ? __dev_queue_xmit+0x1780/0x3f60
[  719.219245][T14419]  ? kasan_save_track+0x3f/0x80
[  719.219266][T14419]  ? __kasan_slab_alloc+0x66/0x80
[  719.219293][T14419]  ? do_syscall_64+0xf3/0x230
[  719.219337][T14419]  ? __lock_acquire+0xad5/0xd80
[  719.219370][T14419]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  719.219404][T14419]  netlink_rcv_skb+0x208/0x480
[  719.219429][T14419]  ? __pfx_genl_rcv_msg+0x10/0x10
[  719.219460][T14419]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  719.219510][T14419]  ? netlink_deliver_tap+0x2e/0x1b0
[  719.219538][T14419]  genl_rcv+0x28/0x40
[  719.219563][T14419]  netlink_unicast+0x7f8/0x9a0
[  719.219589][T14419]  ? __pfx_netlink_unicast+0x10/0x10
[  719.219607][T14419]  ? __virt_addr_valid+0x45f/0x530
[  719.219631][T14419]  ? __phys_addr_symbol+0x2f/0x70
[  719.219655][T14419]  ? __check_object_size+0x478/0x720
[  719.219714][T14419]  netlink_sendmsg+0x8e8/0xce0
[  719.219747][T14419]  ? __pfx_netlink_sendmsg+0x10/0x10
[  719.219772][T14419]  ? aa_sock_msg_perm+0x91/0x160
[  719.219804][T14419]  ? __pfx_netlink_sendmsg+0x10/0x10
[  719.219826][T14419]  __sock_sendmsg+0x221/0x270
[  719.219855][T14419]  ____sys_sendmsg+0x53c/0x870
[  719.219882][T14419]  ? __pfx_____sys_sendmsg+0x10/0x10
[  719.219899][T14419]  ? __fget_files+0x2a/0x420
[  719.219930][T14419]  ? __fget_files+0x2a/0x420
[  719.219964][T14419]  __sys_sendmsg+0x271/0x360
[  719.219988][T14419]  ? __pfx___sys_sendmsg+0x10/0x10
[  719.220042][T14419]  ? do_syscall_64+0xb6/0x230
[  719.220074][T14419]  do_syscall_64+0xf3/0x230
[  719.220104][T14419]  ? clear_bhb_loop+0x45/0xa0
[  719.220126][T14419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  719.220146][T14419] RIP: 0033:0x7f421ab8d169
[  719.220164][T14419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  719.220181][T14419] RSP: 002b:00007f421ba9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  719.220203][T14419] RAX: ffffffffffffffda RBX: 00007f421ada5fa0 RCX: 00007f421ab8d169
[  719.220218][T14419] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[  719.220233][T14419] RBP: 00007f421ba9e090 R08: 0000000000000000 R09: 0000000000000000
[  719.220245][T14419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  719.220256][T14419] R13: 0000000000000000 R14: 00007f421ada5fa0 R15: 00007f421aecfa28
[  719.220279][T14419]  </TASK>
[  719.645474][T14419] INFO: trying to register non-static key.
[  719.651327][T14419] The code is fine but needs lockdep annotation, or maybe
[  719.658427][T14419] you didn't initialize this object before use?
[  719.664656][T14419] turning off the locking correctness validator.
[  719.670993][T14419] CPU: 1 UID: 0 PID: 14419 Comm: syz.2.2728 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  719.671012][T14419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  719.671022][T14419] Call Trace:
[  719.671029][T14419]  <TASK>
[  719.671036][T14419]  dump_stack_lvl+0x241/0x360
[  719.671060][T14419]  ? __pfx_dump_stack_lvl+0x10/0x10
[  719.671078][T14419]  ? __pfx__printk+0x10/0x10
[  719.671094][T14419]  ? preempt_schedule_irq+0x145/0x1c0
[  719.671114][T14419]  ? is_bpf_text_address+0x26/0x2a0
[  719.671136][T14419]  ? __is_module_percpu_address+0x213/0x370
[  719.671152][T14419]  ? __is_kernel_percpu_address+0x116/0x250
[  719.671172][T14419]  assign_lock_key+0x135/0x150
[  719.671187][T14419]  register_lock_class+0xd6/0x330
[  719.671209][T14419]  __lock_acquire+0x80/0xd80
[  719.671228][T14419]  ? dump_stack_lvl+0x2df/0x360
[  719.671245][T14419]  ? dump_stack_lvl+0x2fd/0x360
[  719.671262][T14419]  ? dump_stack_lvl+0x305/0x360
[  719.671280][T14419]  lock_acquire+0x116/0x2f0
[  719.671299][T14419]  ? cfg80211_dev_free+0x33/0x2d0
[  719.671316][T14419]  _raw_spin_lock_irqsave+0xd8/0x130
[  719.671334][T14419]  ? cfg80211_dev_free+0x33/0x2d0
[  719.671347][T14419]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  719.671365][T14419]  ? devres_release_all+0x1ed/0x250
[  719.671380][T14419]  ? __pfx_wiphy_dev_release+0x10/0x10
[  719.671396][T14419]  cfg80211_dev_free+0x33/0x2d0
[  719.671408][T14419]  ? device_release+0x66/0x1c0
[  719.671422][T14419]  ? trace_kmalloc+0x1f/0xd0
[  719.671439][T14419]  ? __pfx_wiphy_dev_release+0x10/0x10
[  719.671454][T14419]  device_release+0x99/0x1c0
[  719.671469][T14419]  kobject_put+0x22f/0x480
[  719.671483][T14419]  wiphy_new_nm+0x16ea/0x19a0
[  719.671504][T14419]  ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10
[  719.671522][T14419]  ieee80211_alloc_hw_nm+0x3d4/0x1ea0
[  719.671541][T14419]  mac80211_hwsim_new_radio+0x20c/0x4b40
[  719.671558][T14419]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  719.671579][T14419]  ? _printk+0xd5/0x120
[  719.671594][T14419]  ? __nla_validate_parse+0x2877/0x32e0
[  719.671616][T14419]  ? __pfx__printk+0x10/0x10
[  719.671632][T14419]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  719.671647][T14419]  ? rcu_is_watching+0x15/0xb0
[  719.671660][T14419]  ? do_trace_netlink_extack+0x8b/0x1f0
[  719.671684][T14419]  hwsim_new_radio_nl+0xed0/0x2290
[  719.671703][T14419]  ? __pfx___nla_validate_parse+0x10/0x10
[  719.671725][T14419]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  719.671748][T14419]  ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290
[  719.671772][T14419]  genl_rcv_msg+0xb38/0xf00
[  719.671794][T14419]  ? __pfx_genl_rcv_msg+0x10/0x10
[  719.671812][T14419]  ? __dev_queue_xmit+0x1780/0x3f60
[  719.671827][T14419]  ? kasan_save_track+0x3f/0x80
[  719.671841][T14419]  ? __kasan_slab_alloc+0x66/0x80
[  719.671858][T14419]  ? do_syscall_64+0xf3/0x230
[  719.671882][T14419]  ? __lock_acquire+0xad5/0xd80
[  719.671901][T14419]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  719.671920][T14419]  netlink_rcv_skb+0x208/0x480
[  719.671935][T14419]  ? __pfx_genl_rcv_msg+0x10/0x10
[  719.671955][T14419]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  719.671980][T14419]  ? netlink_deliver_tap+0x2e/0x1b0
[  719.671998][T14419]  genl_rcv+0x28/0x40
[  719.672016][T14419]  netlink_unicast+0x7f8/0x9a0
[  719.672032][T14419]  ? __pfx_netlink_unicast+0x10/0x10
[  719.672044][T14419]  ? __virt_addr_valid+0x45f/0x530
[  719.672061][T14419]  ? __phys_addr_symbol+0x2f/0x70
[  719.672077][T14419]  ? __check_object_size+0x478/0x720
[  719.672097][T14419]  netlink_sendmsg+0x8e8/0xce0
[  719.672116][T14419]  ? __pfx_netlink_sendmsg+0x10/0x10
[  719.672133][T14419]  ? aa_sock_msg_perm+0x91/0x160
[  719.672153][T14419]  ? __pfx_netlink_sendmsg+0x10/0x10
[  719.672169][T14419]  __sock_sendmsg+0x221/0x270
[  719.672188][T14419]  ____sys_sendmsg+0x53c/0x870
[  719.672205][T14419]  ? __pfx_____sys_sendmsg+0x10/0x10
[  719.672218][T14419]  ? __fget_files+0x2a/0x420
[  719.672239][T14419]  ? __fget_files+0x2a/0x420
[  719.672260][T14419]  __sys_sendmsg+0x271/0x360
[  719.672275][T14419]  ? __pfx___sys_sendmsg+0x10/0x10
[  719.672303][T14419]  ? do_syscall_64+0xb6/0x230
[  719.672324][T14419]  do_syscall_64+0xf3/0x230
[  719.672345][T14419]  ? clear_bhb_loop+0x45/0xa0
[  719.672360][T14419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  719.672375][T14419] RIP: 0033:0x7f421ab8d169
[  719.672389][T14419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  719.672402][T14419] RSP: 002b:00007f421ba9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  719.672417][T14419] RAX: ffffffffffffffda RBX: 00007f421ada5fa0 RCX: 00007f421ab8d169
[  719.672428][T14419] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[  719.672437][T14419] RBP: 00007f421ba9e090 R08: 0000000000000000 R09: 0000000000000000
[  719.672446][T14419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  719.672455][T14419] R13: 0000000000000000 R14: 00007f421ada5fa0 R15: 00007f421aecfa28
[  719.672469][T14419]  </TASK>
[  719.673226][T14419] ------------[ cut here ]------------
[  720.106948][T14415] loop7: detected capacity change from 16384 to 16383
[  720.108201][T14419] WARNING: CPU: 1 PID: 14419 at net/wireless/core.c:1197 cfg80211_dev_free+0x2ba/0x2d0
[  720.172966][T14419] Modules linked in:
[  720.176872][T14419] CPU: 1 UID: 0 PID: 14419 Comm: syz.2.2728 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  720.188590][T14419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  720.198657][T14419] RIP: 0010:cfg80211_dev_free+0x2ba/0x2d0
[  720.204395][T14419] Code: cc f6 49 8b be e0 08 00 00 e8 12 9d c0 f6 4c 89 f7 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 fc 9c c0 f6 e8 07 16 64 f6 90 <0f> 0b 90 e9 a2 fd ff ff 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00
[  720.224011][T14419] RSP: 0018:ffffc9001c9dee20 EFLAGS: 00010093
[  720.230087][T14419] RAX: ffffffff8b5f6089 RBX: ffff888047b906a8 RCX: ffff888029093c00
[  720.238063][T14419] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc9001c9ded00
[  720.246047][T14419] RBP: 1ffffffff194ce98 R08: 0000000000000003 R09: fffff5200393bda0
[  720.254018][T14419] R10: dffffc0000000000 R11: fffff5200393bda0 R12: ffff888047b906b8
[  720.261991][T14419] R13: dffffc0000000000 R14: ffff888047b90000 R15: 0000000000000246
[  720.269964][T14419] FS:  00007f421ba9e6c0(0000) GS:ffff888125324000(0000) knlGS:0000000000000000
[  720.278902][T14419] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  720.285488][T14419] CR2: 000000110c3a9e08 CR3: 0000000032a78000 CR4: 00000000003526f0
[  720.293461][T14419] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000004144
[  720.301521][T14419] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  720.309497][T14419] Call Trace:
[  720.312780][T14419]  <TASK>
[  720.315713][T14419]  ? __warn+0x165/0x4d0
[  720.319875][T14419]  ? cfg80211_dev_free+0x2ba/0x2d0
[  720.324992][T14419]  ? report_bug+0x2b3/0x500
[  720.329504][T14419]  ? cfg80211_dev_free+0x2ba/0x2d0
[  720.334617][T14419]  ? cfg80211_dev_free+0x2ba/0x2d0
[  720.339728][T14419]  ? cfg80211_dev_free+0x2bc/0x2d0
[  720.344839][T14419]  ? handle_bug+0x89/0x170
[  720.349258][T14419]  ? exc_invalid_op+0x1a/0x50
[  720.353931][T14419]  ? asm_exc_invalid_op+0x1a/0x20
[  720.358967][T14419]  ? cfg80211_dev_free+0x2b9/0x2d0
[  720.364091][T14419]  ? cfg80211_dev_free+0x2ba/0x2d0
[  720.369213][T14419]  ? device_release+0x66/0x1c0
[  720.373995][T14419]  ? trace_kmalloc+0x1f/0xd0
[  720.378623][T14419]  ? __pfx_wiphy_dev_release+0x10/0x10
[  720.384090][T14419]  device_release+0x99/0x1c0
[  720.388684][T14419]  kobject_put+0x22f/0x480
[  720.393109][T14419]  wiphy_new_nm+0x16ea/0x19a0
[  720.397793][T14419]  ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10
[  720.404302][T14419]  ieee80211_alloc_hw_nm+0x3d4/0x1ea0
[  720.409674][T14419]  mac80211_hwsim_new_radio+0x20c/0x4b40
[  720.415301][T14419]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  720.421647][T14419]  ? _printk+0xd5/0x120
[  720.425804][T14419]  ? __nla_validate_parse+0x2877/0x32e0
[  720.431358][T14419]  ? __pfx__printk+0x10/0x10
[  720.435946][T14419]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  720.442011][T14419]  ? rcu_is_watching+0x15/0xb0
[  720.446779][T14419]  ? do_trace_netlink_extack+0x8b/0x1f0
[  720.452335][T14419]  hwsim_new_radio_nl+0xed0/0x2290
[  720.457453][T14419]  ? __pfx___nla_validate_parse+0x10/0x10
[  720.463179][T14419]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  720.468746][T14419]  ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290
[  720.475101][T14419]  genl_rcv_msg+0xb38/0xf00
[  720.479618][T14419]  ? __pfx_genl_rcv_msg+0x10/0x10
[  720.484650][T14419]  ? __dev_queue_xmit+0x1780/0x3f60
[  720.489849][T14419]  ? kasan_save_track+0x3f/0x80
[  720.494698][T14419]  ? __kasan_slab_alloc+0x66/0x80
[  720.499721][T14419]  ? do_syscall_64+0xf3/0x230
[  720.504409][T14419]  ? __lock_acquire+0xad5/0xd80
[  720.509264][T14419]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  720.514810][T14419]  netlink_rcv_skb+0x208/0x480
[  720.519587][T14419]  ? __pfx_genl_rcv_msg+0x10/0x10
[  720.524628][T14419]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  720.529917][T14419]  ? netlink_deliver_tap+0x2e/0x1b0
[  720.535116][T14419]  genl_rcv+0x28/0x40
[  720.539097][T14419]  netlink_unicast+0x7f8/0x9a0
[  720.543862][T14419]  ? __pfx_netlink_unicast+0x10/0x10
[  720.549143][T14419]  ? __virt_addr_valid+0x45f/0x530
[  720.554259][T14419]  ? __phys_addr_symbol+0x2f/0x70
[  720.559283][T14419]  ? __check_object_size+0x478/0x720
[  720.564567][T14419]  netlink_sendmsg+0x8e8/0xce0
[  720.569335][T14419]  ? __pfx_netlink_sendmsg+0x10/0x10
[  720.574620][T14419]  ? aa_sock_msg_perm+0x91/0x160
[  720.579558][T14419]  ? __pfx_netlink_sendmsg+0x10/0x10
[  720.584859][T14419]  __sock_sendmsg+0x221/0x270
[  720.589542][T14419]  ____sys_sendmsg+0x53c/0x870
[  720.594307][T14419]  ? __pfx_____sys_sendmsg+0x10/0x10
[  720.599621][T14419]  ? __fget_files+0x2a/0x420
[  720.604237][T14419]  ? __fget_files+0x2a/0x420
[  720.608847][T14419]  __sys_sendmsg+0x271/0x360
[  720.613438][T14419]  ? __pfx___sys_sendmsg+0x10/0x10
[  720.618567][T14419]  ? do_syscall_64+0xb6/0x230
[  720.623254][T14419]  do_syscall_64+0xf3/0x230
[  720.627766][T14419]  ? clear_bhb_loop+0x45/0xa0
[  720.632447][T14419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  720.638338][T14419] RIP: 0033:0x7f421ab8d169
[  720.642755][T14419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  720.662375][T14419] RSP: 002b:00007f421ba9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  720.670790][T14419] RAX: ffffffffffffffda RBX: 00007f421ada5fa0 RCX: 00007f421ab8d169
[  720.678764][T14419] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[  720.686751][T14419] RBP: 00007f421ba9e090 R08: 0000000000000000 R09: 0000000000000000
[  720.694721][T14419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  720.702702][T14419] R13: 0000000000000000 R14: 00007f421ada5fa0 R15: 00007f421aecfa28
[  720.710676][T14419]  </TASK>
[  720.713713][T14419] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  720.721001][T14419] CPU: 1 UID: 0 PID: 14419 Comm: syz.2.2728 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
[  720.732717][T14419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  720.742772][T14419] Call Trace:
[  720.746066][T14419]  <TASK>
[  720.748991][T14419]  dump_stack_lvl+0x241/0x360
[  720.753680][T14419]  ? __pfx_dump_stack_lvl+0x10/0x10
[  720.758898][T14419]  ? __pfx__printk+0x10/0x10
[  720.763490][T14419]  ? vscnprintf+0x5d/0x90
[  720.767827][T14419]  panic+0x349/0x880
[  720.771728][T14419]  ? __warn+0x174/0x4d0
[  720.775897][T14419]  ? __pfx_panic+0x10/0x10
[  720.780325][T14419]  __warn+0x344/0x4d0
[  720.784324][T14419]  ? cfg80211_dev_free+0x2ba/0x2d0
[  720.789435][T14419]  report_bug+0x2b3/0x500
[  720.793765][T14419]  ? cfg80211_dev_free+0x2ba/0x2d0
[  720.798879][T14419]  ? cfg80211_dev_free+0x2ba/0x2d0
[  720.804000][T14419]  ? cfg80211_dev_free+0x2bc/0x2d0
[  720.809106][T14419]  handle_bug+0x89/0x170
[  720.813349][T14419]  exc_invalid_op+0x1a/0x50
[  720.817851][T14419]  asm_exc_invalid_op+0x1a/0x20
[  720.822732][T14419] RIP: 0010:cfg80211_dev_free+0x2ba/0x2d0
[  720.828457][T14419] Code: cc f6 49 8b be e0 08 00 00 e8 12 9d c0 f6 4c 89 f7 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 fc 9c c0 f6 e8 07 16 64 f6 90 <0f> 0b 90 e9 a2 fd ff ff 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00
[  720.848065][T14419] RSP: 0018:ffffc9001c9dee20 EFLAGS: 00010093
[  720.854136][T14419] RAX: ffffffff8b5f6089 RBX: ffff888047b906a8 RCX: ffff888029093c00
[  720.862110][T14419] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc9001c9ded00
[  720.870079][T14419] RBP: 1ffffffff194ce98 R08: 0000000000000003 R09: fffff5200393bda0
[  720.878049][T14419] R10: dffffc0000000000 R11: fffff5200393bda0 R12: ffff888047b906b8
[  720.886023][T14419] R13: dffffc0000000000 R14: ffff888047b90000 R15: 0000000000000246
[  720.893997][T14419]  ? cfg80211_dev_free+0x2b9/0x2d0
[  720.899112][T14419]  ? device_release+0x66/0x1c0
[  720.903878][T14419]  ? trace_kmalloc+0x1f/0xd0
[  720.908475][T14419]  ? __pfx_wiphy_dev_release+0x10/0x10
[  720.913938][T14419]  device_release+0x99/0x1c0
[  720.918531][T14419]  kobject_put+0x22f/0x480
[  720.922950][T14419]  wiphy_new_nm+0x16ea/0x19a0
[  720.927641][T14419]  ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10
[  720.934151][T14419]  ieee80211_alloc_hw_nm+0x3d4/0x1ea0
[  720.939529][T14419]  mac80211_hwsim_new_radio+0x20c/0x4b40
[  720.945166][T14419]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  720.951515][T14419]  ? _printk+0xd5/0x120
[  720.955673][T14419]  ? __nla_validate_parse+0x2877/0x32e0
[  720.961222][T14419]  ? __pfx__printk+0x10/0x10
[  720.965813][T14419]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  720.971875][T14419]  ? rcu_is_watching+0x15/0xb0
[  720.976640][T14419]  ? do_trace_netlink_extack+0x8b/0x1f0
[  720.982195][T14419]  hwsim_new_radio_nl+0xed0/0x2290
[  720.987314][T14419]  ? __pfx___nla_validate_parse+0x10/0x10
[  720.993046][T14419]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  720.998607][T14419]  ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290
[  721.004945][T14419]  genl_rcv_msg+0xb38/0xf00
[  721.009604][T14419]  ? __pfx_genl_rcv_msg+0x10/0x10
[  721.014651][T14419]  ? __dev_queue_xmit+0x1780/0x3f60
[  721.019863][T14419]  ? kasan_save_track+0x3f/0x80
[  721.024722][T14419]  ? __kasan_slab_alloc+0x66/0x80
[  721.029752][T14419]  ? do_syscall_64+0xf3/0x230
[  721.034443][T14419]  ? __lock_acquire+0xad5/0xd80
[  721.039304][T14419]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  721.044857][T14419]  netlink_rcv_skb+0x208/0x480
[  721.049631][T14419]  ? __pfx_genl_rcv_msg+0x10/0x10
[  721.054660][T14419]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  721.059949][T14419]  ? netlink_deliver_tap+0x2e/0x1b0
[  721.065147][T14419]  genl_rcv+0x28/0x40
[  721.069220][T14419]  netlink_unicast+0x7f8/0x9a0
[  721.073979][T14419]  ? __pfx_netlink_unicast+0x10/0x10
[  721.079255][T14419]  ? __virt_addr_valid+0x45f/0x530
[  721.084366][T14419]  ? __phys_addr_symbol+0x2f/0x70
[  721.089387][T14419]  ? __check_object_size+0x478/0x720
[  721.094678][T14419]  netlink_sendmsg+0x8e8/0xce0
[  721.099455][T14419]  ? __pfx_netlink_sendmsg+0x10/0x10
[  721.104742][T14419]  ? aa_sock_msg_perm+0x91/0x160
[  721.109683][T14419]  ? __pfx_netlink_sendmsg+0x10/0x10
[  721.114987][T14419]  __sock_sendmsg+0x221/0x270
[  721.119669][T14419]  ____sys_sendmsg+0x53c/0x870
[  721.124432][T14419]  ? __pfx_____sys_sendmsg+0x10/0x10
[  721.129713][T14419]  ? __fget_files+0x2a/0x420
[  721.134308][T14419]  ? __fget_files+0x2a/0x420
[  721.138917][T14419]  __sys_sendmsg+0x271/0x360
[  721.143504][T14419]  ? __pfx___sys_sendmsg+0x10/0x10
[  721.148626][T14419]  ? do_syscall_64+0xb6/0x230
[  721.153315][T14419]  do_syscall_64+0xf3/0x230
[  721.157826][T14419]  ? clear_bhb_loop+0x45/0xa0
[  721.162511][T14419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  721.168407][T14419] RIP: 0033:0x7f421ab8d169
[  721.172904][T14419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  721.192511][T14419] RSP: 002b:00007f421ba9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  721.200927][T14419] RAX: ffffffffffffffda RBX: 00007f421ada5fa0 RCX: 00007f421ab8d169
[  721.208907][T14419] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[  721.216886][T14419] RBP: 00007f421ba9e090 R08: 0000000000000000 R09: 0000000000000000
[  721.224869][T14419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  721.232852][T14419] R13: 0000000000000000 R14: 00007f421ada5fa0 R15: 00007f421aecfa28
[  721.240862][T14419]  </TASK>
[  721.244271][T14419] Kernel Offset: disabled
[  721.248602][T14419] Rebooting in 86400 seconds..